CH11 Network Design

Question 1

What are the 7 layers of OSI Model?

Answer 1

Please - Physical
Do - Data Link
Not - Network
Throw - Transport
Sausage - Session
Pizza - Presentation
Away - Application

Question 2

What is a physical layer?

Answer 2

Represents the actual network cables and radio waves used to carry data over a network
Data carried over the network at the Physical Layer is known as bits.

Example : Network Cables, (fiber optic, copper, or coaxial), radio waves (Wi-Fi or Bluetooth), Hub or repeater

Question 3

What is Data Link layer?

Answer 3

Describes how a connection is established, maintained, and transferred over the physical layer and uses physical addressing (MAC address).

Bits are grouped into Frames, and then sent over the network.

Examples are : MAC addresses, switches, and bridges

Question 4

What is Network Layer?

Answer 4

Logical address to route or switch information between hosts, the network, and the internetworks.

Frames are grouped into packets. Example : IP Address, Routers

Question 5

What is Transport layer?

Answer 5

Manages and ensures transmission of the packets occurs from a host to a destination using either TCP (connection-ful protocol. Has 3 way handshake) or UDP (Connection-less Protocol. Fire and forget)

Packets are now grouped into segments for TCP, or Datagrams for UDP.

Question 6

What is Session Layer?

Answer 6

Manages the establishment, termination, and synchronization of a session over the network

Question 7

What is Presentation layer?

Answer 7

Translates the information into a format that the sender and receiver both understand.

Ex: is it ASCII or UTF-8 encoding?

Question 8

What is Application layer?

Answer 8

Layer from which the message is created, formed and originated

Consists of high-level protocols like HTTP, SMTP, and FTP

Question 9

What is a switch?

Answer 9

Switches are the combined evolution of hubs and bridges

Question 10

What are the 3 types of attack for switches ?

Answer 10

MAC Flooding,
MAC Spoofing,
Physical Tampering

Question 11

What is MAC Flooding?

Answer 11

Attempt to overwhelm the limited switch memory set aside to store the MAC addresses for each port

If a switch is flooded, it can fail-open when flooded and begin to act like a hub and broadcasting data out every single port.

Question 12

What is MAC Spoofing?

Answer 12

Occurs when an attacker masks their own MAC address to pretend they have the MAC address of another device.

MAC Spoofing is often combined with an ARP (Address Resolution Protocol) spoofing attack. ARP relies on the MAC addresses as a way of combining what MAC address goes to which IP, and which IP goes to which MAC address. Attacker often combines a MAC address spoof with an APR spoof as an attempt to be able to have the attacker appear that they are the destination that somebody is trying to send information to, and use that as a way to steal that information.

Question 13

What are the ways to prevent MAC Spoofing?

Answer 13

• Configure your switch to accept limited number of static MAC addresses
• Limit duration of time for ARP entry on hosts.
• Conduct ARP inspection

Question 14

What is Physical Tampering in regards to attack on switches?

Answer 14

occurs when an attacker attempts to gain physical access to the switch

Question 15

What is a Router?

Answer 15

It is used to connect two or more networks to form an internetwork. They rely on a packet’s IP Addresses to determine the proper destination. Access Control List (ACL) can be configured on the router’s interface to control the flow of traffic into or out of a certain part of the network.

Question 16

What layer in OSI model does Router operate on ?

Answer 16

Layer 3

Question 17

What is ACL ?

Answer 17

ACL = Access Control List

An ordered set of rules that a router uses to decide whether to permit or deny traffic based upon given characteristics.

Question 18

What is IP Spoofing?

Answer 18

IP Spoofing is used to trick a router’s ACL. If they can spoof the IP, they can trick the access control list to think they’re on the approved list and let them in or let them out.

In order to prevent IP Spoofing, you need to configure the router properly. Changing default username and pw, default routing tables, changing those default IP internal addresses.

Question 19

What are Network Zones?

Answer 19

breaking up your network into multiple security zones. It can be further broken up into sub-zones through the use of subnetting, ACLs, firewall rules, and other isolation methods that will help us prevent the flow of data between the different portions of our network.

Question 20

What are the 3 different zones that a networks can be segmented into?

Answer 20

LAN, WAN, and DMZ

LAN can be secured using private Ips, using anti-malware programs, and placing your clients behind a router and it associated ACLs.

WAN – should be monitored and firewalled to secure your network against the threats that those contain.
Any traffic you wish you keep confidential crossing the internet should use a VPN.

DMZ – focused on providing controlled access to publicly available servers that are hosted within your organizational network.

Sub-zones can be created to provide additional protection for some servers.

Question 21

What is Extranet?

Answer 21

Specialized type of DMZ that is created for your partner organizations to access over a wide area network. It acts like DMZ, but it’s not publicly accessible.

Question 22

What is intranet?

Answer 22

used when only one company is involved. It allows you to expand your internal network within your organization across multiple areas

Question 23

What is Internet-facing Host ?

Answer 23

Any host that accepts inbound connections from the internet

Question 24

What is DMZ ?

Answer 24

a segment isolated from the rest of the private network by one or more firewalls that accepts connections from the internet over designated ports

Question 25

What are Bastion Hosts ?

Answer 25

Hosts or servers in the DMZ which are not configured with any services that run on the local network.

Any kind of hosts you put in the DMZ should really be what we consider a Bastion Host.

Question 26

What is a Jumpbox ?

Answer 26

Jumbox is a hardened server that provides access to other hosts within the DMZ.

To configure devices in the DMZ, a Jumpbox is utilized.

An administrator connects to the jumpbox and the jumpbox connects to hosts in the DMZ.

The jumpbox and management workstation should only have the minimum required software to perform their job and be well hardened.

Question 27

What is NAC?

Answer 27

NAC = Network Access Control.

It is used to protect your network from both known and unknown devices.

With NAC, a device is scanned to determine its current state of security prior to it being allowed access to your network. If a device passes the examination, it’s allowed to enter and receive access to all of the organizational resources that are provided by your network. If the device fails the inspection, it’s placed into a digital quarantine area, and it awaits remediation.

NAC can be used as a hardware or software solution.

IEEE 802.1x – standard is used in port-based NAC.

Question 28

What are 2 types of agenst that NAC can run as ?

Answer 28

NAC = Network Access Control.

NAC solutions can be run either using Persistent or Non-Persistent agents.

Persistent Agents – piece of software that’s installed on a device that’s requesting access to the network.

Non-Persistent Agents – uses a piece of software that scans the device remotely or is installed and subsequently removed after the scan.

Question 29

What is VLAN?

Answer 29

VLAN = Virtual Local Area Networks

VLANS are implemented to segment our network, reduce collisions, organize our networks, boost performance and increase security

Question 30

What is VLAN Hopping?

Answer 30

VLAN Hopping allow attackers to break out of our VLANs and access other VLAN data

Question 31

What are 2 of the ways that attacker can perform VLAN hopping?

Answer 31

1. Switch Spoofing – Attacker configures their device to pretend it is a switch and uses it to negotiate and trunk link to break out of a VLAN.

To prevent this, you can disable dynamic trunking protocol (DTP) on all your switch ports, place all your unplugged ports into an unused VLAN, explicitly forward frames, and avoid default VLAN names.

2. Double Tagging – Attacker adds an additional VLAN tag to create an outer and inner tag.

Prevent double tagging by moving all ports out of the default VLAN group.

Question 32

What is subnetting?

Answer 32

Act of creating subnetworks logically through the manipulation of IP addresses

Question 33

what are the benefits of subnetting?

Answer 33

Compartmentalizes the IP address space and make efficient usage of them.
It reduces broadcast traffic and number of collisions

Subnet’s policies and monitoring can aid in the security of your network

Question 34

What is NAT?

Answer 34

NAT = Network Address Translation

process of changing an IP address while it transits across a router

Question 35

What is PAT?

Answer 35

PAT = Port Address Translation

PAT is the most commonly used type of NAT (Network Address Translation).

This is where we have a single public IP address assigned to a router and all of its private IP Addresses that are assigned inside to our host.

Router keeps track of requests from internal hosts by assigning them random high number ports for each request

Question 36

What are private IP ranges?

Answer 36

Class A – Anything that start with 10: 10.0.0.0 through 10.255.255.255
Class B – IP addresses that starts 172.16 through 172.31: 172.16.0.0 through 172.31.255.255
Class C – 192.168.0.0 to 192.168.255.255

Question 37

What is telephony?

Answer 37

devices that provide voice communication to users

Question 38

What is modem?

Answer 38

a device that could modulate digital information into an analog signal for transmission over a standard dial-up phone line

Question 39

What is War Dialing?

Answer 39

when an attacker starts dialing random phone numbers to see if any modem would answer on the other side.

Protect dial-up resources by using the callback feature

Question 40

What is PBX ?

Answer 40

PBX = Private Branch Exchange

It is an Internal phone system used in large organizations.

Attackers target PBX to get free long distance. To secure PBX system, mount it in a locked room. Disable remote access to that PBX

Question 41

What is VOIP ?

Answer 41

VOIP = Voice Over Internet Protocol

Digital phone service provided by software or hardware devices over a data network.

You would want to have a separate network for data and another for VoIP network.

If you want to combine the two to save cost, then put VoIP devices and their own subnet