Ch4: Securing Your Network Flashcards

1
Q

HIDS

A

Host-based intrusion detection system can monitor all traffic on a single host system to detect malicious activity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

NIDS

A

Network-based intrusion detection system is installed on network devices such as routers or firewalls to monitor network traffic and detect network-based attacks. Cannot monitor encrypted traffic or traffic on individual hosts

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

TCP handshake sequence

A

SYN, SYN/ACK, ACK

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

SYN flood attack

A

Attacker sends multiple SYN packets but never completes the handshake with an ACK

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Signature-based detection (IDSs)

A

Identifies issues based on known attacks or vulnerabilities and can detect known anomalies

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Heuristic/Behavioral-based detection (IDSs)

A

Can detect unknown anomalies by starting with a performance baseline of normal behavior and comparing network traffic against it to detect abnormal behavior

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

False positive

A

Indicates an attack is occurring when no attack is active (increases admins workload)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

False negative

A

System does not detect or report an attack that is actually occurring

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

An IPS can…

A

detect, react, and prevent attacks. It can actively monitor data streams, detect malicious content, and stop attacks in progress.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

An IDS can…

A

monitor and respond to an attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

IPS and IDS collect data differently because…

A

IPS is inline with the traffic - all traffic passes through the IPS (in-band). IDS collects data passively, not inline with the traffic (out-of-band)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

IPS is what type of control?

A

Preventive control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Honeypot

A

A “sweet”-looking server that has been left open or unsecured in order to divert attackers from the live network or allow observation of the attacker

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Honeynet

A

A group of honeypots within a separate network or zone, but accessible from an organization’s primary network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

IEEE 802.1x

A

Port-based authentication protocol that ensures only authorized clients can connect to a network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Fat AP

A

A stand-alone access point that is managed independently

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Thin AP

A

A controller-based AP managed by a wireless controller. The controller configures the AP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

SSID

A

Service set identifier identifies the name of the wireless network (you should change the name so it’s not ‘Netgear’)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

SSID Broadcasting

A

You can disable the SSID broadcast to hide the network from casual users, but it will not be hidden from an attacker with a wireless sniffer (and is not more secure)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

MAC filtering

A

Can restrict access to a wireless network to specific clients

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

To bypass MAC filtering…

A

use a wireless sniffer to discover the allowed MAC addresses, then configure your NIC to have one of the allowed MACs (spoof it)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Easy way to limit the range of an AP

A

Reduce the AP’s power level so people outside the intended area will be out of range

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

WPA

A

Wi-Fi Protected Access provided an immediate replacement for WEP and originally used TKIP. Later implementations support the stronger AES encryption

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

TKIP

A

Temporary Key Integrity Protocol is an older encryption protocol used with WPA (deprecated by IEEE due to security issues)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

WPA2

A

Permanent replacement for WEP and WPA. Supports CCMP (based on AES) which is much stronger than TKIP

26
Q

CCMP

A

Cipher Block Chaining Message Authentication Code Protocol

27
Q

PSK

A

Pre-shared key. Does not provide individual authentication

28
Q

Why does PSK not provide authentication?

A

Authentication is proving a user’s identity by using credentials. PSK is a pre-shared key or password. Simply providing a password with no username provides authorization but no authentication since no user’s identity was proven

29
Q

What modes can WPA and WPA2 operate in?

A

PSK or Enterprise mode (or Open mode)

30
Q

Open mode

A

No security, allows all users to use the AP

31
Q

Enterprise mode

A

Provides strong authentication. Uses an 802.1x server

32
Q

EAP

A

Extensible Authentication Protocol is an authentication framework that provides general guidance for authentication methods

33
Q

EAP-FAST

A

EAP-Flexible Authentication via Secure Tunneling supports certificates, but they are optional

34
Q

PEAP

A

Protected EAP encapsulates and encrypts the EAP conversation in a TLS tunnel. PEAP requires a certificate on the server, but not the clients

35
Q

EAP-TTLS

A

EAP-Tunneled TLS is an extension of PEAP allowing systems to use some older authentication methods (like PAP) within a TLS tunnel. Requires a certificate on the 802.1x server but not the clients

36
Q

EAP-TLS

A

One of the most secure EAP standards. Requires certificates on the 802.1x server and on each of the wireless clients

37
Q

Disassociation attack

A

Removes a wireless client from a wireless network, forcing it to reauthenticate

38
Q

WPS

A

Wi-Fi Protected Setup allows users to configure wireless devices by pressing buttons OR entering an 8-digit PIN

39
Q

WPS attack

A

Brute forces the 8-digit PIN within hours, then uses it to discover the passphrase

40
Q

Rogue AP

A

Provides access to unauthorized users and are often used to capture and exfiltrate data

41
Q

Evil twin

A

Rouge AP using the same SSID as a legitimate AP

42
Q

Bluejacking

A

Unauthorized sending of text messages to a nearby Bluetooth device

43
Q

Bluesnarfing

A

Unauthorized access to, or theft of information from, a Bluetooth device

44
Q

Prevent bluejacking and bluesnarfing by

A

Ensuring devices cannot be paired without manual user intervention

45
Q

Replay attack

A

Attacker captures data sent between two entities, modifies it, and attempts to impersonate on of the parties by resending the data

46
Q

Prevent network replay attacks by using

A

WPA2 with CCMP/AES. TKIP is vulnerable to replay attacks

47
Q

RFID attacks

A

Eavesdropping, replay, and DoS

48
Q

VPN

A

Virtual private network provides remote access to a private network via a public network.

49
Q

VPN concentrators

A

Dedicated devices used for VPNs that include all services needed to create a secure VPN supporting many clients

50
Q

IPsec

A

Internet protocol security is a secure encryption protocol used with VPNs

51
Q

ESP

A

Encapsulating Security Payload provides confidentiality, integrity, and authentication for VPN traffic

52
Q

IPsec Tunnel Mode

A

Used for VPN traffic, has protocol ID 50 for ESP

53
Q

IPsec authenticates clients using

A

IKE (Internet Key Exchange) over port 500

54
Q

Full tunnel

A

Encrypts all traffic after a user has connected to a VPN

55
Q

Split tunnel

A

Only encrypts traffic destined for the VPN’s private network

56
Q

NAC

A

Network access control includes methods to inspect clients for health, like having up-to-date AV software. NAC can restrict access of unhealthy clients to a remediation network. NAC can be used for VPN or internal clients

57
Q

NAC agents

A

Permanent agents are installed on the clients. Dissolvable agents are not installed and are often used to inspect employee-owned mobile devices

58
Q

PAP

A

Password Authentication Protocol uses a password or PIN, but send the information over a network in plaintext, making it susceptible to sniffing attacks.

59
Q

CHAP

A

Challenge Handshake Authentication Protocol is more secure than PAP because passwords are not sent over the network in cleartext

60
Q

Centralized authentication services

A

RADIUS, TACACS+, Diameter

61
Q

TACACS+

A

Proprietary to Cisco but can be used with Kerberos

62
Q

Diameter

A

Improvement over RADIUS and supports many additional capabilities like securing transmissions with EAP