Chap 10: Secure Communications and Network Attacks

Question 1

Understand PPP.

Answer 1

Point-to-Point Protocol (PPP) is an encapsulation protocol designed to support the transmission of IP traffic over dial-up or point-to-point links. The original PPP options for authentication were PAP, CHAP, and EAP.

Question 2

Define PAP, CHAP, and EAP.

Be able to provide examples of EAP.

Answer 2

PAP transmits usernames and passwords in cleartext. CHAP performs authentication using a challenge-response dialogue that cannot be replayed. EAP
allows customized authentication security solutions.

Over 40 EAP methods are defined, including LEAP,
PEAP, EAP-SIM, EAP-FAST, EAP-MD5, EAP-POTP, EAP-TLS, and EAP-TTLS.

Question 3

Understand IEEE 802.1X.

Answer 3

IEEE 802.1X defines the use of encapsulated EAP to support a wide range of authentication options for LAN connections. The IEEE 802.1X standard is formally named “Port-Based Network Access Control.”

Question 4

Understand voice communications security.

Answer 4

Voice communications are vulnerable to many attacks, especially as voice communications become an important part of network services.

You can obtain confidentiality by using encrypted communications. Countermeasures must be deployed to protect against interception, eavesdropping, tapping, and other types of exploitation.

Be familiar with voice communication topics, such as POTS, PSTN, PBX, and VoIP.

Question 5

Know about port security.

Answer 5

Port security can mean the physical control of all connection points, such as RJ-45 wall jacks or device ports. Port security is the management of
TCP and User Datagram Protocol (UDP) ports. Port security can also refer to the need to authenticate to a port before being allowed to communicate through or across the port (i.e., IEEE 802.1X).

Question 6

Know the threats associated with PBX systems and the countermeasures to PBX fraud.

Answer 6

Countermeasures to PBX fraud and abuse include many of the same precautions you would employ to protect a typical computer network: logical or technical controls, administrative controls, and physical controls.

Question 7

Understand the security issues related to VoIP.

Answer 7

VoIP is at risk for caller ID spoofing, vishing, call manager software/firmware attacks, phone hardware attacks, DoS, MitM/on-path attacks, spoofing, and switch hopping.

Question 8

Recognize what phreaking is.

Answer 8

Phreaking is a specific type of attack in which various types of technology are used to circumvent the telephone system to make free long-distance calls,
to alter the function of telephone service, to steal specialized services, or to cause service disruptions.
A phreaker is an attacker who performs phreaking.

Question 9

Understand the issues of remote access security management.

Answer 9

Remote access security management requires that security system designers address the hardware and software components of an implementation along with issues related to policy, work tasks, and encryption.

Question 10

Know various issues related to remote access security.

Answer 10

Be familiar with remote access, dial-up connections, screen scrapers, virtual applications/desktops, and general telecommuting security concerns.

Question 11

Understand multimedia collaboration.

Answer 11

Multimedia collaboration is the use of various multimedia-supporting communication solutions to enhance distance collaboration and communications.

Question 12

Know the purpose of load balancers.

Answer 12

The purpose of load balancing is to obtain more
optimal infrastructure utilization, minimize response time, maximize throughput, reduce overloading, and eliminate bottlenecks. A load balancer is used to spread or distribute network traffic load across several network links or network devices.

Question 13

Understand active/active.

Answer 13

An active-active system is a form of load balancing that uses all available pathways or systems during normal operations. But has reduced capacity in adverse conditions.

Question 14

Understand active/passive.

Answer 14

An active-passive system is a form of load balancing that keeps some pathways or system in an unused dormant state during normal operations. And is able to maintain consistent capacity during abnormal conditions.

Question 15

Understand how email security works.

Answer 15

Internet email is based on SMTP, POP3, and IMAP.
It is inherently insecure. It can be secured, but the methods used must be addressed in a security policy. Email security solutions include using S/MIME, PGP, DKIM, SPF, DMARC, STARTTLS, and Implicit SMTPS.

Question 16

Know how to protect data communications.

Answer 16

Protections should include implementations of secure VoIP, VPNs, VLANs, and NAT.

Question 17

Understand virtualized networks.

Answer 17

A virtualized network or network virtualization is the
combination of hardware and software networking components into a single integrated entity. Examples include software-defined networks (SANs), VLANs, VPNs, virtual switches, virtual SANs, guest operating systems, port isolation, and NAT.

Question 18

Define tunneling.

Answer 18

Tunneling is the encapsulation of a protocol-deliverable message within a second protocol. The second protocol often performs encryption to protect the message
contents.

Question 19

Understand VPNs.

Answer 19

VPNs are based on encrypted tunneling. They can offer authentication and data protection as a point-to-point solution. Common VPN protocols are PPTP, L2TP,
SSH, TLS, and IPsec.

Question 20

Understand split vs. full tunnel.

Answer 20

A split tunnel is a VPN configuration that allows a
VPN-connected client system (i.e., remote node) to access both the organizational network over the VPN and the internet directly at the same time. A full tunnel is a VPN configuration in which all of the client’s traffic is sent to the organizational network over the VPN link,
and then any internet-destined traffic is routed out of the organizational network’s proxy or firewall interface to the internet.

Question 21

Be able to explain NAT.

Answer 21

NAT protects the addressing scheme of a private network, allows the use of the private IP addresses, and enables multiple internal clients to obtain internet
access through a few public IP addresses. NAT is supported by many security border devices, such as firewalls, routers, gateways, WAPs, and proxies.

Question 22

Know about third-party connectivity.

Answer 22

Most organizations interact with outside third-party
providers. Most of these external entities do not need to interact directly with an organization’s IT/IS. However, for those few that do, it is important to consider the risks and ramifications. This includes partnerships, cloud services, and remote workers.

Question 23

Understand the difference between packet switching and circuit switching.

Answer 23

In circuit switching, a dedicated physical pathway is created between the two communicating parties.
Packet switching occurs when the message or communication is broken up into small segments
and sent across the intermediary networks to the destination. Within packet-switching systems are two types of communication paths, or virtual circuits: permanent virtual circuits (PVCs) and switched virtual circuits (SVCs).

Question 24

Understand the various network attacks and countermeasures associated with communications
security.

Answer 24

Communication systems are vulnerable to many attacks, including distributed denial-of-service (DDoS), eavesdropping, impersonation, replay, modification, spoofing, and ARP and DNS attacks. Be able to supply effective countermeasures for each.