Chapter 1

Question 1

What is Network Security?

Answer 1

The collection of security components assembled in a network to support secure internal and external communications. Network security depends upon host security. Network security operates to protect the network as a whole, rather than as individual systems.

Question 2

What is trust?

Answer 2

Confidence in the expectation that others will act in your best interest, or that a resource is authentic. On computer networks, trust is the confidence that other users will act in accordance with the organization’s security rules and not attempt to violate stability, privacy or integrity of the network and its resources.

Question 3

Who or What is Trustworthy?

Answer 3

Known quantities, trust builds over time through correct actions

Question 4

Why should you care about Network Security?

Question 5

Who is responsible for Network Security?

Question 6

What does a Common network look like?

Question 7

What do common network attacks look like?

Answer 7

MITM, Hijacking, Replay

Question 8

Access Control

Answer 8

The process or mechanism of granting or denying use of a resource; typically applied to users or generic network traffic.

Question 9

Appliance

Answer 9

A hardware product that is dedicated to a single primary function. The operating system or firmware of the hardware device is hardened and its use is limited to directly and exclusively supporting the intended function. Firewalls, routers, and switches are typical appliances.

Question 10

Asset

Answer 10

Anything you use in a business process to accomplish a business task.

Question 11

Auditing

Answer 11

Act of conducting an audit. Auditing can be the action of a system that is recording user activity and system events into an audit log. Auditing can also be the action of an auditor who checks for compliance with security policies and other regulations

Question 12

Auditor

Answer 12

Either an outside consultant or an internal member of the information technology staff. The auditor performs security audits, confirms that auditing is sufficient, and investigates audit trails produced by system auditing. In the case of regulatory compliance, auditors should be external and independent of the organization under audit.

Question 13

Authentication

Answer 13

The security service of the combination of authentication and access control (authorization) that provides either the identity of the sender of a message or controls who is the receiver of a message.

Question 14

Authorization

Answer 14

Defining what users are allowed and not allowed to do. Also known as access control.

Question 15

Availability

Answer 15

When a system is usable for its intended purpose. The security service that supports access to resources in a timely manner. If avail-ability becomes compromised, a denial of service is taking place.

Question 16

Backdoor

Answer 16

Unauthorized access to a system. A backdoor is any access method or pathway that circumvents access or authentication mechanisms.

Question 17

Blacklist

Answer 17

A type of filtering in which all activities or entities are permitted except for those on the blacklist. Also known as a block list.

Question 18

Bottleneck

Answer 18

Any restriction on the performance of a system. Can be caused by a slower component or a pathway with insufficient throughput. A bottle-neck causes other components of system to work slower than their optimum rate.

Question 19

Breach

Answer 19

Any compromise of security. Any violation of a restriction or rule whether caused by an authorized user or an unauthorized outsider.

Question 20

Bridge

Answer 20

A network device that forwards traffic between networks based on the MAC address of the Ethernet frame. A bridge forwards only packets whose destination address is on the opposing network.

Question 21

Business Task

Answer 21

Any activity necessary to meet an organization’s long-term goals. Business tasks are assigned to employees and other authorized personnel via their job descriptions.

Question 22

Caching

Answer 22

Retention of Internet content by a proxy server. Various internal clients may access this content and provide it to subsequent requesters without the need to retrieve the same content from the Internet repeatedly.

Question 23

Chokepoint

Answer 23

Similar to a bottleneck, but deliberately created within a network infrastructure. A chokepoint is a controlled pathway through which all traffic must cross. At this point, filtering to block unwanted communication or monitoring can occur.

Question 24

Client

Answer 24

A host on a network. A client is the computer system, which supports user interaction with the network. Users employ a client to access resources from the network. Users can also employ a client generically as any hardware or software product to access a resource. For example, standard e-mail software is a client.

Question 25

Client/server network

Answer 25

A form of network where certain computers are designated as “servers” to host resources shared with the network. The remaining computers are designated as “clients” to enable users to access shared resources. Most client/server networks employ directory services and single sign-on. Also known as a domain.

Question 26

Confidentiality

Answer 26

The security service of preventing access to resources by unauthorized users, while supporting access to authorized users.

Question 27

Defense in depth

Answer 27

A tactic of protection involving multiple layers or levels of security components. Based on the idea that multiple protections create a cumulative effect that will require an attacker to breach all layers, not just one.

Question 28

Demilitarized zone (DMZ)

Answer 28

A type of perimeter network used to host resources designated as accessible by the public from the Internet.

Question 29

Denial of service (DOS) attack

Answer 29

A form of attack that attempts to compromise availability. DoS attacks are usually of two types: flaw exploitation and flooding. DDoS (Distributed Denial of Service) often involves the distribution of robots, zombies, or agents to thousands or millions of systems that are then used to launch a DoS attack against a primary target.

Question 30

Directory service

Answer 30

A network service that maintains a searchable index or database of network hosts and shared resources. Often based on a domain name system (DNS). An essential service of large networks.

Question 31

Domain

Answer 31

A client/server network managed by a directory service.

Question 32

Domain Name System (DNS)

Answer 32

A network service that resolves fully qualified domain names (FQDNs) into their corresponding IP address. DNS is an essential service of most networks and their directory services.

Question 33

Downtime

Answer 33

Any planned or unplanned period when a network service or resource is not avail-able. Downtime can be caused by attack, hardware failure, or scheduled maintenance. Most organizations strive to minimize downtime through security and system management.

Question 34

Egress Filtering

Answer 34

Filtering traffic as it attempts to leave a network, which can include monitoring for spoofed addresses, malformed packets, unauthorized ports and protocols, and blocked destinations.

Question 35

Encapsulation

Answer 35

The process of enclosing or encasing one protocol or packet inside another protocol or packet. Also known as “tunneling.” Encapsulation allows for communications to cross intermediary networks that might be incompatible with the original protocol. Encapsulation is distinct from encryption, but many encapsulation protocols include encryption.

Question 36

Encryption

Answer 36

The process of converting original data into a chaotic and unusable form to protect it from unauthorized third parties. Decryption returns the data back to its original, usable form.

Question 37

Exploit

Answer 37

An attack tool, method, or technique a hacker uses to take advantage of a known vulnerability or flaw in a target system.

Question 38

Extranet

Answer 38

A type of perimeter network used to host resources designated as accessible to a limited group of external entities, such as business partners or suppliers, but not by the public. Often, access to an extranet requires the use of a virtual private network or VPN, especially when access originates from the Internet.

Question 39

Filtering

Answer 39

The process of inspecting content against a set of rules or restrictions to enforce allow-and-deny operations on that content. Firewalls and other security components use filtering.

Question 40

Firewall

Answer 40

A network security device or host soft-ware that filters communications, usually network traffic, based on a set of predefined rules. Unwanted content is denied and authorized content is allowed. Also known as a sentry device.

Question 41

Fully qualified domain name (FQDN)

Answer 41

A complete Internet host name including a top-level domain name, a registered domain name, possibly one or more sub-domain names, and a host name. Examples include: www.itttech.edu and maps.google.com.A DNS is used to resolve FQDNs into IP addresses.

Question 42

Hacker

Answer 42

A person who performs hacking. Modern use of this term now implies malicious or criminal intent by the hacker, although criminals are more correctly known as “crackers.” An “ethical hacker” obtains the permission of the owner of a system before hacking.

Question 43

Hacking

Answer 43

The act of producing a result not intended by the designer of a system. Hackers may perform such acts out of curiosity or malice. Malicious hacking is known as “cracking,” but many people typically call all these actions “hacking,” regardless of intent.

Question 44

Hardening

Answer 44

The process of securing or locking down a host against threats and attacks. This can include removing unnecessary software, installing updates, and imposing secure configuration settings.

Question 45

Hijacking

Answer 45

This attack occurs when a hacker uses a network sniffer to watch a communications session to learn its parameters. The hacker then disconnects one of the session’s hosts, impersonates the offline system, and then begins injecting crafted packets into the communication stream. If successful, the hacker takes over the session of the offline host, while the other host is unaware of the switch

Question 46

Host

Answer 46

A node that has a logical address assigned to it, usually an IP address. This typically implies that the node operates at and/or above the Network Layer. This would include clients, servers, firewalls, proxies, and even routers. The term excludes switches, bridges, and other physical devices such as repeaters and hubs. In most cases, a host either shares or accesses resources and services from other hosts.

Question 47

HOSTS file

Answer 47

A static file on every IP-enabled host where FQDN-to-IP address resolutions can be hard-coded.

Question 48

Ingress filtering

Answer 48

Filtering traffic as it attempts to enter a network. This can include monitoring for spoofed addresses, malformed packets, unauthorized ports and protocols, and blocked destinations.

Question 49

Integrity

Answer 49

The security service of preventing unauthorized changes to data.

Question 50

Internet Protocol Security (IPSec)

Answer 50

IP protocol encryption services extracted from IPv6 to be used as an add-on component for IPv4. IPSec provides tunnel mode and transport mode encrypted Network Layer connections between hosts and/or networks.

Question 51

Intrusion detection system (IDS)

Answer 51

A security mechanism to detect unauthorized user activities, attacks, and network compromise. An IDS can respond in a passive manner through alerts and logging or in an active manner by disconnecting an offending session.

Question 52

Intrusion prevention system (IPS)

Answer 52

A security mechanism to detect and prevent attempts to breach security.

Question 53

Job description

Answer 53

An essential part of security and an extension of the written security policy. The job description defines the business tasks for each person within the organization. This in turn prescribes the authorization personnel need to accomplish these assigned tasks.

Question 54

Local area network (LAN)

Answer 54

A network confined to a limited geographic distance. Generally, a LAN is comprised of segments that are fully owned and controlled by the host organization as opposed to using lines leased from telcos

Question 55

Log

Answer 55

A log is a recording or notation of activities. Many security services, applications, and network resources automatically create a log of all events. Also known as an event log or a log file.

Question 56

Logging

Answer 56

The act of creating or recording events into a log. Similar to auditing and monitoring.

Question 57

Malicious Code

Answer 57

Any software that was written with malicious intent. Administrators use anti-virus and anti-malware scanners to detect and prevent malicious code (also known as malware) from causing harm within a private network or computer.

Question 58

Man-in-the-middle attack

Answer 58

This attack occurs when a hacker is positioned between a client and a server and the client is fooled into connecting with the hacker computer instead of the real server. The attack performs a spoofing attack to trick the client. As a result, the connection between the client and server is proxied by the hacker. This allows the hacker to eavesdrop and manipulate the communications.

Question 59

Media access control (MAC) address

Answer 59

The physical address assigned to a network interface by the manufacturer. The MAC address is a 48-bit binary address presented in as hexadecimal pairs separated by colons. The first half of a MAC address is known as the Organizationally Unique Identifier (OUI) or vender ID, the last half is the unique serial number of the NIC.

Question 60

Monitoring

Answer 60

The act of watching for abnormal or unwanted circumstances. Commonly used inter-changeably with logging and auditing.

Question 61

Network access control (NAC)

Answer 61

A mechanism that limits access or admission to a network based on the security compliance of a host.

Question 62

Network address translation (NAT)

Answer 62

A service that converts between internal addresses and external public addresses. This conversion is performed on packets as they enter or leave the network to mask and modify the internal client’s configuration. The primary purpose of NAT is to prevent internal IP and network configuration details from being discovered by external entities, such as hackers.

Question 63

Permission

Answer 63

An ability to interact with a resource that is granted or denied to a user through some method of authorization or access control, such as access control lists (ACLs)

Question 64

Port Address Translation (PAT)

Answer 64

An extension to network address translation (NAT) that permits multiple devices on a local area network (LAN) to be mapped to a single public IP address.

Question 65

Privacy

Answer 65

Keeping information about a network or system user from being disclosed to unauthorized entities. While typically focused on private information like a Social Security number, medical records, credit card number, cellular phone number, etc., privacy concerns extend to any data that represents personally identifiable information (also known as PII).

Question 66

Private IP Address

Answer 66

The ranges of IP addresses defined in RFC 1918 for use in private networks that are not usable on the Internet.

Question 67

Privilege

Answer 67

An increased ability to interact with and modify the operating system and desktop environment granted or denied to a user through some method of authorization or access control, such as user rights on a Windows system

Question 68

Proxy server

Answer 68

A network service that acts as a “middle man” between a client and server. A proxy can hide the identity of the client, filter content, perform NAT services, and cache content.

Question 69

Public IP address

Answer 69

Any address that is valid for use on the Internet. This excludes specially reserved addresses such as loopback (127.0.0.1– 127.255.255.255), RFC 1918 addresses, and the Windows APIPA addresses (169.254.0.0– 169.254.255.255). Organizations lease public addresses from an Internet Service Provider (ISP).

Question 70

Redundancy

Answer 70

The feature of network design that ensures the existence of multiple pathways of communication. The purpose is to prevent or avoid single points of failure.

Question 71

Remote access

Answer 71

A communications link that enables access to network resources using a wide area network (WAN) link to connect to a geographically distant network. In effect, remote access creates a local network link for a system not physically local to the network. Over a remote access connection, a client system can technically perform all the same tasks as a locally connected client, with the only difference being the speed or the bandwidth of the connection.

Question 72

Remote access server (RAS)

Answer 72

A network server that accepts inbound connections from remote clients. Also known as a network access server (NAS).

Question 73

Remote control

Answer 73

The ability to use a local computer system to remotely take control of another computer over a network connection. Often used for remote technical assistance

Question 74

Replay attack

Answer 74

This attack occurs when a hacker uses a network sniffer to capture network traffic and then retransmits that traffic back on to the network at a later time. Replay attacks often focus on authentication traffic in the hope that retransmitting the same packets that allowed the real user to log into a system will grant the hacker the same access.

Question 75

Resources

Answer 75

Any data item or service available on a computer or network accessible by a user to perform a task.

Question 76

RFC 1918 addresses

Answer 76

IP addresses that, by convention, are not routed outside a private or closed network. Class A: 10.0.0.0–10.255.255.255; Class B: 172.16.0.0–172.31.255.255; Class C: 192.168.0.0–192.168.255.255

Question 77

Risk

Answer 77

The likelihood or potential for a threat to take advantage of a vulnerability and cause harm or loss. Risk is a combination of an asset’s value, exposure level, and rate of occurrence of the threat. A goal of security is to recognize, understand, and eliminate risk.

Question 78

Roles

Answer 78

or job role A collection of tasks and responsibilities defined by a security policy or job description for an individual essential productivity, or security position.

Question 79

Router

Answer 79

A network device responsible for directing traffic towards its stated destination along the best-known current available path.

Question 80

Security Objective

Answer 80

Sets of stated purposes or targets for network security activity. Standard objectives are confidentiality, integrity, and avail-ability. Objectives are generally more oriented towards achieving or maintaining the goals, such as ensuring the confidentiality of resources.

Question 81

Security Policy

Answer 81

A written document prescribing security goals, missions, objectives, standards, procedures, and implementations for a given organization. Also identifies what assets need protection based on their value.

Question 82

Senior Management

Answer 82

The individual or group of highest controlling and responsible authority within an organization. Ultimately the success or failure of network security rests with senior management.

Question 83

Server

Answer 83

A host on a network. A server is the computer system that hosts resources accessed by users from clients.

Question 84

Single point of failure

Answer 84

Any element of a system or network infrastructure, which is the primary or only pathway through which a process occurs. The compromise of such an element could result in system failure. Network design should avoid single points of failure by including redundancy and defense in depth.

Question 85

Sniffer

Answer 85

A software utility or hardware device that captures network communications for investigation and analysis. Also known as packet analyzer, network analyzer, and protocol analyzer.

Question 86

SOHO (small office, home office)

Answer 86

Any small network, workgroup, or client/server, deployed by a small business, a home-based business, or just a family network in a home.

Question 87

Switch

Answer 87

A device, which provides network segmentation through hardware. Across a switch, temporary dedicated electronic communication pathways are created between the endpoints of a session (such as a client and server). This switched pathway prevents collisions. Additionally, switches allow the communication to use the full potential throughput capacity of the network connection, instead of 40 percent or more being wasted by collisions (as occurs with hubs).

Question 88

Telco

Answer 88

Short for telecommunications company or corporation. Used to refer to any company that sells or leases WAN connection services whether wired or wireless.

Question 89

Terminal Services/Server/Session

Answer 89

A modern form of legacy thin client operation. A thin client software utility connects to a central terminal server, which simulates remote control. A terminal service system can support multiple simultaneous terminal client connections. When terminal services are in use, the client workstation coverts to thin client status. All operations of storage and processing then take place on the terminal server.

Question 90

Thin client computing

Answer 90

A legacy terminal concept used to control mainframes. Thin clients had no local processing or storage capability. Modern thin clients simulate these limitations and perform all operations on the terminal server, remote control server, or thin client server

Question 91

Threat

Answer 91

Any potential harm to a resource or node on the network. Threats can be natural or artificial, caused by mother nature or man, or by the result of ignorance or malicious intent. Threats originate internally and externally.

Question 92

Trust

Answer 92

Confidence in the expectation that others will act in your best interest, or that a resource is authentic. On computer networks, trust is the confidence that other users will act in accordance with the organization’s security rules and not attempt to violate stability, privacy, or integrity of the network and its resources.

Question 93

Tunneling

Answer 93

The act of transmitting a protocol across an intermediary network by encapsulating it in another protocol.
See also Encapsulation.

Question 94

Virtual private network (VPN)

Answer 94

A mechanism to establish a secure remote access connection across an intermediary network, often the Internet. This allows inexpensive insecure links to replace expensive security links. VPNs allow for cheap long-distance connections established over the Internet. Both endpoints need only a local Internet link. The Internet itself serves as a “free” long-distance carrier. VPNs employ encapsulation and tunneling protocols, such as IPSec.

Question 95

Vulnerability

Answer 95

A weakness or flaw in a host, node, or any other infrastructure component that a hacker can discover and exploit. Security manage-ment aims to discover and eliminate such vulnerabilities.

Question 96

Whitelist

Answer 96

A type of filtering concept where the network denies all activities except for those on the white list. Also known as an “allow” or “permissions list.”

Question 97

Wide area network (WAN)

Answer 97

A network not limited by any geographic boundaries. A WAN network can span a few city blocks, reach across the globe, and even extend into outer space. A distinguishing characteristic of a WAN is its use of leased or external connections and links. Often, telcos own these external connections.

Question 98

Workgroup

Answer 98

A form of networking where each computer is a peer. Peers are equal to each other in terms of how much power or controlling authority any one system has over the other members of the same workgroup. All workgroup members are on equal footing because they can manage their own local resources and users, but not those of any other workgroup member.

Question 99

Zero day exploits

Answer 99

New and previous unknown attacks for which are there no current specific defenses. “Zero day” refers to the newness of an exploit, which may be known in the hacker community for days or weeks. When such an attack occurs for the first time, defenders are given zero days of notice (hence the name.) Such attacks usually exploit previously unidentified system flaws.

Question 100

Zeroization

Answer 100

The process of purging a storage device by writing zeros to all addressable locations on the device. A zeroized device contains no data remnants that other users could potentially recover.

Question 101

Single sign-on (SSO)

Answer 101

A network security service that allows a user to authenticate to an entire domain through a single client log on process. All domain members will accept this single authentication. Local authorization is used to control access to individual resources. Such a single authentication can be more complex, since multiple logons for each individual server are not required.