Chapter 10 - Network Security

Question 1

What are sone of the potential losses associated with security breaches?

Answer 1

• reduced customer confidence
• loss of income when systems are offline
• cost of lawsuits for disclosure of private information

Question 2

True or False: The value of an organization’s data and applications typically exceeds the cost of the physical network.

Answer 2

True

Question 3

What are the primary goals of network security?

Answer 3

• confidentiality: protection from unauthorized disclosure of data.
• integrity: assurance that data has not been altered or destroyed.
• availability: providing continuous operations of hardware and software.

Question 4

Business continuity involves preventing what three things to ensure that operations remain ongoing?

Answer 4

• disruption: loss or reduction in network service
• destruction: viruses or hard disk crash destroy data
• disaster: may destroy servers or network elements and circuits.

Question 5

What are network controls?

Answer 5

mechanisms (such as software, hardware, rules or procedures) that are designed to reduce or eliminate the threats to network security.

Question 6

What are the three main types of controls?

Answer 6

• preventative controls
• detective controls
• corrective controls

Question 7

What is the purpose of a risk assessment?

Answer 7

A risk assessment is used to assign a level of risk to various threats by comparing them to the controls in a control spreadsheet.

Question 8

With a risk assessment you must identify what two things?

Answer 8

Assets and threats

Question 9

The value of an organization’s assets are a function of what three things?

Answer 9

• straight replacement cost
• personnel time to replace asset
• lost revenue due to absence of the asset

Question 10

Threats are ranked based on what two things?

Answer 10

• probability of occurrence

- likely cost if the threat materializes

Question 11

Describe the two pronged approach to continuity planning

Answer 11

• development of controls (to prevent events from having a major impact
• disaster recovery plan (to recover lost data after a disaster)

Question 12

What is the difference between a virus and a worm?

Answer 12

• a virus is a malware program that replicates itself by spreading from one computer to another through human intervention.
• a worm is malware that spreads copies of itself from computer to computer without human intervention.

Question 13

What are DoS and DDoS attacks?

Answer 13

Denial of Service attacks (DoS) are when an attacker bombards a server with requests so that its processor is pushed to very high usage levels. This makes it difficult to service legitimate user requests.
Distributed Denial of Service (DDoS) involves a DoS attack launched from thousands of computers from around the internet.

Question 14

Name four methods for combating DoS attacks

Answer 14

• use multiple dispersed redundant servers
• traffic filtering (verify source IP address… not very effective)
• traffic limiting (limit aggregate rate of packets for all users)
• intrusion detection and prevention system (IDS/IPS) (perform traffic analysis to determine normal traffic patterns and block anything abnormal)

Question 15

How can redundancy help improve device failure protection? Give four examples.

Answer 15

If one fails the organization can make use of a backup (redundancy)
Examples:
- Uninterruptible Power Supply (UPS) (detect power surges so that the user can unplug and save data)
- Redundant Array of Inexpensive Disks (RAID) (also called disk mirroring - save data on storage disks)
- Server Clustering
- Web Clustering (decentralize network resources)

Question 16

Name as many of the 9 elements of a disaster recovery plan as you can

Answer 16

• names of decision making managers
• staff assignments and responsibilities
• list priorities for “first fix”
• location of alternative facilities
• recovery procedures for communication facilities
• actions to be takes in case of damage or threats
• manual processes after damage
• plan for updating and testing procedures
• safe storage of the DRP itself

Question 17

Describe a two level disaster recovery plan DRP

Answer 17

level 1 - internal:
- build enough capacity and keep enough spare equipment to recover from minor disaster
level 2 - external DRP outsourcing:
- rely on professional disaster recovery firms

Question 18

Describe intrusion and list the four types of intruders

Answer 18

Intrusion is when there is unauthorized access to a controlled resource (data and equipment)
Intruder types:
- casual intruders (limited knowledge playing with hacking)
- security experts (hackers and crackers (hackers who cause damage))
- professional hackers (break into computers for a purpose)
- employees and partners (Legitimate access to network but gain access to information that they are not authorized to use)

Question 19

What is the role of network perimeter security? What is it intended to protect?

Answer 19

network perimeter security is intended to stop intruders at the perimeter of the network.
It protects access points to the network such as:
- internet
- wired LAN
- wireless LAN 
it protects these access points using:
- perimeter security firewall 
- network address translation 
- physical security

Question 20

What is a firewall?

Answer 20

a device or software designed to block data packets that do not conform to a specific set of rules

Question 21

True or false: firewalls can be hardware based or software based.

Answer 21

true

Question 22

Name four commonly used firewalls and describe each of them

Answer 22

• packet-level (examines the source and destination TCP&IP addresses of packets and allows or denies passage based on the access control list (ACL) rules.)
• stateful firewall (maintains information on the state of connections and performs Stateful Packet Inspections (SPI))
• application-level (controls input, output and access to a specific application or service. Also performs high-level analysis based on reassembled packet stream)
• network address translation (NAT) (used to translate a private IP address to a public routable IP address)

Question 23

What are the four states of a stateful firewall?

Answer 23

• new
• established
• related
• invalid

Question 24

Draw the typical firewall architecture

Answer 24

slide 36

Question 25

Name three methods of reducing risk associated with personnel security

Answer 25

• provide proper security education
• perform background checks
• implement error and fraud controls

Question 26

What are the three main threats associated with server and client protection (intrusion prevention). Describe each.

Answer 26

• security holes (a bug that permits unauthorized access)
• operating systems (tradeoff between security and ease of use in operating systems)
• trojan horses (remote access management consoles that enable users to access a computer and manage it from afar)

Question 27

What is a zero-day attack?

Answer 27

when hackers attempt to break into networks through a hole before a patch is available.

Question 28

Name some common trojan types

Answer 28

• spyware
• adware
• distributed DoS

Question 29

What is encryption?

Answer 29

encryption is the process of disguising information by mathematical rules.

Question 30

What are the main components of encryption systems?

Answer 30

• plaintext (unencrypted message)
• encryption algorithm (function used to encipher the plaintext)
• key (a set of characters combined with the plaintext by an algorithm)
• ciphertext (produced from plaintext by encryption function)

Question 31

Name and describe three encryption techniques

Answer 31

• symmetric encryption (uses same algorithm and key for encryption and decryption)
• asymmetric encryption (uses two different keys with “one way” encryption functions - public key and private key)
• digital signatures (variation of public key encryption)

Question 32

What are the main criticisms of symmetric encryption?

Answer 32

• data is vulnerable to interception
• key management is very challenging
• can be cracked by trying all of the key combinations

Question 33

Draw the diagram for symmetric encryption

Answer 33

slide 37

Question 34

How does asymmetric encryption address the key management issue?

Answer 34

with public and private keys:

• sender uses one key (private or public) to encrypt
• receiver uses the opposite key to decrypt
• same key cannot be used to encrypt and decrypt, therefore, no sensitive key information is exchanged

Question 35

Draw the diagram for asymmetric encryption

Answer 35

slide 38

Question 36

What is a hash function and when is it used?

Answer 36

a hash function maps message data of arbitrary length to numeric data of a fixed length. It is used to encrypt and decrypt a digital signature.

Question 37

What are the three attributes of the hash function?

Answer 37

• deterministic (same result every time with same input)
• fixed length output (128 bits regardless of input)
• extremely low probability of collision (different inputs do not create the same output)

Question 38

What is a digital signature?

Answer 38

a digital signature is the hash of (data + other info) encrypted using the sender’s private key

Question 39

How are digital signatures verified?

Answer 39

digital signatures are verified by generating the hash on the original data. If both hash values match then the data is legitimate.

Question 40

Draw the diagram for digital signatures

Answer 40

slide 39-41

Question 41

What are the three elements of the Public Key Infrastructure (PKI)?

Answer 41

• Certificate Authority (CA)
• Certificate
• Fingerprint (only for higher security messages)

Question 42

Describe the PKI Public Key Infrastructure process

Answer 42

• user registers with certificate authority (CA)
• CA issues digital certificate
• user disseminates or installs certificate on server
• customer authenticates identity with CA’s public key

Question 43

What are the three basis of user authentication?

Answer 43

• something you know (password)
• something you have (smart card)
• something you are (biometric)

Question 44

Describe central authentication and its benefits

Answer 44

Log in server is used to authenticate the user and issue a certificate. The primary benefit is that users do not have to enter their authentication information as often.

Question 45

What is social engineering?

Answer 45

• breaking security simply by asking how
• attacker’s impersonate employee to gain access to sensitive data
• phishing is an example of social engineering

Question 46

What is IDS/IPS? Describe each.

Answer 46

Intrusion Detection System:
- monitors traffic and alerts operator when abnormal patterns are found. Uses signature analysis and/or anomaly detection.
Intrusion Prevention System:
- IDS functions + blocks malicious activity

Question 47

Name three ways that an Intrusion Prevention System (IPS) detects unauthorized access

Answer 47

• network-based IPS (link and monitor packets and report intrusions)
• host-based IPS (HIPS) (monitor all activity on server as well as in/out traffic)
• application based IPS (special form of host-based IPS. Application-based firewall runs on host.)

Question 48

Name two techniques used by IPS

Answer 48

• misuse detection (monitor activities of signatures with known attacks)
• anomaly detection (looks for anything that deviates from the norm)

Question 49

Draw the IPS firewall architecture

Answer 49

fuck it

Question 50

One method of intrusion recovery is called entrapment. Describe it

Answer 50

entrapment - use a honey pot:

- involves diverting attackers to a fake server and monitoring access to this server to use as proof of an attack