Chapter 4 Securing Your Network Flashcards
What does IDS stand for?
Intrusion Detection System
What does IPS stand for?
Intrusion Prevention System
What does an IDS do?
An IDS monitors a network and send alerts when they detect suspicious events on a system or network.
What does an IPS do?
An IPS reacts to attacks in progress and prevent them from reaching systems and networks.
What does HIDS stand for?
Host-based Intrusion Detection System
What does an HIDS do?
An HIDS provides protection to the individual host and can detect potential attacks and protect critical operating system files.
Describe the logistics of an HIDS
An HIDS is additional software installed on a system such as a workstation or server.
What is the primary goal for an HIDS?
To monitor traffic
True or False : An HIDS can help with detecting malware?
True
Because of this, many organizations install a HIDS on every workstation as an extra layer of protection in addition to traditional antivirus software.
What does NIDS stand for?
Network-based Intrusion Detection System
What does an NIDS do?
An NIDS monitors activity on the network.
List some devices NIDS sensors and collectors would be installed on
Routers, Firewalls
True or False: An NIDS can decrypt/encrypt network traffic
False
An NIDS can only monitor and assess threats on the network from traffic sent in plaintext or nonencrypted traffic.
What does a tap or port mirror do and how is this beneficial for NIDS?
Allows administrators to send all traffic to a single port. It can be used as a tap to send all switch data to a sensor or collector, and forward this to a NIDS.
True or False: An IDS can prevent an intrusion
False
An IDS can only detect an intrusion
What is an attack?
Any attempt to compromise CIA - confidentiality, integrity, and/or availability
What are the two primary methods of detection?
Signature-based and heuristic ( behavioral-based)
What does a signature-based IDS do?
A signature-based IDS uses a database of known vulnerabilities or known attack patterns.
What does a heurist(behavioral-based) IDS do?
A heuristic(behavioral-based) IDS provides continuous monitoring by constantly comparing current network behavior against the baseline. When the IDS detects abnormal activity (outside normal boundaries as identified in the baseline), it gives an alert indicating a potential attack.
What is a zero-day exploit?
A zero-day exploit is where there is no patch available for the vulnerability
How does an IDS utilize logs?
An IDS analyzes logs (real-time or regular intervals) to provide insight on trends which detect a pattern of attacks and provide insight into how to better protect a network.
What triggers an IDS to report an alert or an alarm?
Rules configured within the IDS
____ is an alert or alarm on an event that is nonthreatening, benign, or harmless
A false positive
____ is when an attacker is actively attacking the network, but the system does not detect it.
A false negative
What is inline/in-band monitoring?
Monitoring of traffic passing thru with potential to block
____ is considered inline/in-band monitoring
An IPS
What is out-of-band/passive monitoring?
Monitoring of traffic but not able to block
____ is considered out-of-band/passive monitoring
An IDS
What does an SSL/TLS accelerator do?
It frees up the primary computer’s resources, such as CPU power and RAM by performing the process of establishing the HTTPS session, negotiating the best security supported by both the client and the server, sharing encryption keys, and encrypting session data
What does an SSL Decryptor do?
Intermediary device that establishes HTTPS connections between all end points and decrypts traffic to monitor for suspicious and malicious activity
What does SDN stand for?
Software Defined Network
What does an SDN do?
An SDN separates data plane and control plane traffic through virtualization and not physical network devices
What is the data plane?
The data plane is the part of the network that carries the traffic
What is the control plane?
The control plane is the logic used to direct network traffic
What is a honeypot?
A honeypot is a server that is not tightened and secure or extremely vulnerable to attacks to serve as a diversion for attackers.
What are the two primary goals of a honeypot?
- Divert attackers from the live network
2. Allow observation of an attacker
What is a honeynet?
A group of honeypot servers within a separate network zone but accessible from an orgs primary network
_____ is a port-based authentication protocol
IEEE 802.1x
In wireless networking what does AP/WAP stand for?
Access point/wireless access point
True or false: All wireless routers are APs
True
True or false: All APs are routers
False
What is a fat AP?
An AP which includes everything needed to connect wireless clients to a wireless network. It typically includes features such as a routing component, NAT, DHCP, wireless security options, access control lists (ACLs), and more.
True or False: Fat APs must be configured separately from each other
True
What is a thin AP?
An AP that is managed by a controller and is not stand-alone
What are the two primary radio bands used in wireless networks?
2.4gHz and 5.0gHz
____ channels are more likely to overlap with other wireless devices and this interference affects overall performance.
Wider
In wireless networks, what does SSID stand for?
Service Set Identifier
What does SSID represent?
The name of the wireless network
True or False: It’s a good idea to change the name of a default SSID. Explain why.
True
If a default SSID is left it could provide an attacker with details that he/she could leverage to exploit vulnerabilities
How would an attacker be able to determine the SSID of a wireless network if the broadcast is disabled?
Using a protocol analyzer, an attacker can view the probe frame responses which contain the SSID information.