Chapter 8 - Network Security

Question 1

What is a DDoS?

Answer 1

Distributed Denial of Service

Question 2

What is an IDS

Answer 2

Intrusion Detection System

Question 3

Why should we use network segmentation?

Answer 3

We can segment a network by dividing it into smaller networks called subnets. In this way subnets can be used to direct the flow of particular traffic, and technical problems can be isolated to a particular subnet and is easier to fix.

Question 4

What is a choke point?

Answer 4

A choke point is a point where network traffic is filtered to be inspected. Examples of choke points include routers that move traffic from one subnet to another, firewalls, proxies, and applications like email

Question 5

Why is redundancy a good network design element?

Answer 5

It gives us a backup when parts of our network fail so we can re-route traffic

Question 6

Define a firewall

Answer 6

a mechanism for maintaining control over the traffic that flows in and out of networks

Question 7

What is packet filtering and why is it susceptible to attacks?

Answer 7

Packet filtering looks at the content of each packet and makes a decision about whether or not to allow it through the firewall by examining source and destination IP addresses, protocol and port. This type of firewall is susceptible to attack because each packet is examined individually, and individual packets may be able to slip through the cracks

Question 8

What is a stateful firewall

Answer 8

A stateful firewall takes packet filtering a step further by monitoring traffic on all new or existing connections. Once a connection has been closed, the stateful firewall can identify any remaining packets flowing as illegitimate traffic.

Question 9

What is deep packet inspection?

Answer 9

Deep packet inspection adds an additional layer to our firewall. Deep packet inspection allows the firewall the ability to reassemble the content of packets to inspect what is inside before delivering it.

Question 10

What is a proxy server?

Answer 10

Proxy servers are a firewall that can serve as a choke point and also log traffic. Many companies rely on them to filter out malware and spam

Question 11

What does DMZ stand for and how are they used?

Answer 11

DMZ stands for demilitarized zone. A DMZ is a combo of a firewall and network design that gives an extra layer of protection between an external network and our internal system. We can set up filtering so that the only traffic flowing through a DMZ to our system is relevant and travelling on a particular port. A DMZ is a layer between the internal and external firewall

Question 12

What is HIDS

Answer 12

Host Based Intrusion Detection System

Question 13

What is APIDS

Answer 13

Application Based Intrusion Detection System

Question 14

What is NIDS

Answer 14

Network Based Intrusion Detection System

Question 15

Why is it important to place a NIDS carefully?

Answer 15

It is important to place NIDS carefully because they can be easily overloaded with traffic. We should place NIDS behind a firewall so that the traffic they have to inspect is not overwhelming

Question 16

What is signature based detection?

Answer 16

A signature based IDE looks for attacks with signatures that match a known attack signature in their database. This type of detection system is great for detecting known attacks but will not detect any new attacks (many of which are designed not to match any existing signatures.

Question 17

What is anomaly based detection?

Answer 17

Anomaly based detection looks for patterns on the network that are not normally present. This type of detection system is great for identifying new attacks but it also results in a lot of false positive detection.

Question 18

What are the pros and cons of using both signature based and anomaly based detection?

Answer 18

Using signature based and anomaly based detection will allow us to detect many more attacks (all the known + some unknown), It will however be expensive as far as resources on our operating system to use both types of detection at once, and may result in a lag in detection

Question 19

Why are wireless networks a security risk?

Answer 19

Free wireless networks are a large security risk because they do not use any type of encryption to protect the information travelling on the network. This is not an insurmountable issue, but it is a big one nonetheless

Question 20

What is a VPN and why/how do we use them?

Answer 20

VPN stands for virtual private network (also often referred to as a tunnel) that creates an encrypted connection between two points.

We use them to connect remotely to internal networks, as well as to gain anonymity for our IP addresses and the traffic that we are sending. VPN’s are often associated with illegal Peer to Peer sharing.

Question 21

How can the placement of an authorized wireless device threaten our security?

Answer 21

Wireless networks have a range of several miles. Placing an additional wireless device can extend that range. We can avoid this happening by keeping a log of all authorized wireless access points and scan for unauthorized ones on a regular basis.

Question 22

Why are FTP and POP protocols often not secure methods to use?

Answer 22

Because they tend to send sensitive information in plain-text, so anyone listening to traffic across the network could gain access to sensitive information

It is better to use SSH and SFTP which use public key encryption to protect our information

Question 23

What is penetration testing and what types of attacks can it protect against?

Answer 23

Penetration testing is conducting assessments on our own network regularly and thoroughly to look for holes in our security. As we update our software and reconfigure our network, our vulnerabilities will change, this is why it is important to test regularly. Penetration testing will only protect against known attacks, new attacks may not be able to be protected against

Question 24

What is Kismet?

Answer 24

Kismet is a tool for detecting wireless access points (authorized or otherwise), it is available for Linux but has a windows cousin NetStumbler

Question 25

What are scanners and why do we use them?

Answer 25

Scanners are a tool used for security testing and assessment that fall into two categories: port scanners and vulnerability scanners. One of the port scanners that we use is called Nmap. It scans ports and can also detect hosts on a network and find their operating systems and services running on any ports on our network

Question 26

What is a honeypot?

Answer 26

A honeypot is a trap that we can set for attackers with a known vulnerability or obvious sensitive information that will attract and attacker. We can then monitor the attacker, gain information about them and what they do during the attack. A honeypot can be expanded to a honeynet for increased efficiency.