Chapter 9 Network Security Implementation

Question 1

a framework for controlling access to computing resources. The remote networking protocols RADIUS, TACACS, TACACS+, and Diameter all have their own implementations

Answer 1

Authentication, Authorization, and Accounting (AAA)

Question 2

the method of uniquely validating a particular entity or individual’s credentials

Answer 2

Authentication

Question 3

Authentication Factors:

Answer 3

• Something you know, such as a password
• Something you have, such as a token or access card
• Something you are, including physical characteristics, such as fingerprints or a retina pattern.
• Somewhere you are or are not
• Something you do, for example a keystroke logger that measures how hard you press the keys while typing, or how long the keys remain pressed.

Question 4

any authentication scheme that requires validation of at least two of the possible authentication factors.

Answer 4

Multifactor Authentication (MFA)

Question 5

is an authentication scheme that requires validation of two authentication factors.

Answer 5

Two-factor authentication

Question 6

is a mechanism where a single user authentication provides access to all the devices or applications where the user has permission. The user need not enter multiple passwords each time he wants to access a device.

Answer 6

Single sign-on (SSO)

Question 7

a directory service protocol that defines how a client can access information, perform operations, and share directory data on a directory server.

Answer 7

Lightweight Directory Access Protocol (LDAP)

Question 8

an electronic document that associates credentials with a public key. The certificate validates the certificate holder’s identity and is also a way to distribute the holder’s public key.

Answer 8

Certificates

Question 9

is a popular open-source authentication protocol that is based on a time-sensitive ticket granting system. To use an SSO method in which the user enters access credentials that are then passed to the authentication server, which contains an access list and permitted access credentials.

Answer 9

Kerberos

Question 10

Kerberos authentication process:

Answer 10

1. A user logs on to the domain.
2. The user requests a Ticket Granting Ticket (TGT) from the Ticket Granting Service (TGS) on the authenticating server.
3. The authenticating server responds with a time-stamped TGT.
4. The user presents the TGT back to the authenticating server and requests a service ticket to access a specific resource.
5. The authenticating server responds with a service ticket.
6. The user presents the service ticket to the resource.
7. The resource authenticates the user and allows access.

Question 11

is a protocol that enables a server to provide standardized, centralized authentication for remote users. only encrypts passwords

Answer 11

Remote Authentication Dial-In User Service (RADIUS)

Question 12

are authentication protocols that prived centralized authentication and authorization services for remote users. includes process-wide encryption for authenticating, whereas RADIUS encrypts only passwords. uses TCP instead of UDP and supports multiple protocols

Answer 12

Terminal Access Controller Access Control System (TACACS) and (TACACS+)

Question 13

the backbone of Microsoft’s Remote Desktop system. Its capabilities include data encryption, remote audio and printing, access to local files, and redirection of the host’s disk drives and peripheral ports. Listens on port 3389

Answer 13

Remote Desktop Protocol (RDP)

Question 14

is a platform-independent desktop sharing system. client and server software is available for almost any operating system

Answer 14

Virtual Network Computing (VNC)

Question 15

is a general term for the collected protocols, policies, and hardware that govern access on network interconnections. Scans devices for conformance and allows or quarantines updates to meet policy standards

Answer 15

Network Access Control (NAC)

Question 16

is a standard for securing networks by implementing Extensible Authentication Protocol (EAP) as the authentication protocol over either a wired or wireless Ethernet LAN

Answer 16

IEEE 802.1x

Question 17

IEEE 802.1x characteristics include:

Answer 17

Employs an authentication service, such as RADIUS, to secure clients.
It is an IEEE standard used to provide a Port-based Network Access Control (PNAC), using the 802.11 protocols.
802.1x uses EAP to provide user authentication against a directory service

Question 18

a set of data (user names, passwords, time and date, IP addresses, media access control (MAC) addresses, and so on) that is used to control access to a resource such as a device, file, or network.

Answer 18

Access Control List (ACL)

Question 19

Type of Firewall
the simplest implementation of a firewall and work at the Network Layer (Layer 3) of the OSI model. Are usually part of a router.

Answer 19

Packet Filters

Question 20

Type of Firewall

work at the Session Layer (Layer 5) of the OSI model by monitoring the condition, or state, of the connection.

Answer 20

Stateful Inspection Firewall

Question 21

Type of Firewall
work at the Application Layer (Layer 7) of the OSI model and require incoming and outgoing packets to have a proxy to access services. Also known as Application-level gateways.

Answer 21

Proxy Firewalls

Question 22

combine the functions of a packet filter, a stateful inspections firewall, and a proxy firewall. They operate on all three OSI layers, Network, Session and Application, simultaneously.

Answer 22

Hybrid Firewall

Question 23

is a network security solution that is used to monitor and manage a wide variety of security-related applications and infrastructure components through a single management console. can be network appliances or a cloud service

Answer 23

Unified Threat Management (UTM)

Question 24

are protocols that do not expose data and/or credentials in cleartext, so they are less likely to allow for the credentials or data to be viewed and captured by someone else

Answer 24

Secure Protocols

Question 25

Used for managing devices on IP networks. Version 3 added cryptographic security to secure data and user credentials

Answer 25

Simple Network Management Protocol version3 (SNMPv3)

Question 26

Protocols that Aren’t Secure:

Answer 26

FTP
Telent
POP3
IMAP
SNMP V1 and V2

Question 27

Guidelines for Securing Ports and Services

Answer 27

• Determine which ports are currently open
• Determine which of the open ports are required to be open
• Close any ports that are not required to be open
• Determine which services are currently running
• Determine which of the running services are required
• Disable any services which are not required

Question 28

is an analysis technique that determines the coverage area of a wireless network, identifies any sources of interference, and establishes other characteristics of the coverage area.

Answer 28

Site Survey

Question 29

Wireless Network Security Considerations:

Answer 29

• The administrator should specify an SSID manually
• Another method of securing a wireless connection is by disabling the broadcast of the SSID of the wireless device.
• Do not use WPS (WiFi Protected Setup). If any devices on your network have WPS, disable it. When purchasing devices, try to obtain devices that do not include WPS.

Question 30

encrypts wireless communications. has many well-known security flaws.

Answer 30

Wired Equivalent Privacy (WEP)

Question 31

encrypts wireless communications, making them less vulnerable to unauthorized access. It offers better security than WEP. Temporal Key Integrity Protocol (TKIP) is what provides the encryption for the WPA protocol.

Answer 31

Wi-Fi Protected Access (WPA)

Question 32

This is the one that should be used. The use of CCMP-AES is an improvement in encryption over TKIP-RC4 because instead of just checking the integrity of the key, AES is an encryption algorithm.

Answer 32

WPA2

Question 33

is an Extensible Authentication Protocol (EAP) protocol that extends TLS by providing authentication that is as strong as TLS, but it does not require that each user be issued a certificate.

Answer 33

Transport Layer Security (TLS)Tunneled Transport Layer Security (TTLS)

Question 34

Wireless Authentication Methods:
is often used in conjunction with 802.1x. The wireless client is allowed to make an unauthenticated association with the AP, but until the user logs on, the client cannot connect to the network

Answer 34

Open System

Question 35

Wireless Authentication Methods:
is used for WPA-Personal and WPA2-Personal. The key needs to be shared by the communicating parties before it can be used. PSKs are more often found in the use on home wireless networks. The EAP authentication method authenticates a user and not the station. This is an enterprise implementation that is done with a RADIUS server.

Answer 35

Shared-key

Question 36

is a protocol that enables systems to use hardware-based identifiers, such as fingerprint scanners or smart card readers, for authentication.

Answer 36

Extensible Authentication Protocol (EAP)

Question 37

was designed to replace the Lightweight EAP (LEAP). It addresses LEAP vulnerabilities through the use of TLS tunneling using a Protected Access Credential (PAC)

Answer 37

EAP-FAST- (Flexible Authentication via Secure Tunneling)

Question 38

is a widely supported feature in wireless routers and cards provides robust security.

Answer 38

EAP-TLS- (Transport Layer Security)

Question 39

similar to EAP-TLS, was proposed as an open standard by a coalition made up of Cisco Systems, Microsoft, and RSA Security.

Answer 39

PEAP (Protected Extensible Authentication Protocol)

Question 40

A public-access or guest network often presents a web page users must view and acknowledge before they are granted network access

Answer 40

Captive Portals

Question 41

is a method of defining virtual geographical boundaries using GPS or RFID. When a mobile device with GPS or RFID capabilities enabled crosses into or out of the geofenced area, an event can be triggered.

Answer 41

Geofencing

Question 42

This is an unauthorized wireless access point on a corporate or private network. They are not detected easily and can allow private network access to many unauthorized users with the proper devices

Answer 42

Rogue Access Point

Question 43

a rogue access point on a network that appear to be legitimate. Although an evil twin can be installed both on corporate or private networks, typically they are found in public Wi-Fi hotspots where users do not connect transparently and automatically as they do in a corporate network, but rather select available networks from a list.

Answer 43

Evil Twin

Question 44

The act of searching for instances of wireless networks by using wireless tracking devices such as tablets, mobile phones, or laptops

Answer 44

War Driving

Question 45

The act of using symbols to mark off a sidewalk or wall to indicate that there is an open wireless network that may be offering Internet access. It can also be an online list of open networks.

Answer 45

War Chalking

Question 46

is an unpredictable random number used to make sure that when the same message is encrypted twice, the ciphertext is always different. It is fairly easy, using automated tools and a replay attack, to extract enough IV data to crack the WEP key in just a few minutes.

Answer 46

Initialization Vector (IV attack)

Question 47

This is a method used by attackers to send out unwanted Bluetooth signals from tablets, mobile phones, and laptops to other Bluetooth-enabled devices. With the advanced technology available today, attackers can send out unsolicited messages along with images and video.

Answer 47

Bluejacking

Question 48

This is a method in which attackers gain access to unauthorized information on a wireless device by using a Bluetooth connection within the 30-foot Bluetooth transmission limit. Exploitation of private information including email messages, contact information, calendar entries, images, videos, and any data stored on the device

Answer 48

Bluesnarfing

Question 49

A collection of previously issued patches and hotfixes, usually meant to be applied to one component of a device, such as the web browser or a particular service

Answer 49

Rollup

Question 50

A patch management program might include the following:

Answer 50

• An individual responsible for subscribing to and reviewing vendor and security patches and updating newsletters
• A review and triage of the updates into urgent, important, and non-critical categories
• An offline patch-test environment where urgent and important patches can be installed and tested for functionality and impact.

Question 51

When done electronically it is called flashing. Provides support for new hardware. Fixes bugs that prevent the operating system from installing or running properly.

Answer 51

Firmware Upgrades

Question 52

Key-based encryption types:

Answer 52

• Shared-key or symmetric- encryption systems, the same key is used both to encode and to decode the message. The secret key must be communicated securely between the two parties involved in the communication.
• Key-pair or asymmetric- encryption systems, each party has two keys: a public key, which anyone can obtain, and a private key known only to the individual. Anyone can use the public key to encrypt data, only the holder of the associated private key can decrypt it.

Question 53

a server that issues certificates and the associated public/private key pairs

Answer 53

Certificate Authority (CA)

Question 54

File Integrity Management Measures:

a security setting that determines the level of access a user or group account has to a particular resource.

Answer 54

Permission

Question 55

File Integrity Management Measures:

Certificates and Encryption

Answer 55

-

Question 56

File Integrity Management Measures:
a process or function that transforms plaintext into ciphertext that cannot be directly decrypted. The result of the hashing process is called a hash, hash value, or message digest.

Answer 56

File Hashing

Question 57

File Integrity Management Measures:
is a file-encryption tool available on Windows devices that have partitions formatted with the NT File System. Encrypts file data by using digital certificates.

Answer 57

Encrypting File System (EFS)

Question 58

File Integrity Management Measures:
Hardware-based, used on devices known as self-encrypting drives (SED), ensures that storage devices are encrypted at the hardware level in order to avoid relying on software solutions. This encryption is invisible to the user and is not susceptible to attacks targeting encryption provided by applications or operating systems.

Answer 58

Whole drive encryption

Question 59

also known as separation of duties, is implemented as a policy that states that no one person should have too much power or responsibility

Answer 59

Role Separation

Question 60

On Cisco switches you can use this to prevent protected ports from forwarding traffic to any other protected port on the switch. Using various commands you can configure Spanning Tree, Flood Guard and MAC address filtering

Answer 60

Switch Port Protection

Question 61

VLAN Hopping Prevention Methods:

Answer 61

• Switch Spoofing- Turn off trunking on all ports unless trunking is specifically required on a certain port.
• Double Tagging- Make sure that user ports and native VLAN trunk ports are different.

Question 62

a small section of a private network that is located between two firewalls and made available for public access. Enables external clients to access data on a private systems, such as web servers, without compromising the security of the internal network as a whole.

Answer 62

Demilitarized Zone (DMZ)

Question 63

Segmentation for Network Elements:

Answer 63

SCADA/ICS: SCADA and ICS networks are in this segment. They may be impractical to upgrade and thus will not have the latest security.
Honeynet: Only devices that are used as honeypots are in this segment. A honeypot is a device that is set to detect, deflect, or counteract attempts at unauthorized use of the device or network. A honeynet is a special type of honeypot, a specific network segment populated with, and only with honeypots

Question 64

in order to keep internal addresses private, this is used to conceal internal IP addresses from external networks. A router is configured with a single public IP address on its external interface and an internal address on its internal interface. When static, an internal IP address is mapped to a single specific public IP address. In dynamic, a single internal address is mapped to the first available public IP address in an address pool.

Answer 64

Network Address Translation (NAT)

Question 65

is a subset of dynamic NAT functionality that maps one or more private IP addresses to one public IP address by using multiple ports. Also known as overloading.

Answer 65

Port Address Translation (PAT)

Question 66

an attack authorized by the owner of a computing device or a network, with the purpose of finding security weaknesses that could be exploited by a real attacker

Answer 66

Penetration Testing

Question 67

software or hardware, or a combination of both, that scans, audits, and monitors the security infrastructure for signs of attacks in progress and automates the intrusion detection process.

Answer 67

Intrusion Detection System (IDS)

Question 68

an inline security device that monitors suspicious network and/or device traffic and reacts in real time to block it.

Answer 68

Intrusion Protection System (IPS)