CISSP Domain 4 Flashcards
What are modes vpn can operate on?
- Transport : Internally, between trusted network, end to end encryption, Provides encryption only to payload
- Tunnel : Externally , between untrusted networks, provides encryption to payload and ip sec header, link encryption
What are the different protocols in IPSec ?
AH: Provides I, N, Provides session access control and prevents replay attacks
ESP: C, I of payload, limited authentication
Hmac for hashing
IP comp used by IP sec to compress data
Uses hybrid cryptography
IKE - To manage cryptography keys and comprise of :
OAKLEY: Key generation and exchange like D-H key exchange
SKEME: secure key exchange
ISAKMP: Organize and manage key generated by above two
Security association: Agreed on authentication and encryption used by two entities
ISAKMP is used to negotiate and provide authenticated keying material for SA in secure manner
Each IPSec vpn uses 2 SA’s
- One for encrypted transmission
- One for encrypted reception
This is what enables ipsec to support multiple simultaneous vpns
Difference between vlan and subnet ?
Vlan is created by switches “ Deny by default and allow by exception” whereas subnet using IP address
What are ARP concerns mainly ARP cache poisoning ?
It maps ip to mac address translation
ARP cache poisoning : When IP to mac mapping needs to be done it looks at ARP cache table if it’s not there then it send broadcast.
If the owner is there in local subnet it can respond with ARP reply/response
ARP cache poisoning occurs in second step by attacker
- ARP graticious or unsolicited replies: Occurs without ARP asking for reply/response
- Static IP entries: ARP cache poisoning
Best defence against ARP concerns?
Port security in switch
HIDPS
ARP watch
Establish ARP static entries
What are different modes wifi can be deployed?
Ad-hoc mode:(P2P) Without centralized control authority wireless device can communicate
Wifi direct: Upgraded version of ad hoc
Infrastructure mode: Using WAP
Standalone mode: WAP connecting using wireless instead of wire
Wired extension mode
Enterprise extended mode: Multiple WAP used and will use ESSID so that devices can connect even when WAP changes
Bridge mode: Wireless connection to link two wired network
What are different types of wireless security?
IEEE802.11 uses OSA and SKA
WEP- RC4
WPA - TKIP
WPA2 and 3 - AES CCMP uses Simultaneous authentication of equals
802.1X support enterprise authentication using EAP which is a framework
WPS is in WAP
What are the ways limited radio frequencies can be managed?
Spread spectrum
FHSS
DHSS
OFDM
Spread spectrum: Communication occurs over multiple frequencies. Example: Message broken into pieces and sent in different frequencies
FHSS: Transmits data in series across range of frequency, but only frequency at time
DHSS: Employs frequency in parallel. Uses chipping code to allow receiver to reconstruct the data
OFDM: Does not cause interference
Employs a digital multi carrier, allows for more tightly compacted transmission
Blue sniffing
Packet capture Bluetooth focused
Blue smacking
DOS attack through transmission
Blue jacking
Sending unsolicited message
Annoyance
Blue snarfing
Unauthorised access of data
Data theft
Blue bugging
Remote control over hardware and software if your devices by enabling microphone
Difference between NFC and RFID
NFC few inches proximity device
RFID few feet
Both are privacy violation technology
War driving
To detect wireless network signals, often ones not authorised to access
Evil twin
Acess point
Hacker operates false access points that will automatically clone or twin identity of an AP
Dis-association frames and deauthentication packet
Both are WAP related
Dis-association frames used to disconnect from one WAP as it connects another WAP in the same ESSID network. If used maliciously client loses their wireless link
Replay attack
Retransmission of captured communications with hope of gaining access to targeted system
How can a screened subnet be implemented?
To connect untrusted to trusted network
2 firewalls or 1 multihomed firewall - 1 firewall, 1 interface to internet and 1 to screened subnet , 1 intranet
Collision domain vs broadcast domsin
Two systems transmit data at same time into single transmission path - layer 2
Single system transmits data to multiple recipient - layer 3 and above
Network access control
Controlling access control through strict adherence to Enforcement of security policy
How NAC can be implemented?
Pre admission philosophy: Meet all security requirements before granting access
Post admission philosophy: Allow and deny access based on user activity, pre-defined Authorization matrix
What are agent based and agent less NAC ?
Agent installed for monitoring
NAC solution performs port scan and compares with baseline from NAC server
Allow listing
Default deny, allow by exception
Bastion host
Withstand attack like firewall
It’s Hardened and exposed to internet
Static packet filtering firewall
Message header
Destination IP (layer 3) and port address (layer 4)
Stateless firewall
Application firewall
WAF
Works at layer 7
Circuit level firewall
Session layer 5 protocol
Establish connection of circuit
Stateless
Stateful inspection firewall
Operate at layer 3 and above
Stateful
Deep packet inspection
Context analysis
ISFW
Microsegmentation
Proxy server and 2 types
Protect identity of the client internally
Forward proxy : Intermediary for queries of external sources handles query from internal clients
Reverse proxy : opp. Handles inbound query from external systems
Goal of EDR
Detect abuses which are more advanced and cannot be detected by traditional AV program
Detect
Record
Evaluate
Respond
Caused by problematic software or users
MDR
Monitor IT environment quickly detect and resolve threats
EPP
Predict prevent detect and respond
PPP
Encapsulation of IP traffic over data link layer or dial up
Allows multivendor interoperability
PAP and CHAP
Password in clear text and challenge response
