CISSP Domain 4 Flashcards
What are modes vpn can operate on?
- Transport : Internally, between trusted network, end to end encryption, Provides encryption only to payload
- Tunnel : Externally , between untrusted networks, provides encryption to payload and ip sec header, link encryption
What are the different protocols in IPSec ?
AH: Provides I, N, Provides session access control and prevents replay attacks
ESP: C, I of payload, limited authentication
Hmac for hashing
IP comp used by IP sec to compress data
Uses hybrid cryptography
IKE - To manage cryptography keys and comprise of :
OAKLEY: Key generation and exchange like D-H key exchange
SKEME: secure key exchange
ISAKMP: Organize and manage key generated by above two
Security association: Agreed on authentication and encryption used by two entities
ISAKMP is used to negotiate and provide authenticated keying material for SA in secure manner
Each IPSec vpn uses 2 SA’s
- One for encrypted transmission
- One for encrypted reception
This is what enables ipsec to support multiple simultaneous vpns
Difference between vlan and subnet ?
Vlan is created by switches “ Deny by default and allow by exception” whereas subnet using IP address
What are ARP concerns mainly ARP cache poisoning ?
It maps ip to mac address translation
ARP cache poisoning : When IP to mac mapping needs to be done it looks at ARP cache table if it’s not there then it send broadcast.
If the owner is there in local subnet it can respond with ARP reply/response
ARP cache poisoning occurs in second step by attacker
- ARP graticious or unsolicited replies: Occurs without ARP asking for reply/response
- Static IP entries: ARP cache poisoning
Best defence against ARP concerns?
Port security in switch
HIDPS
ARP watch
Establish ARP static entries
What are different modes wifi can be deployed?
Ad-hoc mode:(P2P) Without centralized control authority wireless device can communicate
Wifi direct: Upgraded version of ad hoc
Infrastructure mode: Using WAP
Standalone mode: WAP connecting using wireless instead of wire
Wired extension mode
Enterprise extended mode: Multiple WAP used and will use ESSID so that devices can connect even when WAP changes
Bridge mode: Wireless connection to link two wired network
What are different types of wireless security?
IEEE802.11 uses OSA and SKA
WEP- RC4
WPA - TKIP
WPA2 and 3 - AES CCMP uses Simultaneous authentication of equals
802.1X support enterprise authentication using EAP which is a framework
WPS is in WAP
What are the ways limited radio frequencies can be managed?
Spread spectrum
FHSS
DHSS
OFDM
Spread spectrum: Communication occurs over multiple frequencies. Example: Message broken into pieces and sent in different frequencies
FHSS: Transmits data in series across range of frequency, but only frequency at time
DHSS: Employs frequency in parallel. Uses chipping code to allow receiver to reconstruct the data
OFDM: Does not cause interference
Employs a digital multi carrier, allows for more tightly compacted transmission
Blue sniffing
Packet capture Bluetooth focused
Blue smacking
DOS attack through transmission
Blue jacking
Sending unsolicited message
Annoyance
Blue snarfing
Unauthorised access of data
Data theft
Blue bugging
Remote control over hardware and software if your devices by enabling microphone
Difference between NFC and RFID
NFC few inches proximity device
RFID few feet
Both are privacy violation technology
War driving
To detect wireless network signals, often ones not authorised to access
Evil twin
Acess point
Hacker operates false access points that will automatically clone or twin identity of an AP
Dis-association frames and deauthentication packet
Both are WAP related
Dis-association frames used to disconnect from one WAP as it connects another WAP in the same ESSID network. If used maliciously client loses their wireless link
Replay attack
Retransmission of captured communications with hope of gaining access to targeted system
How can a screened subnet be implemented?
To connect untrusted to trusted network
2 firewalls or 1 multihomed firewall - 1 firewall, 1 interface to internet and 1 to screened subnet , 1 intranet
Collision domain vs broadcast domsin
Two systems transmit data at same time into single transmission path - layer 2
Single system transmits data to multiple recipient - layer 3 and above
Network access control
Controlling access control through strict adherence to Enforcement of security policy
How NAC can be implemented?
Pre admission philosophy: Meet all security requirements before granting access
Post admission philosophy: Allow and deny access based on user activity, pre-defined Authorization matrix
What are agent based and agent less NAC ?
Agent installed for monitoring
NAC solution performs port scan and compares with baseline from NAC server
Allow listing
Default deny, allow by exception
Bastion host
Withstand attack like firewall
It’s Hardened and exposed to internet
Static packet filtering firewall
Message header
Destination IP (layer 3) and port address (layer 4)
Stateless firewall
Application firewall
WAF
Works at layer 7
Circuit level firewall
Session layer 5 protocol
Establish connection of circuit
Stateless
Stateful inspection firewall
Operate at layer 3 and above
Stateful
Deep packet inspection
Context analysis
ISFW
Microsegmentation
Proxy server and 2 types
Protect identity of the client internally
Forward proxy : Intermediary for queries of external sources handles query from internal clients
Reverse proxy : opp. Handles inbound query from external systems
Goal of EDR
Detect abuses which are more advanced and cannot be detected by traditional AV program
Detect
Record
Evaluate
Respond
Caused by problematic software or users
MDR
Monitor IT environment quickly detect and resolve threats
EPP
Predict prevent detect and respond
PPP
Encapsulation of IP traffic over data link layer or dial up
Allows multivendor interoperability
PAP and CHAP
Password in clear text and challenge response
EAP
It’s framework rather than protocol mainly used in biometrics, tokens, Smartcards
EAP TLS and EAP TTLS
Mutual authentication
Creates vpn like tunnel between end points prior to authentication
IEEE 803.1X
Authentication technology
Makes port based decisions or port based network access control
It’s based on EAP
Port security
Smart patch panel it’s like NAC
VoIP communication using different phone
VoIP to pstn gateway to be present
Phreaking
Targeted towards telephone system and voice services in general
PBX and how to add authentication
Telephone switching exchange system deployed in private organisation
Direct inward system access
Remote access techniques
Service specific: Email control
Remote control: Fully control physical system that is distant
Remote node operation: remote client establish connectivity to wireless, VPN
Screen scraper: screen scrapped down
2 meaning
remote access, remote control, remote desktop services
Virtual desktops or virtual apps
2 - Technology which helps automated tool to interact with HMI
Load balancer and types
Used to spread or distribute network traffic load across several network links or network devices across server farm or cluster
Active -Active vs Active passive
Virtual ips Vs load persistence
S/MIME
Email security solution that offers authentication (X.509 digital certificates) and confidentiality (public key encryption)
Domain key identified mail
Assert valid mail is sent by an organisation through verification of domain name identity
SPF
Data origin using SMTP
Domain message authentication reporting and conformance
Dns based email authentication
Starttls
Secure SMTP over TLS
It’s a command
Security service provided by VPN and vpn concentrator
Access control, authentication, c, i
VPN example of virtualized network
Dedicated hardware to support simultaneous vpns
Tunneling
Protects contents of inner protocol by encapsulation in another protocol
Split Tunnel vs full tunnel
VPN internally and open internet
Both vpn enabled
Mac flooding and fix
Abuse of switch by flooding of ethernet frames
The switch maintains a table called content addressable memory (CAM)
Once CAM is full older entries will be dropped and filled with false addresses causing unable to forward
Fix: MAC limiting from each jack/port
Mac spoofing and fix
layer 2 can be attacked from within
Changing default mac address to some other values
MAC cloning and fix
Impersonate another system
Mac filtering is a security mechanism to restrict access
Used in WAP and switches
PAT
Instead of doing 1:1 map of internal clients to nat we can configure in one port
Third party connectivity
MoU -reciprocal handshake agreement
ISA- Interconnection security agreement
Risk assessment
- Extranet
- Private cloud
- Secure file sharing
SDN and how can you fix MITM challenge?
Centrally controlled
Separate control plane from the data plane
Opens up security challenges like mitm and DoS can be secured with TLS
SD-Wan
Connectivity from branch offices centrally managed
Many networks can be connected- mpls, lte
Security: IP sec, vpn tunnels, ngfw, micro segmentation
Zigbee
Personal area network for monitoring iot devices
During pre configuration a single key might be sent unprotected
5 G
Faster speeds , lower latency
Does not rely on sim card
Stand alone version of 5 G is more secure
Old vulnerability related to 4G as it has to work
CDN
Geographically distributor network
Mesh topology
Redundancy
Ring
Centralised
Token ring
Collision avoidance system
Bus
Ethernet
Collision detection system
Analog Vs digital
Wave shape
Bits electrical signal
Synchronous Vs Asynchronous
Timing or clocking mechanism embedded in data stream
Stop and start, best suited for smaller amount of data example: PSTN
Baseband vs broadband
Single transmission- digital signal (ethernet ) vs Multiple simultaneous signals - analog signal( TV)
Virtual circuits
Logical pathway or circuit created over a packet switched network between two specific end points
Permanent virtual circuits
Dedicated lease line - like walkie talkie
SVC to be created each time when needed - like frequency searching radio
Broadcast multicast and unicast
Communication to all possible recipients
Multiple specific recipients
Single communication to single recipient
PEAP
EAP+TLS
LEAP
Cisco properiatary for wireless and ppp
Honeypot
Only Enticement not entrapment
Distract from real assets and isolate until you crack them down
Teardrop attack
Ddos - Fragmented packet
Fraggle attack
Spoofed udp traffic
Smurf attack
Spoofed ICMP traffic
Land attack
Layer 4 DoS header will same
Ping of death
Oversized ping packet
Twisted pair and types
Twisted pair cable refers to the fact that it is a pair of wires twisted together in a specific way that creates a magnetic field, which allows the signal traveling across the wire to remain within the magnetic field. Additionally, twisted pair cable can be shielded (STP) or unshielded (UTP), with shielded twisted pair offering additional protection from cross talk and interference.
Coaxial cable and multiplexing
This is the cable often used by cable companies to bring television, telephone, and high-speed internet access to homes. Coaxial cable consists of a single strand of copper wire sheathed in a protective coating, and a technology called multiplexing allows the wire to provide all the services mentioned. Multiplexing allows the information carried along the wire to be split into different frequencies, waves, and time slices at the same time, and it does so at incredible speeds.
Data link core concepts
CORE CONCEPTS
Data at the Data Link layer exists as frames.
Physical addressing via MAC addresses uniquely identifies devices on a network. Two types of networks: circuit-switched and packet-switched
Common location to implement link encryption
Layer 2 devices: bridges and switches
Layer 2 protocols: L2TP, PPTP, ARP
Authentication protocols
PPP
~ PAP
Chap
EAP
PEAP ~ EAP+TLS encapsulated
What is convergence
Convergence refers to the ability of native IP networks to carry non-IP traffic via what are known as converged
4 security services to secure wireless
To secure wireless communication, four (4) security services are required: access control, authentication, encryption, and integrity protection
Fibre channel
Network data storage solutions i.e. SAN or NAS which allows high speed file transfers
ISCSI
Network storage based on IP
Difference between switch and gun
Switch is mainly L2 and needs port to transmit Signal whereas hub is all ports at layer 1
WAN technologies
Circuit switching- Leased lines, PPP, SLIP, ISDN, DSL
Packet switching - virtual circuits
X.25 frame relay, ATM, SDLC, HDLC
