Implementing Network Security 4

Question 0

List common network devices

Answer 0

Router. Connects multiple networks using the same protocol
Switch. Has multiple network ports and combines multiple physical network segments into s single logical network. Controls network traffic by creating switched connections containing only the two hosts involved in transmission
Proxy server. Isolated internal networks from the Internet by downloading and storing Internet files on behalf of internal clients.
Firewall. Any software or hardware device that protects a system or network by blocking unwanted network traffic
Load balancer. A network device whose primary function is to spread out the work among devices in a network. Devices perform more efficiently. Data processed faster.
All-in-one security appliance. A single network security device used to perform a number security functions to secure a network.

Question 1

List components that make up a network

Answer 1

Device. Any Piece if hardware
Media. Connects and carries the data between devices
Network adapter. Hardware that translates the data between the network and a device
Network operating systems. Controls network traffic
Protocol. Set of rules for network communications

Question 2

What is a multifunction network device

Answer 2

Any piece of network hardware meant to perform more than one networking task without having to be reconfigured.

Question 3

What is an application aware device and give examples

Answer 3

A network device that manages the information of any applications that interface with it.
Examples include firewalls, IDS intrusion detection systems, IPS intrusion prevention systems, and proxies.

Question 4

List router discovery protocols

Answer 4

The language that routers use to communicate with each other

RIP. routing information protocol. Distance vector protocol
RIPv2 enhance features
IGRP. interior gateway routing protocol. Distance vector routing protocol
EIGRP. Enhanced interior gateway routing protocol. Proprietary routing protocol

Question 5

List some network analysis tools that function as security measures

Answer 5

Sniffer. Monitors network communication and captures data.
Spam filters. Used to read and reject incoming messages that contain known target words and phrases
Protocol analyzer. Diagnostic software that examines and displays data packets being transmitted over a network.

Question 6

What is IDS

Answer 6

Intrusion detection system

A detection control system that scans, audits, and monitors the security infrastructure for signs of attacks in profess.

Question 7

What is NIDS

Answer 7

Network intrusion detection system
A type of IDS uses passive hardware sensors to monitor traffic On a specific segment of the network. Cannot analyze encrypted packets because has no method toe decrypt data. Sniffs traffic and sends alerts about anomalies. Can spot a rogue machine.

Question 8

What’s WIDS

Answer 8

wireless IDS
a type of NIDS that scans the radio frequency spectrum for threats to the wireless networks. Primarily roque access points.

Question 9

What is IPS

Answer 9

Intrusion prevention system

Has the monitoring capabilities of IDS but actively works to blocks any detected threats.

Question 10

What is NIPS

Answer 10

Network intrusion prevention system
Monitors suspicious network traffic and reacts in Real time to block it by dropping Unwanted data packets of resetting the connection

Question 11

What is WIPS

Answer 11

Wireless IPS
a type of NIPS that scans the radio frequency spectrum for threats to the wireless network, rogue access points, and can actively block malicious traffic.

Question 12

Types of network monitoring systems

Answer 12

Behavior based monitoring. Learn over time which traffic is and is not allowed with the assistance of admin
Signature based monitoring. Uses a predefined set of rules to id unacceptable traffic
Anomaly based monitoring. Uses a database of unacceptable traffic patterns by analyzing traffic. Creates a performance baseline of acceptable flows.
Heuristic monitoring. Uses known best practices to identify and fix issues

Question 13

What is VPN

Answer 13

Virtual Private Network

Provides secure connections between end points using tunneling to encapsulate and encrypt data.

Question 14

What is a VPN concentrator

Answer 14

A single device that incorporates advanced encryption and authentication methods to handle a large number of VPN tunnels. Geared toward secure remote access or site to site VPNs

Question 15

What is a web security gateway

Answer 15

A utility used to intentionally block internal Internet access to a predefined list of websites. Configured by administrators to deny access to a specified list of Uniform Resource Locators URLs.

Question 16

What is a NAC

Answer 16

Network Access Control
The collected protocols, policies, and hardware that govern access on device network interconnections.
Provides an additional security layer that scans systems for conformance and allows or quarantines updates to meet policy standards.
Deployed based on three main elements
Authentication method, endpoint vulnerability assessment, and network security enforcement.

Question 17

What is a DMZ

Answer 17

a demilitarized zone
A small section of a private network this is located between two firewalls and made available for public access.
Enables clients to access data in private systems without compromising the security of the network as a while

Question 18

What is a VLAN

Answer 18

A Virtual Local Area Network
A point to point logical network that is created by grouping selected hosts together regardless of their physical location.
Uses a switch or router that controls the groups of hosts. Can provide network security by enabling admins to segment groups of hosts within the larger physical network

Question 19

What is subnetting

Answer 19

A network design used to divide large networks into smaller logical networks.
Each node is configured with an IP address and a subnet address to create subnetworks and a routing structure. Data flow and security measures can be managed more easily with these smaller scaled networks.

Question 20

What is NAT

Answer 20

Network Address Translation
simple form of Internet security that conceals internal addressing from the public internet. A router is configured with a single public IP address on its external interface and a private non routable address on its internal interface. Translates between the two addresses. Prevents external hosts from identifying and connecting directly to internal systems.

Question 21

Describe remote access

Answer 21

The ability to connect to network systems and services from offsite or remote location.
Enables authorized users to access and use systems and services through s secure internet connection. Most secure when connecting through a VPN.

Question 22

What is telephony

Answer 22

Provides voice communications through devices over a distance.
Common components : VoIP, private branch exchange implementations, CTI computer telephony integration. Incorporates telephone, email, web, and computing infrastructures.

Question 23

Describe virtualization

Answer 23

Separates computing software from the hardware it runs via an additional software layer.
Adds flexibility and increases hardware utilization by running multiple OSs on a single computer.

Question 24

Describe cloud computing

Answer 24

A method of computing that involves real time communication over large networks to provide the resources, software, data, and media needs of a user.
Relies on the Internet to provide computing capabilities anywhere in the world.

Question 25

Cloud computing can be deployed using four basic methods

Answer 25

Private. Distributed by a single company. Hosted internally or off-site
Public. Done over the Internet to general consumers
Community. Multiple org share ownership of a cloud service
Hybrid. Combines two or more deployment methods.

Question 26

The three main services that cloud computing provides

Answer 26

Software. SaaS software as a service. Using cloud to provide applications to users.
Platform. PaaS Platform as a Service. Using cloud to provide virtual systems like OSs
Infrastructure. IaaS Infrastructure as a Service. Using cloud to provide access to infrastructure needs a client may have. Link data centers

Question 27

Briefly explain the OSI Model

Answer 27

Describes how a network is structured based in how it communicates with other elements in the network
Has seven layers with a specific order. Each layer supports the layer above it and is supported by the layer below it.
Encourages seamless and consistent communication between different types of network services.

Question 28

Describe the physical layer of the OSI Model

Answer 28

Layer 1. Defines the connections between devices and physical transmission media.

Physical connection components: calling and wiring along with hubs, repeaters, switches, and adapters

Question 29

Describe the data link layer of the OSI Model

Answer 29

Layer 2. Provides a link between two directly connected nodes as well as detecting and fixing error in the physical layer

Uses PPP point to point protocol
G.hn standard that defines telephony networking over power lines and coaxial cables

Question 30

Describe the network layer of the OSI Model

Answer 30

Layer 3. Provides the protocols for transferring data from one node to another in a system with multiple nodes with unique addresses

IP
ICMP
RIP

Question 31

Describe the transport layer of the OSI Model

Answer 31

Layer 4. Controls the reliability of data transmission between nodes in a network for the benefit of the higher layers.

TCP
UDP
SCTP Stream Control Transmission Protocol. Combines the features of TCP and UDP into one protocol

Question 32

Describe the session Layer of the OSI Model

Answer 32

Layer 5. Controls the connections between computers thorough check pointing so that connections when terminated may be recovered.

NFS Network File System. Allows clients to access files on a network a if they were assessing local storage
Socket Secure SOCKS. Routes data packets on a network through a proxy server and included authentication

Question 33

Describe the presentation layer of the OSI Model

Answer 33

Layer 6. Transforms data into a format that can be understood by the programs in the application layer

ICA independent computing architecture. Specified the transmission of data between client and application server

Question 34

Describe the application layer of the OSI Model

Answer 34

Layer 7. Allows client interaction with software by identifying resource and communication requirements

HTTP
FTP
DNS

Question 35

Describe the basic protocols that make up TCP/IP

Answer 35

TCP/IP transmission control protocol / Internet protocol
A non proprietary routable network protocol suite that enables computers to communicate over all types of networks

IPv4. Uses 32 bit binary address separated by dots into four 8 bit octets assigned to a computer on a TCP/IP network.

IPv6. Uses 128 bit binary address. Includes new features such as simplified assess headers, hierarchical addressing, support for time sensitive network traffic and a new structure for unicast addressing. Separated by colons into eight groups of four hexadecimal digits.

DHCP. Dynamic Host Configuration Protocol used to automatically assign IP addressing information to IP Network computers.

Question 36

Describe APIPA

Answer 36

Automatic Private IP Addressing
Service that enables DHCP client computers to initialize TCP/IP when DHCP is unavailable
DHCP clients get IP addresses when the DHCP servers malfunctions when computers have no connectivity. Self allocates addresses randomly from a small range. 169.254.0.1 to 169.254.255.254
Not routable.

Question 37

Describe DNS

Answer 37

The Domain Name System
The primary name resolution service on the Internet and private IP networks.
A hierarchical system of databases that map computer names to their associated IP addresses.

Question 38

What are the DNS security measures

Answer 38

Placing the DNS server in the DMZ and within the firewall perimeter
Setting firewall rules to block incoming non essential services requests
Exposing only essential ports
Strengthening DHCP filtering
Preventing buffers overflows.
Using Secure Sockets Layer SSL
Keeping the DNS updated regularly with patches issued by the OS vendor.
Backing up the DNS and saving the backups in different geographical locations.

Question 39

Describe HTTP

Answer 39

Hypertext Transfer Protocol
The TCP/IP protocol that enables clients to connect to and interact with websites. Responsible for transferring the dat on webpages between systems. Defines how messages are formatted and transmitted

Question 40

Describe how to effectively secure web servers

Answer 40

Remove unnecessary services running in the background.
Avoid remote access to web servers. Log on locally
Store web applications, website logs that contain user info on another secured drive
Install security patches regularly
Delete or disable unused user accounts.
Use the appropriate security tools
Use port scanners to scan the web servers regularly.

Question 41

Describe SSL/TLS

Answer 41

Secure Sockets Layer
Transport Layer Security

Security protocols that combine digital certificates for authentication with public key data encryption. Both protect sensitive communication fro eavesdropping and tampering by using secure, encrypted and authenticated channel over a TCP/IP connection.
A server driven process
TLS more secure than SSL but few websites implement them

Question 42

Describe HTTPS

Answer 42

Hypertext Transfer Protocol Secure
A secure version of HTTPS that supports web commerce by providing a secure connection between a web browser and a server. Uses SSL/TLS to encrypt data.

Question 43

Describe SSH

Answer 43

Secure Shell
A protocol used for secure remote login and secure transfer of data.
Consists of a server and a client. Encrypted using a variety of methods.
Preferred protocol for FTP
Used primarily on Linux and Unix systems to access shell accounts.
Microsoft does not offer native support. Can be implemented using a third party tool
Uses port 22

Question 44

Describe SNMP

Answer 44

Simple Network Management Protocol
A service used to collect info from network devices (servers, routers, printers) for diagnostic and maintenance purposes.
Two components : management systems and agent software.
The agents send info to a SNMP manager which notifies an admin of problems, run a corrective program, store the info for review or ask the agent about a specific network device

Question 45

Describe ICMP

Answer 45

Internet Control Message Protocol
An IP network service that reports on connections between two hosts.
Used for the ping command that checks for a response from a particular target host.
Attackers can use redirected ICMP packets in two ways
To flood a router and cause a DoS attack by consuming resources (smirk attack) and to reconfigure routing tables by using forged packets.

Question 46

Describe IPSec

Answer 46

Internet Protocol Security
A set of open non proprietary standards used to secure data as it travels across the network or the Internet.
Uses an array of protocols and services to provide data authenticity and integrity, anti replay protection, non repudiation, and protection against eavesdropping and sniffing.
Operates at the Internet layer of the TCP/IP model
Not application dependent.

Question 47

What is iSCSI

Answer 47

Internet Small Computer System Interface
A protocol implementing links between data storage networks using IP. Designed to extend across wide area networks without needing any new infrastructure

Question 48

What is a fibre channel

Answer 48

A protocol designed to link data storage across a network and provide remote access over large distances.
More expensive option but provides greater performance and reliability
Difficult to implement security controls
Data may be vulnerable to session hijacking and man in the middle attacks

Question 49

What is FCoE

Answer 49

Fibre channel over ethernet
Allows traditional fibre channel protocols to use high speed ethernet networks to transmit and store data
Should not be considered a viable alternative for security purposes.

Question 50

Describe telnet

Answer 50

A network protocol that allows a client to initiate remote command access to a host over TCP/IP
not encrypted so packets can be intercepted
SSH is more secure remote access protocol

Question 51

Describe NetBIOS

Answer 51

Network Basic Inout Output System
An interface that allows applications to properly communicate over different computers in a network.
Three basic functions
Communication over sessions
Connectionless communication using datagrams
Name registration

Attackers can exploit NetBIOS by obtaining info about a system including registered name, IP addresses, and OS.
Harden against attack by implementing strong password policies, limit root access on a network share and disable null session capability

Question 52

Name the 6 file transfer protocols

Answer 52

FTP. file transfer protocol. Protocol enables transfer of files between a users workstation and a remote host
SFTP. simple FTP. An early unsecured FTP that is obsolete
TFTP. trivial FTP. very limited protocol used as an automated process of configuring boot files between machines. Offers no security. Used in local networks not on the Internet
FTP over SSH. aka secure FTP uses an SSH tunnel as encryption method
SCP. Secure Copy Protocol. Uses SSH to securely transfer files on Unix systems.
FTPS. File Transfer Protocol Secure. Known as FTP-SSL. combines the used of FTP with support for SSL/TLS

Question 53

Ports

Answer 53

Well known

Question 54

What is rule-based management

Answer 54

The use of operational rules or restrictions to govern the security of an organizations infrastructure
Incorporated into organizational polices disseminates throughout the org

Question 55

methods organizations use to secure the networking infrastructure

Answer 55

Flood guard
Loop protection
Port security 
Secure router configuration 
MAC limiting 
MAC filtering
Network separation
VLAN management 
implicit deny
Log analysis

Question 56

What is flood guarding

Answer 56

Security method Tool used to protect resources from flooding attacks such as DDoS distributed denial of service attacks

Question 57

What is loop protection

Answer 57

A security method that applies proper router configurations

Ex STP

Question 58

What is port security

Answer 58

A security method where admin properly securing ports on a network. Disable unnecessary services
Closing ports open by default or have limited functionality
Regularly apply appropriate patches
Hide responses from ports indicating their status and allow access to pre configured connections only.

Question 59

What is security method of secure router configuration

Answer 59

Ensuring all routers on the network are properly secured and configured.

Question 60

What is MAC Limiting security method

Answer 60

Defining how many different MAC addresses may connect to the network device

Question 61

What is MAC filtering security method

Answer 61

Allowing or denying devices with certain MAC Addresses to connect to a network. Whitelist or blacklist

Question 62

What is network separation security method

Answer 62

Splitting hour network into two or more logically separated networks helps separate critical network functions from lower priority functions

Question 63

What is VLAN management security method

Answer 63

VLAN configuration can be complicated. Use diagrams and documentation to manage security measures

Question 64

What is Implicit deny security methods

Answer 64

Use the principle of implicit deny so that the firewall blocks any traffic it doesn’t recognize.

Question 65

What is log analysis security method

Answer 65

Regular monitoring and analysis of security logs helps detects unauthorized intrusion attempts on the network

Question 66

What is unified threat management

Answer 66

UTM
Refers to a system that centralizes various security techniques: firewall, anti malware, network intrusion prevention, URL filtering, content inspection, malware inspection into a single appliance
Includes single console a security admin can monitor and manage various defense settings.
Creates the potential for a single point of failure that could affect an entire network
Too much network activity can cause latency issues.

Question 67

The two main categories of antennas

Answer 67

Omni directional send and receive radio waves from all directions
Directional transmit signals to a specific point

Question 68

The main two types of omni directional antennas

Answer 68

Rubber duck. Small antenna sealed in a rubber jacket. Have little gain mi deal for mobility. Often used in walkie talkies or other two way radios and short range wireless networks

Ceiling dome. Installed in ceilings and used to cover rooms in a building with a wireless signal

Question 69

The four types of directional antennas

Answer 69

Yagi. Used in radio but also employed in long distance wireless networking to extend the range of hotspots.

Parabolic. Precise antenna used in satellite dishes. Has significant amount of gain but more difficult to establish a connection

Backfire. Small antenna looks similar to parabolic dish but with less gain. Target a specific physical area without overextending coverage

Cantenna. Homemade antenna that extends wireless networks or help discover them. Involve placing a metal can over another antenna to increase gain

Question 70

There are various 802.11 standards with different characteristics

Answer 70

802.11 IEEE standard for wireless LAN communications between wireless devices. Specifies wireless data transfer rates up to 2 Mbps in the 2.4 GHz frequency band

802. 11a
803. 11b first called wi-fi. Least expensive.
804. 11g faster. Improvement on b
805. 11n even faster. Improvement on g moved to 5GHz
806. 11ac improves on n. wider channels in 5GHz

Question 71

List the security protocols often used in wireless networking

Answer 71

WEP Wired Equivalent Privacy. 
WTLS Wireless Transport Layer Security
802.1x
WPA/WPA2 Wi-Fi Protected Access
EAP Extensible Authentication Protocol ; PEAP Protected EAP & LEAP Lightweight EAP

Question 72

Describe WAP

Answer 72

Wireless Application Protocol
Designed to transmit data such as web pages, email, and newsgroup postings to and from wireless devices over long distances.
Uses proprietary WML Wireless Markup Language
Has five layers. wireless application environment, Wireless Session Protocol, Wireless Transport Protocol, WTLS, and Wireless Datagram Protocol.

Question 73

Open wireless networks are a major security risk when accessed directly so you should do what to prevent attackers from stealing your data

Answer 73

Use a VPN to tunnel through the network. VPNs provide authentication techniques and encrypts your data in transit over the Internet. The VPN must use secure tunneling protocols such as IPSec as opposed to PPTP

Question 74

What are captive portals

Answer 74

A technique that requires a client attempting to connect to the Internet to authenticate through a web page. Unless the client opens the web page and completes the step their packets are intercepted and will be unable to properly use the Internet.
Commonly used by wifi hotspots.

Question 75

What are site surveys

Answer 75

The collection of information on a location including access routes, potential obstacles and best positioning of materials for the purpose of constructing something in the best possible way.
Lead to networks and users having quality coverage and bandwidth while being conscious of security protocols and requirements
Accomplished by modeling the proposed environment using tools that collect FR signal data