Lecture 2 - Network Security Flashcards

1
Q

Basic Network Definition

A

Set of devices connected together.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Four points of network security

Hint: SAMS

A

Scalability (grow in users)
Availability (continuous)
Manageability (Staff able to manage)
Security (Not after thought)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Seven Domains of IT infra

A
  • User
  • Workstation
  • LAN
  • LAN to WAN
  • WAN
  • Remote Access
  • System/App
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

User domain

A

Any individual associated with the org, with or without logins.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

User Domain Threats

A

Social engineering/phishing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Workstation domain

A

Workstations/standalone systems and home computers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Workstation domain threats

A

Malware, port scanning, default pass, unpatched OS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

LAN Domain

A

Hosts on private LANs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

LAN to WAN Domain

A

Routers/firewalls at LAN/WAN connection point

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

2 LAN to WAN Domain threats

A

Port scanning
DOS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

LAN to WAN Domain vulnerabilities

A

Weak permeter security, default config, misconfig

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

LAN to WAN domain risks

A

Instability and malicious traffic

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Remote Access Domain

A

Org resources via remote access

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Remote Access Domain Threats

A

Malware, rogue access point

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Remote Access Domain vulnerabilities

A

Unencrypted wireless, weak security controls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Remote Access Domain Risks

A

Compromise of remote sys results in org compromise

17
Q

WAN Domain

A

Routers, switches and firewalls that ensure connectivity between LANs

18
Q

WAN Domain Threats (2 things)

A

Eavesdropping, Unpredictable availability

19
Q

WAN domain Vulnerability

A

DNS Poisoning

20
Q

WAN Domain Risks

A

Attacks on DNS root, clear text traffic intercepted, disaster

21
Q

Sys/ App Domain

A

Servers, apps, databases etc

22
Q

Sys/App domain Threats

A

SQL injection, XSS, DoS

23
Q

Sys/App domain vulnerabilities

A

Unpatched OS, misconfig, insecure code

24
Q

Sys/App Domain Risks

A

Instability, Data loss, loss of function

25
Q

Network Analysis Steps

A
  1. Create network baseline using Nmap/Zenmap
  2. Capture data at specific points on net
  3. Analyse captured data
  4. Investigate/resolve, update baseline,
26
Q

Security Controls 3 sections

A

Physical
Procedural
Technical

27
Q

Physical Controls

A
  • Door locks, guards etc
  • Fire detection and suppression, other environmental
  • Electrical grounding etc
28
Q

Procedural Controls

A
  • Policies/procedures
  • Insurance
  • Background and financial checks
  • Data loss prevention
  • Awareness training
29
Q

Technical Controls

A
  • Login ID
  • TImeouts
  • Logs and audit trails
  • Firewalls and routers
  • Encryption/Public Key Infrastructure