Lesson 9: Evaluate Network Security Capabilities Flashcards
Define a ‘Secure baseline’
A set of standardized/minimum security controls and configurations for different types of IT assets, such as operating systems, networks, and applications.
What are typical hardening techniques?
Disabling unnecessary services, configuring appropriate permissions, applying patches and updates, and ensuring adherence to secure configurations defined by the secure baselines.
What is a Center for Internet Security (CIS) Benchmark?
Best practice guides for securing IT systems and data covering multiple domains.
What domains make up the Center for Internet Security (CIS) Benchmark?
Networks, operating systems, and applications
What are the Security Technical Implementation Guides (STIGs)?
Secure baseline for US DoD.
Define ‘Hardening’
The process of reducing system vulnerabilities to make IT resources more resilient to attacks; Changing default configuration of an app or host to reduce attack surface.
List ways to harden a switch/router
Change default creds; Disables unnecessary services/interfaces; Secure management protocols (SSH/HTTPS); ACLs/VLANS; Logging/Monitoring; Port security.
List ways to harden a server or OS
Change default creds; Disables unnecessary services; Regular patches/updates; Least privilege access; Firewalls/IDS; Access controls (PAM/MFA); AV; Logging/monitoring.
What is the function of a Wireless Access Point (WAP)?
Provides a connection between wireless devices wired networks; Forwards traffic to and from the wired switched network.
How is an individual access point identified in a network?
By its MAC address, also referred to as its basic service set identifier (BSSID).
What is the protocol/standard for authenticating and encrypting wireless networks?
Wi-Fi Protected Access (WPA)
Define ‘Wi-Fi Protected Setup (WPS)’
A feature of WPA and WPA2 that allows enrollment in a wireless network based on an eight-digit PIN.
Why is WPS insecure?
While the PIN is eight characters, one digit is a checksum and the rest are verified as two separate PINs of four and three characters making it very easy to brute force.
What protocol was developed to replace Wi-Fi Protected Setup (WPS)?
Device Provisioning Protocol (DPP)
How does the ‘Device Provisioning Protocol (DPP)’ function to provide protected setup?
Each participating device must be configured with a public/private key pair; Uses quick response (QR) codes or near-field communication (NFC) tags to communicate each device’s public key.
What mechanisms make Wi-Fi Protected Access 2 (WPA2) secure enough to implement?
Uses the Advanced Encryption Standard (AES) cipher with 128-bit keys, deployed within the Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP)
List Wi-Fi Protected Access 3 (WPA3) improvements
Simultaneous Authentication of Equals (SAE); Enhanced Open; Updated Cryptographic Protocols; Device Provisioning Protocol (DPP)
Define ‘Simultaneous Authentication of Equals (SAE)’
Replaces the Pre-Shared Key (PSK) exchange protocol in WPA2, ensuring an attacker cannot intercept the Wi-Fi password even when capturing data from a successful login.
Define ‘Enhanced Open’
Encrypts traffic between devices and the access point.
How did WPA3 improve cryptography?
Replaces AES CCMP with the AES Galois Counter Mode Protocol (GCMP) mode of operation.
List the 3 types of Wi-Fi authentication
- Open
- Personal
- Enterprise
What are the two methods of personal authentication?
- Pre-shared key authentication (PSK)
- Simultaneous authentication of equals (SAE)
Define ‘pre-shared key authentication (PSK)’
Uses a shared passphrase to generate the key used to encrypt communications.
Define a ‘pairwise master key (PMK)’
Output of a pre-shared key converted to a 256-bit 64 character hex value using the PBKDF2 key stretching algorithm.
In WPA3 personal mode, what mechanism/protocol is used to derive session keys once the passphrase has been authenticated?
Password-Authenticated Key Exchange (PAKE)
How does WPA3 improve authentication in comparison to WPA2?
Replaces the 4-way handshake with the dragonfly handshake.
Define the ‘Dragonfly handshake’
D-H and ECC ciphers, combined with a hash of the password and device MAC address to authenticate the nodes.