Lesson 9: Evaluate Network Security Capabilities Flashcards
What is the purpose of network security baselines, and how can you establish the security baseline?
To establish minimum security configurations for devices like firewalls, routers, switches, and access points.
Tools like Security Content Automation Protocol (SCAP) can automate assessments against defined baselines.
What are examples of benchmarks and configuration guides?
CIS Benchmarks and DISA STIGs provide secure configuration standards.
What tools assist in deployment and compliance monitoring?
Puppet, Ansible, CIS-CAT Pro, and SCAP Compliance Checker.
How can switches/routers be secured?
By changing default credentials, disabling unnecessary services, and enabling port security.
How can server systems be hardened?
By applying patches, configuring firewalls, enabling logging, and enforcing access controls.
What considerations are important for wireless network installation?
WAP Placement: Ensures seamless coverage and minimizes rogue AP vulnerabilities.
Use of site surveys and heat maps to optimize placement and signal integrity.
How have wireless encryption standards evolved?
Evolution from
WEP → WPA → WPA2 → WPA3
with SAE protocol for enhanced security.
What is WPA2/WPA3-Enterprise?
A wireless encryption standard that employs 802.1x authentication and RADIUS.
What is RADIUS used for?
A centralized authentication and accounting system supporting EAP authentication methods.
What is the purpose of Network Access Control (NAC)?
Enforces compliance policies on devices before granting network access.
What are the types of NAC configurations?
Agent-based - (persistent/non-persistent). Agent-based is more in-depth.
ex. You have an “agent” in the house that is able to look around and report back what it sees
Agentless - configurations support diverse environments.
ex. You see from the outside and report back what you see
What do Access Control Lists (ACLs) do?
Filter network traffic based on protocols, IPs, or ports, using principles like implicit deny, pen-testing and logging to secure configurations.
What are screened subnets used for?
They protect internal networks by placing publicly accessible services in isolated zones.
How do IDS/IPS systems differ between host-based and network-based types?
Host-Based (HIDS/HIPS): Monitors local activity, system files, and logs (e.g., OSSEC).
Network-Based (NIDS/NIPS): Analyzes packet traffic for threats across the network.
What tools support IDS/IPS detection?
Tools like Snort and Suricata use signature and behavioral-based detection.
What is the purpose of trend analysis in IDS/IPS?
It tracks event patterns to identify and mitigate emerging threats.
What is agent-based web filtering?
Agent-based filtering enforces policies at the device level, offering granular HTTPS filtering and analytics even off-network.
What are the benefits of centralized web filtering via proxy servers?
Filters URL traffic and content categories.
Blocks malicious/restricted downloads.
Includes URL scanning, reputation-based filtering, and logging of activity.
What challenges are associated with web filtering?
Overblocking impedes legitimate work. It occurs when the filter is too restrictive and blocks access to useful websites.
Underblocking leaves gaps and allows access to potentially harmful websites.
Managing encrypted traffic (HTTPS) introduces privacy and compliance concerns.
