Managing Network Security and Risk

Question 1

What is Threat Modelling?

Answer 1

Like with many projects, having a scope and model provides an end goal to work towards and allows team members to identify any potential problems on the way, coming up with contingency plans. The same applies for threat modelling, being able to identify potential threats to prevent them before they can occur. This has the same principle of being proactive, as opposed to reactive.

Question 2

When should you employ Threat Modelling

Answer 2

Threat modelling would then be best employed as early as an optimum point would be after you gather the requirements of the system. Once the requirements have been identified, it would then be appropriate to identify any threats with the requirements or as a result of implementing them.

Question 3

What is Layer 7 of the OSI Model

Answer 3

Layer 7 – Application

• Provides the software interface for users, including services such as e-mail and file transfer.

Question 4

What is Layer 6 of the OSI Model

Answer 4

Layer 6 – Presentation
• Data is translated from machine code so that users (humans) can view and interpret the data.
• Encryption and decryption can take place while data is translated using secure sockets such as SSL. This provides data to be viewed on the application layer that is independent of data representation.
• Encapsulation is the process of inserting a message inside another message or form of encryption to transfer. The provides the message an extra layer of security should it be interrupted during transmission.

Question 5

What is Layer 5 of the OSI Model

Answer 5

Layer 5 – Session
• Creates and manages sessions or connections between applications using the protocols between.
• Authentication and Authorisation can occur in this layer during the creation of a connection.

Question 6

What is Layer 4 of the OSI Model

Answer 6

Layer 4 – Transport

• Provides the connection platform for transmission using protocols such as UDP and TCP, depending on the requirements.

Question 7

What is Layer 3 of the OSI Model

Answer 7

Layer 3 – Network
10
• Defines how traffic is routed between network devices, using the functionality of routers that have protocols such as RIP and OSPF. A multilayer switch can provide routing functions that operates on this layer, such as when VLANs are required.
• ICMP is a protocol used by the ping command to locate a destination and retrieve information from it

Question 8

What is Layer 2 of the OSI Model

Answer 8

Layer 2 – Data
• Provides transfer of raw data across the physical layer to the nodes.
• A layer 2 switch has the STP (Spanning Tree Protocol) to reroute from damaged nodes to redundant nodes in the case of a fault
• The MAC address and switch operate at this layer

Question 9

What is Layer 1 of the OSI Model

Answer 9

Layer 1 – Physical
• Physical equipment such as cabling and a NIC (Network Interface Card) are at this layer. The functionality of NIC would operate at Layer 2.

Question 10

What is In Layer 7 of the OSI Model

Answer 10

HTTP, FTP, SMTP

Question 11

What is In Layer 6 of the OSI Model

Answer 11

SSL, SSH, IMAP

Question 12

What is In Layer 5 of the OSI Model

Answer 12

API’s, Sockets

Question 13

What is In Layer 4 of the OSI Model

Answer 13

TCP, UDP

Question 14

What is In Layer 3 of the OSI Model

Answer 14

Router, IP, ICMP, OSPF, RIP

Question 15

What is In Layer 2 of the OSI Model

Answer 15

Switch, STP, 802.3, 802.11, 802.15

Question 16

What is In Layer 1 of the OSI Model

Answer 16

Wireless, Fibre, Wired

Question 17

What is a Smurf Attack?

Answer 17

A smurf attack sends ping requests to a whole subnet requesting that devices reply to the target. Once they reply, the attacker will then have an idea of the devices on the network and can begin to plan based on this.

Question 18

What does the C in The CIA Triad Stand For?

Answer 18

Confidentiality – Keeping data private and safe when holding sensitive information such as personal data and account credentials.

Question 19

What does the I in The CIA Triad Stand For?

Answer 19

Integrity – validating the data and ensuring that it’s accurate and not tampered with. Data manipulation can be a threat, such as changing a certificate’s authenticity to allow access where it wouldn’t have had.

Question 20

What does the A in The CIA Triad Stand For?

Answer 20

Availability – Availability may refer to the ease of accessing data which may be in contradiction with confidentiality, but more specifically it’s who has access to it and ensuring redundancies are in place such as back-ups.

Question 21

What is Black-box Testing?

Answer 21

Testing a system with no known knowledge of the internals, such as the coding or how it works. These are commonly used for end-users where they only want the result of the system to be correct. In this case, most types of testing are simply inputting something and comparing the outputs, such as fuzzing, where the user enters random data to see what happens.

Question 22

What is Fuzzing?

Answer 22

Fuzzing is where the user enters random data to see what happens.

Question 23

What is White-Box Testing?

Answer 23

White-box testing is commonly used for the developers in order to understand how the system works behind the scenes.

Question 24

What is a Vulnerability Assessment?

Answer 24

Vulnerability Assessment
• The process of identifying threats or vulnerabilities, most commonly using automated tools that scan for known vulnerabilities.
• The identified vulnerabilities would then be assessed to determine their level or threat and to help with prioritising vulnerabilities to patch.
• One tool network administrator may use is a vulnerability scanner which checks systems and identifies known issues that may be