Module 16: Network Security Fundamentals Flashcards
Als een dreigende actor toegang heeft tot een netwerk kan dit het volgende betekenen voor een bedrijf
- Information Theft
- Data Loss and manipulation
- Identity Theft
- Disruption of Service
De primaire types zwakheden van een netwerk
- Technological Vulnerabilities might include TCP/IP Protocol weaknesses, OS Weaknesses, and Network Equipment weaknesses.
- Configuration Vulnerabilities might include unsecured user accounts, system accounts with easily guessed passwords, misconfigured internet services, unsecure default settings, and misconfigured network equipment.
- Security Policy Vulnerabilities might include lack of a written security policy, politics, lack of authentication continuity, logical access controls not applied, software and hardware installation and changes not following policy, and a nonexistent disaster recovery plan
The four classes of physical threats
- Hardware threats - This includes physical damage to servers, routers, switches,
cabling plant, and workstations. - Environmental threats - This includes temperature extremes (too hot or too cold) or
humidity extremes (too wet or too dry). - Electrical threats - This includes voltage spikes, insufficient supply voltage
(brownouts), unconditioned power (noise), and total power loss. - Maintenance threats - This includes poor handling of key electrical components
(electrostatic discharge), lack of critical spare parts, poor cabling, and poor labeling.
De 3 types Malware
- Viruses - A computer virus is a type of malware that propagates by inserting a copy of
itself into, and becoming part of, another program. It spreads from one computer to
another, leaving infections as it travels. - Worms -Computer worms are similar to viruses in that they replicate functional copies
of themselves and can cause the same type of damage. In contrast to viruses, which
require the spreading of an infected host file, worms are standalone software and do
not require a host program or human help to propagate. - Trojan Horses - It is a harmful piece of software that looks legitimate. Unlike viruses
and worms, Trojan horses do not reproduce by infecting other files. They self-replicate.
Trojan horses must spread through user interaction such as opening an email
attachment or downloading and running a file from the internet.
Network attacks can be classified into three major categories
- Reconnaissance attacks- The discovery and mapping of systems, services, or vulnerabilities.
- Access attacks- The unauthorized manipulation of data, system access, or user privileges.
- Denial of service- The disabling or corruption of networks, systems, or services
Access attacks can be classified into four types
- Password attacks - Implemented using brute force, trojan horse, and packet sniffers
-
Trust exploitation - A threat actor uses unauthorized privileges to gain access to a
system, possibly compromising the target. -
Port redirection - A threat actor uses a compromised system as a base for attacks
against other targets. For example, a threat actor using SSH (port 22) to connect to a
compromised host A. Host A is trusted by host B and, therefore, the threat actor can
use Telnet (port 23) to access it. -
Man-in-the middle - The threat actor is positioned in between two legitimate entities
in order to read or modify the data that passes between the two parties.
Wat zijn de eigenschappen van DoS
- DoS-aanval: het hoofddoel is altijd het verstoren van services voor geautoriseerde gebruikers.
- Preventie: Het up-to-date houden van besturingssystemen en applicaties met de nieuwste beveiligingsupdates.
- Risico’s: DoS-aanvallen kunnen ernstige schade veroorzaken, zoals verstoring van communicatie en verlies van tijd en geld.
Eenvoud: Deze aanvallen zijn relatief eenvoudig uit te voeren, zelfs door onervaren aanvallers.
DDoS-aanval: DDoS aanval is vergelijkbaar met een DoS-aanval, maar komt van meerdere, gecoördineerde bronnen.
Botnet en zombies: Een netwerk van geïnfecteerde hosts (zombies) wordt gebruikt om een DDoS-aanval uit te voeren. De aanvaller bestuurt dit netwerk via een command-and-control (CnC) systeem.
Wat is een mitigerende maatregel die je kan nemen tegen netwerk aanvallen
Beveilig devices** zoals routers, switches, servers, and hosts.
**Defense-in-Depth Aproach (layered) security: This requires a combination of networking devices and services working in tandem.
*Implement various security devices and services, including:
VPN
ASA Firewall
IPS (Intrusion Prevention System)
ESA/WSA (Email Security Appliance / Web Security Appliance)
AAA Server (Authentication, Authorization, and Accounting)
Wat zijn de backup considerations
Frequency
* Perform backups on a regular basis as identified in the security policy.
* Full backups can be time-consuming, therefore perform monthly or weekly backups with
frequent partial backups of changed files.
Storage
* Always validate backups to ensure the integrity of the data and validate the file restoration
procedures.
Security
* Backups should be transported to an approved offsite storage location on a daily, weekly, or monthly rotation, as required by the security policy.
Validation
* Backups should be protected using strong passwords. The password is required to restore the data.
Wat zijn de belangrijkste stappen om netwerkaanvallen te mitigeren via upgrades, updates en patches?
- Houd antivirussoftware up-to-date om nieuwe malware te bestrijden.
- Mitigeer wormaanvallen door beveiligingsupdates van de OS-leverancier te downloaden en kwetsbare systemen te patchen.
- Zorg ervoor dat alle eindsystemen automatisch updates downloaden om kritieke beveiligingspatches te beheren.
Wat valt er te doen tegen dataverlies
Redundantie; backups maken van data en device configuraties. Doe regelmatig en sla deze op op een vertrouwde locatie weg van de main facility
Wat is het punt van Authentication, authorization, and accounting (AAA, or “triple A”)
provide the primary framework to set up
access control on network devices.
* AAA is a way to control who is permitted
to access a network (authenticate), what
actions they perform while accessing the
network (authorize), and making a record
of what was done while they are there
(accounting).
* The concept of AAA is similar to the use
of a credit card. The credit card identifies
who can use it, how much that user can
spend, and keeps account of what items
the user spent money on.
Wat is het doel van een Firewall
Network firewalls reside between two or more
networks, control the traffic between them, and
help prevent unauthorized access.
A firewall could allow outside users controlled
access to specific services. For example,
servers accessible to outside users are usually
located on a special network referred to as the
demilitarized zone (DMZ). The DMZ enables a
network administrator to apply specific policies
for hosts connected to that network.
Firewall products come packaged in various forms. These products use different techniques for determining what will be permitted or denied access to a network. They include the following:
* Packet filtering - Prevents or allows access based on IP or MAC addresses
* Application filtering- Prevents or allows access by specific application types based
on port numbers
* URL filtering- Prevents or allows access to websites based on specific URLs or
keywords
* Stateful packet inspection (SPI)- Incoming packets must be legitimate responses to
requests from internal hosts. Unsolicited packets are blocked unless permitted
specifically. SPI can also include the capability to recognize and filter out specific
types of attacks, such as denial of service (DoS).