Module 4 / Unit 3 / Network Security Design Flashcards
Apart from software crashes, what is a possible effect of a software exploit?
Allows the attacker to execute code on the system.
What type of activity is often a prelude to a full-scale network attack?
Footprinting - obtaining information about the network and security system. This might be done by port scanning, eavesdropping, or social engineering.
What is the usual goal of an ARP spoofing attack?
To redirect traffic to the attacker’s machine by masquerading as the subnet’s default gateway. This allows the attacker to eavesdrop on traffic or perform a Man-in-the-Middle attack.
What means might an attacker use to redirect traffic to a fake site by abusing DNS name resolution?
By injecting false mappings into the client cache or into the server cache or by getting the client to use a rogue DNS resolver.
What is the purpose of a DMZ?
To provide services such as web and email that require Internet connectivity without allowing access to the private network from the Internet.
How can a DMZ be implemented?
Either using two firewalls (external and internal) as a screened subnet or using a triple-homed firewall (one with three network interfaces).
What methods can be used to allocate a particular host to a VLAN?
The simplest is by connection port but this can also be configured by MAC address, IP address, or user authentication.
When connecting an ordinary client workstation to a switch and assigning it to a VLAN, should the switch port be tagged or untagged?
Untagged - this means the switch handles VLAN assignment.
What is a trunk port?
A port used to connect switches. This allows hosts connected to different switches to communicate and to configure VLANs across multiple switches.
What distinguishes port address translation from static NAT?
Static NAT establishes a 1:1 mapping between a public and private address. PAT uses port numbers to share one or more public addresses between many privately addressed hosts.
Other than completely disabling the protocol, how could you mitigate the risk posed by an open port?
Using a firewall to block the port on segments of the network where the protocol should not be in use or restricting use of the port to authorized hosts.
What type of security audit performs active testing of security controls?
A penetration test (pen test). A vulnerability assessment is one that use passive testing techniques.
