Modules 16-17 Building and Securing a Small Network Flashcards
Which factors do we need to think about when selecting network devices?
Cost
Speed and types of ports/interfaces
Expandability
Operating system features and services
When creating a network, what do we need to think about when it comes to IP addressing?
All hosts and devices within the network must have unique address.
When creating a network, what do we need to think about when it comes to IP addressing? Which Devices get Ip address?
All hosts and devices within the network must have unique address.
End user devies, Servers nad peripherals, Intermediar devices
How can we obtain a high degree of reliability in a network
Network redundancy: Helps eliminate single points of failure.
Can be accomplished by installing duplicate equipment and supplyting duplicate network links for critical areas.
What is priority queue? Which queues do we have?
Different queues in a network where the high.priority queue is always emptied first
Four queues
Voice HIGH
SMTP MEDIUM
Instant messaging NORMAL
FTP LOW
Which two forms of software programs or processes provide access to the network?
Network applications: Applications that implement application layer protocols and are able to communicate directly with the lower layers of the protocol stack
Application layer services: For applications that are not network-aware, the programs that interface with network and prepare the data for transfer.
Which factors must a small network administratot consider when supporting real-time applications?
Infrastructure : Infrastructure - Does it have the capacity and capability to support real-time applications?
Voice over IP - VoIP is typically less expensive than IP Telephony, but at the cost of quality and features.
IP Telephony - This employs dedicated servers form call control and signaling
Real-Time Applications - The network must support Quality of Service (QoS) mechanisms to
minimize latency issues. Real-Time Transport Protocol (RTP) and Real-Time Transport Control
Protocol (RTCP) and two protocols that support real-time applications.
Which elements are required to scale a network?
Network documentation : Physical and logical topology
Device inventory: List of devices that use or comprise the network.
Budget: Itemized IT budget
Traffic analysis: Protocols, applications and services and their respective traffic requirements should be documented.
What is important to do when determining traffic flow patterns?
Capture traffic during peak utilization times
Perform capture on different netowkr segments
Information gathered by the protocol analyzer is evaluated based on the source and destination of the traffic.
Which steps do we go through when we troubleshoot?
1 Identify problem
- Establish a theory of probable causes
- Test the Theory to determine cause
- Establish a plan of action and implement a solution
- Verify solution and implement prevenetive measure
- Document findings, actions, and outcomes.
Why is network security important?
To protect organization/enterprise assets
To comply with local cyber regulations Breach/fines
To gain competetive advantage - trust in the internet era.
What are the 3 legs of security
Prevention
- Measures to prevent exploitations of vulnerabilities
- Important than detection/response
Detection
- If prevention fails, procedures to detect
- Sooner the better
Response
-Incident management plan
What is a threat? Which 2 types of main groups of threats do we have?
Action that can disrupt the operation, functioning, integrity or availability of system or network.
Natural threats , earthquakes, flood etc
Intentional cyber related with malicious purpse
Which 4 types of cyber threats do we have?
Information theft
Data loss and manipulation
Identity Theft
Disruption of service
What is a threat profile?
A threat profile consider individual threats and classified by their impact.
_build asset-based threat profile
Identify vulnerabilities from Vulnerability Profile
Develop Security Strategy and Plan
What motiviation can attackers have?
Learn the network topology and traffic for the attack preperation.
Gaining control over network or components
Eavesdropping
Manipulating information
Disrupting the network services or infrastructure.
Which types of Vulnerabilities do we have?
Technological Vulnerabilities: TCP/IP protocol, OS, Network Equipment weaknesses
Configuration Vulnerabilities: Unsecured user accounts, easily guessed password, misonfigured network equiment etc.
Security Policy Vulnerabilities: Might include lack of a written security policy, logical access controls not applied, nonexistent distaster recovery plan.
Which physical vulnerabilities do we have?
1.Hardware threats - This includes physical damage to servers, routers, switches, cabling
plant, and workstations.
2.Environmental threats - This includes temperature extremes (too hot or too cold) or humidity extremes (too wet or too dry).
3.Electrical threats - This includes voltage spikes, insufficient supply voltage (brownouts), unconditioned power (noise), and total power loss.
4.Maintenance threats - This includes poor handling of key electrical components
(electrostatic discharge), lack of critical spare parts, poor cabling, and poor labeling.
Which types of malware do we have? What are the differences?
Viruses: Inserts a copy of itself into and becomes a part of another program. It spreads from one computer to another, leaving infections as it travels.
Worms: Similar to viruses that they replicate functional copies of themselves and can cause same type of damage. Butthey do not require the spreading of an infected host file. Worms are standalone software and do not require a host program or human help to propagate
Trojan Horses: Harmful piece of software that looks legitimate. Trojan horses do not reproduce by infecting other files. They self-replicate. Trojan horses must spread through user interaction such as opening an email attachment or downloading and running a file from the internet.
What is ransomware? Which types are there?
Types of virus that infects the computer system and manipulates the system in a way, that the victim can not (partially or fully) use it and the data stored on it.
Then victim receives a blackmail note by pop-up on screen, asking the vitctim to pay a ransom to regain full access to system and files.
Types:
Cryptolocker encrypts the system/user’s files with a secret key only
known to the attacker
Winlocker only blocks access to the system but does nor affect to
files
Which three categories of network attacks do we have?
Reconnaissance attacks - The discovery and mapping of systems, services, or
vulnerabilities`
Access attacks - The unauthorized manipulation of data, system access, or
user privileges.
Denial of service - The disabling or corruption of networks, systems, or
services
Which 4 types of access attacks do we have?
1.Password attacks - Implemented using brute force, trojan horse, and packet sniffers
2.Trust exploitation - A threat actor uses unauthorized privileges to gain access to a system,
possibly compromising the target.
‘
3.Port redirection: - A threat actor uses a compromised system as a base for attacks against other
targets. For example, a threat actor using SSH (port 22) to connect to a compromised host A.
Host A is trusted by host B and, therefore, the threat actor can use Telnet (port 23) to access it.
4.Man-in-the middle - The threat actor is positioned in between two legitimate entities in order to
read or modify the data that passes between the two parties.
How can we mitigate network attacks?
To mitigate network attacks, you must first secure
devices including routers, switches, servers, and hosts
Which security devices can we use to protect against TCP/IP threats
VPN
ASA FIREWALL
IPS An IPS is a network security/threat prevention technology that examines network traffic flows to detect and prevent vulnerability exploits.
ESA WSA
AAA SERVER
An AAA server is a server program that handles user requests for access to computer resources and, for an enterprise, provides authentication, authorization and accounting (AAA) services.