Modules 16-17 Building and Securing a Small Network

Question 1

Which factors do we need to think about when selecting network devices?

Answer 1

Cost
Speed and types of ports/interfaces
Expandability
Operating system features and services

Question 2

When creating a network, what do we need to think about when it comes to IP addressing?

Answer 2

All hosts and devices within the network must have unique address.

Question 2

When creating a network, what do we need to think about when it comes to IP addressing? Which Devices get Ip address?

Answer 2

All hosts and devices within the network must have unique address.

End user devies, Servers nad peripherals, Intermediar devices

Question 3

How can we obtain a high degree of reliability in a network

Answer 3

Network redundancy: Helps eliminate single points of failure.

Can be accomplished by installing duplicate equipment and supplyting duplicate network links for critical areas.

Question 4

What is priority queue? Which queues do we have?

Answer 4

Different queues in a network where the high.priority queue is always emptied first

Four queues

Voice HIGH
SMTP MEDIUM
Instant messaging NORMAL
FTP LOW

Question 5

Which two forms of software programs or processes provide access to the network?

Answer 5

Network applications: Applications that implement application layer protocols and are able to communicate directly with the lower layers of the protocol stack

Application layer services: For applications that are not network-aware, the programs that interface with network and prepare the data for transfer.

Question 6

Which factors must a small network administratot consider when supporting real-time applications?

Answer 6

Infrastructure : Infrastructure - Does it have the capacity and capability to support real-time applications?

Voice over IP - VoIP is typically less expensive than IP Telephony, but at the cost of quality and features.

IP Telephony - This employs dedicated servers form call control and signaling

Real-Time Applications - The network must support Quality of Service (QoS) mechanisms to
minimize latency issues. Real-Time Transport Protocol (RTP) and Real-Time Transport Control
Protocol (RTCP) and two protocols that support real-time applications.

Question 7

Which elements are required to scale a network?

Answer 7

Network documentation : Physical and logical topology

Device inventory: List of devices that use or comprise the network.

Budget: Itemized IT budget

Traffic analysis: Protocols, applications and services and their respective traffic requirements should be documented.

Question 8

What is important to do when determining traffic flow patterns?

Answer 8

Capture traffic during peak utilization times

Perform capture on different netowkr segments

Information gathered by the protocol analyzer is evaluated based on the source and destination of the traffic.

Question 9

Which steps do we go through when we troubleshoot?

Answer 9

1 Identify problem

2. Establish a theory of probable causes
3. Test the Theory to determine cause
4. Establish a plan of action and implement a solution
5. Verify solution and implement prevenetive measure
6. Document findings, actions, and outcomes.

Question 10

Why is network security important?

Answer 10

To protect organization/enterprise assets

To comply with local cyber regulations Breach/fines

To gain competetive advantage - trust in the internet era.

Question 11

What are the 3 legs of security

Answer 11

Prevention

• Measures to prevent exploitations of vulnerabilities
• Important than detection/response

Detection

• If prevention fails, procedures to detect
• Sooner the better

Response
-Incident management plan

Question 12

What is a threat? Which 2 types of main groups of threats do we have?

Answer 12

Action that can disrupt the operation, functioning, integrity or availability of system or network.

Natural threats , earthquakes, flood etc

Intentional cyber related with malicious purpse

Question 13

Which 4 types of cyber threats do we have?

Answer 13

Information theft

Data loss and manipulation

Identity Theft

Disruption of service

Question 14

What is a threat profile?

Answer 14

A threat profile consider individual threats and classified by their impact.

_build asset-based threat profile

Identify vulnerabilities from Vulnerability Profile

Develop Security Strategy and Plan

Question 15

What motiviation can attackers have?

Answer 15

Learn the network topology and traffic for the attack preperation.

Gaining control over network or components

Eavesdropping

Manipulating information

Disrupting the network services or infrastructure.

Question 16

Which types of Vulnerabilities do we have?

Answer 16

Technological Vulnerabilities: TCP/IP protocol, OS, Network Equipment weaknesses

Configuration Vulnerabilities: Unsecured user accounts, easily guessed password, misonfigured network equiment etc.

Security Policy Vulnerabilities: Might include lack of a written security policy, logical access controls not applied, nonexistent distaster recovery plan.

Question 17

Which physical vulnerabilities do we have?

Answer 17

1.Hardware threats - This includes physical damage to servers, routers, switches, cabling
plant, and workstations.

2.Environmental threats - This includes temperature extremes (too hot or too cold) or 
humidity extremes (too wet or too dry).

3.Electrical threats - This includes voltage spikes, insufficient supply voltage (brownouts), 
unconditioned power (noise), and total power loss.

4.Maintenance threats - This includes poor handling of key electrical components
(electrostatic discharge), lack of critical spare parts, poor cabling, and poor labeling.

Question 18

Which types of malware do we have? What are the differences?

Answer 18

Viruses: Inserts a copy of itself into and becomes a part of another program. It spreads from one computer to another, leaving infections as it travels.

Worms: Similar to viruses that they replicate functional copies of themselves and can cause same type of damage. Butthey do not require the spreading of an infected host file. Worms are standalone software and do not require a host program or human help to propagate

Trojan Horses: Harmful piece of software that looks legitimate. Trojan horses do not reproduce by infecting other files. They self-replicate. Trojan horses must spread through user interaction such as opening an email attachment or downloading and running a file from the internet.

Question 19

What is ransomware? Which types are there?

Answer 19

Types of virus that infects the computer system and manipulates the system in a way, that the victim can not (partially or fully) use it and the data stored on it.

Then victim receives a blackmail note by pop-up on screen, asking the vitctim to pay a ransom to regain full access to system and files.

Types:
Cryptolocker encrypts the system/user’s files with a secret key only
known to the attacker

Winlocker only blocks access to the system but does nor affect to
files

Question 20

Which three categories of network attacks do we have?

Answer 20

Reconnaissance attacks - The discovery and mapping of systems, services, or
vulnerabilities`

Access attacks - The unauthorized manipulation of data, system access, or
user privileges.

Denial of service - The disabling or corruption of networks, systems, or
services

Question 21

Which 4 types of access attacks do we have?

Answer 21

1.Password attacks - Implemented using brute force, trojan horse, and packet sniffers

2.Trust exploitation - A threat actor uses unauthorized privileges to gain access to a system,
possibly compromising the target.
‘
3.Port redirection: - A threat actor uses a compromised system as a base for attacks against other
targets. For example, a threat actor using SSH (port 22) to connect to a compromised host A.
Host A is trusted by host B and, therefore, the threat actor can use Telnet (port 23) to access it.

4.Man-in-the middle - The threat actor is positioned in between two legitimate entities in order to
read or modify the data that passes between the two parties.

Question 22

How can we mitigate network attacks?

Answer 22

To mitigate network attacks, you must first secure

devices including routers, switches, servers, and hosts

Question 23

Which security devices can we use to protect against TCP/IP threats

Answer 23

VPN
ASA FIREWALL
IPS An IPS is a network security/threat prevention technology that examines network traffic flows to detect and prevent vulnerability exploits.
ESA WSA
AAA SERVER
An AAA server is a server program that handles user requests for access to computer resources and, for an enterprise, provides authentication, authorization and accounting (AAA) services.

Question 24

Why are backups important?

Answer 24

Backing up device configurations and data is one of the most effective ways of protecting against data
loss

Backups should be performed on a regular basis as identified in the security policy.

Question 25

Why is it important to update and patch software?

Answer 25

As new malware is released, enterprises need to keep current with the latest versions of antivirus
software.
•The most effective way to mitigate a worm attack is to download security updates from the
operating system vendor and patch all vulnerable systems

Question 26

What is the triple A principle (AAA)?

Answer 26

§Authentication, authorization, and accounting
(AAA, or “triple A”) de the primary framework to
set up access control on network devices.

who is permitted to
access a network (authenticate)

what
actions they perform while accessing the
network (authorize)

making a record of
what was done while they are there
(accounting).

Question 27

What does firewall do?

Answer 27

They reside between two or more networks, controls the traffic between them, and help prevent unathroized access.

Question 28

Which firewall types do we have?

Answer 28

Packet filtering - Prevents or allows access based on IP or MAC addresses

Application filtering - Prevents or allows access by specific application types based on
port numbers

URL filtering - Prevents or allows access to websites based on specific URLs or
keywords

Stateful packet inspection (SPI) - Incoming packets must be legitimate responses to
requests from internal hosts. Unsolicited packets are blocked unless permitted
specifically. SPI can also include the capability to recognize and filter out specific
types of attacks, such as denial of service (DoS).

Question 29

How can we secure an Endpoint?

Answer 29

Securing endpoint devices is one of the most challenging jobs of a network
administrator because it involves human nature. A company must have well-documented
policies in place and employees must be aware of these rules.

Employees need to be trained on proper use of the network. Policies often include the
use of antivirus software and host intrusion prevention. More comprehensive endpoint
security solutions rely on network access control