Modules 16-17 Building and Securing a Small Network Flashcards
Which factors do we need to think about when selecting network devices?
Cost
Speed and types of ports/interfaces
Expandability
Operating system features and services
When creating a network, what do we need to think about when it comes to IP addressing?
All hosts and devices within the network must have unique address.
When creating a network, what do we need to think about when it comes to IP addressing? Which Devices get Ip address?
All hosts and devices within the network must have unique address.
End user devies, Servers nad peripherals, Intermediar devices
How can we obtain a high degree of reliability in a network
Network redundancy: Helps eliminate single points of failure.
Can be accomplished by installing duplicate equipment and supplyting duplicate network links for critical areas.
What is priority queue? Which queues do we have?
Different queues in a network where the high.priority queue is always emptied first
Four queues
Voice HIGH
SMTP MEDIUM
Instant messaging NORMAL
FTP LOW
Which two forms of software programs or processes provide access to the network?
Network applications: Applications that implement application layer protocols and are able to communicate directly with the lower layers of the protocol stack
Application layer services: For applications that are not network-aware, the programs that interface with network and prepare the data for transfer.
Which factors must a small network administratot consider when supporting real-time applications?
Infrastructure : Infrastructure - Does it have the capacity and capability to support real-time applications?
Voice over IP - VoIP is typically less expensive than IP Telephony, but at the cost of quality and features.
IP Telephony - This employs dedicated servers form call control and signaling
Real-Time Applications - The network must support Quality of Service (QoS) mechanisms to
minimize latency issues. Real-Time Transport Protocol (RTP) and Real-Time Transport Control
Protocol (RTCP) and two protocols that support real-time applications.
Which elements are required to scale a network?
Network documentation : Physical and logical topology
Device inventory: List of devices that use or comprise the network.
Budget: Itemized IT budget
Traffic analysis: Protocols, applications and services and their respective traffic requirements should be documented.
What is important to do when determining traffic flow patterns?
Capture traffic during peak utilization times
Perform capture on different netowkr segments
Information gathered by the protocol analyzer is evaluated based on the source and destination of the traffic.
Which steps do we go through when we troubleshoot?
1 Identify problem
- Establish a theory of probable causes
- Test the Theory to determine cause
- Establish a plan of action and implement a solution
- Verify solution and implement prevenetive measure
- Document findings, actions, and outcomes.
Why is network security important?
To protect organization/enterprise assets
To comply with local cyber regulations Breach/fines
To gain competetive advantage - trust in the internet era.
What are the 3 legs of security
Prevention
- Measures to prevent exploitations of vulnerabilities
- Important than detection/response
Detection
- If prevention fails, procedures to detect
- Sooner the better
Response
-Incident management plan
What is a threat? Which 2 types of main groups of threats do we have?
Action that can disrupt the operation, functioning, integrity or availability of system or network.
Natural threats , earthquakes, flood etc
Intentional cyber related with malicious purpse
Which 4 types of cyber threats do we have?
Information theft
Data loss and manipulation
Identity Theft
Disruption of service
What is a threat profile?
A threat profile consider individual threats and classified by their impact.
_build asset-based threat profile
Identify vulnerabilities from Vulnerability Profile
Develop Security Strategy and Plan
What motiviation can attackers have?
Learn the network topology and traffic for the attack preperation.
Gaining control over network or components
Eavesdropping
Manipulating information
Disrupting the network services or infrastructure.
Which types of Vulnerabilities do we have?
Technological Vulnerabilities: TCP/IP protocol, OS, Network Equipment weaknesses
Configuration Vulnerabilities: Unsecured user accounts, easily guessed password, misonfigured network equiment etc.
Security Policy Vulnerabilities: Might include lack of a written security policy, logical access controls not applied, nonexistent distaster recovery plan.
Which physical vulnerabilities do we have?
1.Hardware threats - This includes physical damage to servers, routers, switches, cabling
plant, and workstations.
2.Environmental threats - This includes temperature extremes (too hot or too cold) or humidity extremes (too wet or too dry).
3.Electrical threats - This includes voltage spikes, insufficient supply voltage (brownouts), unconditioned power (noise), and total power loss.
4.Maintenance threats - This includes poor handling of key electrical components
(electrostatic discharge), lack of critical spare parts, poor cabling, and poor labeling.
Which types of malware do we have? What are the differences?
Viruses: Inserts a copy of itself into and becomes a part of another program. It spreads from one computer to another, leaving infections as it travels.
Worms: Similar to viruses that they replicate functional copies of themselves and can cause same type of damage. Butthey do not require the spreading of an infected host file. Worms are standalone software and do not require a host program or human help to propagate
Trojan Horses: Harmful piece of software that looks legitimate. Trojan horses do not reproduce by infecting other files. They self-replicate. Trojan horses must spread through user interaction such as opening an email attachment or downloading and running a file from the internet.
What is ransomware? Which types are there?
Types of virus that infects the computer system and manipulates the system in a way, that the victim can not (partially or fully) use it and the data stored on it.
Then victim receives a blackmail note by pop-up on screen, asking the vitctim to pay a ransom to regain full access to system and files.
Types:
Cryptolocker encrypts the system/user’s files with a secret key only
known to the attacker
Winlocker only blocks access to the system but does nor affect to
files
Which three categories of network attacks do we have?
Reconnaissance attacks - The discovery and mapping of systems, services, or
vulnerabilities`
Access attacks - The unauthorized manipulation of data, system access, or
user privileges.
Denial of service - The disabling or corruption of networks, systems, or
services
Which 4 types of access attacks do we have?
1.Password attacks - Implemented using brute force, trojan horse, and packet sniffers
2.Trust exploitation - A threat actor uses unauthorized privileges to gain access to a system,
possibly compromising the target.
‘
3.Port redirection: - A threat actor uses a compromised system as a base for attacks against other
targets. For example, a threat actor using SSH (port 22) to connect to a compromised host A.
Host A is trusted by host B and, therefore, the threat actor can use Telnet (port 23) to access it.
4.Man-in-the middle - The threat actor is positioned in between two legitimate entities in order to
read or modify the data that passes between the two parties.
How can we mitigate network attacks?
To mitigate network attacks, you must first secure
devices including routers, switches, servers, and hosts
Which security devices can we use to protect against TCP/IP threats
VPN
ASA FIREWALL
IPS An IPS is a network security/threat prevention technology that examines network traffic flows to detect and prevent vulnerability exploits.
ESA WSA
AAA SERVER
An AAA server is a server program that handles user requests for access to computer resources and, for an enterprise, provides authentication, authorization and accounting (AAA) services.
Why are backups important?
Backing up device configurations and data is one of the most effective ways of protecting against data
loss
Backups should be performed on a regular basis as identified in the security policy.
Why is it important to update and patch software?
As new malware is released, enterprises need to keep current with the latest versions of antivirus
software.
•The most effective way to mitigate a worm attack is to download security updates from the
operating system vendor and patch all vulnerable systems
What is the triple A principle (AAA)?
§Authentication, authorization, and accounting
(AAA, or “triple A”) de the primary framework to
set up access control on network devices.
who is permitted to
access a network (authenticate)
what
actions they perform while accessing the
network (authorize)
making a record of
what was done while they are there
(accounting).
What does firewall do?
They reside between two or more networks, controls the traffic between them, and help prevent unathroized access.
Which firewall types do we have?
Packet filtering - Prevents or allows access based on IP or MAC addresses
Application filtering - Prevents or allows access by specific application types based on
port numbers
URL filtering - Prevents or allows access to websites based on specific URLs or
keywords
Stateful packet inspection (SPI) - Incoming packets must be legitimate responses to
requests from internal hosts. Unsolicited packets are blocked unless permitted
specifically. SPI can also include the capability to recognize and filter out specific
types of attacks, such as denial of service (DoS).
How can we secure an Endpoint?
Securing endpoint devices is one of the most challenging jobs of a network
administrator because it involves human nature. A company must have well-documented
policies in place and employees must be aware of these rules.
Employees need to be trained on proper use of the network. Policies often include the
use of antivirus software and host intrusion prevention. More comprehensive endpoint
security solutions rely on network access control
