Network Security 12

Question 0

NAT implementations can be implemented as

Answer 0

Software on systems or as hardware in a dedicated device such as cable modems, DSL routers

Question 1

What is NAT

Answer 1

Network Address Translation
A form of Internet security they conceals internal addressing schemes from external networks such as the Internet.
Packets sent to the Internet from internal hosts all appear as if they came from a single IP address.
Prevents external hosts from identifying and connecting directly to internal systems

Question 2

What’s the difference between static and dynamic NAT

Answer 2

Static NAT an unregistered address is mapped to a single specific registered address

Dynamic NAT a single unregistered address is mapped to the first registered address In an address pool

Question 3

What is PAT

Answer 3

Port Address Translation
A subset of NAT functionality the maps either one or more unregistered addresses to a single registered address using multiple ports. Also known as overloading.

Question 4

What is SNAT

Answer 4

Secure NAT where two or more routers work together to perform NAT

Question 5

Describe the NAT process as it translates external and internal addresses based on port numbers

Answer 5

Client requests and external service
The NAT converts the source address to its own external address and adds a reference port number
The service returns data to the NAT devices external address using the port number
NAT uses the port number to identify the correct internal source address
NAT readdresses the packet it the internal system and delivers the data.

Question 6

Describe IP filtering

Answer 6

Determines which packets will be allowed to pass and which will be dropped by screening the packet based in certain criteria set by an admin.
Operates at layer 2 of the TCP/IP and performed by a screening router.

Question 7

What is MAC filtering

Answer 7

Provides a simple method of securing a wireless network. By configuring a WAPS to filter MAC addresses you can control which wireless clients can access your network.

Question 8

What is a firewall

Answer 8

A software program or hardware device that protects a system or network from unauthorized data by blocking unsolicited traffic
Permits specifically permitted traffic based on a defined set of rules.
Universally deployed between private networks and the Internet.
Can also be between two separate private networks to control data flow

Question 9

List the three sets of firewall rules to block or allow content

Answer 9

Inbound rules. Define the action to be performed by the firewall in the data that enters the system from another system

Outbound rules. Define the action to be performed by the firewall on the data that flows out of the system

Connection security rules. Define the type of authentication that is needed to allow communication between the systems.

Question 10

How do you secure ports

Answer 10

Disable unnecessary services.
Close ports that open by default or have limited functionality
Applying security patches
Hiding responses from ports that indicate their status and allow access to pre configured connections only

Question 11

List the four common types of firewalls

Answer 11

Packet filters
Stateful inspection firewall
Proxy firewall
Hybrid firewall

Question 12

Describe packet filter firewall

Answer 12

The simplest implementation of a firewall
Work at the network layer of the OSI model
Each packet being passed along the network is compared to a set of default criteria. The is either passed or dropped.
Usually part of a router

Question 13

Describe stateful inspection firewall

Answer 13

Work at the session layer of the OSI model
Monitors the condition or state of the connection.
Monitors the TCP connection establishment to determine if a request is legit.
also known as circuit level gateways

Question 14

Describe proxy firewall

Answer 14

Work at the application layer of the OSI model
Require incoming and outgoing packets to have a proxy to access service. Allows ability to filter application specific commands.can be used it lof user activity and logons.
Also known as application level gateways

Question 15

Describe hybrid firewall

Answer 15

Combines the functions of a packet filter, stateful inspection firewall, and a proxy firewall
They operate on the Network, session, and application layers simultaneously

Question 16

What is the difference between a network based and host based firewalls

Answer 16

Network based is a dedicated hardware/software combo that protects all the computers on s network behind the firewall
Host based aka personal firewall is a software that is installed directly on a host and filters incoming and outgoing packets to and from that host

Question 17

What is a stateless firewall

Answer 17

A firewall that manages and maintains the connection state of s session through the filter to ensure that only authorized pallets are permitted in sequence.
Filters a legitimate packet for various connections and allow only the packers matching a recognized connection state to pass, dropping the others.

Question 18

Describe what a stateful inspection is

Answer 18

the process of packet filtering by analyzing each packet to ensure the contents match the expected service it is communicating with.
Resource intensive. And very expensive

Question 19

List the four common firewall features

Answer 19

Scanning services. Scan incoming and outgoing packets and some action based on the contents of those packets.

Content filtering. Block restricted content accomplished by URL filtering or inspection of each file or packet.

Signature identification. Indicators compared against a list of known signature of common threats

Zones. Used to create a virtual or physical network topology that creates separate zones with differing security levels.

Question 20

Describe the principle of implicit deny

Answer 20

Dictates that when using a firewall anything that is not explicitly allowed is denied.

Question 21

What is DMZs

Answer 21

A demilitarized Zone
A small section of a private network located between two firewalls and made available for public access.
enables external clients to access data on private systems without compromising the security of the internal network

Question 22

What is a proxy server

Answer 22

A system that isolates internal clients from the servers by Downloading and storing files on behalf of the clients.
Examines the packet contents and generates a new request packet.

Question 23

What is a web proxy and what are its features

Answer 23

A proxy that grants access to the web
Enhanced features
User security. Admins can grant or deny Internet access based on user names or groups.
Gateway services. Enables proxies to translate traffic between protocols
Auditing. Admins can generate reports on users Internet activity
Remote access services. Provides access to the internal network for remote clients
Content filtering. Evaluates the content of website based on words and blocks content and admin deems undesirable.

Question 24

Describe the website caching process

Answer 24

Client requests data from a website
Packet intercepted by proxy server and generate a new request and transmits it to the website
Proxy server downloads content, caches it, and send it to the client
Verify cache and sends to client
If not correct cache update
Proxy server purges its cache once the TTL value expires

Question 25

What is the difference between passive and active caching

Answer 25

In passive the proxy server does not cache any data marked at time sensitive but sends repeated requests to external sites to ensure that data is current
In active the proxy server profiles cache indexes of websites based on the volume of use.

Question 26

What is NAC

Answer 26

Network Access Control
Term used for the collection of protocols, policies, and hardware that govern access on device network interconnections
Provides an additional security layer that scans systems for conformance and allows or quarantines updates to meet policy standards.
Based on three main elements: authentication method, endpoint vulnerability assessment, and network specific enforcement.

Question 27

How does a posture relate to NAC

Answer 27

Process of Authorization in NAC done using a compliance check which means a networks security is assessed based on the security applications running in the network

Question 28

What are access control lists ACL

Answer 28

A set of data used to control access to a resource. Commonly implemented as MAC address filtering on wireless routers and access points.

Question 29

Describe intrusion detection

Answer 29

The process of monitoring the events occurring in a computer or network and analyzing them to detect possible incidents. Can be performed manually or automatically

Question 30

Audit logs and trails are

Answer 30

The most popular way to detect intrusions.

Activities are logged chronologically

Question 31

What is IDS

Answer 31

Intrusion detection system
Software or hardware that scans, audits, and monitors the security infrastructure for signs of attacks in progress and automates the intrusion detection process

Question 32

List the type of IDSs

Answer 32

Network based. Uses hardware to Monitor network traffic packets and restricts IPS or alerts IDS when unacceptable traffic is seen in the system. Connected to a switch. Cannot analyze encrypted data. Ex snort.

Host based. An application installed on a server to protect that device. Monitors the computer log files internally and detects which program accesses the particular resource.

Pattern based. Uses predefined set of rules to identity unacceptable traffic

Anomaly based. Uses a database of unacceptable traffic patterns identified by analyzing traffic flows. Are dynamic and create a baseline of acceptable traffic flows during implementation

Protocol based. Installed on a web server and used to monitor the protocol used by the computer. Contains an agent at the front end of a server that is used for the monitoring and analysis of the communication protocol between the connected devices and the system

Application based. Monitors the application protocol in use by the system. Contains an agent that interfaces between a process or between multiple servers and analyzes the application protocol between two devices.

Question 33

IDSs can be either passive or active. Describe both

Answer 33

Passive IDS detects potential security breaches, logs the activity, and alerts security personnel

Active IDS detects potential security beaches, logs the activity then blocks the user from the suspicious activity. Can be considered an IPS. Intrusion prevention System

Question 34

What is IPS

Answer 34

Intrusion Prevention System
Also referred to as a NIPS network intrusion Prevention System
An inline security device that monitors suspicious network and system traffic and reacts in real time to block it.
Can drop packets, reset connections, sound alerts and can quarantine intruders.

Question 35

List the two major types of IPSs

Answer 35

HIPS. host based IPS
an application that monitors the traffic from a specific host or list of host addresses

NIPS. Network based IPS.
Monitors the entire network and analyzes its activity. Detects malicious code and unsolicited traffic and acts against it.

Question 36

What is a port scanner

Answer 36

A type of software that searches a network host or range of IP addresses for open TCP and UDP ports.

Can be used to determine what services are running on a network and potential areas of vulnerability.

Question 37

What is NMAP

Answer 37

A widely available open source port scanner.
Can rapidly scan a single host or an entire network. Can determine what hosts are available on a network, what services are offered, what types of OSs are being used, what types of firewalls are being used, and characteristics of the target.

Question 38

What is a vulnerability assessment tool

Answer 38

A honeypot is a security tool that lures attackers away from legitimate network resources while tracking their activities.
Appear and acts as a legitimate component of the network but are actually secure lockboxes where security professionals can block intrusion and begin logging activities for use in court

Can be software emulation programs, hardware decoys, or an entire dummy network or honey net.

Question 39

What is a network scanner

Answer 39

Computer programs used for scanning networks to obtain user names, host names, groups, shares and services. Also known as network enumerators.

Question 40

What is IPSec

Answer 40

Internet Protocol Security
A set of open non-proprietary standards used to secure data as it travels across the network or the Internet.
In tunnel mode is often used with L2TP.

Question 41

Describe IPSec protection mechanisms

Answer 41

Provides data authenticity and integrity.
Protects against replay attacks
Prevents repudiation
Protects against eavesdropping and sniffing.

Question 42

IPSec operates if two modes

Answer 42

Transport mode. Only the contents of the data packet are encrypted. Used for host to host communications

Tunnel mode. The entire packet is encrypted and then wrapped in a new unencrypted packet. Used when creating VPNs using IPSec

Question 43

Describe IPSecs two transport protocols

Answer 43

AH. Authentication Header protocol.
Provides data integrity through the use of the Message Digest algorithm 5 MD5 and SHA Secure Hash Algorithm encryption techniques

ESP. Encapsulating Security payload protocol
Provides data integrity and encryption using DES or 3DES.

Question 44

What is IKE

Answer 44

Internet Key Exchange protocol.

Used by IPSec to create a master key which is used to generate bulk encryption keys.

Question 45

What is a Security Association

Answer 45

SA.
The negotiated relationship between two computers using IPSec.
Happens on two phases
Phase one by default lasts one hour. Allows two computers to exchange data using multiple phase twos

Question 46

The Internet Security Association and Key Management Protocol ISAKMP is a protocol used to

Answer 46

Set up SA and cryptographic keys in an Internet environment

Only provides a framework for authentication and key exchange.

Question 47

Describe IPSec policies

Answer 47

A set of security configuration settings that define how an IPSec enabled system will respond to IP network traffic.
Determines the security level for the IPSec connection. Each of the endpoints in a network communication must have an IPSec policy with at least one matching security method

Question 48

The client and server in the IPSec policy refers to

Answer 48

To which node initiates the session

The client policy is an IPSec policy that s client computer seeks If the server requests it

Question 49

Name the three default IPSec policies

Answer 49

Secure server. Highest level of security.

Server. Middle level security

Client. Lowest level of security.

Question 50

IPSec policies are composed of rules and each rule has five components

Answer 50

IP filters. Describe the protocol, port, and source or destination computer the rule applies to

Filter action. Specifies how the system should respond to a packet that matches a particular filter.
It can permit the communication, or request or require security

Authentication method. Enables computers to establish a trust relationship. Such as Kerberos, digital certificates or pre shared key

Tunnel setting. Enables computers to encapsulate data inside the transport network

Connection type. Determines if the rule applies to local network conn, remote access communications, or both.

Question 51

List the four main windows IPSec components

Answer 51

IPSec policy agent
IPSec driver. Implements the policy assigned
Microsoft management console. MMC. Snap in used to manage IPSec policies
IP security monitor. Verify statistics