Network Security

Question 1

CIA Triad

Answer 1

Confidentiality
Integrity
Availability

Question 2

Confidentiality

Answer 2

Keeping the data private & safe
(Encryption, Authentication to access resources)

Encryption ensures data can only be read (decoded) by intended recipient (Asymmetric/Symmetric)

Question 3

Symmetric Encryption

Answer 3

Both sender & receiver use the same key

Question 4

DES

Answer 4

Data Encryption Standard
Developed mid-1970s
56-bit key
Used by SNMPv3
Considered weak today

Question 5

3DES

Answer 5

Triple DES
Uses three 56-bit keys (168-bit total)
Encrypt, decrypt, encrypt

Question 6

AES

Answer 6

Advanced Encryption Standard
Preferred symmetric encryption standard
Used by WPA2
Available in: 128-bit, 192-bit, 256-bit

Question 7

Asymmetric Encryption

Answer 7

Uses different keys for sender/receiver
RSA is most popular implementation
RSA commonly used with PKI (public key infrastructure)
PKI is used to encrypt data between web browser & shopping site
Can be used for secure emails
Sender/receiver use different keys to encrypt/decrypt

Question 8

Integrity

Answer 8

Ensures data has not been modified in transit
Verifies the source the traffic originates from

Integrity violations:
Defacing a corporate web page
Altering an e-commerce transaction
Modifying electronically stored financial records

Question 9

Hashing (Integrity)

Answer 9

Sender runs string of data through algorithm
Result is a hash or hash digest

Data & hash are sent to receiver
Receiver runs data received via same algorithm & obtains a hash
Two hashes are compared (if same, data not modified)

Question 10

Hashing Algorithms

Answer 10

MD5 (Message Digest 5)
128-bit hash digest

SHA-1 (Secure Hash Algorithm 1)
160-bit hash digest

SHA-256 (Secure Hash Algorithm 256)
256-bit hash digest

CRAMMD5 (Challenge-response Authentication Mechanism MD5)
Common variant often used in email systems

Question 11

Network Security Attack Types

Answer 11

Confidentiality:
Attempts to make data viewable by attacker

Integrity:
Attempts to alter data

Availability:
Attempts to limit network accessibility & usability

Question 12

Confidentiality Attacks

Answer 12

Packet capture
Wire tapping
Dumpster diving
Ping sweep
Port scan
Wireless interception
EMI
MITM
Social Engineering

Question 13

Integrity Attacks

Answer 13

MITM
Data diddling (changes data before storage)
Trust relationship exploitation
Salami attack (many small attacks = one big attack)
Password attack
Session Hijacking
Botnets

Question 14

Availability Attacks

Answer 14

DoS/DDoS
TCP SYN Flood
Buffer overflow
ICMP attacks (Smurf)
UDP attacks (Fraggle)
Ping of Death
Electrical disturbances
Physical environment attacks (Temperature, Humidity, Gas)

Question 15

Protecting a Network

Answer 15

Physical controls
User training
Patching
Vulnerability Scanners
Honey pots & honey nets
Remote-access security
Security policies
Incident response

Question 16

Vulnerability Scanners

Answer 16

Ex: Nessus, Zenmap, Nmap

Periodically test network to verify that security components are behaving as expected & detect known vulnerabilities

Question 17

Honey Pots/Nets

Answer 17

Systems designed as an attractive target
(Trap/Distraction)

Attackers waste resources

Honey pot = single machine
Honey net = network of multiple honey pots

Question 18

Remote Access Security

Answer 18

SSH
RADIUS (Open UDP-based auth protocol)
TACACS+ (Cisco, TCP-based auth protocol)
Kerberos (Windows domain auth protocol)
802.1X (Permits/dennies wired/wireless client access to LAN)
2FA
SSO

Question 19

BYOD Vulnerabilities

Answer 19

Bluejacking
Unauthorized messages over bluetooth

Bluesnarfing
Unauthorized access to wireless via bluetooth

Bluebugging
Unauthorized backdoor to connect bluetooth back to attacker

Question 20

System Lifecycle

Answer 20

Conceptual Design
Preliminary Design
Detailed Design
Production/Installation
Operations/Support
Phase Out
Disposal

Question 21

MFA

Answer 21

Multifactor Authentication
Something you know (user/pass)
Something you have (key fobs/smart cards)
Something you are (fingerprints/retina)
Something you do (signature, pattern, passphrase)
Somewhere you are (geotagging/geofencing)

Question 22

Packet-Filtering Firewalls

Answer 22

Permits/denies traffic based on packet header
(Source/Destination IP)
(Source/Destination Port)

Question 23

Firewall Zones

Answer 23

Inside = Connects to corporate LAN
Outside = Connects to Internet (typically)
DMZ = Connects to devices that should have restricted access from outside zone (like web/email servers)

Question 24

UTM Devices

Answer 24

Unified Threat Management Devices
Combines firewall, router, IDS/IPS, antimalware, & more

UTM can be queried before allowing connection to network

UTM can be a physical device or cloud solution

Question 25

IDS

Answer 25

Intrusion Detection System
Passive device
Operates parallel to network
Monitors all traffic & sends alerts

Question 26

IPS

Answer 26

Intrusion Protection System
Active device
Operates in-line to the network
Monitors all traffic, sends alerts
Drops/blocks offending traffic

Question 27

Detection Methods

Answer 27

Signature-Based:
Signature contains strings of bytes (pattern) that triggers detection

Policy-Based:
Relies on specific declaration of security policy

Anomaly-Based:
Statistical anomaly - watches traffic patterns to build a baseline

Non-statistical anomaly - Admin defines patterns/baseline

Question 28

CVE

Answer 28

Common Vulnerabilities & Exposures:
A list of publicly disclosed computer security weaknesses

Question 29

Penetration Test

Answer 29

Evaluates the security of an IT infrastructure by safely trying to exploit vulnerabilities within the systems/network

Question 30

Posture Assessment

Answer 30

Assesses cyber risk posture & exposure to threats caused by misconfigurations & patching delays.

(Stay in control, strengthen position, define mission-critical components, identify strengths/weaknesses)

Question 31

Business Risk Assessment

Answer 31

Identify, understand, & evaluate potential hazards in the workplace

Question 32

Process Assessment

Answer 32

The disciplined examination of the processes used by the organization against a set of criteria

(Vendor assessment: make sure they can fit needs of the business)

Question 33

DAC (Access Control)

Answer 33

Discretionary Access Control:
An access control method where access is determined by the owner of the resource

Question 34

MAC (Access Control)

Answer 34

Mandatory Access Control:
An access control policy where the computer system gets to decide who gets access to what objects

(Unclassified, confidential, secret, top secret)

Question 35

RBAC (Access Control)

Answer 35

Role-Based Access Control:
An access model that is controlled by the system but focuses on a set of permissions versus an individual’s permissions

(Creating groups makes it easy to control permissions based around job functions)

Question 36

Zero-Trust

Answer 36

A security framework that requires users to be authenticated & authorized before being granted access to apps/data

1) Reexamine all default access controls
2) Employ prevention/defense techniques
3) Enable real-time monitoring & controls to stop malicious activity quickly
4) Ensure network’s zero-trust architecture aligns to a broader security strategy

Question 37

DMZ

Answer 37

Demilitarized Zone:
A perimeter network that protects an organization’s internal LAN from untrusted traffic

Question 38

Screen Subnet

Answer 38

Subnet in the network architecture that uses a single firewall with 3 interfaces to connect 3 dissimilar networks

(Triple-homed firewall)

Question 39

Separation of Duties

Answer 39

Prevents frauds & abuse by distributing various tasks & approval authorities across a number of different users

Question 40

Dual Control

Answer 40

Two people have to be present at the same time to do something

Question 41

Split Knowledge

Answer 41

Two people have half of the knowledge on how to do something

Question 42

Kerberos

Answer 42

Focused on authentication & authorization within a Windows domain

Provides secure authentication over an insecure network

Question 43

RADIUS

Answer 43

Provides centralized administration of dial-up, VPN, & wireless network authentication

(Authentication, Authorization, Accounting)

Accounting (Common Uses):
Port 1812 Authentication Messages
Port 1813 Accounting Messages

Proprietary RADIUS versions may use:
Port 1645 Authentication messages
Port 1646 Accounting messages

Question 44

TACACS+

Answer 44

Used to perform the role of an authenticator in an 802.1x network
RADIUS: UDP
TACACS+: TCP
Ensure port 49 is open
Excellent for Cisco devices

Question 45

802.1X

Answer 45

A standardized framework that’s used for port-based authentication on both wired/wireless networks

(Supplicant, authenticator, authentication server)

Question 46

EAP

Answer 46

Extensible Authentication Protocol:
Authentication performed using 802.1x

EAP-MD5: Simple passwords & challenge handshake auth process for remote access

EAP-TLS: Uses public key infrastructure with digital certificate on both client/server

EAP-TTLS: Digital certificate on server & password on the client for auth

EAP-FAST: Uses a protected access credential to establish mutual auth between devices (also uses TLS; Cisco upgrade from LEAP)

PEAP: Uses server certifications & AD databases to auth a password
(Protected EAP)
LEAP: Proprietary Cisco protocol
(Lightweight EAP)

Question 47

NAC

Answer 47

Network Access Control:
Ensures a device is scanned to determine its current state of security prior to being allowed network access

Question 48

NAC: Persistent Agent

Answer 48

A piece of software installed on a device requesting access to the network

Question 49

NAC: Non-Persistent Agent

Answer 49

Requires the users to connect to the network & go to a web-based captive portal to download the agent onto their device

Question 50

Infrared System

Answer 50

Displays images based on the amount of heat in a room

Identify hot spots in the room (potential gear overheating)
Easily identify where a person is in a room

Question 51

Ultrasonic Camera

Answer 51

A type of surveillance camera that uses sound-based detection

Question 52

eFuse

Answer 52

An electronic detection mechanism that can record the version of the IOS used by a switch

Question 53

Access Control Vestibule

Answer 53

AKA: Mantrap

Question 54

Smart Locker

Answer 54

A fully integrated system that allows you to keep your valuables inside

Small businesses: 69% ROI
Large enterprises: 248% ROI

Question 55

Purging/Sanitizing

Answer 55

Removes data through a means of which it cannot be reconstructed (guaranteed)

Question 56

Clearing Technique

Answer 56

Removes data with a certain amount of assurance it can’t be reconstructed