Network Security Flashcards
1
Q
What is network security?
A
- Any activity designed to protect the usability and integrity of your network and data.
- It includes both hardware and software technologies.
- Effective network security manages access to the network.
- It targets a variety of threats and stops them from entering or spreading on your network.
2
Q
What is AAA?
A
Authentication, Authorization and Accounting Framework for implanting and ensuring network access security
3
Q
What is Local Authentication?
A
Involves storing users’ credentials locally on their devices. Various devices support local authentication, such as PCs, switches, routers, firewalls, etc.
4
Q
When a user logs in to a computer, Windows verifies the credentials against the credentials in what file?
A
local “SAM” file.
5
Q
What is Remote Authentication?
A
Involves storing user credentials on a remote server for authentication. Centralization of stored usernames and passwords. An example of remote authentication would be a PC password being checked against Active Directory in a domain environment.
6
Q
What Does AAA Do?
A
- Authenticate user accounts.
- Control access to resources.
- Audit network activity.
- Ensure policy compliance.
7
Q
Triple AAA is provided by what service?
A
RADIUS and TACACS+.
8
Q
What is Authentication?
A
Authentication verifies the user’s identity. Users accessing the network must prove who they say they are.
9
Q
What is Authorization?
A
Authorization enforces user permissions. After authentication, authorization determines which network resources the user can access.
10
Q
What is Accounting and Auditing?
A
Tracks user activity and records what a user does once authorized on the network. Accounting keeps a record of how network resources are used.
11
Q
What does RADIUS stand for?
A
Remote Authentication Dial-In User Service (RADIUS)
12
Q
What does TACACS+ stand for?
A
Terminal Access Controller Access-Control System Plus (TACACS+)
13
Q
Does RADIUS use TCP or UDP?
A
UPD ports 1812/1813 or 1645/1646
* Port 1812 is used for authentication and authorization.
* Port 1813 is used for accounting.
14
Q
What level of the OSI layer does radius operate?
A
Layer 2 Data Link Layer
15
Q
Does RADIUS encrypt usernames, accounting information, or other information?
A
No only encrypts the password in the packet
16
Q
Does TACACS+ use TCP or UDP?
A
TCP port 49
17
Q
What does TACACS+ encrypt?
A
Encrypts the entire packet
18
Q
What level of the OSI layer does TACACS+ operate?
A
Layer 4 Transport Layer
19
Q
What 2 features does TACACS support that RADIUS does not?
A
Authorization and Accounting
20
Q
What does the TACACS+ protocol provide in a AAA deployment?
A
Authorization on a per-user or per-group basis
21
Q
What Is 802.1X Authentication?
A
Security protocol authenticates new users and devices requesting access to the network.
22
Q
Which term describes the ability of a web server to keep a log of the users who access the server, as well as the length of time they use it?
A
Accounting
23
Q
What is the first required task when configuring server-based AAA authentication?
A
Enable AAA globally.
24
Q
What is a characteristic of AAA accounting?
A
Possible triggers for the aaa accounting exec default command include start-stop and stop-only.
25
When a method list for AAA authentication is being configured, what is the effect of the keyword local?
It accepts a locally configured username, regardless of case.
26
A user complains about not being able to gain access to a network device configured with AAA. How would the network administrator determine if login access for the user account is disabled?
Use the show aaa local user lockout command.
27
Which component of AAA is used to determine which resources a user can access and which operations the user is allowed to perform?
authorization
28
What are the three components f 802.1X?
● Supplicant
● Authenticator
● Authentication Server
29
What are two features of 802.1X
● Access Control offers unmatched, secure, identity-based access control at network endpoints.
● Network Security ensures secure networks with minimal impact on end-users and infrastructure.
30
What is Supplicant?
The client (workstation) receives credentials from a user and submits them to the authenticator. Workstations can be any PC operating system or component of a software application.
31
What is Authenticator?
This device controls physical access to the network by acting as a proxy between the client (supplicant) and the authentication server. The authenticator relays credentials received from a supplicant to the authentication server and is typically an available network device, such as a switch or an access point.
32
What is Authentication Server?
This device validates credentials received from an authenticator. The authentication server determines the level of access in the network for an end-user or device.
33
What is EAP?
Extensible Authentication Protocol (EAP) is an authentication framework that provides transport for request and response parameters
34
What is MAC Spoofing?
Associating attacker's MAC address with target's IP address
35
What are preventions for ARP Poisoning?
● Identify duplicate MAC addresses.
● Check for suspicious ARP traffic.
● Use static ARP entries.
● Configure port security.
● Use encrypted protocols. Encryption protocols do not prevent ARP poisoning
● Prevent traffic interception and eavesdropping.
36
What is Identifying multiple MAC addresses associated with a single device
Duplicate MAC addresses
37
How can you prevent unauthorized devices from accessing the network
Port security
38
Do encrypted protocols prevent ARP poisoning?
No, but they prevent traffic interception and eavesdropping
39
In what mode does the switch operate in CAM overflow.
Switch operates in fail-open mode and behaves like a hub. In this mode, it begins forwarding frames out of all switch ports.
40
What is Dynamic ARP Inspection (DAI)?
Feature that rejects fabricated ARP packets using DHCP snooping. )
41
True of False by default, all physical ports on a switch learn the MAC addresses of connected clients
True
42
What are the 3 port security violation modes?
Shutdown, restrict, and protect
43
What happens in shutdown mode?
Automatically shuts down port and sends notification
44
What happens in restrict mode?
Drops frames with unfamiliar source MAC addresses and sends a notification.
45
What happens in protect mode?
Drops frames with unknown source MAC addresses without notification
46
What are the two secure MAC address types
Manual and Sticky
47
What is Manual (secure MAC address)
Requires manual configuration of each allowed MAC address per interface
48
What is Sticky (secure MAC address)
MAC addresses learned dynamically with a maximum number per interface
49
What is the maximum number of MAC addresses allowed for port security?
Port security allows a maximum number of MAC addresses between 1 and 3072 (default is 1).
50
What is the default port for port security?
Default port is 1
51
What is VLAN Hopping?
Occurs when a frame is sent to one VLAN but is believed to be in a different VLAN
52
When an attacker bypasses switch restrictions and intercepts traffic from various VLANs it is called?
VLAN Hopping
53
Switch Spoofing manipulates which Cisco protocol?
Dynamic Trunking Protocol (DTP)
54
True or False DTP negotiation is enabled by default, even if the interface runs in access mode.
True
55
How can you prevent switch spoofing?
Disabling DTP negotiation on switch ports
56
What is the command to disable DTP?
switchport nonegotiate
57
What is double-tagging?
Exploits 802.1q tagging process to bypass switch restrictions
58
What happens in double-tagging to the tag on the second switch?
The second switch does not notice the frame’s source, only its tag.
59
Mapping and identifying aspects of an unprotected network is known as?
CDP/LLDP Reconnaissance
60
What is CDP?
Cisco Discovery Protocol Cisco Discovery Protocol (CDP) Layer 2 discovery protocol that sends updates insecurely
61
What us LLDP?
Link Layer Discovery Protocol (LLDP), Layer 2 discovery protocol that sends updates insecurely
62
Dynamic routing updates are sent in plain text, without authentication. What vulnerability does this cause?
It enables attackers to craft fake updates and manipulate the routers for malicious purposes.
63
What attacks are caused by fake routing update attacks?
● Rogue Router
o A rogue router is connected to the network and causes changes in the routing table.
● Forged Routing Update Packets
o Packets are crafted with false routing update information to alter the routing table.
64
What is Network Time Protocol (NTP)
Synchronizes time information over a network
65
What is NTP Spoofing?
Impersonates a legitimate time server to manipulate network device clocks
66
What is NTP Amplification?
DoS attack that floods targets with UDP traffic using open NTP servers
67
What is NTP Authentication?
Configuring authentication mechanism for NTP
68
What are steps to prevent an NTP attacks?
● Configure an NTP authentication mechanism.
● Configure NTP access-control lists.
● Disable the monlist command on the server.
69
What are two common DHCP attacks?
DHCP Spoofing, DHCP Starvation
70
What is DHCP Spoofing
Rogue DHCP server manipulates network settings (On-Path attack)
71
What is DHCP Starvation?
Continuous IP address assignment requests drain DHCP pool (is a type of DDOS attack)
72
What is a preventing method for DHCP spoofing?
Enable DHCP snooping
73
What is DHCP Snooping?
Validating DHCP packets using a binding table that are sent to a server. Determines whether a source is trustworthy or not and can filter suspicious DHCP traffic.
74
What is the purpose of network analysis?
Network analysis offers an insight into network communications to identify performance problems, locate security breaches, analyze application behavior, and perform capacity planning
75
Name at least three troubleshooting tasks that can be performed using network analysis.
1. Locate faulty network devices.
2. Measure high delays along a path.
3. Locate the point of packet loss.
76
What is the purpose of Npcap?
Architecture for packet capture and network analysis for Windows operating systems, consisting of a software library and a network driver.
77
How can packet comments be viewed in wireshark?
Selecting Analyze > Expert Information in the main menu of the capture interface
78
What does the double && sign indicate?
Designate AND
79
What does the double (pipes) ||sign indicate?
Designate OR
80
What does Capture File Properties filters show?
Metadata about the capture
81
What does Protocol Hierarchy filters show?
Provides a breakdown of each protocol present in the capture from an OSI model perspective, accounting for all metadata within each protocol for deeper analysis.
82
What does Conversations filters show?
Traffic between specific IP addresses
83
What does Endpoints filters show?
Traffic to and from an IP address
84
What does I/O Graphs: filters show?
Visualizing the number of packets (or similar) in time
85
What is Network Monitor?
Microsoft product that monitors traffic to and from the host system. Looks at processes
86
What is Network Miner?
An open-source network forensic analysis tool (NFAT) for Windows OS, Network Miner can perform file extraction from .pcap files.
87
What is Cryptology?
Branch of mathematics for secure communication and data storage
88
What is encryption?
The form of converting human-readable information (plaintext) into something that is not readable (ciphertext).
89
What is decryption?
The practice of converting encrypted data back into its readable form (plaintext)
90
What is a Password Hash?
Hashed representation of a password stored in an OS
91
What is Hiding?
Making data imperceivable by conventional methods (e.g., steganography)
92
What is Obfuscation?
Scrambling text to make it unreadable
93
What is Transposition?
Changing the order of letters
94
What is Substitution?
Replacing characters with others
95
What is Symmetric Cryptography
Encryption and decryption using the same key
96
What is Asymmetric Cryptography
Encryption with one key, decryption with another
97
What is Base64?
Most email traffic and email attachments are encoded in this manner. Base64 encoding and use strings that end in = or =
98
What is Base32?
32-character, uppercase ASCII set represents the encoded data.
99
What is ASCII-Hex?
Information is converted from characters to its associated hexadecimal representation.
100
What is Base64 Python Library?
Python library for working with Base64 encoding. Data can be encoded and decoded automatically using Python
101
What are Hash Algorithms?
One-way functions for data integrity and validation
102
What is Salt?
Salts strengthen the security of the hashed data by introducing a random string to the data before hashing. The salt is then stored alongside the data
103
What is Pepper?
Shared string for all data in a database database and is not stored alongside the hashed data in the same database
104
True or False salting and peppering passwords can help prevent Brute-Force password attacks and the use of rainbow tables by cybercriminals.?
True
105
What is a Rainbow Table?
Precomputed table of hashed outputs for reverse-engineering
106
What is Symmetric Cipher Encryption?
Use the same key to encrypt and decrypt data. Symmetric keys represent a shared secret19 between the sender and recipient.
107
What is Asymmetric Cipher Encryption?
Require public and private keys to encrypt messages (see Diffie-Hellman Exchange discussed later in this chapter). Hiding data with public and private keys
108
What is XOR Cipher?
Bitwise operation for changing text characters
109
What is Caesar Cipher?
Shifting each character of the alphabet based on a value
110
What is Digital Signatures?
Electronic documents with public and private keys
111
What is Digital Certificates?
Documents issued by certificate authorities for authentication
112
What are Web Certificates?
Certificates for website ownership validation
113
What is Public Key Infrastructure?
Trusted authority organization for creating and distributing digital certificates
114
What is SSL Handshake Flow?
Process of client and server beginning secure communications
