Network Security Flashcards
Network Security Fundamentals
▪ Networks are increasingly dependent on interconnecting with other
networks
▪ Risks exist not just on the untrusted Internet, but also inside our own
organization’s networks and must be minimized or eliminated
▪ Understanding the various threats facing our networks is important in
order to best defend the network against the onslaught of cyber-attacks
they are constantly facing
Network Security Goals
Commonly called the CIA Triad
● Confidentiality
● Integrity
● Availability
Symmetric Encryption (Confidentiality)
▪ Both sender and receiver use the same key
▪ DES (Data Encryption Standard)
● Developed in the mid-1970s
● 56-bit key
● Used by SNMPv3
3DES (Triple DES)
● Uses three 56-bit keys (168-bit total)
● Encrypt, decrypt, encrypt
▪ AES (Advanced Encryption Standard)
● Preferred symmetric encryption standard
● Used by WPA2
● Available in 128-bit, 192-bit, and 256-bit keys
▪ Sender and receiver use the same key to encrypt and decrypt the
messages
Asymmetric Encryption (Confidentiality
▪ Uses different keys for sender and receiver
▪ RSA is the most popular implementation
▪ RSA algorithm is commonly used with a public key infrastructure (PKI)
▪ PKI is used to encrypt data between your web browser and a shopping
website
▪ Can be used to securely exchange emails
▪ Sender and receiver use different keys to encrypt and decrypt the
messages
Integrity
▪ Ensures data has not been modified in transit
▪ Verifies the source that traffic originates from
▪ Integrity violations
● Defacing a corporate web page
● Altering an e-commerce transaction
● Modifying electronically stored financial records
Hashing (Integrity)
▪ Sender runs string of data through algorithm
● Result is a hash or hash digest
▪ Data and its hash are sent to receiver
▪ Receiver runs data received through the same algorithm and obtains a
hash
▪ Two hashes are compared
● If the same, the data was not modified
Hashing Algorithms (Integrity)
▪ Message digest 5 (MD5)
● 128-bit hash digest
▪ Secure Hash Algorithm 1 (SHA-1)
● 160-bit hash digest
▪ Secure Hash Algorithm 256 (SHA-256)
● 256-bit hash digest
▪ Challenge-Response Authentication Mechanism Message Digest 5
(CRAMMD5)
● Common variant often used in e-mail systems
Availability
▪ Measures accessibility of the data
▪ Increased by designing redundant networks
▪ Compromised by
● Crashing a router or switch by sending improperly formatted data
● Flooding a network with so much traffic that legitimate requests
cannot be processed
o Denial of Service (DoS)
o Distributed Denial of Service
Threat
▪ A person or event that has the potential for impacting a valuable
resource in a negative manner
Vulnerability
▪ A quality or characteristic within a given
resource or its environment that might
allow the threat to be realized
● Internal Threat
o Any threat that originates
within the organization
itself
● External Threat
o Any threat that could be
people, like a hacker, or it
can be an event or
environmental condition
▪ Undesirable conditions or weaknesses that are in the general area
surrounding the building where a network is run
Technical Vulnerabilities
▪ System-specific conditions that create security weaknesses
● Common Vulnerabilities and Exposures (CVE)
o A list of publicly disclosed computer security weaknesses
● Zero-Day Vulnerability
o Any weakness in the system design, implementation,
software code, or a lack of preventive mechanisms in place
▪ CVEs (Known vulnerabilities)
▪ Zero-Day (Brand new vulnerability)
Risk Management
The identification, evaluation, and prioritization of risks to minimize, monitor,
and control the vulnerability exploited by a threat
Risk Assessment
▪ A process that identifies potential hazards and analyzes what could
happen if a hazard occurs
● Security
● Business
Security Risk Assessment
Used to identify, assess, and implement key security controls within an
application, system, or network
o Penetration Test
Evaluates the security of an IT infrastructure by safely trying to exploit
vulnerabilities within the systems or network
Posture Assessment
Assesses cyber risk posture and exposure to threats caused by
misconfigurations and patching delays
● Define mission-critical components
● Identify strengths, weaknesses, and security issues
● Stay in control
● Strengthen position
Security Principles
o Least Privilege
Using the lowest level of permissions or privileges needed in order to
complete a job function or admin task
Discretionary Access Control (DAC)
An access control method where access is determined by the
owner of the resource
o Every object in a system has to have an owner
o Each owner must determine the access rights and
permissions for each object
Mandatory Access Control (MAC)
An access control policy where the computer system gets to
decide who gets access to what objects
o Unclassified
Confidential
o Secret
o Top secret
Role-Based Access Control (RBAC)
An access model that is controlled by the system but focuses on a set of
permissions versus an individual’s permissions
▪ Creating groups makes it easy to control permissions based around actual
job functions
Zero-Trus
▪ A security framework that requires users to be authenticated and
authorized before being granted access to applications and data
1. Reexamine all default access controls
2. Employ a variety of prevention
techniques and defense in depth
3. Enable real-time monitoring and
controls to identify and stop
malicious activity quickly
4. Ensure the network’s zero-trust
architecture aligns to a broader
security strategy
DMZ
A perimeter network that protects an organization’s internal local area
network from untrusted traffic
Screen Subnet
Subnet in the network architecture that uses a single firewall with three
interfaces to connect three dissimilar networks
● Triple-homed firewall
Separation of Duties
Prevent frauds and abuse by distributing various tasks and approval
authorities across a number of different users
Honeypot/ Honeynet
Attracts and traps potential attackers to counteract any attempts at
unauthorized access to a network
▪ Think vertical through the layers as well as horizontal or lateral across the
network using screen subnets
Multifactor Authentication
o Authenticates or proves an identity using more than one method
▪ Something you know
▪ Something you have
▪ Something you are
▪ Something you do
▪ Somewhere you are
Dictionary Attack
▪ Guesses the password by attempting to check every single word or
phrase contained within a word list, called a dictionary
● Do not use anything that looks like a regular word
Brute Force Attack
Tries every possible combination until they figure out the password
● Use a longer and more complicated password
o Uppercase
o Lowercase
o Numbers
o Special characters
● For good security, use a minimum of 12 characters
Local Authentication
Process of determining whether someone or something is who or what it
● Claims itself to be
● Simplified version of X.500
Lightweight Directory Access Protocol (LDAP)
▪ Validates a username and password combination against an LDAP server
as a form of authentication
● Port 389 LDAP
● Port 636 LDAP Secure
o Active Directory (AD)
Organizes and manages everything on the network, including clients,
servers, devices, and users
Kerberos
▪ Focused on authentication and authorization within a Windows domain
environment
▪ Provides secure authentication over an insecure network
Remote Authentication Dial-In User Service (RADIUS)
Provides centralized administration of dial-up, VPN, and wireless network
authentication
● Authentication
● Authorization
● Accounting
o Commonly uses:
▪ Port 1812 Authentication messages
▪ Port 1813 Accounting messages
o Proprietary versions of RADIUS may also use:
▪ Port 1645 Authentication messages
▪ Port 1646 Accounting message
o Terminal Access Controller Access Control System Plus (TACACS+)
Used to perform the role of an authenticator in an 802.1x network
● RADIUS (UDP)
● TACACS+ (TCP)
● Ensure Port 49 is open
● Excellent if using Cisco devices
802.1x
▪ A standardized framework that’s used for port-based authentication on
both wired and wireless networks
● Supplicant
● Authenticator
● Authentication server
Extensible Authentication Protocol (EAP)
Allows for numerous different mechanisms of authentication
● EAP-MD5
o Utilizes simple passwords and the challenge handshake
authentication process to provide remote access
authentication
● EAP-TLS
o Uses public key infrastructure with a digital certificate
being installed on both the client and the server
● EAP-TTLS
o Requires a digital certificate on the server and a password
on the client for its authentication
● EAP Flexible Authentication via Secure Tunneling (EAP-FAST)
o Uses a protected access credential to establish mutual
authentication between devices
● Protected EAP (PEAP)
o Uses server certificates and Microsoft’s Active Directory
databases to authenticate a client’s password
● Lightweight EAP (LEAP)
o A proprietary protocol that only works on Cisco-based
devices
● Network Access Control (NAC)
o Ensures a device is scanned to determine its current state of security prior to
being allowed network access
o Persistent Agent
A piece of software installed on a device requesting access to the
network
Non-Persistent Agent
Requires the users to connect to the network and go to a web-based
captive portal to download an agent onto their devices
IEEE 802.1x
Used in port-based Network Access Control
● Time-based
o Defines access periods for given hosts on using a timebased schedule
● Location-based
o Evaluates the location of the endpoint requesting access
using IP or GPS geolocation
● Role-Based (Adaptive NAC)
o Reevaluates a device’s authentication when it’s being used
to do something
● Rule-based
o Uses a complex admission policy that might enforce a
series of rules with the use of logical statements
Physical Security
o Detection Methods
▪ Security control used during an event to find out whether or not
something malicious may have happened
● Wired
o Allows the device to be physically cabled from its camera
all the way to a central monitoring station
● Wireless
o Easier to install, but they can interfere with other wireless
systems, like 802.11 wireless networks
Network Security Attacks
▪ Our security goals (CIA) are subject to attack
▪ Confidentiality attack
● Attempts to make data viewable by an attacker
▪ Integrity attack
● Attempts to alter data
▪ Availability attack
● Attempts to limit network accessibility and usability
