Network Security Flashcards
What is network segmentation and why is it important?
Dividing a network into smaller subnets to control access, improve security, and reduce attack surfaces.
What are chokepoints in network security?
Points where network traffic is funneled for monitoring, filtering, and control.
What are some examples of network chokepoints?
Routers – Directs network traffic.
Firewalls – Blocks or allows traffic.
Proxy Servers – Intercepts and filters traffic.
What is a firewall?
A security system that monitors and controls network traffic based on predefined security rules.
Where should a firewall be placed?
At network boundaries where trust levels change (e.g., between a corporate network and the internet).
What is packet filtering in firewalls?
The oldest and simplest method that inspects each packet’s source/destination IP, port, and protocol to allow or block traffic.
What is stateful packet inspection (SPI)?
Tracks the state of connections (source/destination, session info).
Maintains a state table to monitor ongoing connections.
More secure than packet filtering.
What is deep packet inspection (DPI)?
Analyzes the actual content of packets (not just headers).
Can detect malware, unauthorized data transfers, or policy violations.
How do proxy servers enhance security?
Intercepts and filters traffic before it reaches users.
Masks internal IP addresses from the internet.
Can log and analyze network activity.
What is a DMZ in network security?
A buffer zone between an internal network and the public internet.
Why use a DMZ?
Protects public-facing servers (e.g., web, email, DNS).
Prevents direct access to internal systems.
What is an Intrusion Detection System (IDS)?
A security tool that monitors network traffic for suspicious activity or known attack patterns.
What is signature-based IDS?
Works like antivirus software.
Detects attacks using predefined signatures of known threats.
What is anomaly-based IDS?
Uses machine learning or behavior analysis to detect unusual traffic patterns.
More effective for detecting new threats but can generate false alarms.
What is a VPN (Virtual Private Network)?
An encrypted tunnel between two endpoints that secures data over untrusted networks.
What is a VPN concentrator?
A hardware device that manages multiple VPN connections.
What is a rogue access point?
An unauthorized Wi-Fi access point that can allow attackers to intercept traffic.
What tool is used to scan for unauthorized access points?
Kismet – Detects rogue APs and network devices.
What are the main Wi-Fi encryption standards, ranked from weakest to strongest?
WEP (Wired Equivalent Privacy) – Weak, easily cracked.
WPA (Wi-Fi Protected Access) – More secure but still vulnerable.
WPA2 – Uses AES encryption; strong security.
WPA3 – Latest standard, stronger encryption & defenses against brute force attacks.
What are some insecure legacy network protocols?
FTP (File Transfer Protocol) – Transfers files unencrypted.
Telnet – Allows remote access without encryption.
POP (Post Office Protocol) – Transfers email unencrypted.
What are the secure alternatives to legacy protocols?
SSH (Secure Shell) – Replaces Telnet for secure remote access.
SFTP (Secure File Transfer Protocol) – Secure version of FTP.
IMAP with SSL/TLS – Secure alternative to POP for email.
What are CoWPAtty and Aircrack-NG used for?
Cracking WEP, WPA, WPA2 Wi-Fi passwords.
What is a network scanner?
A tool that interrogates devices and networks for information.
What is Nmap (Network Mapper)?
A powerful port scanner used to identify open ports, services, and devices on a network.
What is the purpose of vulnerability scanners?
They scan networks and systems for known security flaws.
What is a packet sniffer?
A tool that captures and analyzes network traffic.
What are two common packet sniffing tools?
tcpdump – Command-line packet analyzer.
Wireshark – GUI-based traffic analysis tool.
What is Kismet used for?
Wireless packet sniffing and detecting rogue access points.
What is a honeypot?
A decoy system designed to lure hackers and analyze their attack methods.
What is a honeynet?
A network of multiple honeypots used for advanced attack detection.
What is the purpose of firewall mapping tools?
To identify firewall rules, topology, and weaknesses.
