Network Security Concepts Flashcards

1
Q

Reasons for Network Security

A
  1. Directly related to business continuity
  2. breaches disrupt e-commerce and cause loss of data
  3. breaches can result in lost revenue
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

5 Security terms in Risk Management

A
Asset
Vulnerability
Threat
Risk
Countermeasure
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Traffic Light Protocol (TLP)

A

is a set of designations used to ensure that sensitive information is shared with the correct audience. It employs four colors to indicate different degrees of sensitivity
(red, amber, green, white) = (dont share outside of group, dont share outside of organization, dont share outside of partnered organizations, share whenever you want)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Network Vulnerabilities can stem from:

A

Policy flaws, Design errors, protocol weaknesses, misconfiguration, software vulnerabilities, human factors, Malicious Software, Hardware Vulnerabilities, Physical access to network resources.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Common control methods that are used to implement countermeasures in network security:

A

Administrative: Written bolicies, procedures, guidelines and standards
Physical: Physical security for network equipment and servers.
Technical or Logical: Controls used to provide access to data in a manner that conforms to management policies. passwords, firewalls, intrusion prevention systems, access lists, VPN tunnels, etc.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

3 network security objective categories (CIA triad)

A

Confidentiality
Integrity
Authentication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Confidentiality

A

Different methods of confidentiality are put in place to prevent sensitive information from reaching the wrong people, while making sure that only the right people can access it. (data at rest and data in motion)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Methods of implementing confidentiality:

A
  • Data encryption
  • User IDs and passwords
  • two-factor authentication
  • biometric verification
  • security tokens
  • key fobs
  • soft tokens
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Integrity

A
  • involves maintaining the consistency, accuracy, and trustworthiness of data over its entire life cycle.
  • all about data not being changed, and the steps that must be taken to ensure that data cannot be altered by unauthorized people.
  • can include checksums or even cryptographics checksums for verification of integrity
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Availability

A

-Availability is all about making sure that your data is always available with a minimum of downtime

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Factors that pertain to availability

A
  • maintaining all hardware
  • maintaining a correctly functioning OS environment
  • keep current with all necessary system upgrades
  • adequate communication bandwidth and preventing the occurrence of bottlenecks
  • redundancy
  • railover
  • RAID
  • High-availability Clusters
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Security Information Event Management (SIEM)

A
  • is a technology used in enterprise organizations to provide real time reporting and long-term analysis of security events.
  • evolved from Security Information management(SIM) and Security Event Management(SEM)
  • can be implemented as software, integrated with Cisco Identity services engine (ise) or as a managed service
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

SIEM provides details on the source of suspicious activity, Including:

A
  1. User information (name, authentication status, location, authorization group, quarantine status)
  2. Device information (manufacturer, model, OS version, MAC address, network connection method, location)
  3. Posture information (device compliance with corporate security policy, antivirus version, OS patches, compliance with mobile device management policy)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Using the information provided by SIEM what questions can network security engineers answer??

A
  1. Who is associated with this event?
  2. is it an important user with access to intellectual property or sensitive information?
  3. is the user authorized to access that resource?
  4. does the user have access to other sensitive resources?
  5. what kind of device is being used?
  6. does this event represent a potential compliance issue?
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Internet of Things (IoT) Privacy

A
  • is about special considerations that are required to protect the information of individuals from exposure in the IoT environment
  • in this environment almost any physical or logical entity or object can be given a unique identifier and the ability to communicate autonomously over the internet or a similar network
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

IoT Security

A
  • is a special challenge because the IoT consists of so many internet-enabled devices other than computers which often go unpatched and are often configured with default or weak passwords
  • these devices must be protected, or IoT could be used as a seperate attack vector or part of a thingbot
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Attack Vector

A
  • is a path or other means by which an attacker can gain access to a server, host, or network.
  • can originate from inside or outside a network
  • internal threats also have the potential to cause greater damage because they have direct access to the building and its devices
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Campus Area Network (CAN)

A

is a computer network that links the buildings and consists of two or more local area networks within the limited geographical area

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Securing Hosts:

A

End points are secured using various features including antivirus, anti-malware software, host intrusion protection system features, and 802.1X authentication features

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Securing Layer 2 Switches:

A

Access layer switches are secured, and they connect user-facing ports to the network. Several different features can be implemented, such as port security, DHCP, snooping, and 802.1X user authentication.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Securing Layer 3 Switches:

A

Distribution layer switches are secured and provide dsecure redundant trunk connections to the layer 2 switches. Several different features can be implemented, such as: ACLs, DHCP Snooping, Dynamic ARP Inspection (DAI), and IP source guard

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Mobile Device Management (MDM) Security:

A
  • Industry term for the administration of mobile devices, such as smartphones, tablets, laptops and desktops
  • MDM is usually implemented with the use of a third part product that has management features for particular vendors of mobile devices
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Intrusion prevention System (IPS)

A

a Cisco intrusion prevention system device continuously monitors incoming and outgoing traffic for malicious activity. it logs information about the activity and attempts to block and report it.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

AAA Server

A

an authentication, authorization, and accounting server authenticates users, authorizes what they are allowed to do, and tracks what they are doing. These can be a RADIUS server, or a TACACS+ server.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Firewall

A

A Cisco adaptive security appliance (asa) firewall performs stateful packet filtering to filter return traffic from outside network into the campus network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

VPN

A

The border router is secured. it porotects data in motion that is flowing from the CAN to the ouside world by establishing Virtual Private Networks (VPNs). VPNs ensure data confidentiality and integrity from authenticated sources.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

Small office/Home office Security (SOHO)

A
  • Networks regardless of size need to be protected. attackers are interested in SOHO networks.
  • SOHOs are typically protected using a consumer grade router such as a linksys home wireless router
28
Q

Wireless Hosts Security

A

Wireless Hosts connect to the wireless network using Wireless Protected Access 2 (WPA2) data encryption technology. Hosts typically have antivirus and antimalware software installed.

29
Q

Wide Area Network

A
  • Wide area networks (WANs) span a wide geographical area, often over the public internet.
  • organizations must ensure secure transport for the data in motion as it travels between sites
30
Q

Mobile Worker

A

This is a teleworker that can use the Cisco anyconnect VPN client to establish a secure VPN connection to the main site ASA

31
Q

SOHO site

A

This is a small branch site that connects to the corporate main site using a cisco wireless router. The wireless router can establish a permanent always-on VPN connection to the main site ASA

Alternatively the internal SOHO users could use the Cisco anyconnect VPN client to establish a secure VPN connection to the main site ASA

32
Q

Regional Site

A

This is larger than a branch site and connects to the corporate main site using an ASA. The ASA can establish a permanent always-on VPN connection to the main site ASA

33
Q

Branch Site

A

This site connects to the corporate main site using a hardened ISR. the ISR can establish a permanent always-on VPN connection to the main site ASA

34
Q

Data Center Networks

A

Typically housed in an off-site facility to store sensitive or proprietary data. These sites are interconnected to corporate sites using VPN tech.

  • data centers store vast quantities of sensitive business critical info; therefore, physical security is critical to its operation.
  • phys security isn’t just preventing access but safety/protection: fire alarms, sprinklers, seismically-braced server racks, and redundant heating, ventilation, AC, and UPSs
35
Q

Data Center Security 2 areas

A

Outside perimeter security: this can include on-premise guards, fences, gates, continuous video surveillance, and alarms.
Inside Perimeter Security: this can include video surveillance, electronic motion detectors, security traps, and biometric access and exit sensors

36
Q

Mantraps

A
Various ways to implement a mantrap:
- all doors normally unlocked
    - opening one door causes others to lock
- all doors normally unlocked
    - unlocking one door prevents others from being 
      unlocked
- one door opened/other locked
- one at a time - controlled groups
    - managed control through an area
37
Q

Network Closet

A
  • if you can touch a device you can gain access: this is why devices are locked away
  • maximizes uptime and availability: secured and temperature and humidity controls
  • control and auditing
38
Q

Video Monitoring

A
CCTV (Closed Circuit Tlevision)
   - cen replace guards
Camera properties are important
 - focal length - shorter = wider angle
 - depth of field - how much is in focus
 - illumination requirements - see in the dark
Often use many different cameras
 -different purposes require different camera types
39
Q

Door Access Controls

A
  • lock and key
  • deadbolt
  • electronic/keyless
  • token based: magnetic swipe or proximity reader
  • biometric: hand, fingers, or retina
  • multi-factor: smart card and pin
40
Q

Clouds and Virtual Networks

A
  • Cloud computing separates the application from the hardware, virtualization separates the OS from the hardware.
  • the cloud network consists of physical and virtual servers which are commonly housed in data centers
41
Q

Virtual Machines are prone to specific targeted attacks (3)

A
  1. Hyperjacking
  2. Instant on activation
  3. antivirus storms
42
Q

Hyperjacking

A

An attacker could hijack a VM hypervisor (VM controlling software) and then use it as a launch point to attack other devices on the data center network.

43
Q

Instant on Activation

A

When VM that has not been used for a period of time is brought online, it may have outdated security policies that deviate from the baseline security and can introduce security vulnerabilities.

44
Q

Antivirus Storm

A

This happens when all VMs attempt to download antivirus data files at the same time

45
Q

Bring Your Own Device (BYOD)

A

a trend that involves more and more people using not company provided computers to access enterprise information.

46
Q

Critical functions of MDM on a BYOD network

A
  • data encryption
  • PIN Enforcement
  • Data Wipe
  • Data loss prevention (DLP)
  • Jailbreak/root Detection
47
Q

Hacker Meanings

A
  • a clever programmer capable of developing new programs and coding changes to existing programs to make them more efficient
  • a network professional that uses sophisticated programming skills to ensure that networks are not vulnerable to attack
  • a person who tries to gain unauthorized access to devices on the internet
  • individual;s who run programs to prevent or slow network access to a large number of users, or who corrupt or wipe out data on servers.
48
Q

5 Modern Hacking Titles

A
  1. Hacktivists
  2. Script Kiddies
  3. Vulnerability Broker
  4. State Sponsored
  5. Cyber Criminals
49
Q

Hacktivists

A

These are grey hat hackers who rally and protest against different political and social ideas. Hacktivists publicly protest against organizations or governments by posting articles, videos, leaking sensitive info, adn performing DDoS attacks

50
Q

Cyber Criminals

A

These are black hat hackers who are either self-employed or working for large cybercrime organizations. Each year, cyber criminals are responsible for stealing billions of dollars from consumers and businesses.

51
Q

State Sponsored

A

Depending on perspective are white or black hats. who steal government secrets, gather intelligence, and sabotage networks. Their targets are foreign governments, terrorist groups, and corporations. Most countries in the world participate in some degree of state-sponsored hacking.

52
Q

Vulnerability Broker

A

These are usually grey hat hackers who attempt to discover exploits and report them to vendors, sometimes for prizes or rewards.

53
Q

Script Kiddies

A

The term emerged in the 1990s to refer to teenagers or inexperienced hackers running existing scripts, tools, and exploits, to cause harm, but typically not for profit.

54
Q

Penetration Testing Tools

A
  • Ethical hacking involves many different types of tools to test and keep the network and its data secure
  • Password crackers
  • Wireless hacking tools
  • Network scanning and hacking tools
  • packet crafting tools
  • packet sniffers
  • rootkit detectors
  • fuzzers to search vulnerabilities
55
Q

Fuzzers

A

are tools used by hackers when attempting to discover a computer system’s security vulnerabilities:
ex: skipfish, wapiti, w3af

56
Q

Rootkit Detectors

A

This is a directory and file integrity checker used by white hats to detect installed root kits
ex: AIDE, Netfilter, PF: OpenBSD Packet Filter

57
Q

Packet Sniffers

A

These tools are used to capture and analyze packets within traditional ethernet LANs or WANs
ex: Wireshark, Tcpdump, Ettercap,Dsniff, EtherApe, Paros, Fiddler, Ratproxy, SSLstrip

58
Q

Packet Crafting Tools

A

These tools are used to probe and test a firewall’s robustness using specially crafted forged packets
ex: Hping, Hping3, Scapy, Socat, Yersinia, Netcat, Nping, Nemesis

59
Q

Network Scanning and Hacking Tools

A

Network scanning tools are used to probe network devices, servers, and hosts for open TCP or UDP ports
ex: Nmap, SuperScan, Angry IP Scanner, NetScanTools

60
Q

Wireless Hacking Tools

A

Wireless networks are more susceptible to network security threats. ​
Wireless hacking tools are used to intentionally hack into a wireless network to detect security vulnerabilities.
ex: Aircrack-ng, Kismet, InSSIDer, KisMAC, Firesheep, Netstumbler​

61
Q

Password Crackers

A

Passwords are the most vulnerable security threat. Password cracking tools are often referred to as password recovery tools and can be used to crack or recover the password.
This is accomplished either by removing the original password, after bypassing the data encryption, or by outright discovery of the password.
Password crackers repeatedly make guesses in order to crack the password and access the system.
EX: John the ripper, Ophcrack, L0phtcrack, THC Hydra, RainbowCrack, and Medusa

62
Q

Forensic Tools

A

These tools are used by white hat hackers to sniff out any trace of evidence existing in a particular computer system.
EX: sleuth kit, Helix, Maltego, Encase

63
Q

Debuggers

A

These tools are used by black hats to reverse engineer binary files when writing exploits. ​
They are also used by white hats when analyzing malware. ​
Debugging tools include:​
-GDB​
-WinDbg​
-IDA Pro​
-Immunity Debugger​

64
Q

Hacking Operating Systems

A

These are specially designed operating systems preloaded with tools and technologies optimized for hacking. ​
Ex: Kali Linux, SELinux, Knoppix, BackBox Linux

65
Q

Encryption Tools

A

These tools safeguard the contents of an organization’s data at rest and data in motion. ​
Encryption tools use algorithm schemes to encode the data to prevent unauthorized access to the encrypted data. ​
EX: Veracrypt, Ciphershed, OpenSSH, OpenSSL, Tor, OpenVPN, Stunnel

66
Q

Vulnerability Exploitation Tools

A

These tools identify whether a remote host is vulnerable to a security attack. ​
Ex: Metasploit, Core Impact, SQLmap, Social Engineer Toolkit, Netsparker

67
Q

Vulnerability Scanners

A

These tools scan a network or system to identify open ports. ​
They can also be used to scan for known vulnerabilities and scan VMs, BYOD devices, and client databases
EX: Nipper, Secunia PSI, Core Impact, Nessus v6, SAINT, Open VAS