Network Security Concepts Flashcards
Reasons for Network Security
- Directly related to business continuity
- breaches disrupt e-commerce and cause loss of data
- breaches can result in lost revenue
5 Security terms in Risk Management
Asset Vulnerability Threat Risk Countermeasure
Traffic Light Protocol (TLP)
is a set of designations used to ensure that sensitive information is shared with the correct audience. It employs four colors to indicate different degrees of sensitivity
(red, amber, green, white) = (dont share outside of group, dont share outside of organization, dont share outside of partnered organizations, share whenever you want)
Network Vulnerabilities can stem from:
Policy flaws, Design errors, protocol weaknesses, misconfiguration, software vulnerabilities, human factors, Malicious Software, Hardware Vulnerabilities, Physical access to network resources.
Common control methods that are used to implement countermeasures in network security:
Administrative: Written bolicies, procedures, guidelines and standards
Physical: Physical security for network equipment and servers.
Technical or Logical: Controls used to provide access to data in a manner that conforms to management policies. passwords, firewalls, intrusion prevention systems, access lists, VPN tunnels, etc.
3 network security objective categories (CIA triad)
Confidentiality
Integrity
Authentication
Confidentiality
Different methods of confidentiality are put in place to prevent sensitive information from reaching the wrong people, while making sure that only the right people can access it. (data at rest and data in motion)
Methods of implementing confidentiality:
- Data encryption
- User IDs and passwords
- two-factor authentication
- biometric verification
- security tokens
- key fobs
- soft tokens
Integrity
- involves maintaining the consistency, accuracy, and trustworthiness of data over its entire life cycle.
- all about data not being changed, and the steps that must be taken to ensure that data cannot be altered by unauthorized people.
- can include checksums or even cryptographics checksums for verification of integrity
Availability
-Availability is all about making sure that your data is always available with a minimum of downtime
Factors that pertain to availability
- maintaining all hardware
- maintaining a correctly functioning OS environment
- keep current with all necessary system upgrades
- adequate communication bandwidth and preventing the occurrence of bottlenecks
- redundancy
- railover
- RAID
- High-availability Clusters
Security Information Event Management (SIEM)
- is a technology used in enterprise organizations to provide real time reporting and long-term analysis of security events.
- evolved from Security Information management(SIM) and Security Event Management(SEM)
- can be implemented as software, integrated with Cisco Identity services engine (ise) or as a managed service
SIEM provides details on the source of suspicious activity, Including:
- User information (name, authentication status, location, authorization group, quarantine status)
- Device information (manufacturer, model, OS version, MAC address, network connection method, location)
- Posture information (device compliance with corporate security policy, antivirus version, OS patches, compliance with mobile device management policy)
Using the information provided by SIEM what questions can network security engineers answer??
- Who is associated with this event?
- is it an important user with access to intellectual property or sensitive information?
- is the user authorized to access that resource?
- does the user have access to other sensitive resources?
- what kind of device is being used?
- does this event represent a potential compliance issue?
Internet of Things (IoT) Privacy
- is about special considerations that are required to protect the information of individuals from exposure in the IoT environment
- in this environment almost any physical or logical entity or object can be given a unique identifier and the ability to communicate autonomously over the internet or a similar network
IoT Security
- is a special challenge because the IoT consists of so many internet-enabled devices other than computers which often go unpatched and are often configured with default or weak passwords
- these devices must be protected, or IoT could be used as a seperate attack vector or part of a thingbot
Attack Vector
- is a path or other means by which an attacker can gain access to a server, host, or network.
- can originate from inside or outside a network
- internal threats also have the potential to cause greater damage because they have direct access to the building and its devices
Campus Area Network (CAN)
is a computer network that links the buildings and consists of two or more local area networks within the limited geographical area
Securing Hosts:
End points are secured using various features including antivirus, anti-malware software, host intrusion protection system features, and 802.1X authentication features
Securing Layer 2 Switches:
Access layer switches are secured, and they connect user-facing ports to the network. Several different features can be implemented, such as port security, DHCP, snooping, and 802.1X user authentication.
Securing Layer 3 Switches:
Distribution layer switches are secured and provide dsecure redundant trunk connections to the layer 2 switches. Several different features can be implemented, such as: ACLs, DHCP Snooping, Dynamic ARP Inspection (DAI), and IP source guard
Mobile Device Management (MDM) Security:
- Industry term for the administration of mobile devices, such as smartphones, tablets, laptops and desktops
- MDM is usually implemented with the use of a third part product that has management features for particular vendors of mobile devices
Intrusion prevention System (IPS)
a Cisco intrusion prevention system device continuously monitors incoming and outgoing traffic for malicious activity. it logs information about the activity and attempts to block and report it.
AAA Server
an authentication, authorization, and accounting server authenticates users, authorizes what they are allowed to do, and tracks what they are doing. These can be a RADIUS server, or a TACACS+ server.
Firewall
A Cisco adaptive security appliance (asa) firewall performs stateful packet filtering to filter return traffic from outside network into the campus network
VPN
The border router is secured. it porotects data in motion that is flowing from the CAN to the ouside world by establishing Virtual Private Networks (VPNs). VPNs ensure data confidentiality and integrity from authenticated sources.