Network Security terms

Question 1

CIA

Answer 1

• Confidentiality
• Integrity
• Availability

Question 2

Confidentiality

Answer 2

▪ Keeping the data private and safe

• Encryption • Authentication to access resources

Question 3

Symmetric Encryption

Answer 3

▪ Both sender and receiver use the same key

Question 4

DES

Answer 4

Data Encryption Standard

• Developed in the mid-1970s
• 56-bit key
• Used by SNMPv3
• Considered weak today

Question 5

3DES

Answer 5

(Triple DES)

• Uses three 56-bit keys (168-bit total)
• Encrypt, decrypt, encrypt

Question 6

AES

Answer 6

(Advanced Encryption Standard)

• Preferred symmetric encryption standard
• Used by WPA2
• Available in 128-bit, 192-bit, and 256-bit keys

Question 7

Asymmetric Encryption

Answer 7

▪ Uses different keys for sender and receiver

▪ RSA is the most popular implementation

▪ RSA algorithm is commonly used with a public key infrastructure (PKI)

▪ PKI is used to encrypt data between your web browser and a shopping website

▪ Can be used to securely exchange emails

▪ Sender and receiver use different keys to encrypt and decrypt the messages

Question 8

Integrity

Answer 8

Hashing (Integrity)

▪ Ensures data has not been modified in transit

▪ Verifies the source that traffic originates from

(MD5) 128-bit hash digest

(SHA-1) 160-bit hash digest

(SHA-256) 256-bit hash digest

Question 9

Availability

Answer 9

Measures accessibility of the data
▪ Increased by designing redundant networks
▪ Compromised by
• Crashing a router or switch by sending improperly formatted data
• Flooding a network with so much traffic that legitimate requests cannot be processed o Denial of Service (DoS) o Distributed Denial of Service

Question 10

Attacks on Confidentiality

Answer 10

▪ Packet capture
▪ Wiretapping  
▪ Dumpster diving 
▪ Ping sweep 
▪ Port scan 
▪ Wireless interception o
 EMI interference interception
▪ Man-in-the-Middle 
▪ Social engineering 
▪ Malware/Spyware

Question 11

Attacks on Integrity

Answer 11

Man-in-the-middle 
▪ Data diddling 
• Changes data before storage 
▪ Trust relationship exploitation  
▪ Salami attack 
• Puts together many small attacks to make one big attack 
▪ Password attack 
• Trojan Horse, Packet Capture, Keylogger, Brute Force, Dictionary Attack

Question 12

Man-in-the-Middle

Answer 12

Causes data to flow through the attacker’s computer where they can intercept or manipulate the data

Question 13

Session Hijacking

Answer 13

Attacker guesses the session ID for a web session, enabling them to take over the already authorized session of the clien

Question 14

Botnets

Answer 14

▪ Software robot that lies on a compromised computer
▪ Collection of computers (called zombies) can be controlled by a remote server to perform various attacks/functions for the criminals

Question 15

Attacks on Availability

Answer 15

• Denial of service (DoS) • Distributed Denial of Service (DDoS) • TCP SYN flood • Buffer overflow • ICMP attacks (Smurf) • UDP attacks (Fraggle) • Ping of Death • Electrical disturbances • Physical environment attacks

Question 16

TCP SYN Flood

Answer 16

Variant on a Denial of Service (DOS) attack where attacker initiates multiple TCP sessions, but never completes the 3-way handshake

Question 17

Smurf (ICMP Flood)

Answer 17

Attacker sends a ping to subnet broadcast address and devices reply to spoofed IP (the victim) using up bandwidth and processing

Question 18

Electrical Disturbance

Answer 18

• Power spikes • Electrical surges • Power faults • Blackouts • Power sag • Brownout

Question 19

Insider Threats

Answer 19

Employees or other trusted insiders who use their network access to harm the company

Question 20

Logic Bomb

Answer 20

Specific type of malware that is tied to a time or logical event

Question 21

Phishing

Answer 21

Attackers send email to get a user to click link

Question 22

Ransomware

Answer 22

Attackers gain control of your files, encrypt them, and hold them for a ransom

Question 23

Deauthentication

Answer 23

▪ Attacker sends a deauthentication frame a victim to disconnect them from the network

▪ Often used in wireless hacking attacks

Question 24

VLAN Hopping

Answer 24

▪ Attacker physically connects to a different switch port to access a different VLAN

▪ Manually assigning switch ports and using NAC can help prevent this

Question 25

Patching

Answer 25

▪ Designed to correct a known bug or fix a known vulnerability in programs and apps ▪ Should be implemented as they become available ▪ Updates add new features, but patches fix known vulnerabilities

Question 26

Honey Pots and Honey Nets

Answer 26

▪ Systems designed as an attractive target • Distraction for the attacker ▪ Attackers use their resources attacking the honey pot and leave the real servers alone * Honey pot is a single machine * Honey net is a network of multiple honey pots ▪ Used to study how attackers conduct attacks

Question 27

SHH

Answer 27

Secure remote access via terminal emulator

Question 28

RADIUS

Answer 28

Remote Authentication Dial In User Service (RADIUS) (AAA) Framework, UDP 1812/1813 Networking protocol design to authenticate and log remote network users

Question 29

TACACS+

Answer 29

Terminal Access Controller Access-Control System + is a Cisco protocol. Uses (AAA) TCP 49 Used to administrator access to network devices - Switches, Routers, Firewall etc

Question 30

AAA

Answer 30

Authentication -Who you are by credentials Authorization -What you can do (access resources, services, task, time, etc) Accounting (track user activities, resources used, for how long, etc. This can be used for billing customers in data center)

Question 31

(BYOD) vulnerabilities

Answer 31

* Bluejacking - Sending of unauthorized messages over Bluetooth * Bluesnarfing - Provides unauthorized access to wireless through Bluetooth * Bluebugging - Unauthorized backdoor to connect Bluetooth back to attacker

Question 32

Data Loss Prevention

Answer 32

▪ Policy that seeks to minimal accidental or malicious data losses * Client level (data in operation) * Network level (data in transit) * Storage level (data at rest)

Question 33

Multifactor Authentication

Answer 33

``` ▪ Something you know ▪ Something you have ▪ Something you are ▪ Something you do ▪ Somewhere you are ```

Question 34

Something You Have (Possession Factor)

Answer 34

▪ Smartcard • Stores digital certificates on the card which are accessed once a valid PIN is provided (keyboard reader) ▪ Key fobs ▪ RFID tags

Question 35

Something You Are (Inherence Factor)

Answer 35

▪ Fingerprints ▪ Retina scans ▪ Voice prints

Question 36

Something You Do (Action Factor)

Answer 36

▪ How you sign your name ▪ How you draw a particular pattern ▪ How you say a certain passphrase

Question 37

Somewhere You Are (Location Factor)

Answer 37

▪ Geotagging | ▪ Geofencing

Question 38

Packet-Filtering Firewalls

Answer 38

▪ Permits or denies traffic based on packet header • Source IP address/port number • Destination IP address/port number ▪ Looks at each packet individually

Question 39

Stateful Firewalls

Answer 39

▪ Inspects traffic as part of a session | ▪ Recognizes whether traffic originated from inside or outside the LAN

Question 40

NextGen Firewalls (NGFW)

Answer 40

▪ Third generation firewalls that conduct deep packet inspection and packet filtering ▪ Operates at higher levels of the OSI model than traditional stateful firewalls ▪ Web Application Firewalls are a good example of these, as they inspect HTTP traffic

Question 41

Access Control List (ACL)

Answer 41

▪ Set of rules typically applied to router interfaces that permit or deny certain traffic * Source IP, Port, or MAC * Destination IP, Port, or MAC

Question 42

Unified Threat Management (UTM) Devices

Answer 42

▪ Device that combines firewall, router, intrusion detection/prevention system, antimalware, and other security features into a single device ▪ Agent is run on an internal client and can be queried by the UTM before allowing connection to the network ▪ UTM can be purchased as a physical device to install in your network, or you can look to a cloud solution

Question 43

Intrusion Detection System (IDS)

Answer 43

▪ Passive device ▪ Operates parallel to the network ▪ Monitors all traffic and sends alerts

Question 44

Intrusion Prevention System (IPS)

Answer 44

▪ Active device ▪ Operates in-line to the network ▪ Monitors all traffic, sends alerts, and drops or blocks the offending traffic

Question 45

Network-based (NIDS/NIPS)

Answer 45

Network device to protect entire network • NIPS might prevent a DoS attack whereas a HIPS solution could focus on the protection of applications on a host from malware and other attacks

Question 46

Host-based (HIDS/HIPS)

Answer 46

• Software-based and installed on servers/clients | ▪ Network and Host-based can work together for more complete protection

Question 47

Site to Site

Answer 47

Interconnects two sites and provides an inexpensive alternative to a leased line

Question 48

Client to Site

Answer 48

Connects a remote user with a site and commonly called remote access

Question 49

VPN Types: SSL

Answer 49

▪ Secure Socket Layer (SSL) provides cryptography and reliability for upper layers of the OSI model (Layers 5-7) ▪ Largely replaced by TLS in current networks ▪ Provides for secure web browsing via HTTPS

Question 50

VPN Types: TLS

Answer 50

▪ Transport Layer Security (TLS) has mostly replaced SSL ▪ If you are using an HTTPS website, you are probably using TLS

Question 51

VPN Types: DTLS

Answer 51

▪ Datagram Transport Layer Security (TLS) is used to secure UDP traffic ▪ Based on the TLS protocol ▪ Designed to give security to UDP by preventing eavesdropping, tampering, and message forgery

Question 52

VPN Types: L2TP

Answer 52

▪ Layer 2 Tunneling Protocol (L2TP) lacks security features like encryption ▪ Can be used for secure VPN if combined with additional protocols for encryption services

Question 53

VPN Types: PPTP

Answer 53

▪ Point-to-Point Tunneling Protocol (PPTP) is an older protocol that supports dial-up networks ▪ Lacks native security features, but Windows added some features in their implementation

Question 54

IP Security (IPSec)

Answer 54

▪ VPNs most commonly use IPsec to provide protections for their traffic over the internet using CIA IPsec uses the Internet Key Exchange (IKE) to create a secure tunnel • IKE uses encryption between authenticated peers