Protecting Networks Flashcards
CIA in network security stands for?
Confidentiality
Integrity
Availability
Three things that can cause you security problems on your network:
Threat - internal and external
Vulnerability
Exploit
One example of an Exploit is called _________ where an external threat / computer tries to act like a node on your network and installs a trojan virus on your network to gain access.
spoofing
Threats can cause ______________, vulnerabilities create _________ and exploits can give unauthorized users access to your network.
Vulnerabilities
Exploits`
this is a designed layer of security designed in a way that if a system goes down there is some other system or measure in place.
Defense in Depth
Layers of the Defense in Depth are :
1st - perimeter first line of defense
between these 2 layers sits the: Screened Subnet or DMZ
2nd - Network layer - Network segmentation enforcement and
network access control ( separate VLANs )
3rd - Host Endpoint ( all host on your network ) update policies and
firmware
4th - Application - Test all apps
5th - Data Layer - lowest endpoint ( protecting all data ) like with
Separation of Duties or no user should be given enough rights to abuse a system by themselves.
these are used to lure attackers to test for vulnerabilities:
Honey Pots
Honey nets
_______ __________ breaks the network down into subnets for improved security
network Segmentation
_________DHCP servers can be used to perform an on-path ( man in the middle) attack
Rogue
If the ___ ________ is outside of the network ID, then you have a Rogue DHCP server.
IP Address
To help prevent an attacker from entering your network internally, be sure to _________ any unused ports / jacks.
disable
This attack is designed to deny anyone service or access to a network. It’s done when you have so many people trying to access a server and they can’t, basically flooding the server all at once.
Denial of Service ( DoS ) attack
Types of DoS attacks include:
Volume Attack - Ping Flood, UDP flood, ( nothing wrong just a lot of it )
Protocol Attack - SYN Flood or SYN Attack (most common )
Application Attack - slow Loris Attack, Smurf Attack,
Amplification Attack
Getting a bunch of computers or BotNet to attack a single host that is a big problem today is called:
Distributed denial of service ( DDoS)
Computers that are trying to attack servers that are called Zombies are in a group called:
BotNet
This attack is started when a node in a private network has been taking over and is turned into a Zombie, then turning the rest of the network into a BotNet, that then takes commands from the C&C server.
Command and control ( C&C or C2)
this attack is where a 3rd party intercepts data and information between a 2 party conversation and uses the information they gain to their own advantage
Man in the middle attack
Examples of ways for a Man in the Middle attack to happen are:
Through wireless networks (biggest problem)
Bluetooth
NFC or cell phones
this type of Man in the Middle attack is used more in wired networks and its where making something in the attackers address looks like the victims address. ( mac address or IP address or DNS address )
spoofing
When a Man in the Middle attack involves IP address stealing, is very noisy, its sending out packets to different target machines, lying to them so that their ARP caches are confused is called:
ARP poisoning
This man in the middle attack happens when you misspell or mistype the wrong URL and get sent to another site is called:
URL hijacking or Typosquatting
Somebody doesn’t keep the domain updated / paid and then buys it up and puts a lot of bad information on the website
Domain Hijacking
Things that can actually be done once you get the data or information from a man in the middle attack:
Replay Attack for secure communication
Downgrade attack, effects webpages
Session Hijacking - where 2 people are already in a conversation and you push out bad information to those computers
Man in the Middles attacks are now called;
on-path attacks
To help prevent a Man in the middle attack, make sure to:
Harden your network or make it more secure
There are 2 types of “Password Attacks”:
Brute force -
Dictionary -
__________ and ________policies are a great way to protect against password attacks
Password and Account
Training __________ about possible threats is key to helping them protect their passwords.
users
Two ways of VLAN hopping are:
To help prevent against these type of attacks, do not use the “native” VLAN ( only for maintenance )
VLAN spoofing - Cisco Dynamic Trunking Protocol (DTP) - hackers trick a switch to create a trunk link to gain access from a VLAN
Double Tagging - where a hacker modifies a data frame so it can tell the packet where to go so they can gain access. One directional
You should manually set all your ________ ports on your switch.
Trunk
This is a way to control which ports on a switch communicate with other Ports.
Private VLANS or Port Isolation
________ in a VLAN can be either community ports ( ports that communicate with everyone ) or Isolated Ports ( ports cannot communicate with anyone even in their own VLAN )
Ports
System Life Cycle consists of the following:
Asset Disposal ( IT Asset disposal or ITAD )
Using Asset Tags helps track devices
When disposing of hard drives you would use:
Department of Defense (DoD) 5220.22 - M or the security Standard for wiping data
__________ that don’t contain sensitive data can be reset to factory defaults.
Devices
____________ do things to files and then propogate
viruses
__________ collects keystrokes and information
Malware
__________and logic bombs can devastate systems
Ransomware
___________ or _________ are hard to detect.
Rootkit or Backdoor
Security regarding social engineering can include:
Dumpster Diving
Phishing
Whaling
Shoulder Surfing
Eavesdropping
Tailgating / Piggybacking
Access control vestibule (mantrap)
Masquerading ( impersonating )
Common vulnerabilities and exposure (CVE)
this is a list of publically disclosed security flaws
CVE numbering authority or ( CNA )
Zero day vulnerability is when a hacker finds a flaw before the vendor does:
Zero day vulnerability
Zero day exploit
Zero day attack
Physical Security can be some of the following:
Motion Sensors
Asset Tags
Tamper Detection
Badge Reader
biometrics - retinal scanners, facial recognition
Smart / Secure lockers
Protect yourself from ________ - _____ vulnerabilities by keeping systems up to date, using strong firewall configurations and educating users.
zero-day
Physical controls can include:
*Deterrent Physical Controls _ good lighting - signage - security guard
*Preventative Physical controls - fences - barricades - K ratings
mantrap, Cabling systems - have air gaps / use VLANs, Safes, Locked cabinets, Faraday cages, locks - must have key management system in play, Workstations should have : cable locks, screen filters
*Detective tools can include - alarm systems, log files
compensating and corrective controls - are used if a control is compromised or becomes vulnerable
A good tool for preventing against ARP poisoning is known as:
Cisco Dynamic ARP Inspection (DAI) - compiles a list of good known MAC and IP addresses
this also has a list of all known DHCP servers and clients
DHCP snooping
Both Cisco Dynamic ARP Inspection and DHCP snooping help with:
Switch Port Protection ( port security )
A good idea to _________ any unused switch ports or unneeded network services
disable
When using IPv6 routers will send out:
Router Advertisements ( RA ) and are used by the: Neighbor Discovery Protocol (NDP) used to detect neighbors
You can use this tool to protect against rogue generated messages from unauthorized routers
IPv6 Router Advertisement (RA) guard
You can protect against service attacks by using:
Control Plane policing - which uses quality of service ( QoS )to avoid denial of service ( DoS) attacks
computers that are in a place that is not protected, are exposed but are outside of your private network
De-militarized Zone ( DMZ )
A router that is open to the Internet traffic is called a:
Bastion host ( most hardened )
___________ in a network that are setup to invite attacks to capture information are called:
Honeypots
____________ are connected to a network to invite attacks to capture information, but act like a mini network instead of one computer
Honeynets
___________ in the DMZ are still protected by a firewall.
Servers
___________ basically filter traffic based on specific criteria and are normally positioned on the edge of your network. They can be either network or host based. Also come in hardware and software varieties.
firewalls
A physical firewall device is called a:
Hardware Firewall
These are firewalls but can also be much, much more:
Unified threat management ( UTM )
this type of firewall looks at and directs its traffic coming in and out based on the IP and MAC addresses
Stateless firewall
This type of firewall uses what is like a state table or a hierarchy of account roles/permissions. Allows internal computers to communicate with servers or other computers based on their conversations.
Stateful Firewall
It’s common to have a ________ function both as stateful and stateless
firewall
_____________ can have context - and application -aware __________ that filter based on the content of the packets
Routers - Firewalls
Which would be an example of a Denial of Service (DoS) attack?
Ping flood
Which would be the BEST example of an on-path attack (man-in-the-middle)?
Connecting a laptop to an access point to sniff packets and intercept them.
A standard user in a company receives an e-mail from what looks like her bank. It requests that she click on a link to fix her account information. What type of social engineering is this?
Phishing
Which type of malware seems innocent until you perform a specific action?
Trojan