SEC+ Chapter 5 Flashcards
What is Network Architecture in enterprise networks?
Selection and placement of media, devices, protocols/services, and data assets.
What are the three main components of Network Architecture?
Network Infrastructure, Network Applications, and Data Assets.
Define Network Infrastructure.
Media, appliances, addressing/forwarding protocols that support basic connectivity.
What are Network Applications?
Services running on the infrastructure to support business activities, such as processing invoices or sending emails.
What are Data Assets in network architecture?
Information created, stored, and transferred as a result of business activities.
What are the Secure Design Principles in network architecture?
Confidentiality, Integrity, Availability (CIA) to ensure secure business workflows by protecting these attributes.
Describe the Email Provisioning Workflow example.
Client device accesses network via physical channel. User authenticates and is authorized to use the email application. Unauthorized users/devices are denied access. Email Mailbox Server stores data assets, accessible only by authorized clients, and must be highly available and fault-tolerant. Mail Transfer Server connects with untrusted Internet hosts, controls communication between untrusted and trusted networks, and enforces policy-based controls on data/software transfer.
What is the OSI Model used for in network infrastructure?
A framework to analyze network infrastructure and services.
What are the main Network Components?
Nodes (hosts and intermediary devices) and Links (physical media).
Differentiate between LAN and WAN.
LAN (Local Area Network) covers a single site with limited geographic area, while WAN (Wide Area Network) spans metropolitan, country-wide, or global areas.
What are Layer 2 and Layer 3 addressing and forwarding protocols?
Layer 2: MAC addresses, switches, broadcast domains. Layer 3: IP addresses, routers, separate subnets.
How do switches function at Layer 2?
Forward frames based on MAC addresses and define broadcast domains within VLANs.
What role do Wireless Access Points play in network infrastructure?
Bridge cabled networks with wireless hosts using MAC addressing similar to wired switches.
What is the primary function of routers in Layer 3?
Forward packets based on IP addresses and act as default gateways for subnets.
Compare TCP and UDP at Layer 4.
TCP: Provides reliable, connection-oriented communication. UDP: Offers unreliable, connectionless transfers.
What are Application Protocols at Layer 7 used for?
Support client/server functionality, such as HTTP and SMTP.
What is the role of DNS Servers at Layer 7?
Resolve Fully Qualified Domain Names (FQDNs) to IP addresses; they are infrastructure services, not user-level services.
What is a Star Topology in network switching?
A topology with a central switch and radiating connections to hosts, simplifying management and expansion but creating a single point of failure.
What are the three layers in a Hierarchical Network Design?
Access Layer, Distribution Layer, and Core Layer.
What are the benefits of a Hierarchical Network Design?
Improved performance, scalability, and security through network segmentation.
What is the purpose of Virtual LANs (VLANs)?
Logical segmentation of the network into separate broadcast domains for improved security and performance.
How do VLANs enhance network security?
By isolating different types of devices and controlling traffic between VLANs through routing and firewall policies.
What defines Security Zones in enterprise networks?
Segments mapped to subnets with specific security levels, including perimeter and internal zones.
What is the Perimeter in Security Zones?
The boundary between trusted (internal) and untrusted (external) zones.
Name the Internal Zones in Security Zones.
Database/File Systems, Client Devices, Public-Facing Servers, and Infrastructure Servers.
What is Attack Surface in network architecture?
Points where threat actors can access the network, including Layer 1/2 (physical connections, MAC addresses), Layer 3 (IP addressing, routing), and Layer 4/7 (ports, application protocols).
What are the two types of Attack Surfaces?
External/Public Attack Surface and Internal/Private Attack Surface.
What is Defense in Depth in network security?
Implementing multiple layers of security controls to protect against different threats.
What are common weaknesses in network attack surfaces?
Single Points of Failure, Complex Dependencies, Prioritizing Availability Over Security, Lack of Documentation, Overdependence on Perimeter Security.
What is Port Security in network security?
Prevents unauthorized devices from connecting to the network through methods like physical security, MAC filtering, and IEEE 802.1X.
What is IEEE 802.1X used for in port security?
Port-based Network Access Control requiring device authentication using EAP and RADIUS protocols.
What are Air-Gapped Networks?
Networks completely isolated from other networks, including the Internet, used in highly secure environments.
What are Secure Administrative Workstations (SAW)?
Dedicated systems with minimal attack surfaces for administrative tasks to reduce the risk of credential theft.
What factors should be considered in Network Architecture Design?
Costs, Compute and Responsiveness, Scalability and Ease of Deployment, Availability, Resilience and Ease of Recovery, Power, Patch Availability, Risk Transference.
Compare On-Premises and Cloud Networking.
On-Premises: Greater control and customization but high capital costs, low scalability, and complex recovery procedures. Cloud Networking: Scalability, flexibility, often better resilience but with ongoing costs and dependency on service providers.
What is Zone-Based Network Security Architecture?
Ensures traffic between and within zones complies with access control policies, enforcing segmentation and monitoring traffic.
What is the principle of Defense in Depth in device placement?
Implementing multiple layers of security controls across the OSI model to enhance protection.
What are the three types of security controls based on their function?
Preventive Controls, Detective Controls, Corrective Controls.
Where are Preventive Controls typically placed?
At network segment or zone borders, such as firewalls and load balancers.
What are Detective Controls and where are they placed?
Controls that monitor internal traffic and alert on malicious activity, typically placed within the perimeter (e.g., Intrusion Detection Systems - IDS).
What are examples of Preventive, Detective, and Corrective Controls on individual hosts?
Host firewalls, antivirus software, and data loss prevention systems.
Differentiate between Active and Passive Controls.
Passive Controls: Do not require client or agent configuration (e.g., traffic mirroring, TAPs). Active Controls: Require configuration and interaction with hosts (e.g., firewalls, intrusion prevention systems).
What is Inline Deployment of security devices?
Devices are part of the cable path, processing all traffic, allowing active blocking or allowing of traffic.
What is Tap/Monitor Deployment of security devices?
Devices passively copy traffic without being in the direct path, allowing monitoring without impacting traffic flow.
Explain Fail-Open and Fail-Closed modes.
Fail-Open: Preserves network access during a failure but poses a security risk if exploited. Fail-Closed: Blocks access during a failure, maintaining security but potentially causing downtime.
What is a Firewall in network security?
A preventive control that enforces access policies on traffic entering and exiting network zones.
What are the types of Firewalls based on their operation layers?
Packet Filtering Firewalls, Layer 4 (Transport Layer) Firewalls, and Layer 7 (Application Layer) Firewalls.
How do Packet Filtering Firewalls function?
Inspect IP headers and enforce ACLs based on IP addresses, protocols, and ports by accepting, dropping, or rejecting packets.
What are the different appliance types for Firewalls?
Routed (Layer 3), Bridged (Layer 2), and Inline (Layer 1).
What features do Layer 4 Firewalls offer?
Stateful inspection and session tracking based on transport layer information like TCP/UDP sessions.
What features do Layer 7 Firewalls offer?
Deep packet inspection and application-aware filtering based on application protocols.
What are Forward Proxy Servers used for?
Manage outbound traffic from clients to the Internet, providing traffic management, caching, and enhanced security.
What are Reverse Proxy Servers used for?
Manage inbound traffic from the Internet to internal servers, offering load balancing, security, and SSL termination.
What is the function of Intrusion Detection Systems (IDS)?
Monitor network or system traffic for malicious activity and generate alerts or log entries without blocking traffic.
How do Intrusion Prevention Systems (IPS) differ from IDS?
IPS not only detect but also actively block or mitigate malicious traffic by actions like blocking source IPs or resetting connections.
What are Next-Generation Firewalls (NGFW)?
Firewalls with Layer 7 application awareness, deep packet inspection, integrated IPS, and SSL/TLS inspection for enhanced security.
What is Unified Threat Management (UTM)?
A consolidated security solution integrating multiple security functions like firewall, antivirus, IPS, spam filtering, VPN, and data loss prevention.
What are the advantages and disadvantages of UTM?
Advantages: Simplified management and cost-effective for SMBs. Disadvantages: Potential single point of failure and performance bottlenecks.
What is the purpose of Load Balancers in network architecture?
Distribute client requests across multiple server nodes to ensure scalability and availability.
Differentiate between Layer 4 and Layer 7 Load Balancers.
Layer 4: Forward traffic based on IP addresses and TCP/UDP ports with lower latency. Layer 7: Forward traffic based on application-layer data like URLs and content types for advanced routing decisions.
What are common Scheduling Algorithms used by Load Balancers?
Round Robin, Least Connections, and Response Time.
What are Source IP Affinity and Session Persistence in Load Balancing?
Source IP Affinity: Sticks a client to a specific server based on IP address. Session Persistence: Maintains client-server sessions using cookies or other methods.
What is a Web Application Firewall (WAF)?
A firewall that protects web applications by filtering and monitoring HTTP/HTTPS traffic against attacks like SQL injection and cross-site scripting (XSS).
How are WAFs deployed?
As appliances positioned in front of web servers or as software plugins integrated into web server platforms.
What are the benefits of implementing WAFs?
Enhanced security against application-specific attacks and detailed logging for threat analysis.
What is Remote Access Architecture?
Users connect to the network through intermediate networks rather than direct cabled or wireless connections.
What are the main Topologies in Remote Access Architecture?
Client-to-Site VPN (Telecommuter Model), Site-to-Site VPN, and Host-to-Host Tunnel.
Describe Client-to-Site VPN.
Allows remote users to connect to the corporate network via a secure tunnel using VPN clients and gateways with protocols like TLS and IPsec.
Describe Site-to-Site VPN.
Connects two or more private networks securely over the Internet automatically without needing client configuration at individual hosts, typically using IPsec.
What is a Host-to-Host Tunnel?
Secures traffic between two specific computers without trusting the intermediary network.
What is the primary purpose of Virtual Private Networks (VPNs)?
To securely transmit data over untrusted networks by creating encrypted tunnels.
What are the main VPN Protocols?
Transport Layer Security (TLS) and Internet Protocol Security (IPsec).
What is Transport Layer Security (TLS) used for in VPNs?
Commonly used for client-to-site VPNs, providing encrypted tunnels with mutual authentication using digital certificates.
What is Internet Protocol Security (IPsec) used for in VPNs?
Commonly used for site-to-site VPNs and remote access, providing data integrity and confidentiality through AH and ESP protocols in Transport or Tunnel modes.
What are the two modes of IPsec?
Transport Mode (secures communication between hosts by encrypting only the payload) and Tunnel Mode (secures communication between networks by encrypting the entire IP packet).
What is Internet Key Exchange (IKE)?
A protocol used to establish security associations for IPsec, involving two phases: authentication and key exchange (Phase I) and negotiation of encryption and hashing algorithms (Phase II).
What are the differences between IKEv1 and IKEv2?
IKEv1: Designed for site-to-site and host-to-host VPNs, requires additional protocols for remote access. IKEv2: Supports EAP authentication, simpler setup, NAT traversal, and MOBIKE for multihoming.
What are the types of Remote Desktop Access?
Command Line Access (e.g., SSH) and Graphical Access (e.g., RDP, TeamViewer, VNC, HTML5 VPNs).
What are the Security Considerations for Remote Desktop Access?
Encryption, strong authentication (including MFA), and access control measures like jump servers and restricted access.
What is Secure Shell (SSH) used for?
Secure remote access to command-line interfaces.
What are the components of SSH?
Host Key
What are the types of Desktop Access?
Command Line Access (e.g., SSH) and Graphical Access (e.g., RDP, TeamViewer, VNC, HTML5 VPNs).
What are the components of SSH?
Host Key (public/private key pair) and Client Authentication Methods (Username/Password, Public Key Authentication, Kerberos).
What are the Best Practices for SSH?
Regularly update and manage public keys, remove compromised keys, disable password authentication if using key-based methods.
What are Jump Servers in SSH configurations?
Centralized servers that control access to other servers, reducing the attack surface by limiting direct access to sensitive systems.
What is Out-of-Band Management (OOB)?
Management traffic is separated from regular network traffic using methods like serial consoles, dedicated management VLANs, or separate physical networks.
What are the advantages and challenges of Air-Gapped Networks?
Advantages: High security and minimal attack surface. Challenges: Complex management, secure media handling, and manual updates.
What are the purposes of Secure Administrative Workstations (SAW)?
Dedicated systems with minimal attack surfaces for administrative tasks to reduce the risk of credential theft and unauthorized access.
What are the key factors to consider in Secure Communications Architecture?
Costs, Compute and Responsiveness, Scalability and Ease of Deployment, Availability, Resilience and Ease of Recovery, Power, Patch Availability, Risk Transference.
Compare On-Premises and Cloud Networking in the context of Secure Communications.
On-Premises: Greater control and customization but high capital costs, limited scalability, and complex disaster recovery. Cloud Networking: Scalability, flexibility, often better resilience but with ongoing costs and dependency on service providers.
What is a Host Key in SSH?
A public/private key pair that uniquely identifies the SSH server.
What are the Client Authentication Methods in SSH?
Username/Password, Public Key Authentication, and Kerberos using GSSAPI.
What are the Best Practices for Managing SSH Keys?
Regularly update and manage public keys, remove compromised keys, and disable password authentication if using key-based methods.
What are Advanced Configurations in SSH?
Implementing Jump Servers and Out-of-Band Management to centralize and secure access to multiple hosts.
