Section 11: Network Design

Question 1

What three kinds of attacks are switches susceptible to?

Answer 1

MAC Flooding, MAC Spoofing, and Physical Tampering

Question 2

What is MAC Flooding

Answer 2

An attempt to overwhelm the memory in a switch

Question 3

MAC Spoofing

Answer 3

Attacker masks their own MAC address to pretend they have the MAC address of another device

Question 4

How do you prevent physical tampering?

Answer 4

Lock it up in a network rack.

Question 5

Router

Answer 5

Connects two or more networks

Question 6

Access Control List

Answer 6

An ordered set of rules that a router uses to decide what comes in and what doesn’t

Question 7

IP Spoofing

Answer 7

Tricks an ACL

Question 8

Most networks are broken up into three zones. What are they?

Answer 8

The LAN, the WAN, and the DMZ

Question 9

DMZ

Answer 9

Focused on providing controlled access to publicly available servers that are hosted within your organizational network

Question 10

Extranet

Answer 10

Specialized type of DMZ that is created for your partner organizations to access over a wide area network

Question 11

Bastion Hosts

Answer 11

Hosts or servers in the DMZ which are not configured with any services that run on the local network

Question 12

Jumpbox

Answer 12

A hardened server that provides access to other hosts within the DMZ

Question 13

Network Access Control

Answer 13

Security technique in which devices are scanner to determined its current state prior to being allowed access onto a given network

Question 14

Persistent Agents

Answer 14

A piece of software that is installed on the device requesting access to the network

Question 15

Non-Persistent Agents

Answer 15

Uses a piece of software that scans the device remotely or is installed and subsequently removed after the scan

Question 16

Most NAC is built on what standard?

Answer 16

802.1x

Question 17

What do VLANs do?

Answer 17

Segment the network, reduce collisions, organize the network, boost performance, increase security

Question 18

Switch Spoofing

Answer 18

Attacker configures their device to pretend it is a switch and uses it to negotiate a trunk link to break out of a VLAN

Question 19

Double Tagging

Answer 19

Attacker adds an additional VLAN tag to create an outer and inner tag (prevented by moving all ports out of default group)

Question 20

Using ________ can help us secure our internal network by hiding our addresses

Answer 20

NAT

Question 21

Telephony

Answer 21

Term used to describe devices that provide voice communication to users

Question 22

Modem

Answer 22

A device that could modulate digital information into an analog signal for transmission over a standard dial-up phone line

Question 23

War Dialing

Answer 23

Dialing all sorts of numbers in order to gain access. You protect that by using the callback feature

Question 24

Public Branch Exchange (PBX)

Answer 24

Internal phone system used in large organizations