Section 13: Network Security

Question 1

CIA Triad

Answer 1

Confidentiality, Integrity, Availability

Question 2

Confidentiality

Answer 2

▪ Keeping the data private and safe using
● Encryption
- Symmetric - Both sender and receiver use the same key
- Asymmetric - Uses different keys for sender and receiver
● Authentication to access resources

Question 3

Integrity

Answer 3

▪ Ensures data has not been modified in transit
▪ Verifies the source that traffic originates from

Question 4

Availability

Answer 4

▪ Measures accessibility of the data
▪ Increased by designing redundant networks
▪ Compromised by: Crashing a router or switch, Denial of Service (DoS), Distributed Denial of Service (DDOS) attacks

Question 5

Confidentiality: Symmetric Encryption Standard DES

Answer 5

▪ Data Encryption Standard - weak by today’s standards
● 56-bit key
● Used by SNMPv3

Question 6

Confidentiality: Symmetric Encryption Standard 3DES

Answer 6

▪ Triple DES
● Uses three 56-bit keys (168-bit total)
● Encrypt, decrypt, encrypt

Question 7

Confidentiality: Symmetric Encryption Standard AES

Answer 7

▪ Advanced Encryption Standard
● Preferred symmetric encryption standard
● Used by WPA2
● Available in 128-bit, 192-bit, and 256-bit keys

Question 8

Confidentiality: Asymmetric Encryption Standard

Answer 8

▪ Uses different keys for sender and receiver
▪ RSA is the most popular implementation
▪ RSA algorithm is commonly used with a public key infrastructure (PKI)
▪ PKI is used to encrypt data between your web browser and a shopping website
▪ Can be used to securely exchange emails
▪ Sender and receiver use different keys to encrypt and decrypt the messages

Question 9

Integrity: Hashing

Answer 9

▪ Sender runs string of data through algorithm
● Result is a hash or hash digest
▪ Data and its hash are sent to receiver
▪ Receiver runs data received through the same algorithm and obtains a hash
▪ Two hashes are compared
● If the same, the data was not modified

Question 10

Integrity: Hashing Algorithms

Answer 10

▪ Message Digest 5 (MD5) - 128-bit hash digest
▪ Secure Hash Algorithm 1 (SHA-1) - 160-bit hash digest
▪ Secure Hash Algorithm 256 (SHA-256) - 256-bit hash digest
▪ Challenge-Response Authentication Mechanism Message Digest 5 (CRAM-MD5) - Common variant often used in e-mail systems

Question 11

Threats

Answer 11

Internal - originates within the organization
External - external to the organization (Hackers, mother nature,…)

Question 12

Vulnerabilities

Answer 12

Environmental - .Fire, Hurricane,…
Physical - Inadequate physical controls
Operational - Deficient policies/procedures.
Technical - System-specific conditions that create security weaknesses

Question 13

CVE

Answer 13

Common Vulnerabilities and Exposures - A list of publicly disclosed computer security weaknesses

Question 14

Zero-Day Vulnerability

Answer 14

Any weakness in the system design, implementation, software code, or a lack of preventive mechanisms in place

Question 15

Risk Management

Answer 15

The identification, evaluation, and prioritization of risks to minimize, monitor, and control the vulnerability exploited by a threat

Question 16

Security Principal: Least Privilege

Answer 16

▪ Lowest level of permissions or privileges needed in order to complete a job function or admin task

Question 17

Security Principal:

Question 18

Security Principal: