Section 16 - Securing Networks

Question 1

What are some examples of network devices?

Answer 1

Switches, routers, firewalls, IDS, IPS and more

Question 2

What is a default account?

Answer 2

A user or administrator-level account that is installed on a device by the manufacturer during production

** These are the accounts that already are established when you buy a small office, home office wireless access point.

Question 3

How do you prevent a weak password?

Answer 3

It should be long, strong and complex. This should require at least 14 characters with a mix of uppercase, lowercase, numbers and special characters.

Question 4

What is privilege escalation?

Answer 4

Occurs when a user is able to gain rights of another user or administrator

Question 5

Privilege escalation happens in one of two ways, which are?

Answer 5

Vertically or Horizontally

Question 6

How does vertical privilege escalation work?

Answer 6

It goes from a user up to an administrator account thus going upwards

Question 7

How does horizontal privilege escalation work?

Answer 7

It goes from one user to another. For example, if you and I both work in the an organization and we both have user accounts, and I break into your account that’s considered a horizontal privilege escalation.

Question 8

What is a backdoor?

Answer 8

A way of bypassing normal authentication in a system

Question 9

What are the keys to having network security?

Answer 9

Having an IPS, proper firewall configs, network segmentation, and firmware updates

Question 10

Why is Telnet a network security concern?

Answer 10

It is unsecure and it passes your information in the clear, meaning that it’s not encrypted. Anyone who is on that network can see your usernames, your passwords and the commands you’re sending.

Question 11

What is network media?

Answer 11

This is the cabling that makes up our network. This can be copper, fiber optic, and coaxial cabling that is used as the connectivity in a wired network.

Question 12

What is EMI?

Answer 12

Electromagnetic Interference is a disturbance that can affect electrical circuits, devices, and cables due to the radiation or electromagnetic conduction

Question 13

How do we minimize EMI?

Answer 13

Install shielding around the cables or the source using STP (Shielded Twisted Pair)

*** STP cables have foiled around them that prevent emanations out of the cable or interference entering into the cable which is a double benefit since it keeps things out and it keeps things in.

Question 14

What is RFI?

Answer 14

Radio Frequency Interference

This is a disturbance that can affect electrical circuits, devices and cables due to AM/FM transmissions or cell towers

*** Like EMI, this disturbance can affect your circuits, devices and cables except it does so by radio waves as opposed to electrical waves.

Question 15

What is crosstalk?

Answer 15

Occurs when a signal transmitted on one copper wire creates and undesired effect on another wire

Question 16

How do you prevent crosstalk?

Answer 16

Networks should always use a 110 block

Question 17

Why do companies commonly avoid using STP cables?

Answer 17

Most organizations use UTP (unshielded twisted pair) because it is cheaper and easier to work with (like 50% cheaper)

Question 18

What is data emanation?

Answer 18

The electromagnetic field generated by a network cable or device when transmitting

*** Like EMI except this comes from INSIDE your cable. This generates a field around that cable that when transmitting information over a network can be picked by someone.

Question 19

What is a good way to prevent data emanations from happening?

Answer 19

Switch your networks to fiber optic cables because they don’t have emanation at all this is due to them working with light and therefore there is no radiation

Question 20

What is a PDS?

Answer 20

Protected Distribution System

Secured system of cable management to ensure that the wired network remains free from eavesdropping, tapping, data emanations and other threats

Question 21

What is wire tapping?

Answer 21

Wiretapping, also known as wire tapping or telephone tapping, is the monitoring of telephone and Internet-based conversations by a third party, often by covert means.

Such as cutting wires and soldering on additional wires in order to copy data.

Question 22

What are some of the basic vulnerabilities associated with wireless networks?

Answer 22

1. Administrative access on the wireless access point - make sure to change the default username and passwords when buying new devices
2. Remote administration - make sure this is disabled. Turn it off and make sure you’re doing these changes locally inside your network.
3. Service Set Identifier (SSID) - disable the broadcast so clients have to know the name of it prior to connecting to it
4. Rogue Access Points
5. Evil Twin

Question 23

What is remote administration?

Answer 23

This is something that allows you to connect over the internet and then make changes to your wireless access point

Question 24

What is SSID?

Answer 24

This is what uniquely identifies the network and it acts as the name of the wireless access point that the clients are going to use to connect to it

Question 25

What is a Rogue Access Point?

Answer 25

An unauthorized WAP or Wireless Router that allows access to the secure network.

***An unauthorized wireless access point or wireless router that somebody connected to your network and it’s going to give access to your secure network.

Question 26

How do you prevent Rogue Access Points?

Answer 26

Enable MAC filtering on the network, network access control, run a good IDS/IPS on your network that can detect these devices when they initially try to connect

Question 27

What is an Evil Twin?

Answer 27

A rogue, counterfeit, and unauthorized WAP with the same SSID as your valid one

Question 28

How do you prevent encountering an Evil Twin?

Answer 28

Make sure that your wireless clients are configured to use a VPN whenever they connect over Wi-Fi

Question 29

What is a pre-shared key?

Answer 29

Same encryption key is used by the access point and the client

*** most wireless encryption schemes rely on this. This is when the access point and the client use the same encryption key to encrypt and decrypt the data. The difficulty with this is that scalability becomes problematic.

Question 30

What are the three main types of encryption?

Answer 30

WEP
WPA
WPA2

Question 31

What is WEP?

Answer 31

Wired Equivalent Privacy

Original 802.11 wireless security standard that claims to be as secure as a wired network

Question 32

What is the main problem with WEP?

Answer 32

a 24-bit initialization vector or IV that it uses in establishing connection and it’s sent in clear text. This makes it not secure.

*** The big thing to remember for WEP is Initialization vector

Question 33

What is WPA?

Answer 33

WiFi Protected Access

Replacement for WEP which uses TKIP, Message Integrity Check (MIC) and RC4 encryption

*** The big thing to remember for WPA is RC4 and TKIP

Question 34

What is WPA2?

Answer 34

WiFi Protected Access version 2

802.11i standard to provide better wireless security featuring AES with a 128-bit key, CCMP, and integrity checking

*** The big thing to remember for WPA2 is AES and CCMP

Question 35

If on the exam you’re asked about Wi-Fi and it uses the word “Open” in the question, it’s usually looking for some kind of answer that says…?

Answer 35

That the network has no security or no protection

Question 36

What is WPS?

Answer 36

Wi-FI Protected Setup

Automated encryption setup for wireless networks at a push of a button but is severely flawed and vulnerable

** Always disable WPS. This is because it relies on an eight digit code that when sent is actually broken up into two four digit chunks. This is very easy for a computer to brute force it’s way into cracking as it has only around 10,000 possible combinations.

Question 37

Wireless security also relies upon proper…?

Answer 37

WAP placement

Question 38

What are some ways to mitigate your WAP signal from being accessed?

Answer 38

Use directional antennas to control radiation bleed over. This allows the signal to emanate only out into controlled patterns (areas)

Turn down the power level that you’re radiating at to minimize the distance being covered by your signal and keep it inside your building

Understand what type of WAP you’re using. B, G, N, or AC? All of these use a different frequency and thus have different wavelengths.

Question 39

What is jamming?

Answer 39

Intentional radio frequency interference targeting your wireless network to cause a denial of service condition

Question 40

How can you determine what signals around your office may be causing jamming or interference?

Answer 40

Conduct a wireless site survey or using a spectrum analyzer which will allow you to see what frequencies are in use and how strong they are to see if they’re having an effect on your network

In addition to this, most wireless access points do have some built in security features that you can configure as well. This includes basic firewalls with stateful packet inspection, MAC filtering, disabling your SSID broadcast and different levels of encryption.

Question 41

Some more advanced WAPs feature AP. What is this?

Answer 41

AP Isolation creates network segment for each client when it connects to prevent them from communicating with other clients on the network

Question 42

What is War Driving?

Answer 42

Act of searching for wireless networks by driving around until you find them

** The reason an attacker does this is because by connecting to your network then the attack manifests through your network so it traces back to you and not them.

Question 43

What is Walk Chalking?

Answer 43

Act of physically drawing symbols in public places to denote the open, closed, and protected networks in range

Question 44

What is an IV attack?

Answer 44

Occurs when an attacker observes the operation of a cipher being used with several different keys and finds a mathematical relationship between those keys to determine the clear text data

Question 45

What is WiFi Dissociation Attack?

Answer 45

Attack that targets an individual client connected to a network, forces it offline by de-authenticating it and then captures the handshake when it reconnects

Question 46

What is a Brute Force Attack?

Answer 46

Occurs when an attacker continually guesses a password until they get it correct

** Any password can be brute forced, that’s why it’s important to make your passwords long and complicated because these can take up to a million years to crack.

Question 47

What is WPA3?

Answer 47

Wi-Fi Protected Access 3

Introduced in 2018 to strength WPA2

Question 48

What are the two modes of WPA3?

Answer 48

Enterprise Mode
Personal Mode

Question 49

What is the difference between WPA3 Enterprise and Personal mode?

Answer 49

Enterprise is a business use case that gives additional security

Question 50

What was the biggest change that came with WPA3?

Answer 50

Removal of the pre-shared key exchange (PSK.) Instead, it uses what’s known as SAE (Simultaneous Authentication of Equals)

Question 51

What is SAE?

Answer 51

Simultaneous Authentication of Equals

This is a secure password based authentication and password authenticated key agreement method. It uses forward secrecy (AKA perfect forward secrecy) that provides assurance that the sessions keys will not be compromised

Question 52

How does forward secrecy work?

Answer 52

A five step process:

1. The AP and the client use a public key system to generate a pair of long-term keys
2. The AP and the client exchange a one-time use session key using a secure algorithm like Diffe-Hellman
3. The AP sends the client messages and encrypts them using the session key created in Step 2
4. Client decrypts the messages received using the same one-time use session key
5. The process repeats for every message being sent, starting at Step 2 to ensure forward secrecy

Question 53

What is bluejacking?

Answer 53

Sending of unsolicited messages to Bluetooth-enabled devices such as mobile phones and tablets

Question 54

What is bluesnarfing?

Answer 54

Unauthorized access of information from a wireless device through a bluetooth connection

Question 55

What is the difference between bluejacking and bluensnarfing?

Answer 55

Bluejacking send informations and Bluesnarfing takes information

Question 56

What is RFID?

Answer 56

Radio Frequency Identification

Devices that use a radio frequency signal to transmit identifying information about the device or token holder

Ex. swiping credit cards or key fobs

Question 57

How does RFID create security problems?

Answer 57

It can operate from 10cm to 200 meters depending on the device. Because of the distance it can travel, this creates the ability for eavesdropping, the ability to capture, replay and rebroadcast its radio frequency as part of a larger attack.

Question 58

What is NFC?

Answer 58

Near Field Communication

Allows two devices to transmit information when they are within close range through automated pairing and transmission

** This was invented to combat issues with RFID