Section - 21 - Security Techniques

Question 1

To find out whether we have proper coverage from WAPs in our enterprise, what do we do?

Answer 1

Site Surveys, and we create heat maps, Wireless foot printing

Question 1

What are different wireless security standards ?

Answer 1

WEP
WPA - uses TKIP with RC4
WPA2 - uses AES with CCMP
WPA3

Question 2

Define WPA3 protocol.

Answer 2

WPA2 uses AES with GCMP. It has many advantages as compared to WPA2.
It is not prone to KRACK attack.

It doesn’t use pre-shared key concept (Prone to Offline-dictionary attack) for authentication. Instead, it uses SAE (Simultaneous Authentication of Equals).

Few other features - Management Frames Protection, Enhanced Open (OWE - Opportunistic Wireless Encryption)

Question 3

What are few terms related to application security?

Answer 3

1. Input validation
2. Use of Secure cookies and secure attributes for cookies
3. Sandboxing
4. Code Signing
5. Static Code Analysis/ Dynamic Code Analysis

Question 4

What are different kinds of Web-filtering that we can deploy in our networks?

Answer 4

1. Agent-based web filtering
2. Centralized proxy
3. URL scanning
4. Content-categorization
5. Block sites
6. Reputation-based filtering

There is DNS filtering as well.

Question 5

What are few methods of email security implementation?

Answer 5

1. DKIM - Domain Keys Identity Mail - Organizations use DKIM to protect their domain from BEC (Business Email Compromise.)
   Every email that organization sends, is sent with email signature that validates to recipients that email has come from the same domain and proofs that email hasn’t been spoofed
2. SPF (Sender Policy Framework) - This method uses IP address to see if the email has come from IPs that are listed in the SPF database for this domain.
   If it came from a different address, it is considered as spam.
3. DMARC - Domain-based Message Authentication, Reporting and Conformance

Question 6

What is DMARC?

Answer 6

DMARC - Domain-based Message Authentication, Reporting and Conformance

It is an email validation system that is designed to detect and prevent email spoofing.

It is a policy set by an organization for recipients that define the criteria that recipient should use to determine if the email is legit or spam.

DEMARC can work with either DKIM, SPF, or both.

Question 7

What is Email gateway?

Answer 7

It is a server or system that servers as the entry and exit point for emails.
Functions -
- Email routing
- Email Security
- Policy enforcement
- Encryption and Decryption

Question 7

What is EDR, XDR (Extended Detection and Response), UBA (User behavior analytics) and UEBA (User and Entity Behavior Analytics). FIM (File Integrity Monitoring)?