Section 3: Introduction to Network Security

Question 1

Define ‘asset’

Answer 1

A person, device, location, or information that SecOps aims to protect from attack

Question 2

Define ‘attack’

Answer 2

An action taken by a threat that exploits a vulnerability that attempts to either block authorized access to an asset, or to gain unauthorized access to an asset

Question 3

Define ‘risk’

Answer 3

The potential of a threat to exploit a vulnerability via an attack

Question 4

Define ‘SecOps’

Answer 4

The abbreviation for IT security operations; a discipline within IT responsible for protecting assets by reducing the risk of an attack.

Question 5

Define ‘threat’

Answer 5

Something or someone that can exploit a vulnerability to attack an asset

Question 6

Define ‘vulnerability’

Answer 6

A weakness in software, hardware, facilities, or humans that can be exploited by a threat

Question 7

What are some common security vulnerabilities?

Answer 7

Zero-day, personal devices on a network, weak or default passwords, poor physical security measures, and advanced persistent threats

Question 8

Describe the vulnerability ‘advanced persistent threats’

Answer 8

Malware that lays dormant for long enough to infect as many devices as possible.

Question 9

Describe ‘zero-day’ threats

Answer 9

threats that may have been discovered but patches against them have not been released to the public

Question 10

What are some examples of attacker types?

Answer 10

Script kiddies, nation states, insider threats, hackers; black, white, and gray hats, teams; blue, red, purple, and white, vulnerability testers

Question 11

What is an example of an ‘ethical’ hacker?

Answer 11

• blue, red, and purple teams
• White hat
• vulnerability testers

Question 12

Describe some types of security threats

Answer 12

Wire tapping, buffer overflow, DOS and DDOS (smurfing), Social engineering, spoofing, SQL injections, port scanning

Question 13

What’s easier than hacking a computer?

Answer 13

hacking a human

Question 14

Describe the sequence of events in denial-of-service attack

Answer 14

Attacker floods a computer with ICMP’s of packets forged with false addresses, which then forces the victims computer to respond to these pings to made up addresses, crashing the victims computer.

Question 15

What is the difference between DOS and DDOS?

Answer 15

DDOS marks the victims computer as a sender, and employs multiple computers in a network to flood the victims computer with ICMP packets

Question 16

Describe spoofing

Answer 16

Spoofing is when a hacker inserts themselves in a network and pretends to be a sender and receiver. The victim send info to the the hacker pretending to be the receiver, which the hacker forwards to the legit receiver. Then the hacker pretends to be the sender, and receives the info from the legit sender

Question 17

Describe an SQL injection

Answer 17

the hacker adds an sql query to an input designed for a user to search a database. The query then return sensitive information normally outside of an everyday users access

Question 18

Describe port scanning

Answer 18

Hacker scans a computer for open ports. After identifying the open ports, the hacker can then look for exploits to the connecting site or application

Question 19

Describe wire-tapping

Answer 19

a hacker uses a packet sniffer to monitor network traffic

Question 20

What is one of the largest jobs in SecOps?

Answer 20

managing the risks of attacks and acting both proactively to prevent or mitigate the damage and reactively to stop the attack

Question 21

What is an aspect of in-depth security?

Answer 21

Using multiple layers of security in an overlapping manner to create rings of protection

Question 22

Define CIA in InfoSec

Answer 22

Confidentiality, Integrity, and Availability. A model used to balance protecting sensitive data while granting access to authorized users.

Question 23

Explain confidentiality in the CIA model

Answer 23

Privacy of data. Characteristics include; ensuring only the intended recipient of the information can access it, following a need-to-know policy, reducing exposure by destroying copies of information that is no longer needed.

Question 24

Explain integrity in CIA

Answer 24

Identifies the trustworthiness of the information. “Is it possible to identify where the information has come from, and if the data has changed since it was originally sent”.

Question 25

Explain availability in CIA

Answer 25

Ensures data is accessible to authorized users.