Section 3: Security Architecture Principles

Question 1

Transport layer protocols

Answer 1

• Transmission Control Protocol (TCP)

- User Datagram Protocol (UDP)

Question 2

Application layer (Layer 7)

Answer 2

Mediates between software applications and other layers of network services.
Protocol Data Unity (PDU): Data

Question 3

Network layer protocols

Answer 3

• Internet Control Message (ICMP)
• Address Resolution Protocol (ARP)
• Reverse Address Resolution Protocol (RARP)
• Internet Protocol (IP)

Question 4

Data link protocols

Answer 4

• Ethernet
• Fast Ethernet
• FDDI
• Token Ring
• Point-to-point protocol (PPP)

Question 5

OSI (Open Systems Interconnection) model

Answer 5

Is used to describe networking protocols. The OSI model defines groups of functionality required for network computer into layers.

Question 6

Layers of the OSI model

Answer 6

7. Application
8. Presentation
9. Session
10. Transport
11. Network
12. Data Link
13. Physical

Question 7

Physical layer (Layer 1)

Answer 7

Manages signals among network systems.

Protocol Data Unity (PDU): Bits

Question 8

Data link layer (Layer 2)

Answer 8

Divides data into frames that can be transmitted by the physical layer. The data link layer is concerned with local delivery of frames between nodes on the same level of the network and it does not cross the boundaries of a local area network.
Protocol Data Unity (PDU): Frame

Question 9

Network layer (Layer 3)

Answer 9

Translates network addresses and routes data from sender to receiver.
Protocol Data Unity (PDU): Packet

Question 10

Transport layer (Layer 4)

Answer 10

Ensures that data are transferred reliably in the correct sequence.
Protocol Data Unity (PDU): Segment

Question 11

Session layer (Layer 5)

Answer 11

Coordinates and manages user connections.

Protocol Data Unity (PDU): Data

Question 12

Presentation layer (Layer 6)

Answer 12

Formats, encrypts and compress data.

Protocol Data Unity (PDU): Data

Question 13

Internet Control Message (ICMP)

Answer 13

A supporting protocol in the Internet protocol suite. It is used by network devices, including routers, to send error messages and operational information indicating, for example, that a requested service is not available or that a host or router could not be reached. ICMP differs from transport protocols such as TCP and UDP in that it is not typically used to exchange data between systems, nor is it regularly employed by end-user network applications (with the exception of some diagnostic tools like ping and traceroute).

Question 14

Address Resolution Protocol (ARP)

Answer 14

A communication protocol used for discovering the link layer address, such as a MAC address, associated with a given internet layer address, typically an IPv4 address.
In Internet Protocol Version 6 (IPv6) networks, the functionality of ARP is provided by the Neighbor Discovery Protocol (NDP).

Question 15

Reverse Address Resolution Protocol (RARP)

Answer 15

An obsolete computer networking protocol used by a client computer to request its Internet Protocol (IPv4) address from a computer network, when all it has available is its link layer or hardware address, such as a MAC address

Question 16

Internet Protocol (IP)

Answer 16

The principal communications protocol in the Internet protocol suite for relaying datagrams across network boundaries. Its routing function enables internetworking, and essentially establishes the Internet.
IP has the task of delivering packets from the source host to the destination host solely based on the IP addresses in the packet headers. For this purpose, IP defines packet structures that encapsulate the data to be delivered. It also defines addressing methods that are used to label the datagram with source and destination information.

Question 17

Transmission Control Protocol (TCP)

Answer 17

Provides a communication service at an intermediate level between an application program and the Internet Protocol. It provides host-to-host connectivity at the transport layer.
At the transport layer, TCP handles all handshaking and transmission details and presents an abstraction of the network connection to the application typically through a network socket interface.
At the lower levels of the protocol stack, due to network congestion, traffic load balancing, or unpredictable network behaviour, IP packets may be lost, duplicated, or delivered out of order. TCP detects these problems, requests re-transmission of lost data, rearranges out-of-order data and even helps minimize network congestion to reduce the occurrence of the other problems

Question 18

Ethernet

Answer 18

The original 10BASE5 Ethernet uses coaxial cable as a shared medium, while the newer Ethernet variants use twisted pair and fiber optic links in conjunction with switches. Ethernet data transfer rates have been increased from the original 2.94 megabits per second (Mbit/s)[2] to the latest 400 gigabits per second (Gbit/s).
Systems communicating over Ethernet divide a stream of data into shorter pieces called frames. Each frame contains source and destination addresses, and error-checking data so that damaged frames can be detected and discarded; most often, higher-layer protocols trigger retransmission of lost frames.

Question 19

TCP three-way handshake

Answer 19

• SYN (Client to Server),
• SYN/ACK (Server to Client)
• ACK (Client) to Server)

Question 20

Disadvantages Packet filtering firewalls

Answer 20

• Vulnerable to attacks from improperly configured filters
• Vulnerable to attacks tunneled over permitted services
• All private network systems vulnerable when a single packet filtering router is compromised

Question 21

Advantages Packet filtering firewalls

Answer 21

• simplicity of one network “choke point”
• minimal impact on network performance
• inexpensive or free

Question 22

Disadvantage Application-level gateways

Answer 22

Poor performance and scalability as Internet usage grows

Question 23

Advantages of IPS

Answer 23

• Protection at the application layer
• Prevention of attacks rather than simply reacting to them
• Defense in depth
• Real-time event correlation

Question 24

Factors affecting cryptograpic system effectiveness

Answer 24

• Algorithm strength
• Secrecy and difficulty of compromising a key
• Nonexistence of back doors by which an encrypted file can be decrypted without knowing the key
• Inability to decrypt parts of a ciphertext message and prevent known plaintext attacks
• Properties of the plaintext known by a perpetrator

Question 25

wo types of cryptographic systems

Answer 25

• Symmetric Key Systems: These use single, secret, bidirectional keys that encrypt and decrypt.
• Asymmetric Key Systems: These use pairs of unidirectional, complementary keys that only encrypt or decrypt. Typically, one of these keys is secret, and the other is publicly known.

Public key systems are asymmetric cryptographic systems. Most encrypted transactions over the Internet use a combination of private/ public keys, secret keys, hash functions (fixed values derived mathematically from a text message) and digital certificates (that prove ownership of a public encryption key) to achieve confidentiality, message integrity, authentication and nonrepudiation by either sender or recipient (also known as a public key infrastructure [PKI]). Essentially, keys and hash values are used to transform a string of characters into a shorter or fixed-length value or key that represents the original string. This encryption process allows data to be stored and transported with reduced exposure so data remains secure as it moves across the Internet or other networks.

Question 26

Wired equivalency protocol (WEP)

Answer 26

A scheme that is part of the IEEE 802.11 wireless networking standard to secure IEEE 802.11 wireless networks (also known as Wi-Fi networks). An increasing number of organizations and vendors are replacing this with 802.11i (WPA2) and Wi-Fi Protected Access (WPA), which use dynamic keys and an authentication server with credentials to increase protection against hackers.

Question 27

Wi-Fi protected access (WPA)

Answer 27

A class of systems used to secure wireless (Wi-Fi) computer networks. WPA was created in response to several serious weaknesses that researchers found in the previous system, Wired Equivalent Privacy (WEP).

Question 28

Packet filtering firewalls

Answer 28

A screening router examines the header of every packet of data traveling between the Internet and the corporate network. Packet headers contain information, including the IP address of the sender and receiver, along with the port numbers (application or service) authorized to use the information transmitted. Based on that information, the router knows what kind of Internet service (e.g., web-based service or FTP) is being used to send the data as well as the identities of the sender and receiver of the data

Question 29

Application firewalls

Answer 29

Allow information to flow between systems but do not allow the direct exchange of packets. Therefore, application firewall systems provide greater protection capabilities than packet filtering routers.

Question 30

Advantages Stateful Inspection Firewalls

Answer 30

• Provide greater control over the flow of IP traffic

- Greater efficiency in comparison to CPU-intensive, full-time application firewall services

Question 31

Disadvantage Stateful Inspection Firewalls

Answer 31

Firewall complex to administer

Question 32

Change Management Lifecycle

Answer 32

Evaluate
Assess
Design
Implement
Manage change

Question 33

SDLC requirements

Answer 33

• Business requirements containing descriptions of what a system should do
• Functional requirements include the use of case models describing how users will interact with a system
• Technical requirements include design specifications and coding specifications describing how the system will interact, conditions under which the system will operate and the information criteria that the system should meet
• Risk mitigation and control requirements are incorporated to protect the integrity of the system, confidentiality of information stored, processed or communicated as well as adequate authentication and authorization mechanisms

Question 34

Advantage Application-level gateways

Answer 34

• Provide security for commonly used protocols
• Generally hide the network from outside untrusted networks
• Ability to protect the entire network by limiting break-ins to the firewall itself
• Ability to examine and secure program code

Question 35

Components of IDS

Answer 35

• Sensors responsible for collecting data in the form of network packets, log files, system call traces, etc.
• Analyzers that receive input from sensors and determine intrusive activity • An administration console
• A user interface

Question 36

Firewalls

Answer 36

Defined as a system or combination of systems that enforces a boundary between two or more networks, typically forming a barrier between a secure and an open environment such as the Internet. It applies rules to control the type of networking traffic flowing in and out.

Question 37

Firewall features

Answer 37

• Block access to particular sites on the Internet.
• Limit traffic on an organization’s public services segment to relevant addresses and ports.
• Prevent certain users from accessing certain servers or services.
• Monitor and record communications between an internal and an external network.
• Monitor and record communications between an internal network and the outside world to investigate network penetrations or detect internal subversion.
• Encrypt packets that are sent between different physical locations within an organization by creating a VPN over the Internet (e.g., IP security [IPSec], VPN tunnels). The capabilities of some firewalls can be extended so they can also provide for protection against viruses and attacks directed to exploit known operating system vulnerabilities.

Question 38

Stateful Inspection Firewalls

Answer 38

Firewalls
A stateful inspection firewall, also referred to as dynamic packet filtering, tracks the destination IP address of each packet that leaves the organization’s internal network. Whenever a response to a packet is received, its record is referenced to ascertain whether the incoming message was made in response to a request that the organization sent out. This is done by mapping the source IP address of an incoming packet with the list of destination IP addresses that is maintained and updated. This approach prevents any attack initiated and originated by an outsider.

Question 39

Processes of the Systems Development Lifecycle (SDLC)

Answer 39

Planning
Analysis
Design
Implementation
Maintenance

Question 40

Systems Development Lifecycle (SDLC)

Answer 40

Lifecycle (SDLC)
The Systems Development Lifecycle (SDLC) describes the phases deployed in the development or acquisition of a software system. ____ is an approach used to plan, design, develop, test and implement an application system or a major modification to an application system. Typical phases of _____ include the feasibility study, requirements study, requirements definition, detailed design, programming, testing, installation and post-implementation review, but not the service delivery or benefits realization activities.