Section 4: Network and Security Foundations Flashcards
Describe the packet filtering type of firewall and which layers of OSI it operates on
- They operate on layers 3 and 4 of OSI
- They inspect ingress and egress of traffic and compare:
- Protocol (typically IP)
- Source IP Address
- Destination IP Address
- Source TCP or UDP port number
- Destination TCP or UDP port number
What is a firewall?
A barrier that intercepts and inspects network traffic moving from one network to another
Describe circuit-level gateway and which levels of OSI it operates on
Middleman that keeps the true identify of client and server hidden. Operates on layer 5, session layer of OSI
What is NAT?
Network Address Translation
What is PAT?
Port Address Translation
Describe ‘Stateful Inspection’
Stateful inspection reduces the number of firewall rules by acknowledging that a connection is a single conversation. Only one rule is needed; an acknowledgment that communication has begun
Describe ‘Stateless Inspection’
Stateless inspection views a connection as two things; a request and response, between a client and a server
What is an ephemeral port?
An ephemeral port is a temporary communication hub used for Internet Protocol (IP) communications and is opened on the clients end
Describe application level firewalling
proxy servers which inspect and parse the data and then send on to receiver if deemed safe
Describe IDS
Intrusion Detection System. Passive system which monitors traffic and notifies admin if a suspicious pattern is noticed
Describe IPS
Intrusion Prevention System. Active system which can stop all traffic if a suspicious pattern is noticed
What is ‘in-line’ mode in the context of IPS?
physically in between networks
What are the layers of OSI?
- Physical
- Data link
- Network
- Transport
- Session
- Presentation
- Application
Summarize the function of Layer 1 in the OSI model
How computers are physically connected
Summarize the function of Layer 2 in the OSI model
- How computers are logically connected
- Data is encapsulated into a frame, and transmitted through medium on layer 1
Summarize the function of Layer 3 in the OSI model
Allows computers on different networks to exchange data
Summarize the function of Layer 4 in the OSI model
- The heart of OSI
- Ensures that all data from the upper layers (5,6,7) are delivered according to the needs of an application
Summarize the function of Layer 5 in the OSI model
- Allows a computer to distinguish between connections with the same host
- Like managing different conversations with the same person… You may switch topics, and then go back to the first one etc..
Summarize the function of Layer 6 in the OSI model
- Translation and security layer between applications
- Encoding and encrypting data
Summarize the function of Layer 7 in the OSI model
How users connect to services using HTTP
Define ‘encoding’
The process of structuring data in a specific way, like XML of GIF
Define ‘encrypting’
The process of concealing data. Commonly used with TLS (transport layer security)
What are some threats that may occur at layer 1?
- Wire tapping
- Insecure physical security
- No security guard
- unlocked doors
What are some threats that may occur at layer 2?
- ARP poisoning
- Allows an attacker to eavesdrop on all network traffic sent through an ethernet switch
What are some threats that may occur at layer 3?
- Ping flood DoS attacks
- Spoofing, which can also occur on layer 2
- Attacker will configure a network card to impersonate a victims computer, hence forwarding all data being sent to the victims MAC address, to the hacker’s instead
What are some threats that may occur at layer 4?
Port scanning could reveal open ports
What are some threats that may occur at layer 6?
- TLS and SSL have been the target of many attacks which move to exploit weakness in the protocols
- man-in-the-middle attacks
What are some threats that may occur at layer 7?
- Many!
- SQL injections
- Buffer overrun attacks
What is a major difference between TCP and UDP
TCP requires confirmation that data was delivered successfully, while UDP does not
What is the difference between symmetric and asymmetric encryption techniques?
Symmetric encryption uses 1 key for encoding and decoding. Asymmetric uses two different keys
Describe PKI
Public key infrastructure (PKI) assigns identities to keys so that recipients can accurately verify the owners.
Describe ECC
Elliptic curve cryptography (ECC) uses the algebraic structure of elliptic curves to create a key that is even smaller than traditional asymmetric keys, yet it is substantially more difficult to crack without the aid of quantum computers.
Describe symmetric encryption
aka private key encryption, uses the same key for encryption and decryption. Sender and receiver have to have the same key
Describe asymmetric encryption
Relies on two different keys to encrypt and decrypt respectively.
Describe SSL/TLS encryption
- Creates a secure channel by exchanging a public key in the form of a certificate
- The public key is shared any time someone access the TLS secured website.
- The private key lives on the server as well, but is not shared
- The client creates a token, and encrypts it using the websites public key
- The website then decrypts the token, which is then used as a private key in symmetric encryption.
Describe IPSec encryption
- Secures network traffic at layer 3 (Network)
- IPsec creates VPN tunnels across an untrusted network (like the internet), which creates the illusion that the computers are directly connected
Why is it important to classify your data?
It’s important to classify your data correctly to avoid leaks and fines
Why is it important to encrypt data at rest?
This will prevent the data from being accessed, even if the server is stolen
What is a DEK?
a Data Encryption Key (DEK) is used to encrypt and decrypt data
What is a KEK?
an asymmetric encryption key called a KEK or key encryption key
What is a KMS?
Storage for the encrypted DEK in a key management server
Describe the two ways one can manage security of a DEK
Never disclose the DEK. Change the DEK frequently.
Describe the safest way to manage a DEK?
Never disclose it. Instead, the key is encrypted and stored on a special server which can only be accessed with a key, and only decrypted with another key.
Describe federated identity management
Allows users to authenticate using Google, Facebook, Twitter, and other sites where they may already have an account
Define IAM
Identity and Access Management (IAM) services can help give users permission to specific data
What is an extranet?
an extranet is a secured region on your private network configured with firewalls and IPS to mitigate server-to-server attacks
How can an extranet mitigate attacks on a compromised public facing server?
Extra firewalls, IDS and IPS can help restrict and/or analyze network data
What is multi-factor authentication?
Multi-factor auth requires two things: proof of something you know (like a username and password), and proof of something you are (fingerprint or biometric data) or proof of something you have (token or device)
What is a service account?
- When an application needs to access resources within a cloud provider, it typically using something called a service account
- Service accounts are similar to user accounts, but they don’t have passwords, and they cannot access the admin dashboards
- They are authenticated using API keys
- If there is an application that needs access to special services, consider adding a service account
How are service accounts authenticated?
using API keys
Describe what the protocol 802.1x attempts to solve
a way to stop unauthorized users from accessing info while being unobtrusive to the legitimate users in a company.
Describe Deauth attack
- attacker can force any client off the network which could lead to:
- preventing access to the network (DoS)
- force users to reconnect to the attackers access point instead
- capture 4-way handshake of WAP to gain intell that allows the hacker to get closer to a corpo network
Describe a fake access attack
Attacker sets up illegitimate wifi point and then tricks users into connecting
Describe AAA
Authentication Authorization & Accounting (AAA)
Describe Authentication
Verifying that the user is who they say they are
Describe Authorization
Define what permissions the user has/ what data they have access to
Describe Accounting
- Account for and report on the access that a user has been granted, including how often the user accesses the resource or data
- Verify that restriction put into place are working as they should
Describe MFA
Multi-factor authentication (MFA)
- Add-on to authentication process which verifies that you not only have user-id and password credentials, but that you are in possession of something as well
- could be bio-metric details, a key fob, pin number, etc.
What is device hardening?
- Hardening devices is the process of adding layers of security
- This includes reviewing security settings, updating device software, and testing the security of the device by attempting to breach it’s defenses
Describe some ways in which we harden devices
Change default passwords, remove unnecessary logins, enforce strong passwords policy, remove unnecessary services, keep patches up-to-date, limit physical access to the device, only allow changes from a trusted network, require encryption for wireless networks, audit access, and backup data.
