Section 4: Network and Security Foundations Flashcards

1
Q

Describe the packet filtering type of firewall and which layers of OSI it operates on

A
  • They operate on layers 3 and 4 of OSI
  • They inspect ingress and egress of traffic and compare:
    • Protocol (typically IP)
    • Source IP Address
    • Destination IP Address
    • Source TCP or UDP port number
    • Destination TCP or UDP port number
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
1
Q

What is a firewall?

A

A barrier that intercepts and inspects network traffic moving from one network to another

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Describe circuit-level gateway and which levels of OSI it operates on

A

Middleman that keeps the true identify of client and server hidden. Operates on layer 5, session layer of OSI

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is NAT?

A

Network Address Translation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is PAT?

A

Port Address Translation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Describe ‘Stateful Inspection’

A

Stateful inspection reduces the number of firewall rules by acknowledging that a connection is a single conversation. Only one rule is needed; an acknowledgment that communication has begun

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Describe ‘Stateless Inspection’

A

Stateless inspection views a connection as two things; a request and response, between a client and a server

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is an ephemeral port?

A

An ephemeral port is a temporary communication hub used for Internet Protocol (IP) communications and is opened on the clients end

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Describe application level firewalling

A

proxy servers which inspect and parse the data and then send on to receiver if deemed safe

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Describe IDS

A

Intrusion Detection System. Passive system which monitors traffic and notifies admin if a suspicious pattern is noticed

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Describe IPS

A

Intrusion Prevention System. Active system which can stop all traffic if a suspicious pattern is noticed

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is ‘in-line’ mode in the context of IPS?

A

physically in between networks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What are the layers of OSI?

A
  1. Physical
    1. Data link
    2. Network
    3. Transport
    4. Session
    5. Presentation
    6. Application
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Summarize the function of Layer 1 in the OSI model

A

How computers are physically connected

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Summarize the function of Layer 2 in the OSI model

A
  • How computers are logically connected
    • Data is encapsulated into a frame, and transmitted through medium on layer 1
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Summarize the function of Layer 3 in the OSI model

A

Allows computers on different networks to exchange data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Summarize the function of Layer 4 in the OSI model

A
  • The heart of OSI
  • Ensures that all data from the upper layers (5,6,7) are delivered according to the needs of an application
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Summarize the function of Layer 5 in the OSI model

A
  • Allows a computer to distinguish between connections with the same host
  • Like managing different conversations with the same person… You may switch topics, and then go back to the first one etc..
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Summarize the function of Layer 6 in the OSI model

A
  • Translation and security layer between applications
  • Encoding and encrypting data
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Summarize the function of Layer 7 in the OSI model

A

How users connect to services using HTTP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Define ‘encoding’

A

The process of structuring data in a specific way, like XML of GIF

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Define ‘encrypting’

A

The process of concealing data. Commonly used with TLS (transport layer security)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

What are some threats that may occur at layer 1?

A
  • Wire tapping
  • Insecure physical security
    • No security guard
    • unlocked doors
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

What are some threats that may occur at layer 2?

A
  • ARP poisoning
  • Allows an attacker to eavesdrop on all network traffic sent through an ethernet switch
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

What are some threats that may occur at layer 3?

A
  • Ping flood DoS attacks
  • Spoofing, which can also occur on layer 2
    • Attacker will configure a network card to impersonate a victims computer, hence forwarding all data being sent to the victims MAC address, to the hacker’s instead
25
Q

What are some threats that may occur at layer 4?

A

Port scanning could reveal open ports

26
Q

What are some threats that may occur at layer 6?

A
  • TLS and SSL have been the target of many attacks which move to exploit weakness in the protocols
  • man-in-the-middle attacks
27
Q

What are some threats that may occur at layer 7?

A
  • Many!
  • SQL injections
  • Buffer overrun attacks
28
Q

What is a major difference between TCP and UDP

A

TCP requires confirmation that data was delivered successfully, while UDP does not

29
Q

What is the difference between symmetric and asymmetric encryption techniques?

A

Symmetric encryption uses 1 key for encoding and decoding. Asymmetric uses two different keys

30
Q

Describe PKI

A

Public key infrastructure (PKI) assigns identities to keys so that recipients can accurately verify the owners.

31
Q

Describe ECC

A

Elliptic curve cryptography (ECC) uses the algebraic structure of elliptic curves to create a key that is even smaller than traditional asymmetric keys, yet it is substantially more difficult to crack without the aid of quantum computers.

32
Q

Describe symmetric encryption

A

aka private key encryption, uses the same key for encryption and decryption. Sender and receiver have to have the same key

33
Q

Describe asymmetric encryption

A

Relies on two different keys to encrypt and decrypt respectively.

34
Q

Describe SSL/TLS encryption

A
  • Creates a secure channel by exchanging a public key in the form of a certificate
  • The public key is shared any time someone access the TLS secured website.
    • The private key lives on the server as well, but is not shared
  • The client creates a token, and encrypts it using the websites public key
  • The website then decrypts the token, which is then used as a private key in symmetric encryption.
35
Q

Describe IPSec encryption

A
  • Secures network traffic at layer 3 (Network)
  • IPsec creates VPN tunnels across an untrusted network (like the internet), which creates the illusion that the computers are directly connected
36
Q

Why is it important to classify your data?

A

It’s important to classify your data correctly to avoid leaks and fines

37
Q

Why is it important to encrypt data at rest?

A

This will prevent the data from being accessed, even if the server is stolen

38
Q

What is a DEK?

A

a Data Encryption Key (DEK) is used to encrypt and decrypt data

39
Q

What is a KEK?

A

an asymmetric encryption key called a KEK or key encryption key

40
Q

What is a KMS?

A

Storage for the encrypted DEK in a key management server

41
Q

Describe the two ways one can manage security of a DEK

A

Never disclose the DEK. Change the DEK frequently.

42
Q

Describe the safest way to manage a DEK?

A

Never disclose it. Instead, the key is encrypted and stored on a special server which can only be accessed with a key, and only decrypted with another key.

43
Q

Describe federated identity management

A

Allows users to authenticate using Google, Facebook, Twitter, and other sites where they may already have an account

44
Q

Define IAM

A

Identity and Access Management (IAM) services can help give users permission to specific data

45
Q

What is an extranet?

A

an extranet is a secured region on your private network configured with firewalls and IPS to mitigate server-to-server attacks

46
Q

How can an extranet mitigate attacks on a compromised public facing server?

A

Extra firewalls, IDS and IPS can help restrict and/or analyze network data

47
Q

What is multi-factor authentication?

A

Multi-factor auth requires two things: proof of something you know (like a username and password), and proof of something you are (fingerprint or biometric data) or proof of something you have (token or device)

48
Q

What is a service account?

A
  • When an application needs to access resources within a cloud provider, it typically using something called a service account
    • Service accounts are similar to user accounts, but they don’t have passwords, and they cannot access the admin dashboards
    • They are authenticated using API keys
    • If there is an application that needs access to special services, consider adding a service account
49
Q

How are service accounts authenticated?

A

using API keys

50
Q

Describe what the protocol 802.1x attempts to solve

A

a way to stop unauthorized users from accessing info while being unobtrusive to the legitimate users in a company.

51
Q

Describe Deauth attack

A
  • attacker can force any client off the network which could lead to:
    • preventing access to the network (DoS)
    • force users to reconnect to the attackers access point instead
    • capture 4-way handshake of WAP to gain intell that allows the hacker to get closer to a corpo network
52
Q

Describe a fake access attack

A

Attacker sets up illegitimate wifi point and then tricks users into connecting

53
Q

Describe AAA

A

Authentication Authorization & Accounting (AAA)

54
Q

Describe Authentication

A

Verifying that the user is who they say they are

55
Q

Describe Authorization

A

Define what permissions the user has/ what data they have access to

56
Q

Describe Accounting

A
  • Account for and report on the access that a user has been granted, including how often the user accesses the resource or data
  • Verify that restriction put into place are working as they should
57
Q

Describe MFA

A

Multi-factor authentication (MFA)
- Add-on to authentication process which verifies that you not only have user-id and password credentials, but that you are in possession of something as well
- could be bio-metric details, a key fob, pin number, etc.

58
Q

What is device hardening?

A
  • Hardening devices is the process of adding layers of security
    • This includes reviewing security settings, updating device software, and testing the security of the device by attempting to breach it’s defenses
59
Q

Describe some ways in which we harden devices

A

Change default passwords, remove unnecessary logins, enforce strong passwords policy, remove unnecessary services, keep patches up-to-date, limit physical access to the device, only allow changes from a trusted network, require encryption for wireless networks, audit access, and backup data.