Section 4: Network Security Flashcards
What is the difference between data in transit and data at rest encryption?
Data in Transit: Encryption applied to data as it moves across networks (e.g., HTTPS, VPN).
Data at Rest: Encryption applied to stored data (e.g., database encryption, encrypted hard drives).
What are the types of certificates, and how do they function?
Public Key Infrastructure (PKI): Certificates issued by trusted Certificate Authorities (CAs) to enable secure communications.
Self-Signed Certificates: Certificates generated without a CA; suitable for internal or non-critical use.
What is IAM, and what are its key components?
Identity and Access Management
Key Components:
* Authentication: Verifying a user’s identity (e.g., passwords, biometrics).
* Multifactor
Authentication Multifactor
Authentication (MFA): Combines two or more authentication methods (e.g., password + SMS code).
* Single Sign-On (SSO): Enables one login to access multiple systems.
* Time-Based Authentication: Uses temporary codes (e.g., TOTP) for enhanced security.
* Authorization: Defines what actions a user is allowed to perform.
* Least
Privilege: Grants users only the access necessary for their roles.
* Role-Based Access Control (RBAC): Assigns permissions based on user roles.
What is geofencing, and how is it used in security?
- Uses geographic boundaries (e.g., GPS, IP address) to control access or trigger alerts.
- Common in physical and network security for location-based restrictions.
What are examples of physical security measures?
- Cameras: Monitor and record activity in sensitive areas.
- Locks: Restrict physical access to devices or facilities.
What are common protocols and tools used in IAM?
- RADIUS: Provides centralized authentication for remote users.
- LDAP: Accesses and manages directory information (e.g., user credentials).
- SAML: Enables Single Sign-On (SSO) by exchanging authentication data between services.
- TACACS+: Provides authentication and authorization for network devices.
What are deception technologies, and what are common examples?
Tools to detect and distract attackers by simulating vulnerabilities.
Honeypot: A decoy system designed to lure attackers.
Honeynet: A network of honeypots used to study attack patterns.
What is the difference between risk, vulnerability, exploit, and threat?
Risk: The potential for a negative outcome due to vulnerabilities.
Vulnerability: Weaknesses that can be exploited.
Exploit: The method used to take advantage of a vulnerability.
Threat: Anything that can cause harm, such as malware or attackers.
What are the core concepts of the CIA triad?
Confidentiality: Ensures data is accessible only to authorized users.
Integrity: Ensures data remains accurate and unaltered.
Availability: Ensures data and systems are accessible when needed.
What are common audits and regulatory compliance frameworks?
Data Locality: Ensures data storage complies with local regulations.
PCI DSS: Standards for securing payment card data.
GDPR: European Union regulation for data protection and privacy.
What is network segmentation enforcement, and what are its use cases?
Divides a network into segments to limit access and reduce risk.
Use Cases:
* IoT and IIoT: Protects devices from general network threats.
* SCADA/ICS/OT: Secures industrial control systems from cyberattacks.
* Guest Network: Isolates guest users to prevent access to sensitive resources.
* BYOD (Bring Your Own Device): Limits personal device access to specific network areas.
Internet of Things and Industria lIoT
What is a DoS attack?
- An attack designed to overwhelm a target system with traffic or requests, causing it to become unavailable.
- DDoS (Distributed DoS): Involves multiple systems (often botnets) attacking a single target to amplify the impact.
What is VLAN hopping, and how does it work?
Exploits misconfigured VLANs to send traffic to unauthorized VLANs.
Methods:
* Switch Spoofing: Attacker pretends to be a trunk port.
* Double Tagging: Inserts extra VLAN tags in packets to bypass security.
What is MAC flooding, and what is its impact?
- Overloads a switch’s MAC address table with fake addresses.
- Forces the switch to broadcast all traffic, exposing sensitive data and degrading performance.
What is ARP poisoning, and how does it differ from ARP spoofing?
Address Resolution Protocol
ARP Poisoning: Manipulates ARP tables to associate an attacker’s MAC address with a legitimate IP address.
ARP Spoofing: A technique used to perform ARP poisoning by sending forged ARP messages.
What is DNS poisoning, and how does it differ from DNS spoofing?
DNS Poisoning: Corrupts DNS cache to redirect users to malicious websites.
DNS Spoofing: Forges DNS responses to achieve similar redirection without corrupting the cache.
What are examples of rogue devices and services, and how do they pose a threat?
Rogue DHCP Server: Assigns incorrect IP configurations, causing disruptions or redirecting traffic.
Rogue Access Point (AP): Unauthorized wireless AP used to intercept traffic or lure users into connecting.
What is an evil twin attack?
A malicious Wi-Fi network that mimics a legitimate one to trick users into connecting.
- Used to intercept sensitive information like login credentials.
What is an on-path attack, and how does it work?
Formerly known as Man in the middle attack
- An attacker intercepts and manipulates communication between two parties.
- Common methods: ARP spoofing, DNS spoofing, or Wi-Fi eavesdropping.
What are 4 common types of social engineering attacks?
- Phishing: Fraudulent attempts to obtain sensitive information via email, text, or fake websites.
- Dumpster Diving: Searching through discarded materials for confidential information.
- Shoulder Surfing: Observing someone’s screen or keyboard to steal credentials or sensitive data.
- Tailgating: Gaining unauthorized physical access by following someone into a secure area.
What is malware, and what are its common types?
Definition: Malicious software designed to harm or exploit systems.
Types:
* Viruses: Spread by attaching to files and programs.
* Worms: Self-replicating and spread across networks.
* Trojan Horses: Disguised as legitimate software but perform malicious activities.
* Ransomware: Encrypts files and demands payment for decryption.
* Spyware: Collects user data without consent.
* Adware: Displays unwanted ads, often bundled with spyware.
What is device hardening, and what are key steps?
Defention: The process of securing a device by reducing vulnerabilities.
Key Steps:
* Disable unused ports and services to minimize attack vectors.
* Change default passwords to prevent unauthorized access.
What is NAC, and what are its key components?
Network Access Control - Controls access to the network based on device compliance and user authentication.
Key Components:
* Port Security: Limits the number of devices connected to a switch port to prevent unauthorized access.
* 802.1X: Authentication framework using RADIUS or similar protocols for secure access.
* MAC Filtering: Restricts access to devices with approved MAC addresses.
What is key management, and why is it important?
Involves securely creating, storing, and distributing cryptographic keys.
- Ensures data confidentiality, integrity, and secure communication.
What are security rules, and what types are commonly used?
Defention: Define how traffic is permitted or denied within a network.
Types:
* Access Control List (ACL): Specifies which traffic is allowed or blocked based on IPs, protocols, and ports.
* URL Filtering: Blocks or allows access to specific websites based on their URLs.
* Content Filtering: Inspects and blocks specific content within traffic (e.g., malicious files, inappropriate content).
What is a screened subnet?
A buffer zone between a trusted internal network and an untrusted external network.
- Hosts public-facing services like web servers while isolating them from sensitive internal resources.
Formerly known as DMZ
What are the differences between trusted and untrusted zones?
Purpose: Segregates sensitive resources from external or less secure networks.
- Trusted Zone: Internal network with known, secure devices (e.g., corporate LAN).
- Untrusted Zone: External networks where security cannot be guaranteed (e.g., the internet).
