Securing Networks

Question 1

Radio Frequency Interference: RFI

Answer 1

Don´t learn
A disturbance that can affect electrical circuits, devices, and cables due to AM/FM transmissions or cell towers

RFI causes more problems for wireless networks

Question 2

Crosstalk

Don´t learn

Answer 2

Don´t learn
Occurs when a signal transmitted on one copper wire creates an undesired effect on another wire

UTP is commonly used more often than STP

Question 3

Data Emanation

Answer 3

Data emanation is a form of electronic eavesdropping. When data travels within a computer or through the network wires, an electromagnetic field is generated. By reading the magnetic field, unauthorized users can get the confidential data.

Question 4

Protected Distribution System: PDS

Don´t learn

Answer 4

Secured system of cable management to ensure that the wired network remains free from eavesdropping, tapping, data emanations, and other threats

Question 5

Service Set Identifier: SSID

Answer 5

Uniquely identifies the network and is the name of the WAP used by the clients
Disable the SSID broadcast in the exam

Question 6

Rogue Access Point

Answer 6

An unauthorized WAP or Wireless Router that allows access to the secure network

Question 7

Evil Twin

Answer 7

A rogue WAP with the same SSID as your valid one

Question 8

Pre-Shared Key

Answer 8

A pre-shared key (PSK) is a super-long series of seemingly random letters and numbers generated when a device joins a network through a Wi-Fi access point (AP). The process begins when a user logs into the network using the SSID (name of the network) and password (sometimes called a passphrase).

The SSID and password (8-63 characters) are then used to create the PSK, which is then used in conjunction with other information to create an even more complex encryption key to protect data sent over the network.

Question 9

Don´t learn

Wired Equivalent Privacy: WEP

Answer 9

Original 802.11 wireless security standard that claims to be as secure as a wired network

WEP’s weakness is its 24-bit IV (Initialization Vector)

Question 10

Wifi Protected Access: WPA

Don´t learn

Answer 10

Replacement for WEP which uses TKIP, Message Integrity Check (MIC), and RC4 encryption

WPA was flawed, so it was replaced by WPA2

Question 11

WPA2 (Wi-Fi Protected Access 2)

Answer 11

WPA2 is considered the best wireless encryption available

Question 12

Wifi Protected Setup: WPS

Don´t learn

Answer 12

Automated encryption setup for wireless networks at a push of a button, but is severely flawed and vulnerable

Always disable WPS

Question 13

Wifi Jamming

Answer 13

Intentional radio frequency interference targeting your wireless network to cause a denial of service condition

Wireless site survey software and spectrum analyzers can help identify jamming and interference

Question 14

AP Isolation (AP is access point)

Answer 14

Creates network segment for each client when it connects to prevent them from communicating with other clients on the network

Question 15

War Driving

Answer 15

Act of searching for wireless networks by driving around until you find them

Attackers can use wireless survey or open source attack tools

Question 16

War Chalking

Answer 16

Act of physically drawing symbols in public places to denote the open, closed, and protected networks in range

Question 17

IV Attack, initialization vector (IV) attack

Answer 17

An is an attack on wireless networks. It modifies the IV of an encrypted wireless packet during transmission. Once an attacker learns the plaintext of one packet, the attacker can compute the RC4 key stream generated by the IV used.

This happened with WEP and makes it easy to crack

Question 18

Wifi Disassociation Attack

Answer 18

Attack that targets an individual client connected to a network, forces it offline by deauthenticating it, and then captures the handshake when it reconnects

Used as part of an attack on WPA/WPA2

Question 19

Brute Force Attack

Answer 19

Occurs when an attacker continually guesses a password until the correct one is found

Brute force will always find the password…eventually!

Question 20

WPA3

Answer 20

Wi-Fi Protected Access 3 (WPA3) was introduced in 2018 to strengthen WPA2
WPA3 has an equivalent cryptographic strength of 192-bits in WPA3 - Enterprise Mode

Largest improvement in WPA3 is the removal of the Pre-Shared Key (PSK) exchange

WPA3 Personal:
Uses CCMP-128 as the minimum encryption required for secure connectivity

WPA3 Enterprise:
Uses AES-256 encryption with a SHA-384 hash for integrity checking

Question 21

WPA3: Simultaneous Authentication of Equals (SAE)

Answer 21

A secure password-based authentication and password-authenticated key agreement method

Simultaneous Authentication of Equals (SAE) provides forward secrecy

Question 22

WPA3: Perfect Forward Secrecy (AKA: Forward Secrecy)

Answer 22

A feature of key agreement protocols (like SAE) that provides assurance that session keys will not be compromised even if long-term secrets used in the session key exchange are compromised

The AP and the client use a public key system to generate a pair of long-term keys

The AP and the client exchange a one-time use session key using a secure algorithm like Diffie-Hellman

The AP sends the client messages and encrypts them using the session key created in Step 2

Client decrypts the messages received using the same one-time use session key

The process repeats for every message being sent, starting at Step 2 to ensure forward secrecy

Question 23

Don´t learn

Penetration Testing: Rules of Engagement

Answer 23

Don´t learn
Important document:
Defines purpose & scope
Makes everyone aware of test parameters

Type of testing & schedule:
Physical breach, internal test, external test
Working hours, after 6PM, etc

Rules:
IP address ranges
Emergency contacts
How to handle sensitive info

Question 24

Don´t learn VPN: SSL VPN

Answer 24

Don´t learn
Uses SSL/TLS
No big VPN clients
No digital cert requirement or shared passwords
Unlike IPsec
Very small client or within browser

Question 25

don´t learn VPN: HTML5 VPN

Answer 25

Web cryptography API as part of browser (no software)

Question 26

dont learn VPN: Site-to-Site VPN

Answer 26

Almost always on
Firewalls act as concentrators communicating with one another

L2TP
Connecting sites over layer 3 network as if they were connected at layer 2
Used in conjunction with IPsec for encryption
L2TP over IPsec

Question 27

BPDU (bridge protocol data unit) Guard

Answer 27

bridge protocol data unit (BPDU) is a data message transmitted across a local area network to detect loops in network topologies.

Defends the Layer 2 Spanning Tree Protocol (STP) topology against BPDU-related threats and is designed to protect the switching network

If a BPDU frame is seen on a PortFast configured interface, shutdown the device
Prevents looping

Question 28

File Integrity Monitoring: FIM

Answer 28

Some files change all the time
Some should never change
Monitor important OS & application files

Windows: SFC
Linux: Tripwire

Question 29

Passive Monitoring

Answer 29

Examines copy of traffic (port mirror or tap)
No way to block traffic
Out-of-Band Response
Copy of traffic is sent to IPS

If identified as malicious, IPS sends TCP RST (reset) frame
Prevents subsequent malicious requests (but not initial)

Question 30

Inline Monitoring

Answer 30

IDS/IPS sits physically inline (all traffic passes through)

In-Band Response
Malicious traffic is immediately identified
Dropped at the IPS (does not get through network)

Question 31

NAT Gateway/VPC Gateway Endpoint

Answer 31

Instances in a private subnet can connect to services outside your VPC, but external services cannot initiate a connection with those instances

Question 32

WPA3: GCMP Block Cipher Mode

Don´t learn

Answer 32

Don´t learn
Galois/Counter Mode Protocol
Stronger encryption than WPA2
AES Encryption
MIC uses GMAC

Question 33

Privilege Escalation

Answer 33

Occurs when a user is able to gain the rights of another user or administrator

Vertical Privilege Escalation = User to Admin
Horizontal Privilege Escalation = User to User