Security Flashcards
What’s SASE?
Secure Access Service Edge (SASE) is a cloud based architecture whereby network and security are combined. SASE client is installed on every end user device that automatically connects to the cloud based virtualised SASE security technologies.
This greatly reduces the risk of non-authorised access to cloud networks!
What is Zero Trust?
Zero Trust is an approach to network security whereby everything (users, devices, data packets) aren’t trusted inherently. Therefore EVERYTHING must be verified.
What is a Public Key Infrastructure (PKI)?
PKI = a framework that enables secure authentication and communication over networks by using private/public key pairs to ensure data hasn’t been tampered with and encrypt it.
What’s a digital certificate and who issues them?
Digital Certificate = a document that proves the authenticity of a person/website/organization/program and is issued by a trusted authority/certificate authority, so end users know it’s legitimate, not a scam or virus etc.
What’s RBAC?
RBAC - Role-Based Access Control - is a way of managing user permissions/access based on their role/level within a company.
What is geofencing?
Allowing or restricting user access based on their location, e.g. don’t let some guy in Russia to connect to the UK’s local company network.
What does each of the A’s in the AAA framework stand for?
Authentication - prove who you are, code, password, etc
Authorization - do you have the required access/privilege
Accounting - logging all access information possible: login time, IP, logout, what data the user sent/requested, etc.
What is TOTP - Time-based One Time Password?
TOTP is an algorithm that creates a pseudo-random (not random) one time code by combining a pre-configured secret key with an NTP timestamp.
This TOTP you entered is then combined with your username, password when logging in. MFA
What is a honeynet?
A virtualised full network including firewalls, servers etc to make hackers think its real then they attack it and you track what they do. Then you use that information to create countermeasures on your production/real network.
What are the CIA Triad security principles?
The CIA Triad consists of three security principles regarding data:
Confidentiality = private data should be kept private wherever possible.
Integrity = data integrity should be verified and any rogue modifications detected.
Availability = data must be kept accessible to the right/intended users (no point locking it down so much that nobody can use it!)
What is VLAN hopping?
VLAN hopping is a network attach technique that allows attackers to access a VLAN via another VLAN that has a vulnerability/access.
It’s done via, either, switch spoofing (pretending you are a trunking switch which is allowed to send and receive traffic for multiple unlinked VLANs) or double tagging (the attacker uses packets with two VLAN (802.1Q) tags. The first tag is stripped away by the first switch exposing the second tag meant for another VLAN which the first switch then forwards!).
What is switch spoofing?
Switch Spoofing = a type of VLAN hopping network attack where the attacker pretends to be a trunking switch to a switch on the victim network, which then can send and receive traffic for any VLAN’s on that port thereby becoming a Man-In-The-Middle.
You can prevent switch spoofing attacks by disabling trunking/trunk negotiation process on your network switches.
What is double tagging?
Double Tagging = is a VLAN hopping (use access to one VLAN to jump to another VLAN) network attack. It works via crafting a packet that has two VLAN tags (VLAN destination addresses) and once it reaches a network switch the first tag is stripped off revealing the second tag addressed to a different VLAN which the first switch then forwards on to the victim VLAN where the data is unloaded.
As the tag being stripped off means the original source IP on the packet is lost therefore this is a ONE-WAY ONLY COMMUNICATION - good for DoS, makes it harder to trace.
How to prevent double tagging vlan hopping attacks?
To stop double tagging attacks - DONT USE NATIVE VLAN - because it’s the innate behaviour of the native VLAN in which untagged traffic is assigned to it that allows double-tagging to work.
Therefore by using a “dummy/fake” VLAN to send untagged traffic to by default means that double tagging attack packets will be sent to a fake VLAN and rendered useless.
What’s is MAC flooding of a switch?
An attack that flushes a switches cached MAC address table with tonnes of packets all from different source MAC addresses. This forces the default switch behaviour which is to forward a received packet with no matching cached MAC address to ALL switch interfaces. Aka makes it work like a hub which means the attacker can then receive all packets sent to that hub for their malicious gains.
The switch’s port security settings block flooding.