Security Flashcards

1
Q

What’s SASE?

A

Secure Access Service Edge (SASE) is a cloud based architecture whereby network and security are combined. SASE client is installed on every end user device that automatically connects to the cloud based virtualised SASE security technologies.

This greatly reduces the risk of non-authorised access to cloud networks!

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is Zero Trust?

A

Zero Trust is an approach to network security whereby everything (users, devices, data packets) aren’t trusted inherently. Therefore EVERYTHING must be verified.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is a Public Key Infrastructure (PKI)?

A

PKI = a framework that enables secure authentication and communication over networks by using private/public key pairs to ensure data hasn’t been tampered with and encrypt it.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What’s a digital certificate and who issues them?

A

Digital Certificate = a document that proves the authenticity of a person/website/organization/program and is issued by a trusted authority/certificate authority, so end users know it’s legitimate, not a scam or virus etc.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What’s RBAC?

A

RBAC - Role-Based Access Control - is a way of managing user permissions/access based on their role/level within a company.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is geofencing?

A

Allowing or restricting user access based on their location, e.g. don’t let some guy in Russia to connect to the UK’s local company network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What does each of the A’s in the AAA framework stand for?

A

Authentication - prove who you are, code, password, etc

Authorization - do you have the required access/privilege

Accounting - logging all access information possible: login time, IP, logout, what data the user sent/requested, etc.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is TOTP - Time-based One Time Password?

A

TOTP is an algorithm that creates a pseudo-random (not random) one time code by combining a pre-configured secret key with an NTP timestamp.

This TOTP you entered is then combined with your username, password when logging in. MFA

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is a honeynet?

A

A virtualised full network including firewalls, servers etc to make hackers think its real then they attack it and you track what they do. Then you use that information to create countermeasures on your production/real network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What are the CIA Triad security principles?

A

The CIA Triad consists of three security principles regarding data:

Confidentiality = private data should be kept private wherever possible.

Integrity = data integrity should be verified and any rogue modifications detected.

Availability = data must be kept accessible to the right/intended users (no point locking it down so much that nobody can use it!)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is VLAN hopping?

A

VLAN hopping is a network attach technique that allows attackers to access a VLAN via another VLAN that has a vulnerability/access.

It’s done via, either, switch spoofing (pretending you are a trunking switch which is allowed to send and receive traffic for multiple unlinked VLANs) or double tagging (the attacker uses packets with two VLAN (802.1Q) tags. The first tag is stripped away by the first switch exposing the second tag meant for another VLAN which the first switch then forwards!).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is switch spoofing?

A

Switch Spoofing = a type of VLAN hopping network attack where the attacker pretends to be a trunking switch to a switch on the victim network, which then can send and receive traffic for any VLAN’s on that port thereby becoming a Man-In-The-Middle.

You can prevent switch spoofing attacks by disabling trunking/trunk negotiation process on your network switches.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is double tagging?

A

Double Tagging = is a VLAN hopping (use access to one VLAN to jump to another VLAN) network attack. It works via crafting a packet that has two VLAN tags (VLAN destination addresses) and once it reaches a network switch the first tag is stripped off revealing the second tag addressed to a different VLAN which the first switch then forwards on to the victim VLAN where the data is unloaded.

As the tag being stripped off means the original source IP on the packet is lost therefore this is a ONE-WAY ONLY COMMUNICATION - good for DoS, makes it harder to trace.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

How to prevent double tagging vlan hopping attacks?

A

To stop double tagging attacks - DONT USE NATIVE VLAN - because it’s the innate behaviour of the native VLAN in which untagged traffic is assigned to it that allows double-tagging to work.

Therefore by using a “dummy/fake” VLAN to send untagged traffic to by default means that double tagging attack packets will be sent to a fake VLAN and rendered useless.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What’s is MAC flooding of a switch?

A

An attack that flushes a switches cached MAC address table with tonnes of packets all from different source MAC addresses. This forces the default switch behaviour which is to forward a received packet with no matching cached MAC address to ALL switch interfaces. Aka makes it work like a hub which means the attacker can then receive all packets sent to that hub for their malicious gains.

The switch’s port security settings block flooding.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is ARP poisoning/IP spoofing?

A

ARP poisoning/IP spoofing = where an attacker pretends to be another device (usually a router) on the network by sending ARP responses claiming to have a different MAC/IP address.

This allows the attacker to be sent packets from the victim.

17
Q

What is DNS poisoning/DNS spoofing?

A

DNS poisoning = sending fake responses to DNS queries so that the client machine populates it’s HOSTS FILE (maps IP addresses to domain names for quick local lookups - this takes precedent over DNS queries. So if a domain name/IP pair is found in the hosts file that is used instead of searching DNS). Therefore, the next time the client sends data to the fake domain/IP address it is sent to the attacker that can then read it and forward it to the right IP/domain and send the response back to the victim thus becoming MITM/on-path attacker.

18
Q

If a rogue DHCP server is on a network what security feature could be used to prevent fake IP addresses being given out thereby preventing clients accessing resources on the network?

A

DHCP snooping = is a security feature on switches that inspects DHCP packets and validates them against a list of known/trusted DHCP servers.

Authorised DHCP server feature in AD also could work - it determines what an authorised DHCP might be and only allow IP’s allocated from those servers.

19
Q

If you don’t want to go around looking for rogue access points/scanning for wireless rogue AP’s what protocol could you enable?

A

802.1X is a Network Access Control protocol that forces all users trying to connect to a network to authenticate (user/pw/MFA/2fa/etc) e.g. through a RADIUS server before they can access and use the network.

20
Q

What’s an on-path network attack commonly known as?

A

On-path network attack = Man In The Middle attack (MITM), although MITM implies the attacker is actively controlling/manipulating the traffic whereas an on-path network attack can be passive (just viewing the data that flows through the path) or active.

To combat most on-path/MITM attacks encrypt all data in transit so even if they capture it they can’t read it.

Common types of on-path/MITM attack include:
ARP Spoofing, DNS Spoofing, Eavesdropping, SSL Stripping, Session Hijacking, HTTP Spoofing

21
Q

What is social engineering?

A

Malicious activities via human interactions - e.g. phishing, dumpster diving, tailgating, shoulder surfing, spoofing (pretending to be something/someone you’re not). Trick users into giving you sensitive information etc.

22
Q

What is the name for the type of malware that spreads and activates via human input and what is the type that spreads without any human intervention/input (e.g. clicking it)?

A

Virus = spreads via human interaction/prompting.

Worm = more dangerous than a virus as it doesn’t require anything to spread - but more rare than viruses.

23
Q

What’s a trojan horse?

A

Trojan horse = malware that pretends to be some software/game you want but is or has a virus in it.

24
Q

What is port security?

A

Port security = feature that prevents users from connecting to a switch interface from an unauthorised source MAC address. Each port can be configured individually. Configure how many MAC addresses should be on each physical switch interface.

25
Q

What does Network Access Control (NAC)/802.1X do?

A

Network Access Control/802.1X is a common enterprise protocol that secures networks by requiring all users/devices to authenticate (pw/username/MFA/etc) even over ethernet connections.

26
Q

What is a security zone?

A

A security zone is a logical group of systems, devices, or networks with similar security requirements, policies, and access controls. E.g. trusted and untrusted security zones can be created to segregate traffic and thereby improve security of sensitive information. Creating these security zones limits the lateral movement of attackers as they cannot hop easily from an untrusted zone to a trusted one without getting pass more restrictive access control measures.

27
Q

If an ACL is enabled but empty on a switch who can access it?

A

Nobody. Implicit/default ACL behaviour is to DENY access so an empty ACL list that is enabled will block ALL traffic.

28
Q
A