Security Architecture 3.2

Question 1

Device Placement

Answer 1

Firewalls - Separate the network. Trusted from untrusted.
Honeypots, jump server, load balancers, sensors - help to contribute to a more secure computing environment.

Question 2

Security Zones.

Answer 2

Zone-based security technology.
Separate each area of the network such as an internal, external zone or Trusted or untrusted zone.

Question 3

Attack Surface

Answer 3

What parts of the network are vulnerable?
- Application code
-Open ports
-Authentication Process
-Human error

Goal is to Minimise the attack surface

Question 4

Connectivity

Answer 4

Everything contributes to security.
Secure Network cabling, Application-level encryption.
Network-Level Encryption. (VPNs)

Question 5

IPS Intrusion Prevention System

Answer 5

Designed to watch traffic traversing the network. The IPS blocks anything it determines as an intrusion from gaining access into the network.

IDS intrusion detection system.

Question 6

Failure mode:

Answer 6

Fail open - When the system fails data will continue to flow without security.
Fail close - When the system fails data does not flow. Very secure.

Question 7

Active monitoring vs Passive monitoring.

Answer 7

Active monitoring is inline with the traffic and can prevent traffic it seems to be malicious before it reaches the switch.
Passive monitoring examines a copy of the traffic and sends it to the IPS. (SPAN, Network tap). Not inline so cannot prevent the malicious traffic from reaching the network.

Question 8

Jump Server

Answer 8

A device on the inside of the network which is accessible from the outside. Usually hardened with security.

A jump server can be a significant security breach.

Question 9

Proxy Server

Answer 9

Internal devices communicate to a proxy server and the proxy server then communicates to the internet. Receives the user requests on their behalf.

Proxies - URL filtering.
Some proxies are invisible.

Question 10

Application Proxies

Answer 10

Understands the protocols used for a specific application.

Question 11

Forward Proxy

Answer 11

A user sends a request to the proxy and the proxy sends the request to the internet. If everything looks okay once the internet sends the response back to the proxy it will forward on the results to the user.

Question 12

Reverse Proxy

Answer 12

Users on the internet want to communicate with a webserver on an internal network. Any malicious traffic can be dropped at the proxy instead of being sent over to the web server.

Proxy can also provide a caching function where previous results are saved in the cache. Identical user requests made by the proxy will not be sent to the webserver.

Question 13

Open Proxy

Answer 13

A third-party, uncontrolled proxy. The third party could add malicious code or adverts to messages.

Question 14

Load Balancing

Answer 14

Distributes the load between multiple servers.
Increases fault tolerance - if a server connected to a load balancer was to fail. The load balancer would distribute the load between the remaining servers.

Question 15

Features of a Active/ Active load balancer.

Answer 15

Configurable load - can manage the load across multiple servers
TCP offload - lowers the protocol overhead
SSL - encryption done within the load balancer so each server does not need to end encrypted files.
Caching - saves previous entries and responses for faster replies
Prioritisation - Certain applications have higher prioritisation.
Content switching - recognise the type of request being made and can make certain

Question 16

Features of a Active/Passive load balances

Answer 16

There are passive web servers which are not in use and if there is a failure in one of the active web servers, the load balancer would recognise the failure and use one of the passive devices.

Question 17

Sensors and collectors.

Answer 17

Aggregate information from network devices are collected and sent to the collectors sich as a SIEM.

SIEM will contain a correlation enginge to compare diverse sensor data.

Question 18

Sensor examples

Answer 18

Firewall logs, Authentication logs, web server, access logs, database transaction logs, email logs.

Question 19

Port Security

Answer 19

The security on the individual interfaces that are on a switch or connections on a wireless access point.

Question 20

IEEE 802.1X

Answer 20

Port based network access control. To gain access to a network you would first need to authenticate using 802.1x

Question 20

EAP

Answer 20

Extensible Authentication protocol.

Question 21

Firewalls - Web application firewall

Answer 21

Analyse input into web based applications. Allow or deny based on expected input.

Question 22

Firewall. United threat management

Answer 22

Older devices, All in one security device.
Features:
URL Filter
Malware inspection
Spam Filter
CSU/DSU
Router, Switch
Firewall.
IDS, IPS
Bandwidth Shaper,
VPN endpoint.

Question 23

Firewall - Next Generation firewall

Answer 23

Is able to examine all traffic traversing the networking. What is contained on the application layer of and make forwarding decisions.

Question 24

OSI Layer 4 vs OSI layer 7

Answer 24

Layer 4 firewalls monitor traffic using a TCP or UTP port number.

OSI layer 7 allow or disallow traffic based on what application is being used over the network.

Question 25

VPN - Secure

Answer 25

Encrypts data traversing a public network. Managed using a concentrator to provide a VPN endpoint capability and decryption.

Question 26

Encrypted Tunnel

Answer 26

Original data is wrapped with IPsec Header and IPsec trailer.

With a new IP header which provides the information to the routers along the way to point this information to the correct IPSEC concentrator.

Question 27

TLS

Answer 27

Transport layer security
?

Question 28

SD WAN

Answer 28

?

Question 29

SASE

Answer 29

?