Week 6 (Security in the Network Domain)

Question 1

What is a Network?

Answer 1

A network is a set of technologies used to connect computers together, to allow them to communicate and share resources, e.g. files

Question 2

What are the types of Computer Networks?

Answer 2

LAN (Local Area Network)
WLAN (Wireless Local Area Network)
WAN (Wide Area Network)

Question 3

What is a LAN (Local Area Network)?

Answer 3

It covers a small geographic area - such as a home or floor of a building.
A network device, e.g. A switch, provides connection points for computers and devices to be connected using cables (links)

Question 4

What is a WLAN (Wireless LAN)?

Answer 4

It is a wireless network that allows devices to connect together using a Wireless Access Point (Wireless AP)
Connected to a LAN using a cable, forming a larger LAN
Current modems are created hybrid, where both the switch and the Wireless AP are connected.

Question 5

What is a WAN?

Answer 5

For a LAN to communicate with another LAN or the internet, requires a networking device called a router.
Uses a Router to connect to the switch, connections over wide geographical areas.

Question 6

Explain LAN Hardware.

Answer 6

NIC (Network Interface Controller) for each computer/device
Network device (interconnecting device) - Switch
Network Cables to connect the computers/devices to the switch.

Question 7

What is a MAC Address?

Answer 7

MAC Address (Media Access Control Address) - allows devices to communicate within a LAN
It is a physical hardware address that is burnt into the NIC
Every NIC has one MAC - it is a unique number, produced by the manufacturer.
An IP address can be reused, but a MAC is unique, at least within the local network.
6 pairs of Hexadecimal

Question 8

What is an IP Address?

Answer 8

An IP Address identifies each device connected to the internet. MAC is only used to identify computers within the LAN

Question 9

What is a Port Number?

Answer 9

It uniquely identifies a network-based application.
An IP Address is used to identify the computer, whereas the port number specifies the application/program.

Question 10

Examples of Port Numbers:

Answer 10

HTTP - 80
FTP - 21
Secure Shell port - 22
Telnet - 23
DNS - 53
HTTPS - 443
HTTP doesn’t have any encryption, but HTTPS does - don’t use port 80
Don’t use port 23 - Telnet - No security

Question 11

What is a Firewall?

Answer 11

It is a system that is designed to prevent unauthorized access from entering the private network, by filtering the information from the internet.

Question 12

What are the Different Types of Firewall?

Answer 12

Packet Filtering Firewall - filter based on rules - Rule-based firewall
Network-based firewall
Host-based firewall

Question 13

What does the packet filtering firewall do?

Answer 13

It generally has three different actions: Allow (Let packet pass through), Deny (Drop the packet), or Prompt (Ask the user what action to take)
Rules are evaluated from top down, and once a rule is matched no further rules will be evaluated.

Question 14

What is an ACL?

Answer 14

An Access Control List - Firewall Rules
Collection of allow and deny conditions, called rules, that provide security by blocking unauthorized users to access specific resources. Compare Source IP, Dest. IP, Source Port, Dest. Port, then decide what action to take.

Question 15

Explain the Network-based Firewall and the Host-based Firewall.

Answer 15

Network-based firewall - deployed in line with traffic flow, protecting the entire network
Host-based firewall - Software application installed on computer, 2nd line of defence if unauthorized traffic has not been blocked by Network-based Firewall

Question 16

What is an IDS?

Answer 16

Intrusion Detection System - monitors your network for possible dangerous activity, including malicious acts and violations of security protocols.
When such a problem is detected, an IDS alerts the administrator but doesn’t necessarily take any other action.
It only detects and alerts, does not do anything else.

Question 17

What is an IPS?

Answer 17

Intrusion Protection System.
Begins with Intrusion detection but can go further to act to stop ongoing and future attacks.
When it detects an attack, it can reject data packets and give commands to a firewall for action.
Management System

Question 18

How is an IDS and an IPS placed?

Answer 18

An IDS is usually not placed inline, but may get mirrored traffic from a network tap or a mirrored port.
IPS is usually in-line - (between the firewall and the rest of the network) and takes proactive action based on the set of rules provided to it.

Question 19

What are some Network Domain Attacks?

Answer 19

• DoS (Denial-of-Service) attack is an attempt to make a machine or network resource unavailable to its intended users, such as to temporarily or indefinitely interrupt or suspend services of a host connected to the internet
• DDoS (Distributed-denial-of-service) - Attack source is more than one-and often thousands-of unique IP address

Question 20

Advantages of DDoS

Answer 20

• Able to leverage the greater volume of machine to execute a seriously disruptive attack
• Location of the attack is difficult to detect due to the random distribution of attacking systems (often worldwide)
• More difficult to shut down multiple machines than one
• The true attacking party is very difficult to identify, as they are disguised behind many (mostly compromised) systems

Question 21

What is Botnet?

Answer 21

Botnet refers to a group of computers which have been infected by malware and have come under the control of a malicious actor. The term botnet is from the words robot and network, and each infected device is called a bot. Botnets can be used to accomplish illegal or malicious tasks including DDoS attacks

Question 22

Explain MITM

Answer 22

MITM (Man-In-The-Middle) attack happens when an attacker inserts themselves between a user and a website
Typically attackers are trying to steal something, like credit card numbers or user login credentials - they might be snooping on private conversations, which might include trace secrets or other valuable information
E.g. CSRF

Question 23

How to prevent DoS/DDoS or MITM attacks?

Answer 23

• Secure network with intrusion detection/prevention system to analyse traffic and identify unusual behaviour
• Firewall must also be in place with well-defined rules to prevent unauthorised access

Question 24

How many lines of defence are there and what are they?

Answer 24

4

• IPS - not a firewall, but operates like one
  
  • Becomes third line of defence after ACL and firewall
  • Computer becomes fourth line of defence
  • Just remember that ACL is in firewall

ACL -> Network based firewall -> IPS -> Host based firewall