07 - Network Security Controls - Techincal Controls Flashcards by Casey Wilfling

Describe these email protocols:
1) PGP
2) S/MIME
3) SMTP
4) POP3
5) IMAP

1) Provides cryptographic privacy and authentication for emails.
2) Is used for sending digitally signed and encrypted emails.
3) Sends messages from one email server to another.
4) Retreives email from a server, once retrieved it is deleted from the server.
5) Retrieves email from a server. Synchronizes to the email server.

How well did you know this?

Not at all

Perfectly

Describe these protocols:
1) RADIUS
2) TACACS
3) Kerberos
4) DNSSEC
5) HTTPS

1) Centralized authentication, authorization, and accounting for remote servers to communicate with a central server.
2) Provides AAA of network devices through one or more centralized servers.
3) An authentication method to access a network based on TGT and TGS.
4) A suite of specifications for securing certain tpes of information provided by DNS.
5) Is used to secure communications across the Internet.

How well did you know this?

Not at all

Perfectly

Describe these protocols:
1) TLS
2) SSL
3) SRTP
4) LDAP
5) IPSec

1) Ensures secure communcation between client-server application. Supercedes SSL.
2) Uses RSA to ensure secure communcations between client-server models.
3) Used to deliver real-time data such as audio and video streams.
4) Is used to accesss and managing directory services such as AD.
5) Secures IP communications. Mainly used in VPNs and remote user access.

How well did you know this?

Not at all

Perfectly

Describe these components of IPSec:
1) Authentication Header (AH)
2) Enscapsulation Security Payload (ESP)

1) Provides the data authentication of the sender.
2) Provides both the data authentication and encryption of the sender.

How well did you know this?

Not at all

Perfectly

Describe these protocols:
1) FTP
2) SNMP
3) SSH
4) OAuth
5) OpenID (OIDC)

1) It used for secure file transmission and file access.
2) Used to monitor and manage devices over a network.
3) Is used by Linux and Unix for secure remote login.
4) Allows user to grant limited access to resources from one site to another.
5) Is an authentication protocol that is built into OAuth

How well did you know this?

Not at all

Perfectly

What is Network Segmentation?

Is the practice of splitting a network into smaller networks segments.

How well did you know this?

Not at all

Perfectly

Describe these types of Network Segmentation:
1) Physical
2) Logical
3) Virtualization

1) Networks are segmented based on physical components.
2) Utilizes VLANs which are isolated logically without considering physical locations of devices.
3) Combines all available network resources to share these resources amongst the network users using a single admin unit.

How well did you know this?

Not at all

Perfectly

What is a Bastion Host?

Is a computer system that is designed and configured to protect network resources from attacks.

How well did you know this?

Not at all

Perfectly

Describe these types of Bastion Hosts:
1) Single-homed
2) Multi-homed
3) Internal

1) A firewall with one network interface. All incoming/outgoing traffic is routed through the bastion host.
2) A firewall device with at least 2 network interfaces. Seperates internal and external networks.
3) Resides inside the internal network. Can be single/multi-homed. Network devices communcate directly with bastion host.

How well did you know this?

Not at all

Perfectly

What is a DMZ?

A computer subnetwork that is placed between the organizations private network and the Internet. Allows for external users to access organzations servers.

How well did you know this?

Not at all

Perfectly

Describe these types of traffic:
1) East-West
2) North-South

1) Traffic between servers in a data centre
2) Traffic between an outside client and a server.

How well did you know this?

Not at all

Perfectly

What is a Zero-Trust Network?

Is a model where every user is not trusted by default and needs to verify every incoming connection before allowing access to the network.

How well did you know this?

Not at all

Perfectly

What is a Firewall?

Is a hardware/software that is used to monitor and filter incoming and outgoing traffic and prevents unauthorized access to private networks.

How well did you know this?

Not at all

Perfectly

Describe these firewalls:
1) Host-based
2) Network-based
3) External
4) Internal

1) Filters inbound/outbound traffic of an individual computer.
2) Filters inbound/oubound traffic across a LAN.
3) Limits access between protected and public networks. Provides protection for DMZ.
4) Protects one network segment from another.

How well did you know this?

Not at all

Perfectly

Describe these Firewall technologies:
1) Packet Filtering
2) Circuit-Level Gateway
3) Application Layer Gateways
4) Stateful Multilayer Inspection
5) Application Proxy
6) NAT
7) VPN
8) NGFW

1) Resides in routers; each packet is compared to a set of criteria before being forwarded.
2) Monitor the TCP handshake to determine whether a session is legitimate or not.
3) Filter packets at the application layer such as HTTP-GET and POST.
4) Combines Application, Circuit-Level and Packet Filtering technologies.
5) Is a proxy server that filters connections between services.
6) Allows multiple LAN devices to use a single IP address.
7) Is a service that creates a secure, encrypted connection over a less secure network, typically the internet. It allows users to send and receive data as if their devices were directly connected to a private network.
8) Is a firewall that is also capable of inspecting packet content, not just port/protocol inspection.

How well did you know this?

Not at all

Perfectly

Describe the following:
1) IDS
2) IPS

1) Is a system that sits ‘off to the side’ that monitors traffics and alerts admins about suspicious activites.
2) Is an ‘in-line’ system that allows or block packets depending on established policies.

How well did you know this?

Not at all

Perfectly

Describe the following IDS detection methods:
1) Signature Recognition
2) Anomaly Detection
3) Protocol Anomaly Detection

1) Identifies events based on packet content that indicate an abuse of a system.
2) Detects instrusions based on the established behavioural characteristics of users and components of a computer system.
3) Models are used to detect anomalies in the way TCP/IP protocols behave.

Give examples of the following types of intrusions:
1) File System
2) Network
3) System

1) Presence of new unfamiliar files, change in file permissions, change in file size, rogue files, missing files.
2) Repeated probes of service, connections from unusual locations, repeated login attempts from remote hosts, influx of login data.
3) Short/incomplete logs, slow system performance, missing logs, modified config files, unusual graphics/text, gaps in system accounting, systems crashes/boots, unfamiliar processes.

Describe the following classifications of IDS:
1) Approach-based
2) Behaviour-based
3) Protection-based
4) Structure-based
5) Analysis Timing-based
6) Source Data Analysis-based

1) Uses the signature, anomaly, and protocol anomaly detection systems to monitor suspicious behaviour.
2) How an IDS responds to events, Active/Passive; Active detects and responds, Passive only detects.
3) What an IDS offers protection to, HIDS/NIDS; HIDS protects the host, NIDS protects the network.
4) Where the IDS is placed, Centralized/Distributed; Centralized is all data is sent to one authority, Distributed uses several IDS to communicate with each other.
5) Ttime between event occurring and analysis, Interval/Real-time; Interval performs analysis offline, Real-time performs analysis on the fly.
6) The data source that is used to detect intrusions, Audit Trails/Network Packets.

Describe the components of an IDS:
1) Network Sensors
2) Command Console
3) Alert Systems
4) Response System
5) Attack Signature Database

1) Hardware/software components that monitor network traffic and trigger alarms.
2) Is the installed software that is dedicated to the IDS.
3) Sends an alert message when an anomaly or misuse is detected.
4) Issues countermeacures against any intrusion that is detected.
5) Attacks are compared against known signatures and then a decision is made.

List the four locations where an IDS should be deployed.

1) Behind the external firewall and in the network DMZ,
2) Outside the external firewall.
3) On major network backbones
4) On critical subnets.

Describe the following types of alerts:
1) True-positive
2) False positive
3) False Negative
4) True Negative

1) An alarm when an attack occurs.
2) An alarm when no attack has actually taken place.
3) When no alarm is raised when an attack occurs.
4) When no alarm is raised when an attack hasn’t occured.

What is a Honeypot?

Is a information system resource that is set up to attract and trap people who attempt to hack a network.

Describe these types of Honeypots:
1) Low-interaction
2) Medium-interaction
3) High-Interaction
4) Pure

1) Simulate a limited number of services and applications of a system.
2) Simulate real OS, applications and service of a network.
3) Simulate all services and applications of a network.
4) Emulate the real production environment of a network.

Describe these types of Honeypots: 1) Production 2) Research 3) Malware 4) Database

1) Deployed inside the production network to find internal flaws and attackers in a network. 2) High-interaction honeypots to gain detailed knowledge about an attacker. 3) Used to trap malware campaigns and attempts. 4) Fake databases that are vulnerable to database-related attacks such as SQL.

Describe these types of Honeypots: 1) Spam 2) Email 3) Spider 4) Honeynets

1) Set up to target spammers who abuse open relays/proxies. 2) Fake email addresses to attract malicious emails. 3) Designed to trap web crawlers and spiders. 4) Networks of Honeypots.

What are proxy servers?

Is a dedicated computer/software located betrween a client and the actual server. It serves client requests on behalf of actual servers, preventing actual servers from exposing themselves.

Describe these types of proxies: 1) Transparent 2) Non-transparent 3) SOCKS 4) Anonymous 5) Reverse

1) When a client system connects to a server without its knowledge. 2) The client is made aware of the proxy's existence. 3) Doesn't allow external network components to collection information on the client that generated the request. 4) Does not transfer information about the IP address of the user. 5) Is situated between the client and the web server. Acts as an intermediary which accepts then forwards requests to the web server.

What is a VPN concentrator?

Is a network device that is used to create secure VPN connections.

What are these VPN types? 1) Client-to-Site 2) Site-to-Site

1) Remote-Acces VPNs that allow an individual to create secure connections to a company's network over the Internet. 2) Intranet-based: VPN connects between sites of a single organization Extranet-based: VPN connects between different organizations.

What is VPN Encapsulation?

When packets over a VPN are enclosed within another packet that contains a different IP source and destination. Protects the integrity of the data being sent.

Describe these VPN technologies: 1) Trusted 2) Secure 3) Hybrid

1) The service provider owns and manages the entire VPN infrastructure, including servers and networking equipment. 2) Focus on encrypting data as it travels across the public internet or other insecure networks. 3)C ombine elements of both trusted and secure VPNs.

Describe these VPN topologies: 1) Hub-and-Spoke 2) Point-to-Point 3) Full Mesh 4) Star

1) Each individual creates a seperate and secure tunnel between themselves and the hub. 2) Different locations can communicate with each other. 3) Peer-to-peer connection is established between all devices. 4) Interconnection is not allowed and remote sites can only connect to the central authority.

Describe these modes of IPSec: 1) Tunnel 2) Transport

1) Both header and payload are encrypted. 2) Only the payload is encrypted.

What is a Jump Server?

Is an intermediary gateway inside a secure environment that is used to connect hosts/devices in that network to another security zone such as a DMZ.

What is User Behaviour Analytics (UBA)?

The process of tracking user behaviour to detect malicious attacks, threats, and fraud.

What is Network Access Control (NAC)?

Are solutions that attempt to protect the network by restricting the connect of an end user to a network based on security policy.

What is a Web Content Filter?

Hardware/Software solution that block browsing of harmful websites.

What is Unified Threat Management (UTM)?

Is a network management solutions to monitor and manage an organization's network through a centralized console. Is comprised of: 1) Load Balancer 2) Network Firewall 3) Content Filter 4) VPN 5) Anti-Virus/Spam 6) IDS/IPS

What are the following? 1) Security Incident and Event Mangement (SIEM) 2) Security Orchestration, Automation, and Response (SOAR)

1) Performs real-time SOC functions like identifying, monitoring, recording and auditing security incidents. 2) A stack of technologies that assist security teams in accumulating, investigating and responding to security events.

What is a Load Balancer?

Is a device that distributes network traffic across multiple servers.

Describe these Load Balancing algorithms: 1) Session Affinity 2) Round-robin 3) Least Connections 4) Random Connections

1) Tracks the session cookie and forwards the request to the same application server. 2) Distributes requests sequentially according to weights assigned to each server. 3) Chooses the server with the least active connections. 4) Selects two random servers then the chosen one is based on the least-connections algorithm.