Lesson 9 Implementing Secure Network Designs

Question 1

What is a Network Segment

Answer 1

A portion of a network where all attached hosts can communicate freely with one another.

Question 2

What is zone

Answer 2

an area of the network where the security configuration is the same for all hosts within it.

Question 3

Describe the intranet zone

Answer 3

a network of trusted hosts owned and controlled by the organization. Within the intranet, there may be sub-zones for different host groups, such as servers, employee workstations, VoIP handsets, and management workstations

Question 4

What is an Extranet zone

Answer 4

a network of semi-trusted hosts, typically representing business partners, suppliers, or customers. Hosts must authenticate to join the extranet

Question 5

What is a bastion host

Answer 5

A server typically found in a DMZ that is configured to provide a single service to reduce the possibility of compromise.

Question 6

Described the screened subnet topology

Answer 6

uses two firewalls placed on either side of the DMZ. The edge firewall restricts traffic on the external/public interface and allows permitted traffic to the hosts in the DMZ. The edge firewall can be referred to as the screening firewall or router. The internal firewall filters communications between hosts in the DMZ and hosts on the LAN. This firewall is often described as the choke firewall.

Question 7

Describe the Triple-Homed Firewall

Answer 7

using one router/firewall appliance with three network interfaces, referred to as triple-homed. One interface is the public one, another is the DMZ, and the third connects to the LAN. Routing and filtering rules determine what forwarding is allowed between these interfaces

Question 8

What is East-West traffic

Answer 8

Design paradigm accounting for the fact that data center traffic between servers is greater than that passing in and out (north-south).

Question 9

What is Zero Trust

Answer 9

Security design paradigm where any request (host-to-host or container-to-container) must be authenticated before being allowed

Question 10

How can Zero Trust be implemented in a network

Answer 10

Continuous authentication and conditional access to mitigate privilege escalation and account compromise by threat actors

Question 11

What is another way Zero Trust can be implemented in a network

Answer 11

applying micro segmentation by setting policies to a single node as though it was a zone of its own

Question 12

What is ARP poisoning?

Answer 12

A network-based attack where an attacker with access to the target local network segment redirects an IP address to the MAC address of a computer that is not the intended recipient. This can be used to perform a variety of attacks, including DoS, spoofing, and Man-in-the-Middle.

Question 13

What is a Broadcast storm?

Answer 13

Traffic that is recirculated and amplified by loops in a switching topology, causing network slowdowns and crashing switches.

Question 14

What is a storm control setting on a switch

Answer 14

a backup mechanism to rate-limit broadcast traffic above a certain threshold

Question 15

What is a BPDU guard?

Answer 15

a switch port security feature that can disable a port if it receives a BPDU from a connected device

Question 16

What is MAC filtering?

Answer 16

Applying an access control list to a switch or access point so that only clients with approved MAC addresses can connect to it

Question 17

What is Dynamic ARP inspection?

Answer 17

prevents a host attached to an untrusted port from flooding the segment with gratuitous ARP replies

Question 18

What is Endpoint Security?

Answer 18

a set of security procedures and technologies designed to restrict network access at a device level

Question 19

What is Port-Based network Access control (PNAC)

Answer 19

A switch (or router) that performs some sort of authentication of the attached device before activating the port.

Question 20

How does PNAC - Port-based network access control work?

Answer 20

A switch uses an AAA server to authenticate the attached device before activating the port

Question 21

What is Network Access Control (NAC)

Answer 21

A general term for the collected protocols, policies, and hardware that authenticate and authorize access to a network at the device level.

Question 22

What is a health policy?

Answer 22

policies or profiles describing a minimum security configuration that devices must meet to be granted network access

Question 23

What is a posture assessment?

Answer 23

The process for verifying compliance with a health policy by using host health checks.

Question 24

What can happen if a an attack on route security is successful?

Answer 24

Enables the attacker to redirect traffic from its intended destination

Question 25

What vulnerabilities is Routing subjected to?

Answer 25

Spoofed routing information (route injection
Source routing
Software exploits in the underlying OS

Question 26

What is a Basic Service Set Identifier (BSSID)

Answer 26

A Wireless Access Points (WAP) MAC address

Question 27

What is Co-Channel interference (CCI)?

Answer 27

when two WAPs in close proximity use the same channel, they compete for bandwidth within that channel, as signals collide and have to be re-transmitted

Question 28

What is Adjacent Channel Interference (ACI)

Answer 28

occurs when transmissions are sent on an adjacent or partially overlapping channel.

Question 29

What is a site survey?

Answer 29

A collection of information about a location for the purposes of building an ideal infrastructure; it often contains optimum locations for wireless antenna and access point placement to provide the required coverage for clients and identifying sources of interference.

Question 30

What is a Heat Map?

Answer 30

In a Wi-Fi site survey, a diagram showing signal strength at different locations.

Question 31

When looking at a Heat map if the signal is strong what color will it be?

Answer 31

Red

Question 32

When looking at a Heat map if the signal is weak what color will it be?

Answer 32

green/blue

Question 33

What are the main features of WPA3

Answer 33

Simultaneous Authentication of Equals (SAE)
Enhanced Open
Galois Counter Mode Protocol (GCMP)

Question 34

What is Simultaneous Authentication of Equals (SAE)

Answer 34

Personal authentication mechanism for Wi-Fi networks introduced with WPA3 to address vulnerabilities in the WPA-PSK method

Question 35

What is Enhanced Open

Answer 35

Enables encryption for the open authentication method

Question 36

What is AES Galois Counter Mode Protocol (GCMP)

Answer 36

Mode of operation for AES that ensures authenticated encryption.

Question 37

What is Pre-shared key (PSK)

Answer 37

Passphrase-based mechanism to allow group authentication to a wireless network. The passphrase is used to derive an encryption key.

Question 38

How does Pre-shared key work?

Answer 38

uses a passphrase to generate the key that is used to encrypt communications. the administrator configures a passphrase of between 8 and 63 ASCII characters. This is converted to a 256-bit HMAC (expressed as a 64-character hex value) using the PBKDF2 key stretching algorithm

Question 39

What is Wifi protected setup (WPS)

Answer 39

A feature of WPA and WPA2 that allows enrollment in a wireless network based on an 8-digit PIN

Question 40

What does Extensible Authentication over Wireless allow you to do?

Answer 40

to allow an access point to forward authentication data without allowing any other type of network access.

Question 41

How does Enterprise Authentication work with EAPoW?

Answer 41

when a wireless station requests an association, the WAP enables the channel for EAPoW traffic only. It passes the credentials of the user (supplicant) to an AAA (RADIUS or TACACS+) server on the wired network for validation. When the supplicant has been authenticated, the AAA server transmits a master key (MK) to the supplicant. The supplicant and authentication server then derive the same pairwise master key (PMK) from the MK. The AAA server transmits the PMK to the access point. The wireless station and access point use the PMK to derive session keys, using either the WPA2 4-way handshake or WPA3 SAE methods.

Question 42

What is EAP-TLS

Answer 42

An EAP method that requires server-side and client-side certificates for authentication using SSL/ TLS

Question 43

How does EAP-TLS work?

Answer 43

An encrypted Transport Layer Security (TLS) tunnel is established between the supplicant and authentication server using public key certificates on the authentication server and supplicant. As both supplicant and server are configured with certificates, this provides mutual authentication. The supplicant will typically provide a certificate using a smart card or a certificate

Question 44

What is Protected Extensible Authentication Protocol (PEAP)

Answer 44

EAP implementation that uses a server-side certificate to create a secure tunnel for user authentication, referred to as the inner method.

Question 45

How does Protected Extensible Authentication Protocol (PEAP) work?

Answer 45

n encrypted tunnel is established between the supplicant and authentication server, but PEAP only requires a server-side public key certificate. The supplicant does not require a certificate. With the server authenticated to the supplicant, user authentication can then take place through the secure tunnel with protection against sniffing, password-guessing/dictionary, and on-path attacks

Question 46

How does EAP-TTLS work

Answer 46

uses a server-side certificate to establish a protected tunnel through which the user’s authentication credentials can be transmitted to the authentication server. The main distinction from PEAP is that EAP-TTLS can use any inner authentication protocol (PAP or CHAP, for instance), while PEAP must use EAP-MS-CHAPv2 or EAP-GTC

Question 47

What is EAP-FAST

Answer 47

uses a Protected Access Credential (PAC), which is generated for each user from the authentication server’s master key.

Question 48

How can you detect a rouge WAP

Answer 48

By using a spectrum analyzer

Question 49

How does a Distributed reflection DoS attack/ amplification SYN flood attack work?

Answer 49

the threat actor spoofs the victim’s IP address and attempts to open connections with multiple servers. Those servers direct their SYN/ACK responses to the victim server. This rapidly consumes the victim’s available bandwidth.

Question 50

How does an Application Attack work?

Answer 50

an application attack targets vulnerabilities in the headers and payloads of specific application protocols.

Question 51

What is a Operational Technology (OT)

Answer 51

A communications network designed to implement an industrial control system rather than data networking.

Question 52

What is a blackhole

Answer 52

an area of the network that cannot reach any other part of the network

Question 53

What is a sinkhole

Answer 53

A DoS attack mitigation strategy that directs the traffic that is flooding a target IP address to a different network for analysis