Week 12 - Infrastructure, host and application security

Question 1

network infrustructure?

Answer 1

various technologies, devices, services and interconnections to provide communication across a network

Question 2

security of a network infrustructure?

Answer 2

installing preventative measure

Question 3

Cisco three layer model?

Answer 3

a hierarchical model to help understand the complexity of a network

Question 4

Cisco three layer model access

Answer 4

entry point for end user devices.

security controlled via access control features and using policies

Question 5

Cisco three layer model distribution

Answer 5

routers and switches, devices for filtering traffic and access to WAN features in core layer

Question 6

Cisco three layer model core

Answer 6

the delivery of large volumes of traffic between distribution layer devices. aka the network backbone

Question 7

what is a switch?

Answer 7

an entry point for end users devices on to a network

Question 8

How many types of switch?

Answer 8

two, unmanaged - home - plugin an use without config

managed - businesses - allows config and control over traffic management and security

Question 9

security implications of a switch?

Answer 9

devices not being hardened - weak authentication.

MAC flooding - attack causes the switch to overload and reveal addresses

Question 10

whats a router?

Answer 10

routing packets between networks (WWW)

Question 11

what are the two types of router function?

Answer 11

path determination builds a routing table - a database of known networks

packet forwarding accepts a packet then determines where it should be sent

Question 12

security implications of a router?

Answer 12

prone to attacks if not properly protected - routing tables are vulnerable -DoS.

Question 13

main vulnerabilities of switches?

Answer 13

MAC address tables: flooding causes the switch to act as a hub revealing all devices on the network - prone to eavesdropping

VLAN
can be used to reveal and access devices on another network

Question 14

main vulnerabilities of routers?

Answer 14

attack on router services
manipulation of discovery protocols - reveal neighbouring networks

buffer overflows ICMP (ping) - echo request that are too large - buffer overflow - DoS

routing tables
manipulation of routing protocols - MITM or DoS

Question 15

what is network media?

Answer 15

all components to connect devices - circuitry, connectors and media

Question 16

three types of attacks?

Answer 16

volume based attack: saturates bandwidth with spoofed packets

protocol attack: consumes resources

application layer attack:
uses systems and device vulnerabilities to crash servers and devise

Question 17

How does a DDoS attack work?

Answer 17

master computer uses a number of other bots (botnets) to attack to overwhelm and disrupt

Question 18

techniques implemented in routers to mitigate DoS attacks:

Answer 18

blackholing
traffic from suspicious source is dropped into a black hole - packets dropped from network

limiting requests
allowing a server to receive no more than a certain number of requests

net diffusion
using load balancing techniques

Question 19

what is spoofing?

Answer 19

when traffic seems to be originating from a trusted source but is in fact originating from another source using falsified information.

Question 20

two categories of spoofing?

Answer 20

non-blind spoofing
attacker can see traffic on network

*blind spoofing**
attacker cannot see packets between source and destination (common DoS attack)

Question 21

IP spoofing?

Answer 21

IP has forged source source address - network layer (layer 3)

Question 22

DNS spoofing?

Answer 22

interception of DNS before actual DNS can respond. victim lead to a falsified website - application layer (layer 7)

Question 23

What is DNS?

Answer 23

domain name system

phonebook of the internet

Question 24

ARP spoofing?

Answer 24

aka address resolution protocol (ARP) poisoning. - used to determine MAC address where IP address is already known - modifies ARP cache then uses victims IP address

Question 25

Securing devices ; whats a firewall?

Answer 25

1s line of defence - barrier between network and users -

Question 26

what are the 3 types of firewall?

Answer 26

packet filter
looking at packets and comparing against firewall rules

stateful packet inspection
examines each packet and previous packets in the conversation - sniffs out DoS attacks

stateless inspection
monitors traffic based on source and destination information

Question 27

application filter, also known as?

Answer 27

proxy - filters specific types of application and protocol being used - added security features

Question 28

transparent proxy?

Answer 28

receives and forwards data - does not modify -o

Question 29

anonymous proxy

Answer 29

does not pass IP address details - identifies as proxy - keeps web browsing private - targeted for location based advertising

Question 30

high anonymous proxy?

Answer 30

source IP address periodically changes - making it difficult to keep track of location of IP

Question 31

whats honeypots?

Answer 31

diverts attackers away from real target - identifies new vulnerabilities to learn attackers identity or pattern of attack