Security Engineering

Question 1

What is a firewall?

Answer 1

• Monitors network traffic
• permits or blocks based on rules
• barrier between network segments
• first line of defence
• Different types of firewalls (Web application firewall WAF, Next Generation Firewall NGFW)
• Important things to block to/from the internet (Direct RDP, email direct from workstations, any additional ports/ traffic that aren’t necessary)

Question 2

What is a DMZ?

Answer 2

• A boundary between internal and external networks
• network segment used for public systems
• provides secure way to host public resources
• Examples of a DMZ (public web servers, edge email serves, VPN termination points, supporting infrastructure)

Question 3

Outline email security

Answer 3

As of 2020, phishing was the most common attack - multiple types of phishing, malicious links and attachments, social engineering
- Filters spam and other malicious emails
- identify and (potentially) block marketing / bulk
- DLP capabilities

Question 4

What is an IDS?

Answer 4

IDS - intrustion detection system - detects and alerts
IPS - intrustion prevention system - detects, alerts and blocks

Question 5

HIDS vs NIDS (IDS systems)

Answer 5

HIDS - host-based intrusion system
NIDS - Network-based intrusion system

Question 6

Discuss remote access

Answer 6

Allows external access to a private network. Different types - VPN (site to site - connects two networks together, point to point - individual user logging into a remote network), Storefront (citrix, RDP)

MFA should always be used.

Question 7

Outline web filtering

Answer 7

Both technical and management purposes.
Normally on internal network.
User ID and logging.

Question 8

What is an active directory

Answer 8

• central database and structure for windows
• a set of managed centralised security controls (group policy objects (GPOs), password controls)
• account lockout settings

Question 9

What are examples of Group Police Object (GPO) uses in an active directory

Answer 9

• local administrators
• restrict access to endpoints
• install software, run scripts
• manage local firewall
• enforce encryption

Question 10

Explain the best practices of domain administrator in an active directory

Answer 10

Domain administrator is the highest level of access to an active directory. Best practices:
- create a new account (don’t rename the existing default)
- change password periodically
- separate accounts for server admins
- only use when absolutely required

Question 11

What’s the purpose of network segmantation?

Answer 11

• Helps isolate and contain attacks.
• Prevent user from accessing resources (separation of duties, least privilege)

Question 12

What are some methods of network segmantation?

Answer 12

-ACLs - access control lists
- isolated VLANS - virtual local area network
- NAC - network access control
- Dedicated software (ISE, etc)

Question 13

Discuss ACLs

Answer 13

‘Access control lists’
- rules for network traffic
- limits what systems can talk to
- also used in firewalls, routers, other network access control

Question 14

Compare untrusted vs trusted networks

Answer 14

Trusted
- interconnected devices
- authorised users
- administratively managed

Untrusted
- outside network perimeter and control of admin
- typically unsecured, public

Question 15

Discuss web filtering

Answer 15

• for both technical and management purposes
• why? (malicious sites and ads, NSFW content, potential data leakage, restrict web browsing by role/position)
• normally on internal network
• user identification and logging

Question 16

What are the endpoint security basics?

Answer 16

• Least privilege - only give access to what is needed for job, nothing more
• Local administrators - don’t log directly into workstation (elevate rights as needed), limit access, centrally managed, end users should not be local admins
• GPOs (group policy objects) - centrally manage from active directory
• UAC (user account control) - windows only - limits application access, helps protect against malicious processes

Question 17

Discuss anti-virus and advanced malware protection

Answer 17

AV - mainly signature definitions, malware must already be known
AMP - behaviour-based, malware does not need to already be known

Policies (require password to uninstall, to have definitions pushed down at certain interval, scheduled scans)

Question 18

What are the two types of AV and AMP

Answer 18

On-prem - more control, centrally managed, endpoints don’t need to reach out to net for definition updates. You are responsible to manage infrastructure.

Cloud managed - if device leaves network it can still contact server, no infrastructure management, requires internet connectivity

Question 19

Discuss encryption

Answer 19

Encryption transforms data into a form that prevents original information from being read.
Used for sensitive data (PHI, PII, confidential data)
-Bitlocker (windows only) - various ways to manage and store encryption keys
- removable drive encryption (either data on the drive or entire drive)

Question 20

What is the purpose of Data Loss Prevention? (DLP)

Answer 20

Protects against sensitive data leaving organisational control
- PHI (protected health info)
- PII (personally identifiable information)
- PCI (payment card industry)

Question 21

What are the two types of data leakage?

Answer 21

1. Accidental
2. Malicious (ransomware, insider threat)

Question 22

What is Virtual desktop infrastructure? (VDI)

Answer 22

Uses virtual machine technology to provide virtual desktops. Workstations are centrally hosted. Various solutions and vendors.

More control and management abilities - easy deployment, centralised updating
- can help contain and mitigate attacks / delete and redeploy a compromised workstation