Chapter 1 - Networking Security Concepts

Question 0

Network security objectives involve what 3 basic concepts?

Answer 0

Confidentiality, integrity, and availability. CIA

Question 1

When it comes to users, what is a key part of a comprehensive security policy?

Answer 1

Training users and remembering that users themselves represent a security risk.

Question 2

What are 2 types of data?

Answer 2

1) Data in motion as it moves across the network

2) Data at rest, when data is sitting on storage media

Question 3

What does confidentiality mean?

Answer 3

Only the authorized persons or systems can view sensitive or classified information. It also implies that unauthorized individuals should not have any type of access to the data.

Question 4

What is the primary way to protect data in motion?

Answer 4

Encrypting the data.

Question 5

What does integrity mean?

Answer 5

Changes made to the data are only done by authorized individuals or systems.

Question 6

What is corruption of data?

Answer 6

Failure to maintain data integrity.

Question 7

What is availability?

Answer 7

Applies to system and data - if a system is not available to end users this may have a significant impact on a business whose users rely on it. This can equate to loss of revenue.

Question 8

What is risk management?

Answer 8

Based on specific principles and concepts related to both asset protection and security management.

Question 9

What is an asset?

Answer 9

An item that is to be protected. It can include property, people, and information. Also, intangible items such as proprietary info or trade secrets.

Question 10

What is a vulnerability?

Answer 10

An exploitable weakness of some type. This can be from a malicious attack or accidentally triggered by because of a failure or weakness in the policy, implementation, or software running on the network.

Question 11

What is a threat?

Answer 11

This is what you are protecting against. It’s anything that attempts to to gain unauthorized access to, compromise, destroy, or damage an asset.

Question 12

Why must you be ever diligent to keep up with threats?

Answer 12

Threats can morph and be modified over time.

Question 13

What is risk?

Answer 13

The potential for unauthorized access to, compromise, destruction, or damage to an asset.

Question 14

How do you reduce the potential for a threat to be successful and reduce overall risk?

Answer 14

Ensuring that proper countermeasures and protections are in place.

Question 15

What is a countermeasure?

Answer 15

A device or process (a safeguard) that is implemented to counteract a potential threat, which thus reduces risk.

Question 16

What are 4 asset classification categories?

Answer 16

1) Governmental classifications (Unclassified, Sensitive but unclassified (SBU), Confidential, Secret, Top Secret)
2) Private sector classifications (Public, Sensitive, Private, Confidential)
3) Classification criteria (Value, Age, Replacement cost, Useful lifetime)
4) Classification roles (Owner [the group ultimately responsible for the data], Custodian [the group responsible for implementing the policy as dictated by the owner], and User [those who access the data and abide by the rules of the acceptable use for the data]

Question 17

What are 3 common methods used to implement countermeasures?

Answer 17

1) Administrative - Written policies, procedures, guidelines, and standards.
2) Physical - Physical security for the network servers, equipment, and infrastructure.
3) Logical - Logical controls include passwords, firewalls, IPS’s, access lists, VPNs, etc.

Question 17

Describe a man-in-the-middle attack at Layer 2.

Answer 17

The attacker spoofs Layer 2 MAC addresses to make the devices on the LAN believe that the Layer 2 address of the attacker is the Layer 2 address of their default gateway. Frames that are supposed to go to their default gateway are now going to the Layer 2 address of the attacker.

Question 17

What is a man-in-the-middle attack?

Answer 17

When an attacker places himself in line between 2 devices that are communicating with the intent to perform reconnaissance or to manipulate the data as it moves between them.

Question 18

What are 5 other additional miscellaneous attack methods?

Answer 18

1) Covert channel
2) Trust exploitation
3) Password attacks
4) Botnet
5) DoS and DDoS

Question 18

How can a man-in-the-middle attack occur at Layer 3?

Answer 18

A rogue router being placed on the network and then tricking the other routers into believing that the new router has a better path. This could cause network traffic to flow through the rogue router and again allow the attacker to steal data.

Question 18

What is a password attack?

Answer 18

These could be brute force, where the attacker’s system attempts thousands of possible passwords looking for the right match.

Question 18

What technique could you use to prevent spoofing of Layer 2 addresses?

Answer 18

Dynamic Address Resolution Protocol (ARP) Inspection (DAI)

Question 18

What is a covert channel attack?

Answer 18

This uses programs or communications in unintended ways. Example, if the security policy says that web traffic is allowed but peer-to-peer messaging is not, users can attempt to tunnel their peer-to-peer traffic inside of HTTP traffic. The attacker tries to hide traffic by tunneling it inside of some other allowed protocol to avoid detection.

Question 18

What is an overt channel?

Answer 18

The legitimate use of a protocol, such as a user with a web browser using HTTP to access a web server.

Question 18

What are some ways to mitigate Layer 3 man-in-the-middle attacks?

Answer 18

Using routing authentication protocols and filtering information from being learned or advertised on specific interfaces.

Question 18

In regards to management of devices, what is a best practice to avoid the stealing of usernames and passwords during a man-in-the-middle attack?

Answer 18

Use management protocols that have encryption built in such as SSH or HTTPS, or VPN.

Question 18

What is trust exploitation?

Answer 18

If a firewall has 3 interfaces and the outside interface allows all traffic to the DMZ, an attacker could leverage that by gaining access to the DMZ and using that location to launch his attacks from there to the inside network.

Question 18

How can you implement a security policy that takes nothing for granted?

Answer 18

Requiring authentication from users before their computer is allowed on the network.

Question 18

Other than spoofing Layer 2 addresses, how else could an attacker perform a man-in-the-middle attack at Layer 2?

Answer 18

By placing a switch on the network and manipulating Spanning Tree Protocol (STP) to become the root switch (and thus gain the ability to see traffic that needs to be sent through the root switch).

Question 19

What is a botnet?

Answer 19

A collection of infected computers that are ready to take instructions from the attacker.

Question 21

What are 4 guidelines for a secure network architecture?

Answer 21

1) Rule of least privilege
2) Defense in depth
3) Separation of duties
4) Auditing

Question 22

What is the rule of least privilege?

Answer 22

This rule states that minimal access is only provided to the required network resources, and not any more than that.

Question 23

What is defense in depth?

Answer 23

This concept suggests that you have security implemented on nearly every point of your network. Filtering at the perimeter router, filtering again at a firewall, using IPSs to analyze traffic before it reaches your servers, and using host-based security precautions at the servers, as well.

Question 24

What is separation of duties?

Answer 24

By placing specific individuals into specific roles, there can be checks and balances in place regarding the implementation of the security policy.

Question 25

What does auditing refer to?

Answer 25

This refers to accounting and keeping records about what is occurring on the network. Most of this can be automated through the features of authentication, authorization, and accounting (AAA).

Question 33

What is DoS and DDoS?

Answer 33

Denial-of-service attack and distributed denial-of-service attack. An example is using a botnet to attack a target system.