4 Network Security

Question 1

2 basic network connection options

Answer 1

1 Wired
2 Wireless

Question 2

Ethernet cable =

Answer 2

RJ-45 connector (8 pin connector - 8 wires)

Question 3

Telephone connectors =

Answer 3

RJ-11(6 pins)

Question 4

Wi-Fi networks create -

Answer 4

wireless LANs

Question 5

Internet Protocol main responsibilities (2)

Answer 5

1 providing an addressing scheme (IP addresses) that uniquely identify computers on a network
2 delivering information in chunks known as packets

Question 6

3 TCP flags

Answer 6

1 SYN
2 ACK
3 FIN

Question 7

The order of TCP flags

Answer 7

1 SYN
2 SYN/ACK
3 ACK

Question 8

OSI Layer 7

Answer 8

7 Application
- determines how users interact with data
- web browsers, other client applications

Question 9

OSI Layer 6

Answer 9

6 Presentation
- translates characters/bits
- encryption/decryption

Question 10

OSI Layer 5

Answer 10

5 Session
- opening/maintaining/closing sessions between devices

Question 11

OSI Layer 4

Answer 11

4 Transport
- (TCP/UDP)
- creates connections between systems and transports data in a reliable manner

Question 12

OSI Layer 3

Answer 12

3 Network
- IP
- expands networks to many different nodes

Question 13

OSI Layer 2

Answer 13

2 Data Link
- (MACs)
- transfers data between 2 nodes connected to the same physical network

Question 14

OSI Layer 1

Answer 14

1 Physical
- responsible for sending bits over the network using cables, radio waves, fiber optics, etc

Question 15

7 OSI layers

Answer 15

7 Application
6 Presentation
5 Session
4 Transport
3 Network
2 Data Link
1 Physical

Question 16

4 TCP layers

Answer 16

4 Application Layer (session, presentation, and application)
3 Transport Layer (same)
2 Internet layer (network)
1 Network interface (physical and data link)

Question 17

IPv4 —- bit

Answer 17

32 bit, dotted quad, each number represented using 8 binary bits

Question 18

NAT

Answer 18

(router/firewall) translates private IP addresses to public before sending packets

Question 19

2 parts of an IP address

Answer 19

1 Network Portion (identifies the network that the device is connected to)
2 Host Portion (uniquely identifies the device on that network)

Question 20

Subnetting is

Answer 20

The process of dividing a network into smaller networks
- network interfaces on devices within a subnet can communicate directly
- routers facilitate communication between different subnets

Question 21

IPv6 —- bit

Answer 21

128 bit
- consist of eight groups of 4 hexadecimal numbers
- each number has 16 possible symbols (0-F)

Question 22

Network ports are represented using a ____ with _____ possible values

Answer 22

16 bit binary number, 65,536 (0 - 65,535)

Question 23

Well known ports (range)

Answer 23

0 -1023,
- ensures everyone on the internet will know how to find common services on a system

Question 24

Registered ports (range)

Answer 24

1024 - 49151
- application vendors may register their applications to use these ports

Question 25

Dynamic ports (range)

Answer 25

49152 - 65535 - applications may use these on a temporary basis

Question 26

21

Answer 26

FTP control (the FTP uses port 21 to transfer data between systems)

Question 27

22

Answer 27

SSH (the secure shell protocol uses port 22 for encrypted administrative connections)

Question 28

25

Answer 28

SMTP (exchange email between servers)

Question 29

53

Answer 29

used by DNS Domain Name Server - translates human-readable domain names into machine-readable IP address equivalents.

Question 30

443

Answer 30

HTTPS

Question 31

110

Answer 31

POP (allows clients to retrieve email on port 110)

Question 32

Network communications using the NetBIOS protocol for Windows (ports)

Answer 32

137, 138, 139

Question 33

IMAP (port)

Answer 33

143

Question 34

RDP (Remote Desktop Protocol) (port)

Answer 34

3389 - similar purpose to SSH

Question 35

3 types of networks that use some form of authentication to limit access:

Answer 35

1 Pre-shared keys (encryption) 2 Enterprise Authentication (uses individual usernames and passwords) 3 Captive Portals (provide authentication on unencrypted wireless networks)

Question 36

Encryption function

Answer 36

- takes radio waves (an insecure communications technology) and makes it secure

Question 37

WEP -

Answer 37

Encryption protocol (Wired Equivalent Privacy) - insecure (don’t use)

Question 38

WPA -

Answer 38

(WiFi Protected Access) - 1st version (2003) - used TKIP (Temporal Key Integrity Protocol) - no longer secure

Question 39

WPA 2

Answer 39

(2004) (WiFi Protected Access v2) - uses CCMP (Counter Mode Cipher Block Chaining Message Authentication Code Protocol) - an encryption protocol based on the AES (Advanced Encryption Standard) - some potential issues, but is widely used and still considered secure

Question 40

WPA 3

Answer 40

(2020) - supports CCMP but adds SAE (new) - SAE (Simultaneous Authentication of Equals) - SAE = a secure key exchange protocol based on the Diffie-Hellman technique

Question 41

Ping uses

Answer 41

ICMP (Internet Control Message Protocol) - sends an ICMP echo request packet “hello, are you there?” - remote system sends back ICMP echo reply “yes, I’m here”

Question 42

Ping troubleshooting steps (4)

Answer 42

1 Ping the remote system 2 Ping another system on the internet 3 Ping a system on your local network 3 Try the same process from a different computer

Question 43

creates customized ping requests (customized packets)

Answer 43

HPing

Question 44

Traceroute

Answer 44

- determines the network path (how packets travel) between two systems (hosts) - each line shows 1 hop on the network path - lines with * show hops (systems) that are not answering ICMP echo requests

Question 45

- Windows command combining ping and tracert (traceroute) functionality

Answer 45

Pathping

Question 46

3 types of malware

Answer 46

(Viruses, worms, trojans) - malicious software

Question 47

2 components of malware

Answer 47

1 propagation mechanism 2 payload

Question 48

Virus spreads

Answer 48

based on some type of user action

Question 49

Worm spreads

Answer 49

on its own by exploiting system vulnerabilities, without user interaction - then uses the infected system as a base to infect other systems on the LAN or internet

Question 50

Trojan

Answer 50

- pretend to be legitimate software - program runs as expected - but also carries malicious hidden payload

Question 51

Botnet =

Answer 51

- a network of infected computers used for malicious purposes - attackers steal computing power, storage, or network connectivity

Question 52

All eavesdropping attacks require

Answer 52

some compromise of the communication path between a client and server (after the attacker gains either physical or logical access to a network)

Question 53

Man-in-the-middle attack

Answer 53

- tricks the sending system during the initial communication - attacker may reconfigure a network device - or use DNS or ARP poisoning

Question 54

Eavesdropping methods:

Answer 54

- Network device or cable tapping - DNS or ARP poisoning

Question 55

Replay attack

Answer 55

- captures encrypted authentication token/info and creates a separate authenticated connection

Question 56

Replay attacks are defeated by

Answer 56

- using session tokens (limited time span) or timestamps (packets must be sent within a similar time window

Question 57

SSL Stripping (a variation on eavesdropping attacks)

Answer 57

- exploits a vulnerability and tricks the users browser into sending unencrypted communications - stripping the SSL or TLS protection off of the communication

Question 58

Implementation attacks

Answer 58

- exploit a cryptographic system’s design or implementation flaws

Question 59

Fault Injection

Answer 59

- the attacker attempts to compromise the integrity of a device by causing some type of external fault (high-voltage spike, high or low temperature, etc) - the fault may cause a malfunction and cause the system to fail to encrypt data properly

Question 60

IDS

Answer 60

IDS - monitors and detects - alerts administrators to suspicious activity

Question 61

IDPS

Answer 61

- can alert or block depending on the policy (can take immediate corrective action) - 2 types of errors - false positives and false negatives

Question 62

2 different technologies to identify suspicious traffic

Answer 62

1 Signature-based (Rule-based) - vulnerable to 0-day attacks 2 Heuristic Detection (Anomaly Detection, Behavior-based Detection) - can detect 0-day attacks but has high false positive rates

Question 63

IPS deployment models (2)

Answer 63

1 in-band (inline) - single point of failure (vulnerability) 2 out-of-band (passive) - can react by blocking future traffic, but can’t stop the initial attack because it only learns about it after it has been sent

Question 64

Anti-malware Software (‘antivirus software) - uses 2 different mechanisms

Answer 64

1 Signature detection 2 Heuristic/behavior detection - uses EDR solutions (Endpoint Detection and Response)

Question 65

Vulnerability Scanning Tools (3 major categories)

Answer 65

1 Port Scanners - probe for open network ports - NMAP (Network Mapper) 2 Vulnerability Scanners - probe ports for known vulnerabilities - Nessus 3 Application Scanners - probe deep into web applications and tests for security flaws

Question 66

Data center air temperature

Answer 66

- use the expanded environmental envelope (64.4 - 80.6 F)

Question 67

Data center humidity

Answer 67

- maintain dew point between 41.9 and 50 F

Question 68

Fire Triangle

Answer 68

heat, oxygen, fuel

Question 69

Security Zones

Answer 69

- firewalls segment networks into security zones to protect systems of differing security levels

Question 70

Border Firewalls (typical model)

Answer 70

- have 3 network interfaces because they connect 3 different security zones together 1 untrusted network (internet) 2 trusted network (intranet) 3 DMZ

Question 71

Zero Trust

Answer 71

(replacing implicit trust) - systems do not gain any trust based solely on their network location

Question 72

Extranet

Answer 72

- intranet segments extended to business partners - example using a VPN to access the ERP system (Enterprise Resource Planning)

Question 73

2 Honeynet

Answer 73

- decoy network designed to attract attackers

Question 74

3 Ad Hoc Networks

Answer 74

- temporary network that may bypass security controls - may be planned - may be careless (employee sets up wireless access point for better signal)

Question 75

East-West Traffic - network traffic between systems located in the data center -may be regulated by a firewall if it crosses security zones

Answer 75

- network traffic between systems located in the data center -may be regulated by a firewall if it crosses security zones

Question 76

North-South Traffic

Answer 76

- network traffic between systems in the data center and systems on the internet

Question 77

Switches

Answer 77

- each switch port is connected to one end of a network cable, - wireless access points (contain radios) are also connected via cables to switches - switches are limited to creating local networks - operate at OSI layer 2 (data link) where they work with MAC addresses only

Question 78

Routers

Answer 78

- connect networks together using IP addresses (OSI layer 3 network) - make decisions about the best paths for traffic to follow - stateless inspection

Question 79

VLANs

Answer 79

- logically group LANs based on similar function - use trunks to allow switches in different locations to carry the same VLANs - OSI layer 2 (does not use routers or firewalls)

Question 80

Micro Segmentation

Answer 80

Creates very small VLANs, often temporary

Question 81

Stateless firewalls

Answer 81

- evaluate each packet separately when it arrives at the firewall - inefficient - older

Question 82

Stateful Inspection

Answer 82

- allows the two systems (client/server) to communicate back and forth without reevaluating the request each time a new packet appears for the duration of the connection - newer

Question 83

Firewall Rules (5)

Answer 83

1 source system address 2 destination system address 3 destination port 4 protocol 5 action (allow or deny) the firewall should take when encountering traffic matching the rule

Question 84

Implicit Deny Rule

Answer 84

- any traffic that isn’t explicitly permitted by a rule should automatically be denied

Question 85

Next Generation Firewalls (NGFW)

Answer 85

- incorporate contextual information into their decision-making process - identity of the user, time of day, etc.

Question 86

NAT Gateway

Answer 86

- translates between the public IPs used on the internet and the private IPs used on local networks

Question 87

Web Application Firewalls

Answer 87

- application aware (understand how the HTTP protocol works)

Question 88

Firewall Deployment Options (2)

Answer 88

Network hardware vs. host-based software firewalls

Question 89

Network firewalls

Answer 89

-physical devices that sit on a network

Question 90

Host-based

Answer 90

- applications or OS components that reside on a server

Question 91

Network Firewall Deployment Mechanisms (2)

Answer 91

1 Dedicated Hardware - ship with firewall firmware built in 2 Virtual appliances - loaded directly into a virtualization platform

Question 92

VPNs and VPN Concentrators - provide 2 important security functions

Answer 92

1 site-to-site VPNs allow secure interconnection of remote networks (branch offices, etc) 2 provide remote access for mobile workers

Question 93

VPN mechanism

Answer 93

- uses encryption to create a virtual tunnel between two systems over the internet - requires an endpoint on the remote network that accepts VPN connections

Question 94

VPN Concentrators

Answer 94

- for high volume, are very efficient- high bandwidth - VPN traffic requires resource-intensive encryption

Question 95

IPSec

Answer 95

- VPN protocol - usually used for static site-to-site VPNs - works at layer 3 (Network) - supports Layer 2 (Data Link) Tunneling Protocol (L2TP)

Question 96

SSL/TLS VPNs

Answer 96

- works at the application layer over TCP port 443

Question 97

HTML5 VPNs

Answer 97

- work entirely within the web browser - uses the web server in a proxying role

Question 98

Different tunneling approaches for remote access (3)

Answer 98

1 Full Tunnel VPN - all traffic leaving the connected device is routed through the VPN tunnel, regardless of its final destination - includes extraneous traffic 2 Split Tunnel VPN - only traffic destined for the corporate network is sent through the VPN tunnel. - extraneous traffic is routed directly over the internet 3 Always On VPN - all corporate mobile devices are configured to automatically connect to the VPN whenever they are powered on - takes control away from the end user

Question 99

Network Access Control (NAC)

Answer 99

- intercepts network traffic and verifies that the system and user are authorized before allowing communication with other systems - uses authentication protocol 802.1x

Question 100

802.1x transaction (involves 3 systems)

Answer 100

1 connecting device - runs a piece of software called a supplicant (performs NAC tasks) - uses EAP (Extensible Authentication Protocol) 2 Authenticator (Switch or Wireless controller) - receives credentials from user 3 Authentication Server - sends back either a radius accept or radius reject message - also decides where to place a user on the network

Question 101

NAC Roles (3)

Answer 101

1 user and device authentication 2 performs role-based access 3 performs posture checking (health checking)

Question 102

Quarantine VLAN

Answer 102

- for devices that fail - limited internet access for updating posture

Question 103

NAC approaches (2)

Answer 103

1 In-Band approach - NAC device is directly involved in decision making and enforcement 2 Out-of-band - NAC device makes the decision but other network components (Switch, wireless access point, etc) enforce the decision

Question 104

Smart Device =

Answer 104

the device is computer controlled and network connected

Question 105

Smart Device security issues (3)

Answer 105

1 slimmed-down OS - difficult for users to configure and update OS and software 2 a compromised device can be gateway to other devices on the network 3 cloud-based command and control can be a path for attackers that bypass a firewall

Question 106

Application Firewalls

Answer 106

- governs HTTP traffic to and from an application or service using rules and policies - IoT devices have web interfaces that are susceptible to traditional web application attacks (SQL injection, buffer overflows, cross-site scripting attacks, etc)

Question 107

Network Security for smart devices - 2 techniques

Answer 107

1 Network Segmentation - like DMZ for smart devices 2 Application Firewalls

Question 108

Security Wrappers

Answer 108

- ‘mini firewall’ for the embedded device - device is not directly accessible over the network, but is reached through a ‘wrapper’ system that monitors input and output for security issues and only passes vetted requests

Question 109

Cloud Computing =

Answer 109

any case where computing services are delivered to a customer over a network

Question 110

IaaS

Answer 110

- customer purchases server instances (and installs/configures the OS) - service provider provides everything up to the OS (bare metal to virtualization) - customer is responsible for the OS and up (middleware, runtime)

Question 111

Middleware

Answer 111

- "software glue" - lies between the OS and - software that different applications use to communicate with each other (bridge between diverse technologies)

Question 112

APIs =

Answer 112

Mechanisms that enable two software components to communicate with each other using a set of definitions and protocols (weather app and weather bureau’s software system)

Question 113

Runtime

Answer 113

- instructions that are executed to keep a program running

Question 114

PaaS

Answer 114

- customer purchases app platform to run their own application code without having to worry about server configuration - service provider provides OS, middleware and runtime

Question 115

IaaS shared responsibility

Answer 115

- vendor: data center and hardware (+ virtualization) - customer: OS, middleware, runtime, applications, data

Question 116

PaaS shared responsibility

Answer 116

- vendor: data center, hardware, OS (and middleware and runtime) - customer: application, data (access control - provider is responsible for implementing your access control policies)

Question 117

SaaS shared responsibility

Answer 117

- vendor: data center, hardware, OS, application - customer: data (and access control)

Question 118

Cloud Deployment Models (5)

Answer 118

1 private cloud 2 public cloud 3 hybrid cloud 4 multi-cloud - combines resources from two or more public cloud vendors 5 community cloud

Question 119

Managed Service Security Providers (MSSPs)

Answer 119

- provide security services for other organizations as a managed service

Question 120

SECaaS (Security as a Service)

Answer 120

- a sub category of MSSPs

Question 121

Cloud Access Security Brokers (CSAB)

Answer 121

- add a third-party security layer to the interactions users have with cloud services

Question 122

CSABs work in 2 ways:

Answer 122

1 network-based CSAB - broker sits between the users and the cloud service 2 API approach - broker uses an API to regularly query the cloud service and monitor for security issues

Question 123

Vendor Management Lifecycle (4)

Answer 123

1 Vendor Selection - formal RFP (Request for Proposal) 2 Onboarding 3 Monitoring 4 Offboarding

Question 124

NDAs

Answer 124

- usually the first document signed when two organizations explore a business partnership - ensures the firms will keep each other’s information confidential

Question 125

SLR (Service-level Requirements)

Answer 125

- system response time, acceptable down-time, availability, data preservation, etc.

Question 126

SLA (Service Level Agreement)

Answer 126

- document SLRs in the SLA - contract that defines the conditions of service and penalties for failure to maintain - should include minimum security requirements

Question 127

MOU (Memorandum Of Understanding)

Answer 127

- used when a legal dispute is unlikely but the customer and vendor still wish to document their relationship to avoid future misunderstandings

Question 128

BPAs (Business Partnership Agreements)

Answer 128

- when two organizations agree to do business with each other in a partnership (joint development of a product, etc) - defines each partner’s responsibilities and the division of profits

Question 129

ISAs (Interconnection Security Agreements)

Answer 129

- defines the ways the two organizations will interconnect their networks, systems, data, etc - provides details on connection security parameters (encryption, transfer protocols, etc)

Question 130

Transport layer responsibilities (2)

Answer 130

- establishes basic data channels that applications use for task-specific data exchange - application addressing (port numbers)

Question 131

Simplex

Answer 131

One-way communication (one system transmits, the other listens)

Question 132

half-duplex

Answer 132

only one system can transmit at a time

Question 133

full-duplex

Answer 133

both systems can send/receive at the same time

Question 134

2 MAC address schemes

Answer 134

48 bit (24/24) 64 bit (24/40) uses FF:FE for IPv6

Question 135

20

Answer 135

FTP data transfer

Question 136

23

Answer 136

Telnet - unencrypted text communications