ch 1 network threats Flashcards
Mitigate network attacks - access attacks
- Strong password security
- Principle of minimum trust
- Cryptography
- Apply OS and app patches
Mitigate network attacks - denial of service
- IPS and firewall
- Anti- spoofing
- QoS - traffic policing
Mitigate network attacks - reconnaissance attacks
- Implement authentication
- Use encryption
- Use anti-sniffer tool
- Implement a switched infrastructure
- Use IPS and firewalls
Name tools and attacks used in each network attack
- Reconnaissance attack
- Access attack
- Denial of service
.
Name three network attacks
Reconnaissance attack- unauthorized discovery and mapping of systems services or vulnerabilities.
Access attack-exploit known vulnerabilities and Auth servers FTP web services to gain confidential data.
Denial of service-sends extremely large numbers of requests over a network to make devices on unavailable.
How to mitigate attacks.
- virus
- worm
- trojan horse
Virus and Trojan horse- antivirus software, allocate maximum memory to avoid buffer overflow.
Worm-
1. containment- limit spreading compartmentalizations and segment to slow spreading.
2. Inoculation- all uninfected are patched.
3. Quarantine - track down the infected and contain.
4. Treatment- actively infected are disinfected.
Worm method of attack.
5 P’s
- Probe phase- identify vulnerable targets.
- Penetrate phase - exploit code is transferred to vulnerable target.
- Persist phase- after attack successful try to persist other targets.
- Propagate phase- attempt to extend to other targets by looking for vulnerable neighbor machine.
- Paralyze phase- actual damage to the machine
Worms anatomy components
3 components
- Enable vulnerability - exploit vulnerable system.
- Evolution mechanism- replicate itself and locate new target.
- Payload- malicious code that results in action.
Name and describe three primary vulnerabilities to computers
- Virus-malicious software attaches to other programs to execute unwanted functions. Human interaction is required.
- Worm- execute arbitary code and install copies of itself and memory and inspect other hosts. Does not require human interaction.
- Trojan horse- Application written to look like something
Name 12 domains of network security
- Risk assessment-quantitative and qualitative value of risks.
- Security policy- documentation to address constraints and behaviors of members of the organization.
- Organization of information security- governance model.
- Asset Mgmt- inventory of assets.
- HR security- procedure employee join move leave.
- Physical and environmental security-Computer facilities.
- Communication & Operation Mgmt- management technical security controls.
- Access controls- restrictions to networks, apps.
- Information systems acq development and maintenance
- Information security incident
- Business continuity Mgmt
- Compliance
Name and describe the three major network security organizations
- SANS- information research development and training.
- CERT- works with Internet community in detecting and resolving computer security incidents.
- ISC2- provides vendor neutral products and career services. Develops and maintain (CBK) common body of knowledge
NFP - Network Foundation Protection logically divides routers and switches into 3 functional areas:
What are the 3 functional areas
- Control plane- all about routing, stored in RAM. Consists of the device generated packets required for the operation of the network itself such as a ARP and OSPF routing advertisements.
Secure routing - use authentication that uses the hash, never the plain text. - Management plane- responsible for managing network elements. Traffic generated by either by network devices or network management stations, such as telnet, SSH, FTP.
Secure device - Use protocols that are secure, set passwords. - Data plane- all about switching/forwarding. Responsible for forwarding data. Traffic consists of user generated packets being forwarded between and stations.
Secure switches - Use ACLs, anti-spoofing guards.
NFP - Network Foundation Protection logically divides routers and switches into 3 functional areas:
What are the 3 functional areas
- Control plane- all about routing, stored in RAM. Consists of the device generated packets such as a ARP and OSPF routing advertisements.
Secure routing - use authentication that uses the hash, never the plain text. - Management plane- responsible for managing network elements. Traffic generated by either by network devices or network management stations, such as telnet, SSH, FTP.
Secure device - Use protocols that are secure, set passwords. - Data plane- all about switching/forwarding. Responsible for forwarding data. Traffic consists of user generated packets being forwarded between and stations.
Secure switches - Use ACLs, anti-spoofing guards.
What is CoPP? Control Plane Policing
QoS filter that manages the traffic flow of control plane.
Name 10 Best Practices for Securing Network
- Keep Patches up to date
- Shut down unnecessary services and ports
- Use strong passwords and change them often
- Control physical access to systems
- Avoid unnecessary web page inputs
- Perform backups and test the backups
- Educate EEs about risks of social engineering
- Use encryption
- Implement firewalls, VPNs, IPSs, and antivirus
- Have a written security policy for the org