ch 1 network threats

Question 0

Mitigate network attacks - access attacks

Answer 0

• Strong password security
• Principle of minimum trust
• Cryptography
• Apply OS and app patches

Question 1

Mitigate network attacks - denial of service

Answer 1

• IPS and firewall
• Anti- spoofing
• QoS - traffic policing

Question 2

Mitigate network attacks - reconnaissance attacks

Answer 2

• Implement authentication
• Use encryption
• Use anti-sniffer tool
• Implement a switched infrastructure
• Use IPS and firewalls

Question 3

Name tools and attacks used in each network attack

1. Reconnaissance attack
2. Access attack
3. Denial of service

Answer 3

.

Question 4

Name three network attacks

Answer 4

Reconnaissance attack- unauthorized discovery and mapping of systems services or vulnerabilities.
Access attack-exploit known vulnerabilities and Auth servers FTP web services to gain confidential data.
Denial of service-sends extremely large numbers of requests over a network to make devices on unavailable.

Question 5

How to mitigate attacks.

• virus
• worm
• trojan horse

Answer 5

Virus and Trojan horse- antivirus software, allocate maximum memory to avoid buffer overflow.
Worm-
1. containment- limit spreading compartmentalizations and segment to slow spreading.
2. Inoculation- all uninfected are patched.
3. Quarantine - track down the infected and contain.
4. Treatment- actively infected are disinfected.

Question 6

Worm method of attack.

5 P’s

Answer 6

1. Probe phase- identify vulnerable targets.
2. Penetrate phase - exploit code is transferred to vulnerable target.
3. Persist phase- after attack successful try to persist other targets.
4. Propagate phase- attempt to extend to other targets by looking for vulnerable neighbor machine.
5. Paralyze phase- actual damage to the machine

Question 7

Worms anatomy components

3 components

Answer 7

1. Enable vulnerability - exploit vulnerable system.
2. Evolution mechanism- replicate itself and locate new target.
3. Payload- malicious code that results in action.

Question 8

Name and describe three primary vulnerabilities to computers

Answer 8

1. Virus-malicious software attaches to other programs to execute unwanted functions. Human interaction is required.
2. Worm- execute arbitary code and install copies of itself and memory and inspect other hosts. Does not require human interaction.
3. Trojan horse- Application written to look like something

Question 9

Name 12 domains of network security

Answer 9

1. Risk assessment-quantitative and qualitative value of risks.
2. Security policy- documentation to address constraints and behaviors of members of the organization.
3. Organization of information security- governance model.
4. Asset Mgmt- inventory of assets.
5. HR security- procedure employee join move leave.
6. Physical and environmental security-Computer facilities.
7. Communication & Operation Mgmt- management technical security controls.
8. Access controls- restrictions to networks, apps.
9. Information systems acq development and maintenance
10. Information security incident
11. Business continuity Mgmt
12. Compliance

Question 10

Name and describe the three major network security organizations

Answer 10

1. SANS- information research development and training.
2. CERT- works with Internet community in detecting and resolving computer security incidents.
3. ISC2- provides vendor neutral products and career services. Develops and maintain (CBK) common body of knowledge

Question 11

NFP - Network Foundation Protection logically divides routers and switches into 3 functional areas:

What are the 3 functional areas

Answer 11

1. Control plane- all about routing, stored in RAM. Consists of the device generated packets required for the operation of the network itself such as a ARP and OSPF routing advertisements.
   Secure routing - use authentication that uses the hash, never the plain text.
2. Management plane- responsible for managing network elements. Traffic generated by either by network devices or network management stations, such as telnet, SSH, FTP.
   Secure device - Use protocols that are secure, set passwords.
3. Data plane- all about switching/forwarding. Responsible for forwarding data. Traffic consists of user generated packets being forwarded between and stations.
   Secure switches - Use ACLs, anti-spoofing guards.

Question 12

NFP - Network Foundation Protection logically divides routers and switches into 3 functional areas:

What are the 3 functional areas

Answer 12

1. Control plane- all about routing, stored in RAM. Consists of the device generated packets such as a ARP and OSPF routing advertisements.
   Secure routing - use authentication that uses the hash, never the plain text.
2. Management plane- responsible for managing network elements. Traffic generated by either by network devices or network management stations, such as telnet, SSH, FTP.
   Secure device - Use protocols that are secure, set passwords.
3. Data plane- all about switching/forwarding. Responsible for forwarding data. Traffic consists of user generated packets being forwarded between and stations.
   Secure switches - Use ACLs, anti-spoofing guards.

Question 14

What is CoPP? Control Plane Policing

Answer 14

QoS filter that manages the traffic flow of control plane.

Question 15

Name 10 Best Practices for Securing Network

Answer 15

1. Keep Patches up to date
2. Shut down unnecessary services and ports
3. Use strong passwords and change them often
4. Control physical access to systems
5. Avoid unnecessary web page inputs
6. Perform backups and test the backups
7. Educate EEs about risks of social engineering
8. Use encryption
9. Implement firewalls, VPNs, IPSs, and antivirus
10. Have a written security policy for the org

Question 16

What is CPPr?

Answer 16

Filters and rate-limit the packets that are going to the control plane.

Question 17

What is Control Plane Logging?

Answer 17

used for logging