Chapter 10 - Network Security Flashcards Preview

IT Infrastructure Exam > Chapter 10 - Network Security > Flashcards

Flashcards in Chapter 10 - Network Security Deck (50)
Loading flashcards...

What are sone of the potential losses associated with security breaches?

- reduced customer confidence
- loss of income when systems are offline
- cost of lawsuits for disclosure of private information


True or False: The value of an organization's data and applications typically exceeds the cost of the physical network.



What are the primary goals of network security?

- confidentiality: protection from unauthorized disclosure of data.
- integrity: assurance that data has not been altered or destroyed.
- availability: providing continuous operations of hardware and software.


Business continuity involves preventing what three things to ensure that operations remain ongoing?

- disruption: loss or reduction in network service
- destruction: viruses or hard disk crash destroy data
- disaster: may destroy servers or network elements and circuits.


What are network controls?

mechanisms (such as software, hardware, rules or procedures) that are designed to reduce or eliminate the threats to network security.


What are the three main types of controls?

- preventative controls
- detective controls
- corrective controls


What is the purpose of a risk assessment?

A risk assessment is used to assign a level of risk to various threats by comparing them to the controls in a control spreadsheet.


With a risk assessment you must identify what two things?

Assets and threats


The value of an organization's assets are a function of what three things?

- straight replacement cost
- personnel time to replace asset
- lost revenue due to absence of the asset


Threats are ranked based on what two things?

- probability of occurrence
- likely cost if the threat materializes


Describe the two pronged approach to continuity planning

- development of controls (to prevent events from having a major impact
- disaster recovery plan (to recover lost data after a disaster)


What is the difference between a virus and a worm?

- a virus is a malware program that replicates itself by spreading from one computer to another through human intervention.
- a worm is malware that spreads copies of itself from computer to computer without human intervention.


What are DoS and DDoS attacks?

Denial of Service attacks (DoS) are when an attacker bombards a server with requests so that its processor is pushed to very high usage levels. This makes it difficult to service legitimate user requests.
Distributed Denial of Service (DDoS) involves a DoS attack launched from thousands of computers from around the internet.


Name four methods for combating DoS attacks

- use multiple dispersed redundant servers
- traffic filtering (verify source IP address... not very effective)
- traffic limiting (limit aggregate rate of packets for all users)
- intrusion detection and prevention system (IDS/IPS) (perform traffic analysis to determine normal traffic patterns and block anything abnormal)


How can redundancy help improve device failure protection? Give four examples.

If one fails the organization can make use of a backup (redundancy)
- Uninterruptible Power Supply (UPS) (detect power surges so that the user can unplug and save data)
- Redundant Array of Inexpensive Disks (RAID) (also called disk mirroring - save data on storage disks)
- Server Clustering
- Web Clustering (decentralize network resources)


Name as many of the 9 elements of a disaster recovery plan as you can

- names of decision making managers
- staff assignments and responsibilities
- list priorities for "first fix"
- location of alternative facilities
- recovery procedures for communication facilities
- actions to be takes in case of damage or threats
- manual processes after damage
- plan for updating and testing procedures
- safe storage of the DRP itself


Describe a two level disaster recovery plan DRP

level 1 - internal:
- build enough capacity and keep enough spare equipment to recover from minor disaster
level 2 - external DRP outsourcing:
- rely on professional disaster recovery firms


Describe intrusion and list the four types of intruders

Intrusion is when there is unauthorized access to a controlled resource (data and equipment)
Intruder types:
- casual intruders (limited knowledge playing with hacking)
- security experts (hackers and crackers (hackers who cause damage))
- professional hackers (break into computers for a purpose)
- employees and partners (Legitimate access to network but gain access to information that they are not authorized to use)


What is the role of network perimeter security? What is it intended to protect?

network perimeter security is intended to stop intruders at the perimeter of the network.
It protects access points to the network such as:
- internet
- wired LAN
- wireless LAN
it protects these access points using:
- perimeter security firewall
- network address translation
- physical security


What is a firewall?

a device or software designed to block data packets that do not conform to a specific set of rules


True or false: firewalls can be hardware based or software based.



Name four commonly used firewalls and describe each of them

- packet-level (examines the source and destination TCP&IP addresses of packets and allows or denies passage based on the access control list (ACL) rules.)
- stateful firewall (maintains information on the state of connections and performs Stateful Packet Inspections (SPI))
- application-level (controls input, output and access to a specific application or service. Also performs high-level analysis based on reassembled packet stream)
- network address translation (NAT) (used to translate a private IP address to a public routable IP address)


What are the four states of a stateful firewall?

- new
- established
- related
- invalid


Draw the typical firewall architecture

slide 36


Name three methods of reducing risk associated with personnel security

- provide proper security education
- perform background checks
- implement error and fraud controls


What are the three main threats associated with server and client protection (intrusion prevention). Describe each.

- security holes (a bug that permits unauthorized access)
- operating systems (tradeoff between security and ease of use in operating systems)
- trojan horses (remote access management consoles that enable users to access a computer and manage it from afar)


What is a zero-day attack?

when hackers attempt to break into networks through a hole before a patch is available.


Name some common trojan types

- spyware
- adware
- distributed DoS


What is encryption?

encryption is the process of disguising information by mathematical rules.


What are the main components of encryption systems?

- plaintext (unencrypted message)
- encryption algorithm (function used to encipher the plaintext)
- key (a set of characters combined with the plaintext by an algorithm)
- ciphertext (produced from plaintext by encryption function)