Chapter 4: Securing Your Network

Question 1

What is an Intrusion Detection System (IDS)?

Answer 1

A generally reactive security system that monitors network or system activities for signs of malicious activity, unauthorized access, or policy violations and provides real-time alerts for security teams.

Question 2

What is an Intrusion Prevention System (IPS)?

Answer 2

A proactive security system that monitors network or system traffic for malicious activity and takes immediate action to prevent attacks, such as blocking malicious packets or unauthorized access.

Question 3

What are Protocol Analyzers? AKA sniffers.

Answer 3

A tool that captures, decodes, and analyzes network traffic to monitor communications, troubleshoot issues,and identify threats based on the analysis of network protocols.

Question 4

What is a Host-based Intrusion Detection System (HIDS)?

Answer 4

A security system that monitors and analyzes activity on an individual host or device, detecting malicious actions, unauthorized access, and policy violations by inspecting system files, processes, and logs.

Question 5

What is a Network-based Intrusion Detection System (NIDS)?

Answer 5

A security system that monitors and analyzes network traffic for suspicious activity, unauthorized access, or attacks, generating alerts when potential threats are detected on the network.

Question 6

What is a Port Tap?

Answer 6

A device or method that passively captures network traffic from a specific port or interface, allowing for real-time monitoring and analysis without interfering with data flow.

Question 7

What are Signature-based IDSs?

Answer 7

An IDS that detects known threats by comparing network traffic or system activity to a predefined set of attack signatures, generating alerts when a match is found.

Question 8

What is Trend-based Detection?

Answer 8

A method of threat detection that analyzes historical patterns or trends over time to identify unusual behaviors or emerging threats, particularly those that develop slowly or subtly.

Question 9

What is a Zero-day Exploit?

Answer 9

A cyberattack that exploits an unknown vulnerability in software or hardware, allowing attackers to bypass defenses before the vendor can release a patch or fix.

Question 10

What is an Aggregator?

Answer 10

A system or service that collects and consolidates data or traffic from multiple sources into a single, unified view, often for improved management, analysis, or optimization.

Question 11

An IDS reports on events of interest based on…?

Answer 11

Rules configured within the IDS.

Question 12

What are False Positives?

Answer 12

Occurs when an IDS/IPS sends an alert when there is no actual attack.

Question 13

What are False Negatives?

Answer 13

Occurs when an IDS/IPS sends no alert even though an attack exists.

Question 14

What is True Negative?

Answer 14

Occurs when an IDS/IPS does not send an alert and there is no actual attack.

Question 15

What is True Positive?

Answer 15

Occurs when an IDS/IPS sends an alert after recognizing an attack.

Question 16

What are some similarities between IDSs and IPSs?

Answer 16

Both detect threats, provide real-time monitoring, and use signature and anomaly detection. Both generate alerts for suspicious activities. Both are essential components in network security infrastructure.

Question 17

What are some differences between IDSs and IPSs?

Answer 17

An IDS is passive whilst an IPS is active. IDS is deployed in monitoring mode, whereas an IPS is deployed inline and can block traffic. IDS requires human intervention for response, whilst an IPS can automatically block threats. IDS does not affect network performance, while IPS may introduce latency due to inline processing.

Question 18

What is a Honeypot?

Answer 18

A decoy system designed to attract and deceive attackers, allowing security teams to study their tactics and distract them from real systems.

Question 19

What is a Honeynet?

Answer 19

A network of multiple honeypots designed to simulate a complex, real-world environment, capturing detailed data on attackers’ tactics, techniques, and procedures.

Question 20

What is a Honeyfile?

Answer 20

A deceptive file designed to appear valuable to attackers, triggering alerts when accessed or tampered with to detected unauthorized activity.

Question 21

What is a Honeytoken?

Answer 21

A deceptive piece of data (such as credentials or sensitive information) designed to lure attackers and trigger alerts when accessed, helping to detect unauthorized activity.

Question 22

What is a Wireless Access Point (APs)?

Answer 22

A networking device that allows wireless devices to connect to a wired network, providing WiFi connectivity and managing data transmissions between wireless clients and the network.

Question 23

Are all wireless routers APs?

Answer 23

Yes.

Question 24

Are all APs wireless routers?

Answer 24

No.

Question 25

What are the two primary radio bands?

Answer 25

The slower but greated ranged 2.4GHz band and the faster but shorter ranged 5GHz band.

Question 26

What is a Service Set Identifier (SSID)?

Question 27

What is Media Access Control (MAC) Filtering?

Answer 27

A network security technique that controls device access to a network by allowing or blocking devices based on their unique MAC address.

Question 28

What is MAC Address Cloning?

Answer 28

The process of changing a device's MAC address to mimic the address of another device, often used to bypass access controls or impersonate a network device.

Question 29

What is a MAC Spoofing Attack?

Answer 29

A malicious technique where an attacker changes the MAC address of their device to impersonate another device, bypassing MAC-based security controls and potentially gaining unauthorized network access.

Question 30

What is a Site Survey?

Answer 30

The process of evaluating the physical and environmental conditions of a location to optimize the placement and design of a network or wireless system, ensuring reliable coverage and performance.

Question 31

What is a WiFi Analyzer?

Answer 31

A tool that scans and monitors wireless networks to provide insights on signal strength, channel usage, interference, and network performance, helping optimize and troubleshoot WiFi environments.

Question 32

What is a Heat Map?

Answer 32

A visual tool that displays WiFi signal strength and coverage using color-coded representations, helping to identify strong signals, weak spots, and optimize network performance.

Question 33

What is Wireless Footprinting?

Answer 33

The process of passively collecting data about wireless networks to map their structure, identify security measures, and find potential vulnerabilities.

Question 34

What are the two types of wireless antennas?

Answer 34

Omnidirectional for broad but shorter range coverage and directional antennas for directional and greater range coverage.

Question 35

What is the Wired Equivalent Privacy (WEP)?

Answer 35

An early WiFi security protocol using static keys and RC4 encryption, now obsolete due to severe vulnerabilities.

Question 36

What is WiFi-Protected Access (WPA)?

Answer 36

A security protocol that improved upon WEP by using dynamic keys and TKIP, but is now outdated and less secure than WPA2 or WPA3.

Question 37

What is WiFi-Protected Access 2 (WPA2)? AKA IEEE 802.11i.

Answer 37

A strong WiFi security standard using AES encryption and CCMP for integrity; more secure than WPA, with personal and enterprise modes.

Question 38

What is the Advanced Encryption Standard (AES)?

Answer 38

A fast, secure symmetric encryption standard using 128-bit blocks and key sizes of 128, 192, or 256 bits, widely used in modern security systems.

Question 39

What is Counter-mode/CBC-MAC Protocol (CCMP)?

Answer 39

A WiFi security rotocol that uses AES for encryption and CBC-MAC for integrity, providing strong data confidentiality and authenticity in WPA2 and WPA3 networks.

Question 40

What are the different modes of WPA2?

Answer 40

There's two modes: WPA2-Personal & WPA2-Enterprise.

Question 41

What is WPA2-Personal?

Answer 41

A mode of WPA2 using a pre-shared key for access, best for homes and small networks.

Question 42

What is WPA2-Enterprise?

Answer 42

A mode of WPA2 using individual credentials and a RADIUS server for authentication, best for businesses and larger networks.

Question 43

What is WiFi-protected Access 3 (WPA3)?

Answer 43

The latest WiFi security standard offering stronger encryption, protection for open networks, improved password security with SAE, and better IoT device integration.

Question 44

What are the different modes of WPA3?

Answer 44

There are two modes: WPA3-Personal & WPA3-Enterprise.

Question 45

What is WPA3-Personal?

Answer 45

A WPA3 mode using Simultaneous Authentication of Equals (SAE) for stronger password protection, ideal for home and small business networks.

Question 46

What is WPA3-Enterprise?

Answer 46

A WPA3 mode designed for larger organizations using 802.1X authentication centralized RADIUS server access with 192-bith encryption for advanced security.

Question 47

What is the Extensible Authentication Protocol (EAP)?

Answer 47

A flexible authentication framework that supports various authentication methods, commonly used in WiFi networks and VPNs, providing secure, customizable authentication.

Question 48

What is the Protected EAP (PEAP)?

Answer 48

An EAP method that creates a secure TLS tunnel to protect user credentials during authentication, commonly used in WPA2-enterprise networks for wireless security.

Question 49

What is the EAP-Flexible Authentication via Secure Tunneling (EAP-FAST)?

Answer 49

An EAP method that creates a secure tunnel for fast and mutual authentication, providing protection against attacks and supporting quick reauthentication, commonly used in WPA2-enterprise networks.

Question 50

What is EAP-Transport Layer Security (EAP-TLS)?

Answer 50

A highly secure EAP method that uses TLS encryption and mutual certificate-based authentication for both client and server, providing strong security for network access.

Question 51

What is EAP-Tunneled TLS (EAP-TTLS)?

Answer 51

An EAP method that estabishes a secure TLS tunnel for encryption, requiring only a server certificate and supporting various innter authentication methods for flexible secure authentication.

Question 52

What is a RADIUS Federation?

Answer 52

A process that enables cross-domain authentication by linking multiple RADIUS servers, allowing users to authenticate in one network and access resources in another, often supporting single sign-on and centralized user management.

Question 53

What is 802.1X?

Answer 53

A network access control standard that uses port-based authentication to control access to a network, leveraging EAP and a RADIUS server to authenticate devices before granting access.

Question 54

What are Captive Portals?

Answer 54

A webpage that users are redirect to for authentication or terms acceptance before accessing a network, commonly used in public WiFi to manage access and enforce security policies.

Question 55

What are the three examples offered by Captive Portals?

Answer 55

Free Internet Access, Paid Internet Access, and other alternatives to IEEE 802.1X.

Question 56

What is a Disassociation Attack?

Answer 56

A DoS attack that sends a disassociation frame to a device or AP to forcibly disconnect it from the network, causing service disruption without gaining network access.

Question 57

What is a Jamming Attack?

Answer 57

A DoS attack that involves sending excessive radio signals or noise on the same frequency as a wireless network, disrupting communication between devices and APs.

Question 58

What is an Initialization Vector (IV) Attack?

Answer 58

A cryptographic attack that exploits weak or predictable initialization vectors (IVs) in encryption protocols, often targeting WEP, to recover the encryption key and decrypt sensitive data.

Question 59

What is Near Field Communication?

Answer 59

A short-range wireless communication technology that enables devices to exchange data within a few centimeters, commonly used for mobile payments, data transfer, and access control.

Question 60

What is a Near Field Communication Attack?

Answer 60

An attack that exploits vulnerabilities in Near Field Communication systems, such as eavesdropping, man-in-the-middle, or data manipulation, often requiring close proximity to the victim's device.

Question 61

What is Radio-Frequency Identification (RFID) systems?

Answer 61

A wireless identification technology using RFID tags to store data and RFID readers to communicate and read this data over radio waves, commonly used for tracking objects, animals, and access control.

Question 62

What is an Active RFID?

Answer 62

An RFID system where the hag has its own power source, enabling long-range autonomous signal transmission for applications like asset tracking and real-time monitoring.

Question 63

What is a Passive RFID?

Answer 63

An RFID system where the tag lacks its own power source and relies on energy from the RFID reader to transmit data, ideal for short-range, low-cst applications like inventory tracking and access control?

Question 64

What is Sniffing/Eavesdropping in the context of RFID?

Answer 64

It's a passive attack where an attacker secretly intercepts wireless communication between an RFID tag and reader to capture data, especially in systems without encryption.

Question 65

What is RFID Cloning?

Answer 65

It's an attack where a hacker copies data from a legitimate RFID tag to a malicious one, allowing them to impersonate the original tag and gain unauthorized access.

Question 66

What is DoS in the context of RFID?

Answer 66

It's an attack where an adversary disrupts communication between RFID tags and readers, often by jamming signals or overloading the reader, making the system unusuable.

Question 67

What is Bluetooth?

Answer 67

A short-range wireless technology that enables data exchange between devices over the 2.4GHz band, commonly used for connecting peripherals and smart devices.

Question 68

What is Bluejacking?

Answer 68

The practice of sending unsolicited messages to nearby Bluetooth-enabled devices in discoverable mode, usually harmless and considered a nuisance rather than a serious attack.

Question 69

What is Bluesnarfing?

Answer 69

A malicious Bluetooth attack where an attacker connections without permission to steal data like contacts, emails, or files from a vulnerable device.

Question 70

What is Bluebugging?

Answer 70

A Bluetooth attack where an attacker gains control of a device to make calls, send texts, or eavesdrop, exploring Bluetooth vunerabilities.

Question 71

What is a Wireless Replay Attack?

Answer 71

An attack where an attacker intercepts and retransmits walid wireless data to deceive a system into thinking it's a legitimate transmission, often used to bypass authentication.

Question 72

What is War Driving?

Answer 72

The act of driving around with a mobile device to scan for unsecured or poorly secured wireless networks, often used to gain unauthorized access to WiFi.

Question 73

What is War Flying?

Answer 73

A technique where an attacker uses an aircraft or drone equipped with WiFi scanning tools to find unsecured or poorly secured wireless networks from the air.

Question 74

What is WiFi Protected Setup (WPS)?

Answer 74

A network security standard that simplifies the process of connecting devices to WiFi by using methods like PIN entry, push-button setup, or NFC, though it has potential vulnerabilities.

Question 75

What is a Rogue Access Point (Rogue AP)?

Answer 75

An unauthorized WiFi access point set up without approval, often used to bypass network security or carry out attacks like man-in-the-middle.

Question 76

What is an Evil Twin?

Answer 76

A malicious WiFi access point set up to mimic a legitimate network, tricking users into connecting to it and allowing the attacker to intercept or manipulate their data.

Question 77

What is a Virtual Private Network (VPN)?

Answer 77

A technology that creates a secure, encrypted connection over the Internet to protect data privacy, ensure remote access, and bypass geographic restrictions.

Question 78

What is a VPN Concentrator?

Answer 78

A specialized device used to create and manage multiple VPN connections simultaneously, often deployed in large networks to ensure secure remote access for many users.

Question 79

What is a Remote Access VPN?

Answer 79

A VPN that allows individual users to securely connect to a private network from a remote location, often used by employees to access company resources securely over the Internet.

Question 80

In regards to IPsec, what is Tunneling Mode?

Answer 80

Tunneling mode is an IPsec mode where the entire original IP packet (header and data) is encrypted and encapsulated within a new IP packet, providing secure communication between two networks over an insecure medium like the Internet.

Question 81

In regards to IPsec, what is Transport Mode?

Answer 81

A configuration where only some traffic is routed through an IPsec VPN tunnel, while other traffic (such as general Internet browsing) bypasses the tunnel and travels directly to the Internet.

Question 82

In regards to a VPN, what is a Split Tunnel?

Answer 82

A VPN configuration where only certain traffic is routed through the VPN tunnel, while other traffic (like web browsing) bypasses the VPN and is sent directly to the Internet.

Question 83

In regards to a VPN, what is a Full Tunnel?

Answer 83

A VPN configuration where all traffic (including both corporate and non-corporate) is routed through the VPN tunnel, ensuring full encryption and security for all Internet activities.

Question 84

What are Site-to-Site VPNs?

Answer 84

A type of VPN that securely connects two or more networks (e.g. branch offices or data centers) over the Internet, allowing them to communicate as if they were on the same local network.

Question 85

What is an Always-on VPN?

Answer 85

A VPN configuration that automatically establishes and maintains a secure VPN connection at all times, ensuring constant encryption of Internet traffic without requiring user intervention.

Question 86

What is L2TP?

Answer 86

A tunneling protocol used in VPNs to create secure connections by encapsulating data. L2TP itself doesn't provide encryption but is commonly paired with IPsec for secure data transmission.

Question 87

What is an HTML5 VPN Portal?

Answer 87

A web-based VPN interface that allows users to securely access a network through a web browser, without needing specialized VPN client software, leveraging HTML5 technology for cross-platform compatibility.

Question 88

What is Network Access Control (NAC)?

Answer 88

A security solution that enforces policies for devices attempting to access a network, ensuring that only authorized and compliant devices can connect, thereby reducing the risk of security breaches.

Question 89

Regarding NAC, what is a Permanent Agent?

Answer 89

A software agent installed permanently on a device to continuously monitor and enforce network security policies, ensuring compliance before and during network access.

Question 90

Regarding NAC, what is a Dissolvable Agent?

Answer 90

A temporary software agent that is downloaded and executed when a device connects to the network, checking the device's security posture and then removed after the session ends.

Question 91

What is the Password Authentication Protocol (PAP)

Answer 91

A simple authentication protocol using a username and password, sending the credentials in cleartext, making it vulnerable to interception.

Question 92

What is the Challenge Handshake Authentication Protocol (CHAP)?

Answer 92

A more secure authentication protocol that uses a challenge-response mechanism with hashing to verify the identity of a client without sending credentials in cleartext.

Question 93

What is Point-to-Point Protocol (PPP)?

Answer 93

A data link layer protocol used to establish direct connections between two nodes, supporting multiple network protocols, authentication methods, and error detection.

Question 94

What is Remote Authentication Dial-In User Service (RADIUS)?

Answer 94

A centralized AAA protcol that handles authentication, authorization, and accounting for remote access to network resources, operating over UDP with limited encryption.

Question 95

What is Terminal Access Controller Access-Control System Plus (TACACS+)?

Answer 95

A more secure AAA protocol, commonly used for device management, which operates over TCP and fully encrypts communication, including usernames, passwords, and commands.

Question 96

What are AAA Protocols?

Answer 96

Any protocol that provides authentication, authorization, and accounting.

Question 97

What are some examples of AAA protocols?

Answer 97

RADIUS, TACACS+