Chapter 7 Securing the basic lan Flashcards
1
Q
What is encryption?
A
Encryption is the science of converting human-readable data into something unreadable and then back again to secure communications.
2
Q
What is symmetric cryptography?
A
Symmetric cryptography is a type of cryptography where the same key is used for both encryption and decryption.
3
Q
What is the primary purpose of cryptography?
A
The primary purpose of cryptography is to protect data.
4
Q
What constitutes data in the context of IT?
A
Data includes anything stored digitally, such as photographs, text messages, phone conversations, or interactions with a web server.
5
Q
What is data at rest?
A
Data at rest refers to data stored on mass storage devices like hard drives, SSDs, or optical media, without being accessed or processed.
6
Q
What is an example of data at rest?
A
An example of data at rest is a MySQL database storing personal information on a hard drive.
7
Q
What is data in use or data in computation?
A
Data in use or data in computation is data being actively accessed and processed by software, typically residing in RAM.
8
Q
What is a potential risk with data in use?
A
A risk with data in use is that it can often be unencrypted while in RAM, making it vulnerable to attacks like shoulder surfing or keylogging.
9
Q
What is data in transit?
A
Data in transit is data moving through networks, such as over a local area network (LAN), wireless network, or the internet.
10
Q
What is sniffing in the context of data in transit?
A
Sniffing is the act of intercepting and capturing data as it moves between two points on a network.
11
Q
What is a man-in-the-middle attack?
A
A man-in-the-middle attack is when an attacker intercepts and potentially alters data being transmitted between two parties without their knowledge.
12
Q
Why are wireless networks attractive to hackers?
A
Wireless networks are attractive to hackers because data in transit is broadcast through the air, making it easier to intercept and sniff.
13
Q
What are the three types of data discussed in the Security+ exam?
A
The three types of data are data at rest, data in use, and data in transit.
14
Q
What is symmetric encryption?
A
Symmetric encryption is a method where the same key is used for both encryption and decryption of data.
15
Q
What is a session key in symmetric encryption?
A
A session key is a temporary key used for a single encryption and decryption session between two parties.
16
Q
What is the main problem with symmetric encryption?
A
The main problem with symmetric encryption is securely transmitting the key between parties.
17
Q
What are in-band and out-of-band key exchanges?
A
In-band key exchange involves sending the key with the encrypted data, which is risky. Out-of-band key exchange involves transmitting the key through a separate, secure channel.
18
Q
What is an ephemeral key?
A
An ephemeral key is a temporary key used only for a single session and then discarded, providing perfect forward secrecy.
19
Q
What is perfect forward secrecy?
A
Perfect forward secrecy ensures that a compromised key from a past session cannot be used to decrypt data from a current session.
20
Q
What is asymmetric encryption?
A
Asymmetric encryption uses a pair of keys—one public and one private. The public key is used for encryption, and the private key is used for decryption.
21
Q
How does asymmetric encryption solve the key exchange problem in symmetric encryption?
A
In asymmetric encryption, the public key is shared freely to encrypt data, and only the holder of the private key can decrypt it, eliminating the need to securely transmit the key.
22
Q
What is a key pair in asymmetric encryption?
A
A key pair consists of a public key (used for encryption) and a private key (used for decryption).
23
Q
Why is asymmetric encryption considered slower and more complex than symmetric encryption?
A
Asymmetric encryption is slower and more complex because it requires key pair generation, key exchange, and management of multiple keys.
24
Q
What is a cryptosystem?
A
A cryptosystem is a well-defined process in cryptography that outlines how algorithms and keys are used to secure communications in IT systems.
25
How is asymmetric encryption typically used in practice?
Asymmetric encryption is often used to securely exchange session keys, which are then used for faster symmetric encryption during the actual data exchange.
26
What is the problem with using Electronic Codebook (ECB) mode in symmetric encryption?
ECB mode encrypts identical blocks of data with the same key, leading to patterns that can reveal information about the original data.
27
Why is ECB mode not recommended for symmetric encryption?
ECB mode is not recommended because it can create visible patterns in the encrypted data, making it easier for attackers to infer the original content.
28
What is Cipher Block Chaining (CBC)?
CBC is a block mode that combines each plaintext block with the previous ciphertext block (after an XOR operation with an initialization vector) before encryption, creating a chain of blocks that improves security.
29
How does Cipher Feedback (CFB) mode work?
CFB mode encrypts an initialization vector and then XORs the result with the plaintext block. The output is used both as ciphertext and as input for the next encryption operation, creating a feedback loop.
30
What is Output Feedback (OFB) mode?
OFB mode repeatedly encrypts an initialization vector and XORs the result with plaintext blocks. Unlike CFB, OFB uses the same initialization vector for each block, which is continuously encrypted to generate the key stream.
31
How does Counter (CTR) mode work in symmetric encryption?
CTR mode combines a nonce with a counter that increments for each block, encrypts the result, and then XORs it with the plaintext block to produce ciphertext. This mode allows blocks to be encrypted in parallel.
32
What is the purpose of using different block modes in symmetric encryption?
Different block modes prevent patterns from appearing in the ciphertext, which enhances security by obfuscating the data more effectively.
33
What is an initialization vector (IV)?
An initialization vector (IV) is a random or pseudo-random value used in several block modes to ensure that identical plaintext blocks produce different ciphertexts.
34
Why is it important to use block modes other than ECB?
Using block modes other than ECB prevents the creation of recognizable patterns in the ciphertext, making the encryption more secure and resistant to attacks.
35
What happens to the data when a good block mode is applied to encryption, as shown in the example with the image of Maddie?
When a good block mode is applied, the encrypted data appears completely randomized, with no discernible patterns, making it secure against decryption attempts.
36
What is the main problem with symmetric key encryption?
The main problem with symmetric key encryption is securely transmitting the key between parties, as the same key is used for both encryption and decryption.
37
What is asymmetric encryption?
Asymmetric encryption uses a pair of keys: a public key for encryption and a private key for decryption. This allows secure communication without needing to transmit the key.
38
Who are Alice and Bob in cryptography?
Alice and Bob are fictional characters commonly used to illustrate cryptographic concepts, such as secure communication using encryption.
39
What is the role of the public key in asymmetric encryption?
The public key is used to encrypt data and can be shared freely with others, as it cannot be used to decrypt the data.
40
What is the role of the private key in asymmetric encryption?
The private key is used to decrypt data that has been encrypted with the corresponding public key and is kept secure by the owner.
41
What is RSA?
RSA is one of the first and most popular asymmetric encryption algorithms, named after its inventors Rivest, Shamir, and Adleman. It is based on the difficulty of factoring large semi-prime numbers.
42
What is a semi-prime number in the context of RSA encryption?
A semi-prime number is the product of two prime numbers and is difficult to factor back into its original primes, which is the basis for RSA's security.
43
Why are large keys important in RSA encryption?
Large keys are important in RSA encryption because they increase security by making it computationally infeasible to factor the semi-prime number used in the encryption process.
44
: What is elliptic curve cryptography (ECC)?
ECC is a type of asymmetric encryption that provides strong security with smaller key sizes compared to RSA, based on the mathematical properties of elliptic curves.
45
How does ECC compare to RSA in terms of key size and security?
A digital signature is a cryptographic technique where data is encrypted with a private key to verify the sender's identity, ensuring the authenticity of the message.
46
What is the typical use case for asymmetric encryption in web communications?
Asymmetric encryption is typically used to securely exchange a symmetric key for encrypting the rest of the session, combining the strengths of both encryption methods.
47
What is the main advantage of asymmetric encryption?
The main advantage of asymmetric encryption is that it allows secure communication by passing a public key to anyone, which can then be used to encrypt data that only the private key holder can decrypt.
48
What problem arises when using asymmetric encryption for web connections?
The problem is ensuring that the public key provided by a server, like Amazon, actually comes from the legitimate server and not from an imposter, such as in a man-in-the-middle attack.
49
What is a digital signature in the context of asymmetric encryption?
A digital signature is a hash of a web page or document that is encrypted with the private key. It is used to verify that the public key and the document came from the legitimate owner of the private key.
50
How does a digital signature help in verifying the authenticity of a public key?
A digital signature allows the recipient to verify that the public key and the associated document came from the holder of the private key by decrypting the signature with the public key and comparing the hash.
51
What is a digital certificate?
A digital certificate is a document that includes a public key, the associated digital signature, and often a third-party digital signature, all of which help verify the authenticity of the public key.
52
Why might a third-party digital signature be included in a digital certificate?
A third-party digital signature is included to provide an additional layer of trust, verifying that the public key and the digital signature come from a legitimate source, not an imposter.
53
What is a self-signed certificate?
A self-signed certificate is a digital certificate where the issuer signs the certificate with their own digital signature, without involving a trusted third party.
54
When might a self-signed certificate be appropriate?
A self-signed certificate might be appropriate for internal or in-house servers where there is no need to involve a third-party for verification, such as within a company's local area network.
55
Why is it important to trust the third party that signs a digital certificate?
Trusting the third party is important because they verify the identity of the certificate holder, ensuring that the public key truly belongs to the person or organization claimed.
56
What role does hashing play in creating a digital signature?
Hashing is used to create a unique fingerprint of the document or data. This hash is then encrypted with the private key to form the digital signature, ensuring the document's integrity and authenticity.
57
What is a self-signed certificate?
A self-signed certificate is a digital certificate that is signed by the entity itself, rather than by a trusted third-party certificate authority. It is often used in trusted environments like in-house applications or internal networks.
58
When might a self-signed certificate be used?
A self-signed certificate is commonly used in trusted environments, such as in-house applications, internal email systems, or wireless networking setups, where external validation is not required.
59
What is the main drawback of using a self-signed certificate in a public environment?
In a public environment, self-signed certificates are generally not trusted by other users or systems, leading to warnings and errors, such as in web browsers.
60
What is a Web of Trust?
A Web of Trust is a decentralized trust model where individuals sign each other's certificates based on mutual trust, creating a network of trusted connections without a central authority.
61
What are the challenges of using a Web of Trust?
The main challenges of a Web of Trust include the responsibility placed on individuals to verify and sign certificates, and the complex and manual process of establishing trust, which has limited its widespread adoption.
62
What is Public Key Infrastructure (PKI)?
Public Key Infrastructure (PKI) is a hierarchical trust model that uses certificate authorities (CAs) to issue and manage digital certificates, providing a more structured and widely accepted system of trust for public communications.
63
What is a Certificate Authority (CA)?
A Certificate Authority (CA) is an organization responsible for issuing and verifying digital certificates, ensuring the authenticity and integrity of the certificates used in secure communications.
64
What role do Intermediate Certificate Authorities play in PKI?
Intermediate Certificate Authorities help distribute the workload of the main Certificate Authorities by issuing certificates to end users, creating a layered trust hierarchy.
65
Why is PKI widely used for public internet communications?
PKI is widely used for public internet communications because it provides a structured and trusted way to issue and manage digital certificates, ensuring secure and authenticated exchanges of information.
66
What are the three types of trust models mentioned in the transcript?
The three types of trust models are self-signed certificates, Web of Trust, and Public Key Infrastructure (PKI).
67
What is Public Key Infrastructure (PKI)?
PKI is an idea or framework for managing digital certificates and public-key encryption, but it is not a specific standard.
68
What is the X.509 standard?
The X.509 standard is a methodology that defines how systems can query other systems for certificates and how those certificates are organized and used.
69
What is PKCS?
PKCS (Public Key Cryptography Standards) is a set of standards that specify how certificates are structured, managed, and used within the PKI framework.
70
What is a Root Certificate Authority?
A Root Certificate Authority (CA) is the top-level authority in a PKI hierarchy, responsible for issuing the root certificate, which is the basis for all other certificates in the chain.
71
Why is the root certificate often taken offline?
The root certificate is extremely valuable and sensitive, so it is often taken offline to protect it from being hacked or compromised.
72
: What is an Intermediate Certificate Authority (ICA)?
An Intermediate Certificate Authority (ICA) is a subordinate CA that handles most of the certificate issuance and management, reducing the load on the Root CA and helping to protect the root certificate.
73
What is a Registration Authority (RA)?
A Registration Authority (RA) is responsible for handling the registration and initial setup of new certificates, especially as the demand for certificates has increased with the growth of secure web services.
74
What is certificate chaining?
Certificate chaining is the process where a series of certificates link together from the Root CA through any number of Intermediate CAs to the end entity (e.g., a web server), creating a chain of trust.
75
Why might multiple intermediates be used in a PKI?
Multiple intermediates might be used to distribute the load of certificate management, create layers of trust, and improve the security and organization of the certificate issuance process.
76
What is the primary role of an Intermediate Certificate Authority (ICA)?
The primary role of an ICA is to issue and manage certificates, validate them, and act as a bridge between the Root CA and the entities that need certificates.
77
What is the purpose of the lock icon in a web browser?
The lock icon indicates that the connection to the website is secure and encrypted, often using an SSL/TLS certificate.
78
What standard are all certificates based on?
All certificates are based on the X.509 standard, which defines the structure and usage of digital certificates.
79
What is a Domain Validation (DV) certificate?
A Domain Validation (DV) certificate is a basic SSL certificate that verifies the ownership of a specific domain, typically used for securing a single domain.
80
What is a Wildcard SSL certificate?
A Wildcard SSL certificate secures all subdomains of a particular domain, such as *.example.com, allowing multiple subdomains to be protected under a single certificate.
81
: What is an Extended Validation (EV) certificate?
An Extended Validation (EV) certificate is an SSL certificate that undergoes more rigorous validation processes, providing higher assurance of the certificate's legitimacy and often offering more significant warranty protection.
82
What is a Subject Alternative Name (SAN) certificate?
A Subject Alternative Name (SAN) certificate allows multiple specific domains or subdomains to be included in a single certificate, offering flexibility without using a wildcard.
83
What is an email certificate?
An email certificate is used to encrypt and sign email communications, ensuring the authenticity and confidentiality of the emails sent and received.
84
What is code signing?
Code signing is the process of applying a digital signature to software or code to verify its source and ensure it has not been altered since it was signed.
85
What are catalog files (.cat) used for in Windows?
Catalog files (.cat) store device drivers and their associated files, and they often include digital signatures to verify the integrity and source of the drivers.
86
Why might a wireless network use certificates?
Certificates in wireless networks can be used to secure communications between devices and the wireless access point, ensuring only authorized devices can connect.
87
What is the main challenge in using certificates?
The main challenge in using certificates is ensuring the correct type of certificate is used for the intended purpose, such as web servers, email, or code signing, and properly importing and managing the certificates for each application.
88
What does a digital signature in a certificate indicate?
A digital signature in a certificate indicates that the certificate has been verified by a trusted authority and that the software or data it protects has not been tampered with.
89
How can you view and manage digital certificates on a Windows system?
You can view and manage digital certificates on a Windows system using the Microsoft Management Console (MMC), which can be accessed by searching for "certificates" in the search box or through the Edge browser.
90
What information can you find in the General tab of a certificate in Windows?
The General tab provides information about who the certificate is issued to, who issued it, and the validity dates.
91
What does the "Issuer" field in a certificate detail?
The "Issuer" field indicates where the certificate came from, such as the issuing Certificate Authority (CA).
92
Why is it important to check the signature algorithm and hash of a certificate?
The signature algorithm and hash determine the security of the certificate. Weaker algorithms like MD5 are less secure, while stronger ones like SHA-256 provide better encryption and trustworthiness.`
93
What is a thumbprint in a certificate?
A thumbprint is a unique identifier or serial number for the certificate, used for identification and revocation purposes.
94
What is the purpose of personal certificates?
Personal certificates are used to identify individuals and provide secure access to services, such as VPNs or corporate email systems.`
95
What are Trusted Root Certificate Authorities (CAs)?
Trusted Root Certificate Authorities are the top-level authorities in the trust chain, responsible for issuing and verifying other certificates. They serve as the foundation of trust for digital certificates.
96
Why might you need to export a certificate?`
Exporting a certificate allows you to create a backup or share the certificate with another system, such as when setting up a secure connection on a different device.
97
What are the common formats for exporting certificates, and when might you use them?
Common formats include DER-encoded binary, Base64-encoded, and PKCS #7. The format choice depends on the system where the certificate will be imported, with PKCS #7 being the most widely accepted standard.
98
: How do certificates help in establishing trust and secure connections?
Certificates help establish trust by verifying the identity of parties involved in a connection and encrypting data, ensuring secure communications between your computer and the internet.
99
What happens during system updates regarding certificates?
During system updates, the operating system typically downloads necessary certificates, replaces expired ones, and revokes those that are no longer valid.
100
Why is managing certificates crucial for maintaining a secure environment?
Proper certificate management is essential to ensure that only trusted certificates are installed, helping to prevent security breaches and maintain secure connections.
101
Why is network infrastructure important?
Network infrastructure is crucial because it supports the business and its people while maintaining secure processes, ensuring resilience and recovery from adverse events like cyber attacks or system failures.
102
What is resilience in security architecture?
Resilience refers to the ability of a system or organization to withstand and recover from adverse events, such as cyber attacks or system failures, ensuring continuity of operations.
103
How does capacity planning contribute to resilience?
Capacity planning ensures that the right people, technology, and infrastructure are available and scalable to meet demands, prevent failures, and enable quick recovery from incidents.
104
What role do people play in resilience and recovery?
People are central to resilience and recovery, with capacity planning involving ensuring the availability of skilled personnel, clear roles, backup personnel, and preventing single points of failure.
105
Why is technology important in capacity planning for resilience?
Technology provides the necessary tools and resources for scalability, redundancy, and quick recovery from failures, often through automation and pre-designed responses to threats.
106
What is the focus of infrastructure planning in resilience?
Infrastructure planning ensures that both physical and virtual facilities, including network architecture and cloud solutions, are robust, agile, and capable of supporting the organization's needs under various conditions.
107
What is multi-cloud strategy?
Multi-cloud strategy involves using more than one cloud service provider (e.g., AWS, Azure, GCP) to avoid vendor lock-in, leverage the best features of each provider, and prevent a single point of failure.
108
How does a multi-cloud strategy enhance resilience?
A multi-cloud strategy enhances resilience by distributing services across multiple providers, preventing service disruption from a single provider's failure, and taking advantage of diverse offerings.
109
What is the goal of a holistic approach to capacity planning in security architecture?
The goal is to create a system that can withstand unexpected events, minimize disruption, and recover quickly by integrating well-trained staff, redundant technology, and robust infrastructure.
110
How does comprehensive planning help in resilience and recovery?
Comprehensive planning helps by ensuring all aspects—people, technology, and infrastructure—are aligned and prepared to handle and recover from disruptions, minimizing the impact on the business.
111
What is the OSI seven-layer model?
The OSI seven-layer model is a conceptual framework that standardizes the functions of a network into seven distinct layers, representing how data is transmitted and received over a network.
112
What is the function of Layer 1 (Physical Layer) in the OSI model?
Layer 1, the Physical Layer, deals with the physical connection between devices, including the transmission of raw bits over a physical medium, such as copper wire or radio waves.
113
What does Layer 2 (Data Link Layer) handle in the OSI model?
Layer 2, the Data Link Layer, is responsible for node-to-node data transfer, managing Mac addresses, and ensuring data frames are delivered to the correct device on a local area network.
114
What is the role of Layer 3 (Network Layer) in the OSI model?
Layer 3, the Network Layer, handles logical addressing (e.g., IP addresses) and routing, ensuring that data is delivered across different networks to the correct destination.
115
What does Layer 4 (Transport Layer) do in the OSI model?
Layer 4, the Transport Layer, manages the segmentation, transfer, and reassembly of data, ensuring reliable data transfer between devices, including flow control and error handling.
116
What is the function of Layer 5 (Session Layer) in the OSI model?
Layer 5, the Session Layer, establishes, manages, and terminates connections (sessions) between applications on different devices, using port numbers to direct data to the correct application.
117
What role does Layer 6 (Presentation Layer) play in the OSI model?
Layer 6, the Presentation Layer, ensures that data is in a usable format for the application, including translation, encryption, and compression, although it's less critical in modern systems.
118
What is the purpose of Layer 7 (Application Layer) in the OSI model?
Layer 7, the Application Layer, provides network services to applications, ensuring that the data is accessible and usable by the end-user software, like web browsers and email clients.
119
How does Layer 2 (Data Link Layer) ensure that frames are delivered to the correct device?
Layer 2 checks the destination Mac address of incoming frames and matches it to the device's Mac address to ensure the frame is meant for that specific device.
120
What is the significance of the OSI model in network diagnostics and security?
Understanding the OSI model helps in diagnosing network issues and securing IT infrastructure by allowing technicians to identify where problems may occur and how to protect each layer.
121
Why is Layer 6 (Presentation Layer) considered less important in modern networks?
Layer 6 is considered less important because modern applications are generally capable of handling data formats without the need for significant translation or conversion.
122
What is an Ethernet frame, and how does it relate to the OSI model?
An Ethernet frame is a data packet that travels over a network, containing data from higher OSI layers encapsulated within it. It is processed as it moves through the layers, starting from Layer 1.
123
What is the Address Resolution Protocol (ARP)?
ARP is a protocol used to map IP addresses to the hardware (Mac) addresses of network interfaces, allowing devices on a local area network (LAN) to communicate.
124
What is a Mac address?
A Mac address is a unique 48-bit hexadecimal address assigned to a network interface, such as Ethernet, Wi-Fi, or Bluetooth, that allows devices to communicate on a network.
125
How does ARP relate to the OSI model?
ARP operates at Layer 2 (Data Link Layer) of the OSI model, dealing with Mac addresses and ensuring local area network traffic is correctly routed between devices.
126
Why does ARP traffic not include an IP header?
ARP traffic does not include an IP header because it only operates on the local area network (LAN) and deals directly with Mac addresses rather than IP addresses.
127
What does the ARP command in Windows do?
The ARP command in Windows, such as arp -a, displays the ARP cache, showing the mapping of IP addresses to Mac addresses for devices on the local area network.`
128
What is ARP cache poisoning?
ARP cache poisoning is a man-in-the-middle attack where an attacker sends malicious ARP messages to a network, causing devices to associate the attacker's Mac address with the IP address of a legitimate device, such as the default gateway.
129
How does an attacker perform ARP cache poisoning?
An attacker sends a broadcast message to devices on the network, falsely mapping their own Mac address to the IP address of a legitimate device, such as the default gateway, redirecting traffic through the attacker’s device.
130
What are the risks of ARP cache poisoning?
The risks include the attacker being able to intercept, monitor, or modify network traffic, potentially gaining access to sensitive information or disrupting network services.
131
How can ARP cache poisoning be mitigated?
ARP cache poisoning can be mitigated by configuring devices to only allow static ARP entries, using network access control mechanisms, and implementing multi-factor authentication to prevent unauthorized access to the network.
132
What is the role of static ARP cache entries in preventing ARP cache poisoning?
Static ARP cache entries prevent ARP cache poisoning by preloading a list of valid IP-to-Mac address mappings and making them read-only, so they cannot be altered by malicious ARP broadcasts.
133
What is a man-in-the-middle attack?
A man-in-the-middle attack occurs when an attacker secretly intercepts and possibly alters the communication between two parties, making them believe they are directly communicating with each other.
134
Why is multi-factor authentication important in network security?
Multi-factor authentication enhances network security by requiring multiple forms of verification (e.g., a smart card and a PIN) before granting access, reducing the likelihood of unauthorized access.
135
What is a MAC address?
A MAC address is a 48-bit hexadecimal address that uniquely identifies a network interface on a network.
136
What is a Layer 2 attack?
A Layer 2 attack refers to attacks at the Data Link layer of the OSI model, often targeting MAC addresses and network switches.
137
What is a MAC address flooding attack?
A MAC address flooding attack involves sending a large number of spoofed packets with fake MAC addresses to a switch, overwhelming it and causing it to broadcast all traffic to every switch port, similar to a hub.
138
What tool can be used to create fake packets for a MAC address flooding attack?
Hping is one of the tools that can be used to create fake packets for a MAC address flooding attack.
139
What happens to a switch during a MAC address flooding attack?
The switch’s memory is overwhelmed by the flood of fake packets, causing it to broadcast all traffic to every port instead of isolating communications between devices.
140
What is a broadcast storm?
A broadcast storm, also known as a switching loop, occurs when excessive amounts of traffic overwhelm the network, often caused by redundant links between switches or a faulty switch/network card.
141
How can a broadcast storm be mitigated?
Broadcast storms can be mitigated by enabling Spanning Tree Protocol (STP) on switches to prevent loops, and configuring BPDU guard for additional protection.
142
What is the purpose of Spanning Tree Protocol (STP)?
The purpose of Spanning Tree Protocol (STP) is to prevent network loops by ensuring there is only one active path between network switches.
143
What are some methods to mitigate Layer 2 attacks?
Methods to mitigate Layer 2 attacks include using MAC address filtering, assigning static MAC addresses to switch ports, disabling unused switch ports, and physically locking switch ports
144
Why is it important to disable unused switch ports?
Disabling unused switch ports prevents unauthorized devices from connecting to the network, reducing the risk of security breaches.
145
What is BPDU guard?
BPDU guard (Bridge Protocol Data Unit guard) is a feature that can be enabled on network switches to protect against network loops by shutting down ports that receive unexpected BPDUs.
146
What is the key concept in IT security that emphasizes protection from both external and internal threats?
Zero Trust, which focuses on protecting networks not only from external threats but also from insider threats within the organization.
147
Why is user awareness important in network security?
Users need to be aware of scams and avoid opening suspicious file attachments because once an infected file is opened, the threat is inside the network, bypassing external defenses like firewalls.
148
What are intrusion detection and prevention systems (IDPS) used for?
IDPS are used to detect suspicious activity on the network, either in real-time as it happens or after the fact through log analysis.
149
What is an example of an insider threat and how does it relate to Zero Trust?
An example of an insider threat is someone selling national secrets due to financial or personal issues. Zero Trust includes monitoring for such internal risks.
150
Why is having network and data flow diagrams important for security?
Network diagrams help in understanding the network's structure, which is essential for managing and containing security incidents like malware outbreaks.
151
What is a screened subnet (DMZ) and its purpose?
A screened subnet, or DMZ, is a network segment that hosts publicly accessible services (e.g., web servers) and has strict firewall rules to prevent direct access from the internet to the internal network.
152
What is the importance of firewall rules in network security?
Firewall rules are crucial for controlling traffic between different network segments, especially in scenarios like a DMZ where certain services are exposed to the internet.
153
How can network naming conventions aid in network management?
Standard naming conventions for servers, routers, and IP addresses facilitate easier identification and troubleshooting of devices, especially during security incidents.
154
What role does network planning play in securing a network?
Proper network planning, including the design of network diagrams, naming conventions, VLAN configurations, and firewall rules, is essential for securing the network and managing incidents effectively.
155
What is the core principle of Zero Trust 2.0 in cybersecurity?
The core principle is "never trust, always verify," meaning trust is not automatically granted based on network location or previous interactions, and verification is essential for every interaction within the network.
156
How does Zero Trust 2.0 compare to securing your home?
It's like having locks on every door and window in your home, and even trusted family members need to show ID to enter each room, reflecting the idea that no one is trusted by default, even inside the network.
157
What are the two separate planes in Zero Trust 2.0, and what are their functions?
The two planes are the Control Plane (responsible for managing how data should flow across the network) and the Data Plane (responsible for moving data packets to their final destination).
158
What analogy is used to explain the Control Plane in networking?
The Control Plane is likened to a railroad station master who decides which tracks trains should use, similar to how the Control Plane determines the best path for data to travel across the network.
159
What is adaptive identity in Zero Trust 2.0?
Adaptive identity is like having a smart lock that adjusts access based on factors like time of day, the device being used, or user behavior, representing an advanced form of multi-factor authentication (MFA).
160
What is threat scope reduction in the context of Zero Trust 2.0?
Threat scope reduction involves minimizing potential attack areas by using segmentation, similar to having separate locks for every room in a house to limit the impact of a security breach.
161
What is policy-driven access control in Zero Trust 2.0?
Policy-driven access control is like setting house rules for who can enter which rooms and when, ensuring that access to different parts of the network is restricted based on predefined policies.
162
: What are secured zones in Zero Trust 2.0?
Secured zones are areas within the network with unique security measures, similar to different rooms in a house requiring different levels of security, such as a PIN code for the garage and a fingerprint for a safe.
163
How does Zero Trust 2.0 apply to the Data Plane?
In the Data Plane, Zero Trust 2.0 ensures that no data packet is trusted by default, and each piece of data must be continually validated and secured, similar to strict security checks in a museum.
164
What is the role of the Policy Engine in Zero Trust 2.0?
The Policy Engine sets the rules for what can and cannot be done within the network, akin to a museum management team creating rules for handling artifacts.
165
What are Policy Enforcement Points in Zero Trust 2.0?
Policy Enforcement Points are like security guards in a museum who ensure everyone follows the rules set by the Policy Engine, verifying access each time it is requested.
166
What is Policy Automation in Zero Trust 2.0?
Policy Automation is like an advanced security system in a museum, with cameras and sensors that automatically detect rule violations and respond accordingly, ensuring constant security vigilance.
167
What does "never trust, always verify" mean in the context of Zero Trust 2.0?
It means that every person and device, whether inside or outside the network, must continually prove their identity and access rights, ensuring ongoing security validation.
168
What is the primary goal of load balancing in the context of the CIA security triad?
The primary goal is to ensure the availability of an application, especially mission-critical apps, by distributing client requests across multiple servers.
169
How does a load balancer improve performance and availability?
A load balancer distributes client requests across multiple backend servers, improving performance by sharing the workload and increasing availability by having backup servers in case one fails.
170
What is horizontal scaling in load balancing?
: Horizontal scaling, also known as scaling out, involves adding more virtual machine nodes to support an application when demand increases, and scaling in involves removing them when demand decreases.
171
What is session persistence in load balancing?
Session persistence is a load balancer option that ensures a client stays connected to the same backend server throughout the duration of their session.
172
What is the difference between active-active and active-passive load balancing configurations?
In active-active, all backend servers are up and running, handling client requests simultaneously. In active-passive, some servers are in standby mode and only become active if the primary server fails.
173
What is the round-robin method in load balancing?
Round-robin is a scheduling method where each incoming client request is directed to the next server in the sequence, distributing the workload evenly across all servers.
174
What is the least connection method in load balancing?
The least connection method directs client requests to the backend server with the fewest active connections, ensuring the least busy server handles the new request.
175
What is the weighted value method in load balancing?
Weighted value assigns a relative numeric value to each backend server based on its power, with more powerful servers receiving a larger share of client connections.
176
What is server clustering, and how does it differ from load balancing?
Server clustering involves linking multiple servers to act as a single system, ensuring system availability by having backup servers ready to take over if one fails. Load balancing, on the other hand, distributes incoming traffic to prevent any server from being overwhelmed.
177
Why might you use an active-passive load balancing configuration?
An active-passive configuration is useful when you want to have standby servers that only become active if the primary server fails or becomes too overwhelmed, providing a safety net for high availability.
178
What is the purpose of Network Access Control (NAC) solutions?
NAC solutions are used to create policies that determine whether a device is allowed or prevented from connecting to the network, based on factors like device type, location, firewall status, and anti-malware tools.
179
What is IEEE 802.1X and how is it used in network security?
IEEE 802.1X is a standard for port-based network access control, used to authenticate devices trying to connect to the network, often through network switches, VPN concentrators, or wireless routers that forward authentication requests to a centralized RADIUS server.
180
What is DHCP and why is it important in network management?
DHCP (Dynamic Host Configuration Protocol) automates the assignment of IP addresses to devices on a network, making it easier to manage large networks by ensuring each device receives a unique IP address.
181
What is a rogue DHCP server and how can it be used in an attack?
A rogue DHCP server is an unauthorized server on the network that hands out false IP configuration information, which can be used to disrupt network communication, such as by issuing incorrect gateway addresses to prevent devices from connecting to the internet.
182
What is DHCP snooping and how does it enhance network security?
DHCP snooping is a network switch feature that ensures DHCP traffic is only trusted from known, authorized DHCP servers, discarding any DHCP packets from untrusted sources to prevent attacks from rogue DHCP servers.
183
What is a jump server (or jump box) and how does it improve security?
A jump server is a secure server that provides an intermediate point for admins to remotely manage servers on different networks. It has a public interface for admin access and a private interface to internal servers, protecting the servers from direct public exposure.
184
Why is it important to avoid public IP visibility for servers?
Servers with public IP visibility are vulnerable to scanning and attacks from the internet. By avoiding public IPs and using jump servers, the identity of internal servers is protected, reducing the risk of attacks.
185
How does NAC policy use device location to control network access?
NAC policy can assess the geographic location of a device's IP address. For example, connections from certain countries might be allowed or blocked based on organizational security requirements, although IP spoofing and Tor can bypass this control.
186
What is the role of a small software agent in NAC solutions?
In some NAC solutions, a small software agent may be required on the connecting device to enforce network access policies, ensuring the device meets security requirements before being granted access.
187
What should be considered when implementing network security controls?
Consider who can access the network, how to mitigate threats like rogue DHCP servers, and how to avoid exposing servers to the public internet by using solutions like NAC, DHCP snooping, and jump servers.
188
What is static code analysis?
Static code analysis involves examining code without executing it, similar to checking a recipe for mistakes before cooking. It helps identify vulnerabilities, errors, or misconfigurations in code, configuration files, or system scripts.
189
What is dynamic code analysis?
Dynamic code analysis examines code while it is running, like testing a dish while it’s cooking to adjust flavors. It helps identify vulnerabilities that become evident only during the application's execution, such as memory leaks or unauthorized access attempts.
190
What is the purpose of static analysis in application security?
The purpose of static analysis is to identify vulnerabilities, bugs, or errors in code before it is executed, ensuring the code is secure and functions correctly.
191
What is the OWASP Zed Attack Proxy (ZAP)?
OWASP ZAP is a penetration testing tool used to find vulnerabilities in web applications during runtime by analyzing web traffic and interactions.
192
How does dynamic analysis differ from static analysis?
Dynamic analysis tests code while it’s running to identify runtime vulnerabilities, while static analysis checks the code without execution to find issues in the code's structure and logic.
193
What role do sandboxes play in analyzing software?
Sandboxes provide a virtual environment where potentially malicious software can be safely executed and observed, utilizing both static and dynamic analysis to detect and classify malicious behaviors.
194
What is VirusTotal, and how is it used?
VirusTotal is an online sandbox where users can upload files or URLs for analysis to detect malicious behavior. It uses both static and dynamic analysis to identify threats.
195
What is Any.Run, and how does it function?
Any.Run is a sign-up service that allows users to upload files or hashes for dynamic analysis to detect malicious intent, providing a platform for examining suspicious files or URLs.
196
Why is it important to use multiple sandboxes like VirusTotal and Hybrid Analysis?
Using multiple sandboxes provides redundancy and cross-verification, ensuring that the analysis is thorough and reliable by comparing results from different sources.
197
What is Joe's Sandbox, and what makes it unique?
Joe's Sandbox offers an intuitive interface that allows users to choose the type of analysis they want to perform on different operating systems, making it easy to understand and use for both static and dynamic analysis.
198
Why is performing static and dynamic analysis important in software development?
Static and dynamic analysis are crucial for validating and securing code, ensuring that vulnerabilities are identified and addressed before the software is deployed or used in production.
199
What is Port Address Translation (PAT) and how does it work?
Port Address Translation (PAT) allows multiple internal devices to access the internet using a single public IP address. The internal devices’ IP addresses are hidden, and the router assigns unique port numbers to track sessions.
200
How does PAT differ from a forward proxy server?
While both PAT and a forward proxy hide internal IP addresses, a forward proxy can require user authentication and cache content. PAT operates at Layer 4 (Transport layer) of the OSI model, whereas forward proxies work at Layer 7 (Application layer).
201
What does the translation table in a PAT router do?
The translation table in a PAT router maps the private IP addresses and assigned port numbers of internal clients to the router’s single public IP address, allowing multiple clients to access the internet simultaneously.
202
What is the primary function of Network Address Translation (NAT)?
NAT allows internal services, such as a web server, to be reachable from the internet by mapping public IP addresses and ports to private internal IP addresses and ports, hiding the internal network from external clients.
203
How does NAT compare to a reverse proxy?
Both NAT and reverse proxies hide internal IP addresses, but a reverse proxy operates at Layer 7 of the OSI model and can perform tasks like URL inspection and authentication. NAT operates at Layer 4 and focuses on IP and port mapping.
204
In the context of PAT, what role do port numbers play?
In PAT, port numbers are crucial for distinguishing between different sessions from multiple internal devices using the same public IP address. The router uses these port numbers to correctly route responses back to the originating device.
205
What is a common misconception about PAT and NAT?
A common misconception is referring to PAT as NAT. While PAT is a specific type of NAT, it specifically involves translating multiple internal IPs to a single public IP using different ports, which is different from standard NAT.
206
How is PAT typically implemented in a home network?
In a home network, PAT is often implemented on a Wi-Fi router, allowing multiple devices (smartphones, laptops, etc.) to access the internet through a single public IP address provided by the router.
207
What happens if a PAT router fails to maintain its translation table?
If a PAT router fails to maintain its translation table, it would be unable to track which internal device is associated with which session, leading to potential loss of connectivity for devices trying to access the internet.
208
What is the difference between public and private IP addresses in the context of NAT?
Public IP addresses are accessible from the internet and are used by NAT devices to allow external clients to connect to internal services. Private IP addresses are used within the internal network and are hidden from the internet by the NAT device.
209
What is IPsec and what are its primary security objectives?
IPsec is a suite of network security protocols designed to provide confidentiality through encryption and integrity through hashing and authentication for network communications. It secures data by encrypting and verifying that messages have not been tampered with during transmission.
210
What is IPsec Tunnel Mode and when is it typically used?
IPsec Tunnel Mode encapsulates the entire original IP packet within a new packet with new headers, providing encryption and security for the entire original packet. It is typically used in site-to-site VPNs to securely connect branch offices over the internet by encrypting all traffic between the sites.
211
How does IPsec Transport Mode differ from Tunnel Mode, and what is its typical use case?
In IPsec Transport Mode, only the payload of the IP packet is encrypted and/or authenticated, while the original IP headers remain intact. This mode is typically used for end-to-end communication between two hosts on a local network, securing sensitive data without altering the packet's routing information.
212
What is the IPsec Authentication Header (AH) and what security service does it provide?
The IPsec Authentication Header (AH) provides data integrity and origin authentication for IP packets by applying a hashing algorithm (such as HMAC-MD5 or HMAC-SHA) to the entire packet. It ensures that the data has not been tampered with during transmission but does not provide confidentiality (encryption).
213
What is Encapsulating Security Payload (ESP) in IPsec, and what are its functions?
Encapsulating Security Payload (ESP) is an IPsec protocol that provides confidentiality by encrypting the packet's payload and also ensures integrity and authentication through hashing. ESP can be used in both Tunnel and Transport modes and encrypts the data portion of the packet to protect sensitive information during transmission.
214
What is SD-WAN?
Software-Defined Wide Area Networking; it optimizes and manages WAN connections using software.
215
How does SD-WAN differ from traditional WANs?
SD-WAN automates data routing with software, unlike manual traditional WANs.
216
What is SASE?
Secure Access Service Edge; combines SD-WAN with cloud-based security.
217
What are key features of SASE?
Firewall as a Service, Zero Trust Network Access, Secure Web Gateways.
218
Why is SASE an evolution in networking?
It combines flexible SD-WAN with strong, cloud-based security.
219
What benefits do SD-WAN and SASE offer?
Better control, visibility, security, and support for cloud migration.
220
How does SD-WAN improve network performance?
By routing data on the best paths based on real-time conditions.
221
What is ZTNA in SASE?
Zero Trust Network Access; ensures only authorized users access data.
222
Why is SASE important for cloud migration?
It provides scalable, secure networking for cloud environments.
223
What is "future-proofing" with SD-WAN and SASE?
Ensuring networks can adapt to future needs and threats.
224
What is a VPN?
A VPN is a secure, encrypted tunnel for communication over an untrusted network.
225
How can VPN authentication be enhanced?
By using multi-factor authentication like smart cards, PKI certificates, or hardware tokens.
226
What is L2TP and how does it relate to VPNs?
Layer 2 Tunneling Protocol (L2TP) creates a VPN tunnel, often paired with IPsec for encryption.
227
What are SSL/TLS VPNs?
Firewall-friendly VPNs using port 443, secured by TLS (not SSL).
228
What is a client-to-site VPN?
A VPN that connects an individual client device to a remote network via an encrypted tunnel.
229
What is "Always On" VPN?
A VPN that automatically establishes a tunnel when the device is powered on.
230
What is split tunneling in a VPN?
Split tunneling allows some traffic to go through the VPN, while other traffic uses the local network.
231
What is a site-to-site VPN?
A VPN that connects two networks (e.g., branch offices) through an encrypted tunnel, without requiring client software.
232
What happens if split tunneling is disabled?
All traffic goes through the VPN, allowing centralized control and monitoring.
233
How does client-to-site VPN differ from site-to-site VPN?
Client-to-site VPN needs client software; site-to-site VPN uses VPN appliances and routing without client software.
234
What is the purpose of an Intrusion Detection System (IDS)?
To monitor and detect suspicious activity on a network, alerting administrators to potential threats.
235
What is the difference between IDS and IPS?
IDS detects and alerts on suspicious activity, while IPS can actively prevent or block it.
236
Why is sensor placement important in IDS/IPS?
Proper placement ensures the sensor sees all relevant network traffic, avoiding blind spots.
237
What challenge does encrypted traffic pose for IDS/IPS?
Encrypted traffic may be hard to analyze, requiring decryption keys, which can impact performance.
238
What is signature-based IDS?
: It detects known attack patterns by matching network traffic against a database of signatures.
239
What is a Network Intrusion Detection System (NIDS)?
A NIDS monitors network traffic for suspicious activity at the network level.
240
What is Unified Threat Management (UTM)?
UTM is a comprehensive security solution that integrates multiple security functions, including firewall, IDS/IPS, and more.
241
What is Snort?
Snort is an open-source IDS/IPS tool that can detect network intrusions and trigger alerts.
242
How can false positives be minimized in IDS?
By fine-tuning the IDS configuration to the specific network environment.
243
Why might a network sensor need to decrypt traffic?
To inspect encrypted traffic for potential threats, although this may reduce performance.
244
