Cyber (Allot)

Question 1

What is a Network Firewall?

Answer 1

Is a system that can monitor and manage access from and to a network

Question 2

Types of firewall

Answer 2

1. On-premise
2. Cloud-based…easier to cover SIM-based devices connected outside offices

Question 3

How does Allot provide the firewall?

Answer 3

From the network (cloud-based), combined or not with threat and content filtering functionality

Question 4

Why is Allot providing network based firewall?

Answer 4

Increasing demand in SMB space…

1. Simplicity (for SMB through CSP)
2. Cost (on-premise ca.100€/month CS 10€/month network based )
3. Proliferation of IoT devices
4. Capex va SaaS model
5. Enhanced security and control (on top of threat and content management)
6. Strong differentiator…DNS can’t provide and Firewall vendors can’t scale with cost efficiency and simplicity

Question 5

What are the main SMB FW use cases?

Answer 5

1. Visibility…understanding what is happening in your NW, assisting with rule creation
2. Prevent inbound connections
3. Prevent unauthorized email communication
4. Prevent data leakage
5. Prevent use of VPNs
6. Deny at the end…supporting a zero-trust approach, deny unknown traffic

Question 6

How many protocols does Allot FW support right now?

Answer 6

30 with the option to define port-based TCP and UDP entries

Question 7

What does it mean zero-trust approach

Answer 7

Do not trust by default the unknown traffic

Question 8

Main differences between TCP and UDP?

Answer 8

TCP (Transmission Control Protocol) and UDP (User Datagram Protocol) are both transport layer protocols used for communication over networks.

TCP provides a reliable, connection-oriented communication, ensuring data integrity and delivery. It establishes a connection, handles data sequencing, and acknowledges received packets.

UDP, on the other hand, is a connectionless protocol that doesn’t guarantee delivery or order of packets. It’s often used for real-time applications like video streaming or online gaming, where speed is crucial, and some data loss is acceptable.

In summary, TCP is reliable and connection-oriented, while UDP is faster but provides less reliability and no connection setup.

Question 9

What is the SMB size Allot’s FW covers?

Answer 9

Up to 50 employees

Question 10

HTTP va HTTPS vs QUIC?

Answer 10

HTTP (Hypertext Transfer Protocol), HTTPS (Hypertext Transfer Protocol Secure), and QUIC (Quick UDP Internet Connections) are all network protocols used for communication, but they have distinct characteristics:

1. HTTP (Hypertext Transfer Protocol):
   
   • It is the foundation of data communication on the World Wide Web.
   • Operates over a reliable transport layer (usually TCP).
   • Data is sent in plain text, making it susceptible to interception and tampering.
2. HTTPS (Hypertext Transfer Protocol Secure):
   
   • It’s the secure version of HTTP.
   • Uses encryption, usually provided by TLS/SSL, to secure data transmission.
   • Uses port 443 for communication.
   • Protects against eavesdropping and tampering, ensuring a more secure connection.
3. QUIC (Quick UDP Internet Connections):
   
   • Developed by Google, QUIC is a transport layer protocol.
   • It operates over UDP (User Datagram Protocol) instead of TCP, reducing latency.
   • Combines features of both TCP and UDP, providing reliability like TCP and speed like UDP.
   • Aims to improve web page loading times and overall performance.

In summary, HTTP is the standard protocol for web communication, HTTPS adds a layer of security with encryption, and QUIC is a newer protocol designed for improved speed and performance by utilizing UDP.

Question 11

TRUE air FALSE

HS supports IPv6 only on control plane, not in user plane

Answer 11

FALSE, it does support both

Question 12

How many routers does HS platform support?

Answer 12

10million, 5 for threat management and 5 for analytics

Question 13

What is HS accuracy in device identification?

Answer 13

95%

Question 14

What does smart filtering on router consists on?

Answer 14

Downloading a whitelist the the router . An algorithm optimized RAM consumption at router and another one at backend controls the white lost to be updated? This allows 95%+ of the DNS consultations to skip backend , while the remaining it does but in paralélele to DNS so latency is minimum

Question 15

Which type of infra does Allot backend supports?

Answer 15

On premises, public and private cloud

Question 16

What is the selective steering for antivirus scanning at HS/BS?

Answer 16

Unique feature, steers traffic from router for antivirus scanning. Only unencrypted traffic suspicious of containing viruses

Question 17

What are the main differences between HS and BS?

Answer 17

• BS support multiple routers per account (branches or locations)
• BS supports multiple groups and instances and device assignation
• BS does not have parental control but content control

Question 18

What are the key attributes of Allot’s device identification?

Answer 18

Active scanning of devices for additional attributes - SNMP, Bonjour, UPnP

Cost optimization and caching

Question 19

Active scanning protocols supported by Allot HS/BS:

Answer 19

Active scanning of devices for additional attributes involves actively searching for information about devices on a network. SNMP (Simple Network Management Protocol), Bonjour, and UPnP (Universal Plug and Play) are protocols used for this purpose.

1. SNMP (Simple Network Management Protocol): It enables the monitoring and management of network devices. Active scanning using SNMP involves querying devices for information like system status, network performance, and other relevant details.
2. Bonjour: This is an Apple protocol that helps devices discover and connect to each other on a local network. Active scanning with Bonjour involves identifying devices and services available in the network.
3. UPnP (Universal Plug and Play): It’s a set of networking protocols that allows devices to discover each other’s presence on a network. Active scanning using UPnP involves identifying and interacting with devices that support this protocol.

In simple terms, active scanning with these protocols means actively looking for and collecting information about devices on a network to better understand their capabilities and status.

Question 20

What are the 3 pillars of Allot GDPR compliancy?

Answer 20

1. Privacy by design and data encryption
2. Right of access/ end users
3. Right to be forgotten/ for EMD users

Question 21

What is smishing?

Answer 21

the fraudulent practice of sending text messages purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords or credit card numbers.

Question 22

What is a vishing attack or TOAD?

Answer 22

type of scam in which criminals contact a potential victim over the phone pretending to be a company and try to convince them to share personal information.

TOAD = telephone-oriented attack delivery

Question 23

What is a BEC attack?

Answer 23

A Business Email Compromise attack

Question 24

What is SASE?

Answer 24

Certainly! SASE stands for “Secure Access Service Edge.” In simple terms, it’s a cybersecurity approach that combines network security with internet security. SASE aims to provide secure access to applications and data for users, regardless of their location.

Think of it like a virtual security perimeter that follows you wherever you go, ensuring that your connection to applications and data is always safe, whether you’re in the office, at home, or on the go.

Question 25

Explain these types of malware: crypto ransomware, lockers, scareware, doxware

Answer 25

Certainly! Here's a brief explanation of each type of malware: 1. **Crypto Ransomware:** - **Description:** This type of malware encrypts the files on a victim's computer or network, rendering them inaccessible. The attacker then demands a ransom (often in cryptocurrency) in exchange for providing the decryption key. - **Goal:** Financial gain by extorting money from the victim in return for restoring access to their files. 2. **Lockers:** - **Description:** Locker malware, or locker ransomware, locks the victim out of their entire system, denying access to files, applications, and sometimes the entire operating system. Unlike crypto ransomware, it doesn't encrypt files but rather restricts access to the entire system. - **Goal:** Similar to crypto ransomware, the primary aim is financial gain through ransom payments. 3. **Scareware:** - **Description:** Scareware tricks users into believing their computer is infected with malware or viruses, often through misleading pop-up messages or fake security alerts. It aims to scare users into purchasing fake or unnecessary antivirus or security software. - **Goal:** Deceptive financial gain by convincing users to buy fraudulent security solutions. 4. **Doxware:** - **Description:** Doxware, short for "document ware," threatens to publish sensitive or private information (documents, photos, etc.) unless the victim pays a ransom. It's a form of extortion that exploits the fear of personal or confidential data being exposed. - **Goal:** Coercive financial gain by threatening to disclose sensitive information. Each type of malware has its own method of operation and poses distinct threats to individuals and organizations, ranging from data encryption and system lockouts to psychological manipulation for financial gain.

Question 26

Where does PowerDNS get the threats info and categories for parental control and content protection from?

Answer 26

From Allot Threat DB and Categories DB

Question 27

TRUE or FALSE Allot DNSSecure do not do AV scanning

Answer 27

FALSE. With a HTTP Proxy it does therefore creating a differentiate advantage vs competition

Question 28

Explain eDNS vs DNS differences

Answer 28

eDNS, or encrypted DNS, is a secure version of the traditional DNS (Domain Name System). While DNS converts human-readable domain names into IP addresses, eDNS encrypts this communication to enhance privacy and security. It prevents unauthorized parties from monitoring or tampering with the data exchanged during the process, offering an extra layer of protection compared to regular DNS. eDNS is able to identify devices behind router, therefore enabling the possibility to apply different policies per device

Question 29

How does Power DNS gets the user info?

Answer 29

Two fold: 1) via radius (*) gets the IP address associated to that user 2( from ASM gets the user profile regarding security policies and setup (*) radius is used for fixed while mobile used other subs awareness protocols that are not supported right now?

Question 30

TRUE OR FALSE Allot proxy can filter both encrypted and unencrypted traffic

Answer 30

False…only unencrypted traffic

Question 31

What are the deployment option for DNS Secure?

Answer 31

1. Intelligent steering (Secure DNS deployed in parallel as an island)…all devices point to Power DNS server and then river sec subs from the rest. These last ones go to CSP DNS…might be too risky to have a single point of failure in the front end? 2. DNS Island …configuration to be implemented by CSP

Question 32

What is the limitation of quiet time func in DNS Secure?

Answer 32

It is limited to web search, any other internet traffic not going through DNS won’t be affected (e.g. WhatsApp)…same with proxy unless you put 100% traffic in-line)

Question 33

Limitation of DNS Secure for FBB environments…

Answer 33

Mian one is lack of ‘per device’ visibility

Question 34

What is DHCP?

Answer 34

DHCP stands for Dynamic Host Configuration Protocol. It is a network protocol used to automatically assign and manage IP addresses and other network configuration information to devices on a network. DHCP eliminates the need for administrators to manually assign IP addresses to each device, making it more efficient to manage and scale networks. When a device connects to a network, DHCP enables it to obtain an IP address, subnet mask, default gateway, and other configuration parameters dynamically from a DHCP server.

Question 35

What are the main DNS evolutions over the last years?

Answer 35

1. DoH (DNS over HTTPS) and DoT (DNS over TLS) 2. EDNS client subnet, used to tell CDNs where users are located …DNS over TLS (DoT) and DNS over HTTPS (DoH) are two encryption mechanisms for securing DNS (Domain Name System) traffic. DoT encrypts DNS queries and responses using Transport Layer Security (TLS), providing a secure channel between the user's device and the DNS resolver. DoH, on the other hand, encrypts DNS traffic by wrapping it in HTTPS. It uses the same protocol that secures web browsing, adding an additional layer of privacy to DNS requests. In simpler terms, both DoT and DoH protect your DNS queries from potential eavesdropping, enhancing the security and privacy of your internet activities.

Question 36

What is Oblivious DNS and main cons?

Answer 36

Oblivious DNS is a privacy-focused approach to domain name system (DNS) resolution. It aims to enhance user privacy by preventing third parties from monitoring or intercepting DNS queries. The system separates the information about who is making the request (end-user) from the content of the request, making it more difficult for eavesdroppers to link a user's identity to their DNS queries. Main cons in terms of scalability and performance ;latency)

Question 37

Allot competition

Answer 37

DNS - Akamai (Nominum), Infoblox, Whalebone, Cisco Router - Cujo, Plume, F-Secure, SAM firewall - Fortinet , PaloAlto EndPoint - Bitdefender, McAfee, Lookout