Lesson 7 Configuring SOHO Network Security

Question 1

What are the three properties of secure information?

Answer 1

• Confidentiality: means that certain information should only be known to certain people.
• Integrity: means that the data is stored and transferred as intended and that any modification is authorized.
• Availability: means that information is accessible to those authorized to view or modify it

Question 2

What is cybersecurity?

Answer 2

Protection of computer systems and digital information resources from unauthorized access, attack, theft, or data damage.

Question 3

What does shoulder surfing in cybersecurity mean?

Answer 3

Shoulder surfing is a social engineering tactic to obtain someone’s password or PIN by observing him or her as he or she types it in.

Question 4

What does tailgating mean in cybersecurity?

Answer 4

Tailgating is a means of entering a secure area without authorization by following closely behind the person who has been allowed to open the door or checkpoint.

Question 5

What does piggybacking mean in cybersecurity?

Answer 5

Piggybacking means that the attacker enters a secure area with an employee’s permission.

Question 6

What is spear phishing?

Answer 6

Email-based or web-based form of phishing which targets specific individuals.

Question 7

What is whaling?

Answer 7

An email-based or web-based form of phishing which targets senior executives or wealthy individuals.

Question 8

What is vishing?

Answer 8

Social engineering attack where the threat actor extracts information while speaking over the phone or leveraging IP-based voice messaging services (VoIP).

Question 9

What is an evil twin attack?

Answer 9

Wireless access point that deceives users into believing that it is a legitimate network access point.

Question 10

What is a footprinting threat?

Answer 10

Footprinting is a phase in an attack or penetration test in which the attacker or tester gathers information about the target before attacking it. It is an information-gathering threat in which the attacker attempts to learn about the configuration of the network and security systems.

Question 11

What is an on-path attack?

Answer 11

An on-path attach is where the threat actor makes an independent connection between two victims and is able to read and possibly modify traffic. It is a specific type of spoofing where the threat actor can covertly intercept traffic between two hosts or networks. An example is an evil twin attack.

Question 12

What is a DoS attack?

Answer 12

Denial of Service attack is any type of physical, application, or network attack that affects the availability of a managed resources. A DoS attack tries to overload a service by bombarding it with spoofed requests.

Question 13

What is a DDoS?

Answer 13

Distributed denial of service is an attack that uses multiple compromised hosts (a botnet) to overwhelm a service with request or response traffic.

Question 14

What is a botnet?

Answer 14

A botnet is a group of hosts or devices that have been infected by a control program called a bot that enables attackers to exploit the hosts to mount attacks.

Question 15

What is a dictionary password attack?

Answer 15

Dictionary is a type of password attack that compares encrypted passwords against a predetermined list of possible password values.

Question 16

What is a brute force attack?

Answer 16

Brute force is a type of password attack where an attacker uses an application to exhaustively try every possible alphanumeric combination to crack encrypted passwords.

Question 17

What is an XSS attack?

Answer 17

A cross-site scripting (XSS) attack is malicious script hosted on the attacker’s site or coded in a link injected onto a trusted site designed to compromise clients browsing the trusted site, circumventing the browser’s security model of trusted zone.

Question 18

What is a SQL injection attack?

Answer 18

A SQL injection attack is an attack that injects a database query into the input data directly at a server by accessing the client side of the application.

Question 19

What is a hash?

Answer 19

A hash is a short representation of data. A hash function takes any amount of data as input and produces a fixed-length value as output.

Question 20

What is a cryptographic hash?

Answer 20

A cryptographic hash performs the hash process as a one-way function that makes it impossible to recover the original value from the hash. Cryptographic hashes are used for secure storage of data where the original meaning does not have to be recovered (ie passwords).

Question 21

What are the two most used cryptographic hash algorithms?

Answer 21

• Secure Hash Algorithm (SHA)
  -Message Digest (MD5) - older and getting phased out

Question 22

What is a symmetric encryption?

Answer 22

A symmetric encryption is a two-way encryption scheme in which encryption and decryption are both performed by the same key. Aka shared-key encryption.

Question 23

What is asymmetric encryption cipher?

Answer 23

Asymmetric encryption is a cipher that uses public and private keys. The keys are mathematically linked, using either Rivel, Shamir, Adleman (RSA) or elliptic curve cryptography (ECC) alogrithims, but the private key is not derivable from the public one. An asymmetric key cannot reverse the operation it performs, so the public key cannot decrypt what it has encrypted.

Question 24

What is a digital signature?

Answer 24

A digital signature is a message digest encrypted using the sender’s private key that is appended to a message to authenticate the sender and prove message integrity. It proves that a message or digital certificate has not been altered or spoofed.

Question 25

What is key exchange?

Answer 25

Key exchange is any method by which cryptographic keys are transferred among users, thus enabling the use of a cryptographic algorithm.

Question 26

Confidentiality and integrity are two important properties of information stored in a secure retrieval system. What is the third property?

Answer 26

Availability—information that is inaccessible is not of much use to authorized users. For example, a secure system must protect against denial of service (DoS) attacks.

Question 27

True or false? The level of risk from zero-day attacks is only significant with respect to EOL systems.

Answer 27

False. A zero-day is a vulnerability that is unknown to the product vendor and means that no patch is available to mitigate it. This can affect currently supported as well as unsupported end-of-life (EOL) systems. The main difference is that there is a good chance of a patch being developed if the system is still supported, but almost no chance if it is EOL.

Question 28

A threat actor crafts an email addressed to a senior support technician inviting him to register for free football coaching advice. The website contains password-stealing malware. What is the name of this type of attack?

Answer 28

A phishing attack tries to make users authenticate with a fake resource, such as a website. Phishing emails are often sent in mass as spam. This is a variant of phishing called spear phishing because it is specifically targeted at a single person, using personal information known about the subject (his or her football-coaching volunteer work).

Question 29

You are assisting with the development of end-user security awareness documentation. What is the difference between tailgating and shoulder surfing?

Answer 29

Tailgating means following someone else through a door or gateway to enter premises without authorization. Shoulder surfing means covertly observing someone type a PIN or password or other confidential data.

Question 30

You discover that a threat actor has been able to harvest credentials from some visitors connecting to the company’s wireless network from the lobby. The visitors had connected to a network named “Internet” and were presented with a web page requesting an email address and password to enable guest access. The company’s access point had been disconnected from the cabled network. What type of attack has been perpetrated?

Answer 30

This is an evil twin attack where the threat actor uses social engineering techniques to persuade users to connect to an access point that spoofs a legitimate guest network service.

Question 31

A threat actor recovers some documents via dumpster diving and learns that the system policy causes passwords to be configured with a random mix of different characters that are only five characters in length. To what type of password cracking attack is this vulnerable?

Answer 31

Brute force attacks are effective against short passwords. Dictionary attacks depend on users choosing ordinary words or phrases in a password.

Question 32

What type of cryptographic key is delivered in a digital certificate?

Answer 32

A digital certificate is a wrapper for a subject's public key. The public and private keys in an asymmetric cipher are paired. If one key is used to encrypt a message, only the other key can then decrypt it.

Question 33

What is WPA?

Answer 33

Wi-Fi Protected Access is the standards for authenticating and encryption access to Wi-Fi networks.

Question 34

What is TKIP?

Answer 34

Temporal Key Integrity Protocol is a mechanism used in the first version of WPA to improve the security of wireless encryption mechanisms, compared to the flawed WEP (wired equivalent privacy) standard.

Question 35

What is the Advanced Encryption Standard (AES)?

Answer 35

Symmetric 128-, 192-, or 256-bit block cipher used for bulk encryption in modern security standards, such as WPA2, WPA3, and TLS.

Question 36

What is CCMP?

Answer 36

Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP) is an encryption protocol used for wireless LANs that addresses the vulnerabilities of the WEP protocol.

Question 37

What is SAE?

Answer 37

Simultaneous authentication of equals (SAE) is a personal authentication mechanism for Wi-Fi networks introduced with WPA3 to address vulnerabilities in the WPA-PSK method.

Question 38

What is a PSK?

Answer 38

Pre-shared key is a wireless netowrk authentication mode where a passphrase-based mechanism is used to allow group authentication to a wireless network. The passphrase is used to derive an encryption key.

Question 39

What is EAP?

Answer 39

Extensible Authentication Protocol is a framework for negotiating authentication methods that enables systems to use hardware-based, identifiers, like fingerprint scanners or smart card readers, for authentication, and establish secure tunnels through which to submit credentials. EAP allows the use of different mechanisms to authenticate against a network directory.

Question 40

What is RADIUS?

Answer 40

Remote Authentication Dial-in User Service (RADIUS) is AAA protocol used to manage remote and wireless authentication infrastructures.

Question 41

What is TACACS+?

Answer 41

Terminal Access Controller Access Control System Plus (TACACS+) is an AAA protocol developed by Cisco that is often used to authenticate to administrator accounts for network appliance management.

Question 42

What is Kerberos?

Answer 42

Kerberos is a single sign-on authentication and authorization service that is based on a time-sensitive, ticket-granting system.

Question 43

True or false. TKIP represents the best available wireless encryption and should be configured in place of AES if supported.

Answer 43

False. Advanced Encryption Standard (AES) provides stronger encryption and is enabled by selecting Wi-Fi Protected Access (WPA) version 2 with AES/CCMP or WPA3 encryption mode. The Temporal Key Integrity Protocol (TKIP) attempts to fix problems with the older RC4 cipher used by the first version of WPA. TKIP and WPA1 are now deprecated.

Question 44

True or false? WPA3 personal mode is configured by selecting a passphrase shared between all users who are permitted to connect to the network.

Answer 44

True. WPA3-Personal uses group authentication via a shared passphrase. The simultaneous authentication of equals (SAE) mechanism by which this passphrase is used to generate network encryption keys is improved compared to the older WPA2 protocol, however.

Question 45

What two factors must a user present to authenticate to a wireless network secured using EAP-TLS?

Answer 45

Extensible Authentication Protocol (EAP) allows for different types of mechanisms and credentials. The Transport Layer Security (TLS) method uses digital certificates installed on both the server and the wireless station. The station must use its private key and its certificate to perform a handshake with the server. This is one factor. The user must authenticate to the device to allow use of this private key. This device authentication—via a password, PIN, or bio gesture—is the second factor.

Question 46

In AAA architecture, what type of device might a RADIUS client be?

Answer 46

AAA refers to Authentication, Authorization, and Accounting and the Remote Access Dial-in User Service (RADIUS) protocol is one way of implementing this architecture. The RADIUS server is positioned on the internal network and processes authentication and authorization requests. The RADIUS client is the access point, and it must be configured with the IP address of the server plus a shared secret passphrase. The access point forwards authentication traffic between the end-user device (a supplicant) and the RADIUS server but cannot inspect the traffic.

Question 47

What is SSID?

Answer 47

Service Set ID (SSID) is a simple, case-sensitive name by which users identify the WLAN

Question 48

What is content filtering?

Answer 48

Content filtering is a security measure performed on email and Internet traffic to identify and block suspicious, malicious and/or inappropriate content in accordance with an organization's policies.

Question 49

What is port forwarding?

Answer 49

Port forwarding is the process in which a router takes requests from the Internet for a particular application (such as HTTP) and sends them to a designated host on the LAN.

Question 50

What is port mapping?

Answer 50

Port mapping is a type of port forwarding where the external port is forwarded to a different internal port on the LAN host

Question 51

What is port triggering?

Answer 51

Port triggering is a mechanism to configure access through a firewall for applications that require more than one port. Basically, when the firewall detects activity on outbound port A destined for a given external IP address, it opens inbound access for the external IP address on port B for a set period.

Question 52

What is UPnP?

Answer 52

Universal Plug-and-Play (UPnP) is a protocol framework allowing network devices to autoconfigure services, such as allowing a games console to request appropriate settings from a firewall

Question 53

What is a screened subnet?

Answer 53

Screened subnet is a segment isolated from the rest of a private network by one or more firewalls that accepts connections from the Internet over designated ports. A screened subnet can also be referred to by the deprecated terminology demilitarized zone (DMZ).

Question 54

What does DMZ mean for many home router vendors?

Answer 54

DMZ configuration is likely to refer to a computer on the LAN that is configured to receive communications for any ports that have not been forwarded to other hosts. When DMZ is used in this sense, it means "not protected by the firewall" as the host is fully accessible to other Internet hosts (though it could be installed with a host firewall instead).

Question 55

You have selected a secure location for a new home router, changed the default password, and verified the WAN IP address and Internet link. What next step should you perform before configuring wireless settings?

Answer 55

Check for a firmware update. Using the latest firmware is important to mitigate risks from software vulnerabilities.

Question 56

You are reviewing a secure deployment checklist for home router wireless configuration. Following the CompTIA A+ objectives, what additional setting should be considered along with the following four settings? - Changing the service set identifier (SSID) - Disabling SSID broadcast - Encryption settings - Changing channels

Answer 56

Disabling guest access. It might be appropriate to allow a guest network depending on the circumstances, but the general principle is that services and access methods that are not required should be disabled.

Question 57

You are assisting a user with setting up Internet access to a web server on a home network. You want to configure a DHCP reservation to set the web server’s IP address, allow external clients to connect to the secure port TCP/443, but configure the web server to listen on port TCP/8080. Is this configuration possible on a typical home router?

Answer 57

Yes. You need to configure a port-mapping rule so that the router takes requests arriving at its WAN IP for TCP/443 and forwards them to the server’s IP address on TCP/8080. Using a known IP address for the server by configuring a Dynamic Host Configuration Protocol (DHCP) reservation simplifies this configuration. The home router’s DHCP server must be configured with the media access control (MAC) address or hardware identifier of the web server.

Question 58

A different user wants to configure a multiplayer game server by using the DMZ feature of the router. Is this the best configuration option?

Answer 58

Probably not. Using a home router’s “demilitarized zone” or DMZ host option forwards traffic for all ports not covered by specific port-forwarding rules to the host. It is possible to achieve a secure configuration with this option by blocking unauthorized ports and protecting the host using a personal firewall, but using specific port-forwarding/mapping rules is better practice. The most secure solution is to isolate the game server in a screened subnet so that is separated from other LAN hosts, but this typically requires multiple router/firewalls.

Question 59

What are bollards?

Answer 59

Bollards are sturdy vertical post installed to control road traffic or designed to prevent ram-raiding and vehicle-ramming attacks.

Question 60

What is access control vestibule?

Answer 60

Access control vestibule is a secure entry system with two gateways, only one of which is open at any one time.

Question 61

What is a magnetometer?

Answer 61

A magnetometer is a hand-held or walkthrough metal detector designed to detect concealed weapons.

Question 62

You are assisting with the design of a new campus building for a multinational firm. On the recommendation of a security consultant, the architect has added closely spaced sculpted stone posts with reinforced steel cores that surround the area between the building entrance and the street. At the most recent client meeting, the building owner has queried the cost of these. Can you explain their purpose?

Answer 62

These bollards are designed to prevent vehicles from crashing into the building lobby as part of a terrorist or criminal attack. The security consultant should only recommend the control if the risk of this type of attack justifies the expense.

Question 63

Katie works in a high-security government facility. When she comes to work in the morning, she places her hand on a scanning device installed at a turnstile in the building lobby. The scanner reads her palmprint and compares it to a master record of her palmprint in a database to verify her identity. What type of security control is this?

Answer 63

Biometric authentication deployed as part of a building's entry-control system. 

Question 64

The building will house a number of servers contained within a secure room and network racks. You have recommended that the provisioning requirement includes key-operated chassis faceplates. What threats will this mitigate?

Answer 64

A lockable faceplate controls who can access the power button, external ports, and internal components. This mitigates the risk of someone gaining access to the server room via social engineering. It also mitigates risks from insider threat by rogue administrators, though to a lesser extent (each request for a chassis key would need to be approved and logged).