Module 7

Question 1

Firewalls - Fw

Answer 1

filter (permits or denies) traffic based on a set of criteria. Attempts to control in/out traffic with set rules for inbound & outbound connections. Physical hardware firewalls are at the edge of the network. Host-based firewalls are computer-based software.

Question 2

Network Firewall - NF

Answer 2

can usually be routers (firewall feature can be enabled) or can also be an in-line filter. Capable of NAT. Dedicated firewalls can provide multiple features such as firewalls, VPN services, anti-malware, & content filters aka Unified Threat Management (UTM).

Question 3

Stateless Fw

Answer 3

employs only ACL 2 control inbound & outbound traffic.

Question 4

Stateful Fw

Answer 4

keeps track of connections & allows return traffic as long as it was generated inside the network 1st.

Question 5

Deep-Packet Inspection-DPI aka packet sniffer

Answer 5

an advanced method of examining and managing network traffic. Inspects in detail the data packets and may take actions such as alerting, blocking, re-routing, or logging it accordingly (network-based anti-malware). AKA Application-Aware firewall (AAF) or Context-Aware firewall (CAF).

Question 6

Virtual Private Network - VPN

Answer 6

provides a private network connection between 2 endpoints.

Question 7

VPN concentrator

Answer 7

a device dedicated 2 handling large amounts of VPN connections. A firewall can perform as a VPN concentrator.

Question 8

Point-To-Point Tunneling Protocol (PPTP) -

Answer 8

uses PPP 4 authentication & modified GRL 4 tunnel. It is absolute & insecure don’t use it.

Question 9

Generic Routing Encapsulation GRE Tunnel

Answer 9

used w/ router to create a generic tunnel & in combination w/ IPSec to create an encrypted VPN tunnel. Used a lot w/ other protocols.

Question 10

Internet Protocol Security - IPSec

Answer 10

provides a method 4 authentication & negotiation of crypto keys. Uses Internet Key Exchange (IKE) to negotiate the key & (ISAKMP) 4 internet key exchange.

Question 11

IPsec algorithms

Answer 11

Authentication Algorithms: HMAC-MD5, HAMC-SHA-1.

Encryption Algorithms: DES, 3DES, Blowfish, AES

Question 12

Secure Socket Layer - SSL VPN

Answer 12

uses SSL 2 establish VPN connections, 4 hosts, 2 site VPNs a web browser can be used & easier.

Question 13

Demilitarized Zone (DMZ)

Answer 13

is a private network that sits b/w a private LAN & the public internet. Used 2 expose web-server & other services 2 the internet w/o exposing private LAN. If a machine on the DMZ is compromised by an attacker, they won’t have access 2 the private LAN. Done 4 security reasons to not open port 80 inside the LAN.

Question 14

Honeypot

Answer 14

a host that is fully/partially exposed 2 the internet 2 invite attack while monitoring & collecting info.

Question 15

Honeynet

Answer 15

a network replica with live production & has weak security to invite attacks 4 monitoring purposes.

Question 16

Testing Lab

Answer 16

important to have a testing environment separate from the production network. Test patches, updates, new/different hardware/software, fix complex problems, & training.

Question 17

Malware

Answer 17

software written specifically 2 harm & infect a host system. Such as viruses, worms, trojans horses, spyware, adware, ransomware, etc.

Question 18

Compromised System

Answer 18

a host, server, network node, or other computing systems that has been infected w/ malware or attacked & exploited. Such compromised systems will give themselves up by generating strange & unexplainable traffic.

Question 19

Denial of Service - DoS

Answer 19

it is a coordinated attack that floods the target w/ traffic. Sometimes done by an attacker, botnet, or zombie computers controlled by one user.

Question 20

Distributed DoS - DDoS

Answer 20

the attack occurs when multiple systems flood the bandwidth or resources of a targeted system, usually one or more web servers. Also makes it difficult to distinguish legitimate vs fake traffic.

Question 21

Smurf Attack

Answer 21

flood traffic via a “spoofed ICMP”. The attacker sends an IP-directed broadcast ping 2 a large network with a spoofed (changed) IP source of the target victim then the ICMP replies go to the target causing a DDoS.

Question 22

VLAN- Hopping

Answer 22

a malicious user on 1 VLAN gains access 2 traffic on another VLAN that shouldn’t have access 2. This malicious user either acts as a trunking switch (Sw spoofing) or double tags its frames w/ 2 VLANs. Can also exploit VOICE & Data VLANs.

Question 23

Man-in-the-middle - MITM

Answer 23

the attacker causes traffic b/w 2 endpoints to go through the attacker. Allows an attacker to intercept & manipulate the data. Can be done on a local private LAN or public internet. Many different types of MITMs.

Question 24

ARP Poisoning

Answer 24

a malicious user poisons the ARP cache of devices communicating w/ each other so that the L2 frames will be redirected to a machine, (used 2 intercept communication). A type of MITM attack.

Question 25

Session Hijacking

Answer 25

a malicious user intercepts the authentication cookies 4 an insecure (HTTP port 80) web session & gains access. Such methods are an attacker being in the same broadcast traffic as target, cross-side scripting, & browser jacking malware. A type of MITM attack.

Question 26

Brute Force Attack

Answer 26

an attacker uses cracking software, dictionary/ other username & password lists w/ hope of getting correct credentials.

Question 27

Social Engineering

Answer 27

an attacker tricks people & uses their trust to gain access to the system & critical or private information such as username, password, account #s, IP @, etc.... Ex Phishing, spear phishing, tailgating, dumpster diving, etc...

Question 28

Vulnerabilities

Answer 28

1. Unnecessary programs & services running on a machine. 2. Open TCP/UDP ports. 3. Old & Unpatched systems. 4. Cleartext credentials & unencrypted channels 5. Unsecure protocols. 6. Radio Frequency Emanations RFE/EMR - use TEMPEST (Telecommunications Electronics Materials Protected from Emanating Spurious Transmissions)

Question 29

Ransomware

Answer 29

the attack uses a form of malware that encrypts all files on the device holding them hostage 4 a ransom. To avoid/prevent have backups, use firewall, anti-malware, & train users.

Question 30

Phishing

Answer 30

attacker uses electronic communication (emails) 2 obtain sensitive info such as username & passwords, bank info, etc. Emails are disguised to look legitimate but are an attempt to click on fake links. Can be identified by misspelled words, strange URLs, & ask for sensitive info.

Question 31

Deauthentication

Answer 31

attacker deauthenticate (logs out) a user. Makes the user reconnect to a fake/evil twin access point (AP). Can sniff see WPA 4 way handshake, hijack wifi connection, & can mount MITM or brute force attack.

Question 32

Insider Threat

Answer 32

a malicious employee/trusted person gaining access to the network to cause harm or steal data. To identify such person be vigilant if they are entering restricted sections, downloading data, & setting IP logic bomb.

Question 33

Logic bomb

Answer 33

a malicious code that sets off a malicious function when certain conditions are met. Such conditions can be set times, a certain action, or a condition is met.

Question 34

Network Access Control - NAC

Answer 34

is the act of keeping unauthorized users and devices out of a private network. Effective NAC restricts access to devices that are authorized (nodes & MAC @) and compliant w/ security policies, meaning they have all the required security patches and anti-intrusion software.

Question 35

Anti-Malware Software

Answer 35

software used to protect/enhance security on an endpoint.

Question 36

Host-based Anti-malware

Answer 36

is an anti-malware installed directly on the computer. Signature must be updated constantly. Large org. require an anti-malware server to track, punch, & manage updates.

Question 37

Cloud-Server Anti-malware

Answer 37

centralized anti-malware services that run on the cloud as software. Inbound & outbound communications requests are examined. Easy to manage & sometimes requires no additional software.

Question 38

Network-Based Anti-malware

Answer 38

runs on firewalls or other nodes that process internet traffic such as proxy servers. All traffic coming through is examined & uses signature to identify malware. No additional software needed.

Question 39

ARP Inspection

Answer 39

w/ dynamic ARP inspection (DAI) turned on, switches can intercepts all ARP requests & replies & determine the validity of the IP-2-MAC binding. Drops invalid & spoofed ARP packets. Prevent some MITM & ARP poisoning/spoofing.

Question 40

DHCP Snooping

Answer 40

identifies trusted DHCP server. Acts like a DHCP firewall b/w server & hosts. Filters all abnormal/invalid DHCP traffic.

Question 41

MAC Address Filtering

Answer 41

switch keeps a list of MAC @/s to permit or deny access.

Question 42

VLANs

Answer 42

allow us to segment the network into small parts & apply security 2 each VLAN separately. We can also permit VLANs to talk to each other & restrict network access w/ VLAN ACLs.

Question 43

Secure Protocols

Answer 43

SSH, SNMPv3, SFTP, HTTPS, & IPSec

Question 44

802.1x/EAP

Answer 44

a protocol used to authenticate a user. A user will be blocked until allowed access.

Question 45

PPP-PAP, CHAP, MS-CHAP

Answer 45

username/password authentication for remote server access & VPN.

Question 46

Kerberos

Answer 46

a centralized authentication system. Used w/ windows domain client authentication and secure any service requests.

Question 47

Single Sign-On - SSO

Answer 47

allows access to multiple systems/apps w/ a single set of credentials. Uses lightweight Directory Access Protocol (LDAP).

Question 48

Multifactor Authentication

Answer 48

aside from entering a username & password, you use a 2nd app/service to authenticate. Such as PIN, biometrics, physical token, & mobile phone.

Question 49

Intrusion Detection System

Answer 49

is a device or software application that detects/monitors a network or systems for malicious activity or policy violations. Sends alerts of any intrusion/attacker. 2 types Host-based IDS (HIDS) & Network-based IDS (NIDS)

Question 50

Intrusion Prevention System

Answer 50

same as an IDS but prevents/blocks any intrusion/attacker.

Question 51

Wireless Acces Point - WAP

Answer 51

an AP that provides connection to the network. In SOHO device is combined (AP, Switch, & Router).

Question 52

Infrastructure Mode

Answer 52

devices communicate through a WAP 2 access main LAN (traditionally Wi-Fi).

Question 53

Ad Hoc Mode

Answer 53

devices connect directly via Wi-Fi w/o using a WAP of any kind.

Question 54

Service Set Identifier (SSID)

Answer 54

is the wireless network name. Basic SSID (single WAP & SSID). Extended SSID multiple WAPs in the same SSID & clients can roam b/w WAPs.

Question 55

Lightweight Access Point Protocol - LWAPP

Answer 55

allows 4 control of multiple WAPs via a centralized wireless controller (WC) server. APs pull config from WC.

Question 56

Control & Provision of WAP - CAPWAP

Answer 56

based on LWAPP + additional security.

Question 57

Frequency bands & channels

Answer 57

Industrial, Scientific Medicals (ISM) bands (2.4 & 5GHz). Frequency channels are 1-14 in US we use 1-11 since channels can overlap for best practice we use 1, 6, & 11.

Question 58

802.11 Standards

Answer 58

wireless standards 802.11 a, b, g 4 (2.4GHz) & 802.11 n, ac (5GHz).

Question 59

Wired vs Wireless

Answer 59

wired is best used especially for important infrastructure devices like servers. Wireless has higher latency & it is 1/2 duplex.

Question 60

Wireless Spectrum Analyzer - Tool

Answer 60

a tool that scans for the following: 1. Broadcasting SSIDs. 2. Channels used. 3. Dead Spots. 4. Interferences ( microwaves, cordless phones, etc.) 5. Software + hardware 6. Frequency Bands 7. Channel Saturation.

Question 61

Wireless Survey Tool

Answer 61

a tool that provides info on: 1. Heatmap. 2. Planning. 3. Verification. 4. Reporting. 5. Can include spectrum analyzer tool.

Question 62

AP Placement

Answer 62

coverage b/w AP's should overlap to provide coverage. Overlap areas should not use same channel/frequency. Remember Honeycomb method.

Question 63

Wired Equivalent Policy - WEP

Answer 63

uses 4 different keys w/ RCS encryption however it has inherent security flaws making it easy to crack.

Question 64

Wi-Fi Protected Access - WPA

Answer 64

uses protocols Temporal Key Integrity Protocol (TKIP & Pre-shared Key (PSK). Can be cracked especially if an 8 character password is used.

Question 65

WPA2

Answer 65

strongest wireless encryption standard. Uses Advanced Encryption Standard (AES) same as WPA but no TKIP.

Question 66

Basic WLAN Threats

Answer 66

are software utilities 2 cracking attacks to WEP, WPA, & WPS. Such as WEP key, WPA PSK, & Wireless Protected Setup (WEP) cracks.

Question 67

Rogue AP

Answer 67

an evil twin AP or an AP not properly configured.

Question 68

Disable SSID Broadcast - Security Measure

Answer 68

prevent SSID from showing but does not prevent the network from being found nothing can.

Question 69

MAC Filtering

Answer 69

create a list of permitted or denied MAC @, manual updates, good for a small # of devices.

Question 70

Client Isolation

Answer 70

modern APs that can create an isolated network b/w host & AP. Public wireless SSID is a single broadcast domain & only connected hosts can see or hear other hosts.

Question 71

Network Authentication

Answer 71

verifies the user’s identification to a network service to which the user tries to gain access. Adds 2 the regular PSK ( 802.1c w/ EAP, RADIUS, LDAP, etc)

Question 72

Unified Communications - UC

Answer 72

are enterprise communication services such as: 1. Voice & Voicemail 2. Video Conferencing 3. Real-Time video/voice 4. Presence 5. Messaging/chat

Question 73

UC components

Answer 73

1. UC Devices (phone) 2. UC Server (phone server) 3. UC gateway (router)

Question 74

Medianet

Answer 74

end-2-end network architecture that is media-ware & delivers the best security, performance, & QoS 4 voice, video, & data.

Question 75

Signaling protocols

Answer 75

Session Initiation Protocol (SIP) sends signal 2 start a phone call & Media Gateway Control Protocol (MGCP) same as SIP bit cisco owned.

Question 76

Real-Time Transport Protocol - RTP

Answer 76

contains voice/video & take it from point A 2 B. Use sPorts 5004 & 5005, Audio (16384-32767), & video (49152 -65535)

Question 77

Codecs

Answer 77

are uadio & video codeds. Audio (G.711 & 729) video (G.263 & 264).

Question 78

Quality of Service - QoS

Answer 78

allows for prioritization of traffic mainly real-time (voice & video traffic). Done during congestion times & uses QoS tags to mark packets or frames 2 classify & apply QoS controls.

Question 79

QoS Tags

Answer 79

Differentiated Service code Pint (DCSP) L3 tagging of packets in 8-bits. Class of Service (CoS) L2 tagging of frames in 13-bits.

Question 80

Traffic Shaping

Answer 80

Qos terminology 4 defining the amount of network bandwidth available 4 different apps & protocols use.

Question 81

Voice over IP - VoIP

Answer 81

is a method and group of technologies for delivering voice communications and multimedia sessions over IP networks.

Question 82

Voice LAN - VLAN

Answer 82

a LAN dedicated for voice aka auxiliary VLAN (AUXVLAN). IP phone tags VLAN onto phone traffic, forwards computer traffic untagged, & uses CDP & LLDP to learn VLAN info from switch.

Question 83

Virtualization

Answer 83

uses a single physical machine hardware 2 run multiple virtual machines (VM) within it.

Question 84

Hypervisor - Type 1

Answer 84

Based metal hypervisor installed on the physical hardware. Such hypervisors are VMWare, VSphere/ESXi, Microsoft HyperV, & Citrix XenServer.

Question 85

Hypervisor - Type 2

Answer 85

hosted hypervisor installed on a host OS. Such hypervisors are VMWare workstation/Fusion, Oracle VirtualBox, & Parallels (Mac).

Question 86

Virtualized Networking

Answer 86

a physical Switch w/ type 1 hypervisor. Has virtual switch, NIC, router, & firewall.

Question 87

Server Virtualization

Answer 87

consolidation of a server into less hardware. A physical 2 virtual migration (P2V).

Question 88

Virtual Desktop Infrastructure - VDI

Answer 88

virtualization of desktop/OS that sit in a data center endpoint as thin clients access their VM via the network. It is easy 2 manage/backup, higher security, saves costs.

Question 89

Data Center (DC) & Cloud

Answer 89

DC allows the ability 2 run more services & software in a smaller footprint. Cloud allows access to services & resources & only pays for what it uses.

Question 90

Infrastructure as a Service - IaaS

Answer 90

a completely hosted infrastructure in the cloud that provides access 2 networking features, computing hardware 4 desktops, storage space, & internet access as a service (pay as you use). IAAS provider takes care of maintenance. Such providers are AWS, Azure, Google, & Rackspace Open cloud.

Question 91

Software as a Service - SaaS

Answer 91

hosted software solutions & services that are normally licensed subscription-based. Some can be free like Gmail money is made through Ads. Ex. Google Apps, Microsoft O365, Dropbox, & Salesforce, etc.

Question 92

Platform as a Service - PaaS

Answer 92

everything needed for setting up web application in the cloud is provided as a hosted service. Allows software companies/developers to build applications w/o having to worry about anything else.

Question 93

Public Cloud

Answer 93

everything needed 2 runs on the network is fully deployed in the cloud over the internet.

Question 94

Private Cloud

Answer 94

an "on presence" cloud where virtualization tech, server & apps are deployed on-premise on DC.

Question 95

Hybrid Cloud

Answer 95

both public & private clouds but only true if both are connected via VPN sharing resources.

Question 96

Community Cloud

Answer 96

entire infrastructure us shared b/w multiple organizations. Can be hosted publicly, privately, & or hybrid. Costs are shared among the community organizations.

Question 97

Network Storage

Answer 97

provides a centralized data repository 4 all computers on a LAN. Has redundancy/ RAID 2 prevent data loss. 2 types of network storage NAS & SAN.

Question 98

Network Attached Storage - NAS

Answer 98

a network storage hardware attached directly 2 the LAN. Used more on small/home networks and cost-effective.

Question 99

Storage Area Network - SAN

Answer 99

provides dedicated high-speed network b/w high-end server architecture & an array of block-level data storage.

Question 100

Internet Small Computer System Interface - iSCSI

Answer 100

an IP-based storage networking standard for linking data storage facilities. Provides block-level access to storage devices by carrying SCSI commands over a TCP/IP network.

Question 101

Fibre Channel

Answer 101

storage network technology that runs as data speed up to 128 Gbps.

Question 102

Fibre Channel over Ethernet - FCoE

Answer 102

a storage network protocol that encapsulates Fibre Channel frames over Ethernet networks. Uses 10Gbps network while preserving network protocol.

Question 103

Jumbo Frames

Answer 103

are Ethernet frames >1500 bytes of payload, the limit set by the IEEE 802.3 standard. Commonly, jumbo frames can carry up to 9000 bytes of payload, but smaller & larger variations exist and some care must be taken using them.