Network Security (4.1, 4.3 & 4.5)

Question 1

Network Security Fundamentals

Answer 1

▪ Networks are increasingly dependent on interconnecting with other
networks
▪ Risks exist not just on the untrusted Internet, but also inside our own
organization’s networks and must be minimized or eliminated
▪ Understanding the various threats facing our networks is important in
order to best defend the network against the onslaught of cyber-attacks
they are constantly facing

Question 2

Network Security Goals

Answer 2

▪ Commonly called the CIA Triad
● Confidentiality
● Integrity
● Availability

Question 3

Confidentiality

Answer 3

▪ Keeping the data private and safe
● Encryption
● Authentication to access resources
▪ Encryption ensures that data can only be read (decoded) by the intended
recipient
● Symmetric encryption
● Asymmetric encryption

Question 4

Symmetric Encryption (Confidentiality)

Answer 4

▪ Both sender and receiver use the same key
▪ DES (Data Encryption Standard)
● Developed in the mid-1970s
● 56-bit key
● Used by SNMPv3
● Considered weak today
▪ 3DES (Triple DES)
● Uses three 56-bit keys (168-bit total)
● Encrypt, decrypt, encrypt
▪ AES (Advanced Encryption Standard)
● Preferred symmetric encryption standard
● Used by WPA2
● Available in 128-bit, 192-bit, and 256-bit keys
▪ Sender and receiver use the same key to encrypt and decrypt the
messages

Question 5

Asymmetric Encryption (Confidentiality)

Answer 5

▪ Uses different keys for sender and receiver
▪ RSA is the most popular implementation
▪ RSA algorithm is commonly used with a public key infrastructure (PKI)
▪ PKI is used to encrypt data between your web browser and a shopping
website
▪ Can be used to securely exchange emails
▪ Sender and receiver use different keys to encrypt and decrypt the
messages

Question 6

Confidentiality with HTTPS

Answer 6

▪ Uses asymmetrically encrypted messages to transfer a symmetric key

Question 7

Integrity

Answer 7

▪ Ensures data has not been modified in transit
▪ Verifies the source that traffic originates from
▪ Integrity violations
● Defacing a corporate web page
● Altering an e-commerce transaction
● Modifying electronically stored financial records

Question 8

Hashing (Integrity)

Answer 8

▪ Sender runs string of data through algorithm
● Result is a hash or hash digest
▪ Data and its hash are sent to receiver
▪ Receiver runs data received through the same algorithm and obtains a
hash
▪ Two hashes are compared
● If the same, the data was not modified

Question 9

Hashing Algorithms (Integrity

Answer 9

▪ Message digest 5 (MD5)
● 128-bit hash digest
▪ Secure Hash Algorithm 1 (SHA-1)
● 160-bit hash digest
▪ Secure Hash Algorithm 256 (SHA-256)
● 256-bit hash digest
▪ Challenge-Response Authentication Mechanism Message Digest 5
(CRAMMD5)
● Common variant often used in e-mail systems

Question 10

Availability

Answer 10

vailability
▪ Measures accessibility of the data
▪ Increased by designing redundant networks
▪ Compromised by
● Crashing a router or switch by sending improperly formatted data
● Flooding a network with so much traffic that legitimate requests
cannot be processed
o Denial of Service (DoS)
o Distributed Denial of Service

Question 11

Threat

Answer 11

o Threat
▪ A person or event that has the potential for impacting a valuable
resource in a negative manner
o Vulnerability
▪ A quality or characteristic within a given
resource or its environment that might
allow the threat to be realized
● Internal Threat
o Any threat that originates
within the organization
itself
● External Threat
o Any threat that could be
people, like a hacker, or it
can be an event or
environmental condition

Question 12

Threat

Answer 12

o Threat
▪ A person or event that has the potential for impacting a valuable
resource in a negative manner
o Vulnerability
▪ A quality or characteristic within a given
resource or its environment that might
allow the threat to be realized
● Internal Threat
o Any threat that originates
within the organization
itself
● External Threat
o Any threat that could be
people, like a hacker, or it
can be an event or
environmental condition

Question 13

Environmental Vulnerabilities

Answer 13

▪ Undesirable conditions or weaknesses that are in the general area
surrounding the building where a network is run

Question 14

Physical Vulnerabilities

Answer 14

▪ Undesirable conditions or weaknesses in the building where the network
is located

Question 15

Operational Vulnerabilities

Answer 15

▪ Focuses on how the network and its systems are run from the
perspective of an organization’s policies and procedures

Question 16

Technical Vulnerabilities

Answer 16

▪ System-specific conditions that create security weaknesses
● Common Vulnerabilities and Exposures (CVE)
o A list of publicly disclosed computer security weaknesses
● Zero-Day Vulnerability
o Any weakness in the system design, implementation,
software code, or a lack of preventive mechanisms in place
▪ CVEs (Known vulnerabilities)
▪ Zero-Day (Brand new vulnerability)

Question 17

Exploit

Answer 17

▪ Piece of software code that takes advantage of a security flaw or
vulnerability within a system or network
▪ Keep systems properly patched and antimalware software updated

Question 18

Risk Management

Answer 18

o The identification, evaluation, and prioritization of risks to minimize, monitor,
and control the vulnerability exploited by a threat

Question 19

Risk Assessment

Answer 19

▪ A process that identifies potential hazards and analyzes what could
happen if a hazard occurs
● Security
● Business

Question 20

Security Risk Assessment

Answer 20

▪ Used to identify, assess, and implement key security controls within an
application, system, or network

Question 21

Threat Assessment

Answer 21

▪ Focused on the identification of the different threats that may wish to
attack or cause harm to your systems or network

Question 22

Vulnerability Assessment

Answer 22

▪ Focused on identifying, quantifying, and prioritizing the risks and
vulnerabilities in a system or network
● Nessus
● QualysGuard
● OpenVAS
o Threat controlled by the attacker of event
o Vulnerability within your control

Question 23

Penetration Test

Answer 23

▪ Evaluates the security of an IT infrastructure by safely trying to exploit
vulnerabilities within the systems or network

Question 24

Posture Assessment

Answer 24

▪ Assesses cyber risk posture and exposure to threats caused by
misconfigurations and patching delays
● Define mission-critical components
● Identify strengths, weaknesses, and security issues
● Stay in control
● Strengthen position

Question 25

Business Risk Assessment

Answer 25

▪ Used to identify, understand, and evaluate potential hazards in the workplace

Question 26

Process Assessment

Answer 26

▪ The disciplined examination of the processes used by the organization against a set of criteria ● Determines if you are doing things right, and if you are doing the right things ● Vendor Assessment ● The assessment of a prospective vendor to determine if they can effectively meet the obligations and the needs of the business

Question 27

Least Privilege

Answer 27

▪ Using the lowest level of permissions or privileges needed in order to complete a job function or admin task

Question 28

Least Privilege

Answer 28

▪ Using the lowest level of permissions or privileges needed in order to complete a job function or admin task

Question 29

Role-based Access

Answer 29

▪ Discretionary Access Control (DAC) ● An access control method where access is determined by the owner of the resource o Every object in a system has to have an owner o Each owner must determine the access rights and permissions for each object ▪ Mandatory Access Control (MAC) ● An access control policy where the computer system gets to decide who gets access to what objects o Unclassified o Confidential o Secret o Top secret

Question 30

Role-Based Access Control (RBAC)

Answer 30

▪ An access model that is controlled by the system but focuses on a set of permissions versus an individual’s permissions ▪ Creating groups makes it easy to control permissions based around actual job functions

Question 31

Zero-Trust

Answer 31

▪ A security framework that requires users to be authenticated and authorized before being granted access to applications and data 1. Reexamine all default access controls 2. Employ a variety of prevention techniques and defense in depth 3. Enable real-time monitoring and controls to identify and stop malicious activity quickly 4. Ensure the network’s zero-trust architecture aligns to a broader security strategy

Question 32

Defense in Depth

Answer 32

o Cybersecurity approach in which a series of defensive mechanisms are layered in order to protect valuable data and information ▪ Physical ▪ Logic ▪ Administrative

Question 33

DMZ

Answer 33

▪ A perimeter network that protects an organization’s internal local area network from untrusted traffic

Question 34

Screen Subnet

Answer 34

▪ Subnet in the network architecture that uses a single firewall with three interfaces to connect three dissimilar networks ● Triple-homed firewall

Question 35

Separation of Duties

Answer 35

▪ Prevent frauds and abuse by distributing various tasks and approval authorities across a number of different users

Question 36

Dual Control

Answer 36

▪ Two people have to be present at the same time to do something

Question 37

Split Knowledge

Answer 37

▪ Two people each have half of the knowledge of how to do something

Question 38

Honeypot/ Honeynet

Answer 38

▪ Attracts and traps potential attackers to counteract any attempts at unauthorized access to a network ▪ Think vertical through the layers as well as horizontal or lateral across the network using screen subnets

Question 39

Multifactor Authentication

Answer 39

``` o Authenticates or proves an identity using more than one method ▪ Something you know ▪ Something you have ▪ Something you are ▪ Something you do ▪ Somewhere you are ```

Question 40

Dictionary Attack

Answer 40

▪ Guesses the password by attempting to check every single word or phrase contained within a word list, called a dictionary ● Do not use anything that looks like a regular word

Question 41

Brute Force Attack

Answer 41

▪ Tries every possible combination until they figure out the password ● Use a longer and more complicated password o Uppercase o Lowercase o Numbers o Special characters ● For good security, use a minimum of 12 characters

Question 42

Hybrid Attack

Answer 42

▪ Combination of dictionary and brute force attacks

Question 43

Local Authentication

Answer 43

▪ Process of determining whether someone or something is who or what it ● Claims itself to be ● Simplified version of X.500

Question 44

Lightweight Directory Access Protocol (LDAP)

Answer 44

▪ Validates a username and password combination against an LDAP server as a form of authentication ● Port 389 LDAP ● Port 636 LDAP Secure

Question 45

Active Directory (AD)

Answer 45

▪ Organizes and manages everything on the network, including clients, servers, devices, and users

Question 46

Kerberos

Answer 46

▪ Focused on authentication and authorization within a Windows domain environment ▪ Provides secure authentication over an insecure network

Question 47

Remote Authentication Dial-In User Service (RADIUS)

Answer 47

``` ▪ Provides centralized administration of dial-up, VPN, and wireless network authentication ● Authentication ● Authorization ● Accounting o Commonly uses: ▪ Port 1812 Authentication messages ▪ Port 1813 Accounting messages o Proprietary versions of RADIUS may also use: ▪ Port 1645 Authentication messages ▪ Port 1646 Accounting messages ```

Question 48

Terminal Access Controller Access Control System Plus (TACACS+)

Answer 48

``` ▪ Used to perform the role of an authenticator in an 802.1x network ● RADIUS (UDP) ● TACACS+ (TCP) ● Ensure Port 49 is open ● Excellent if using Cisco devices ```

Question 49

802.1x

Answer 49

``` ▪ A standardized framework that’s used for port-based authentication on both wired and wireless networks ● Supplicant ● Authenticator ● Authentication server ```

Question 50

Extensible Authentication Protocol (EAP)

Answer 50

▪ Allows for numerous different mechanisms of authentication

Question 51

EAP-MD5

Answer 51

o Utilizes simple passwords and the challenge handshake authentication process to provide remote access authentication

Question 52

EAP-TLS

Answer 52

o Uses public key infrastructure with a digital certificate | being installed on both the client and the server

Question 53

EAP-TTLS

Answer 53

o Requires a digital certificate on the server and a password on the client for its authentication

Question 54

EAP Flexible Authentication via Secure Tunneling (EAP-FAST)

Answer 54

o Uses a protected access credential to establish mutual | authentication between devices

Question 55

Protected EAP (PEAP)

Answer 55

o Uses server certificates and Microsoft’s Active Directory | databases to authenticate a client’s password

Question 56

Lightweight EAP (LEAP)

Answer 56

o A proprietary protocol that only works on Cisco-based | devices

Question 57

Network Access Control (NAC)

Answer 57

o Ensures a device is scanned to determine its current state of security prior to being allowed network access

Question 58

Persistent Agent

Answer 58

▪ A piece of software installed on a device requesting access to the network

Question 59

Non-Persistent Agent

Answer 59

▪ Requires the users to connect to the network and go to a web-based captive portal to download an agent onto their devices

Question 60

IEEE 802.1x

Answer 60

▪ Used in port-based Network Access Contro

Question 61

Time-based

Answer 61

o Defines access periods for given hosts on using a timebased schedule

Question 62

Location-based

Answer 62

o Evaluates the location of the endpoint requesting access | using IP or GPS geolocation

Question 63

Role-Based (Adaptive NAC)

Answer 63

o Reevaluates a device’s authentication when it’s being used | to do something

Question 64

Rule-based

Answer 64

o Uses a complex admission policy that might enforce a | series of rules with the use of logical statements

Question 65

Detection Methods

Answer 65

▪ Security control used during an event to find out whether or not something malicious may have happened

Question 66

Wired

Answer 66

o Allows the device to be physically cabled from its camera | all the way to a central monitoring station

Question 67

Wireless

Answer 67

o Easier to install, but they can interfere with other wireless systems, like 802.11 wireless networks ▪ Indoor and Outdoor ● Indoor cameras tend to be lighter, cheaper, and easier to install

Question 68

Infrared System

Answer 68

● Displays images based on the amount of heat in a room 1. Quickly and easily identify where a person is inside the room 2. Identify hot spots in the room and detect gear that could overheat before it actually does

Question 69

Ultrasonic Camera

Answer 69

● A type of surveillance camera that uses sound-based detection

Question 70

Asset Tag

Answer 70

● Identifies a piece of equipment using a unique serial number, code, or barcode o Reduce theft and helps to identify the device

Question 71

Tamper Detection

Answer 71

● Ensures a network equipment has not been modified once labeled and stored

Question 72

eFuse

Answer 72

● An electronic detection mechanism that can record the version of the IOS used by a switch

Question 73

Prevention Method

Answer 73

``` ▪ Security control used to prevent incidents from occurring ● Access control hardware ● Access control vestibules ● Smart lockers ● Locking racks ● Locking cabinets ● Employee training ```

Question 74

Access Control Vestibule (Mantrap)

Answer 74

▪ An area between two doorways that holds people until they are identified and authenticated

Question 75

Smart Locker

Answer 75

``` ▪ A fully integrated system that allows you to keep your laptop, tablet, smartphone, or other valuables inside ● 69% ROI o Small and medium sized business ● 248% ROI o Large enterprises ```

Question 76

Asset Disposal

Answer 76

o Occurs whenever a system is no longer needed by an organization ▪ Perform a factory reset ▪ Wipe the configuration ▪ Sanitize the devices

Question 77

Factory Reset

Answer 77

▪ Removes all customer specific data that has been added to a network device since the time it was shipped from the manufacturer ● Enable ● Factory-reset all ● Write-erase ▪ NVRAM stores configuration files ▪ Flash Module stores the Cisco IOS

Question 78

Degaussing

Answer 78

▪ Exposes the hard drive to a powerful magnetic field to wipe previously written data from the drive

Question 79

o Purging/Sanitizing

Answer 79

▪ Removes data which cannot be reconstructed using any known forensic techniques

Question 80

Clearing Technique

Answer 80

▪ Removes data with a certain amount of assurance that it can’t be reconstructed

Question 81

Data Remnants

Answer 81

▪ Leftover pieces of data that may exist in the hard drive which we no longer need

Question 82

Network Security Attacks

Answer 82

▪ Our security goals (CIA) are subject to attack ▪ Confidentiality attack ● Attempts to make data viewable by an attacker ▪ Integrity attack ● Attempts to alter data ▪ Availability attack ● Attempts to limit network accessibility and usability