network security and defence

Question 1

what is a worm

Answer 1

a standalone malicious program that self-replicates throughout the network without needed to attach itself to other files and programs

Question 2

what do worms mostly target

Answer 2

systems and network resources

Question 3

what is a virus

Answer 3

a program that attaches itself to other programs or files and requires user interaction to activate and spread

Question 4

what makes viruses slightly better than worms

Answer 4

spreads slower and relies on human interaction

Question 5

what do viruses usually target

Answer 5

files and programs

Question 6

what are 0 day vulnerabilities

Answer 6

undiscovered vulnerabilities in the system

Question 7

what are firewalls

Answer 7

software or applications at the networks gateway that filters information that is sent and received from outside the network

Question 8

what do firewalls do

Answer 8

restrict access between protected networks (internal) and others (external e.g. the internet)
protects the internal network from malicious attempts and users trying to use unauthorised internet services

Question 9

what are the four types of firewalls

Answer 9

packet filtering firewall
stateful inspection firewall
proxy firewall
application layer firewall

Question 10

what does the packet filtering firewall do

Answer 10

applies rules to incoming packets based on the ip or port number
it can forward or discard the packets
it can be configured to filter packets going both in and out of the network

Question 11

what does the stateful inspection firewall do

Answer 11

inspects packets and tracks connection states e.g. tcp handshakes
it uses the ongoing record/state table to make a decision

Question 12

what do we mean by the stateful inspection firewall tracking connection states

Answer 12

it determines if the packet is at the start, a part of , or not qa part of the connection

Question 13

what does the proxy firewall do

Answer 13

acts as a middleman between the client and server and proxies all the traffic

Question 14

how does the proxy firewall work

Answer 14

it processes requests by setting up a connection to the request service on behalf of the user

Question 15

what are two negatives of the proxy firewall

Answer 15

has low performance
may become a bottleneck

Question 16

what are two benefits of the proxy firewall

Answer 16

provides deep inspection
can filter application layer content

Question 17

what does the application layer firewall do

Answer 17

designed to protect a website or app by checking application level traffic
can be configured to support only specific apps and features in an app

Question 18

what is intrusion detection

Answer 18

network security technology that monitors abnormal activities and security threats and issues alarms on time

Question 19

what is an intrusion detection system (ids)

Answer 19

an app that implements intrusion detection

Question 20

what are the four roles that the ids carries out

Answer 20

monitoring
detection
alert
logging

Question 21

how does the ids carry out monitoring

Answer 21

it analyses traffic and system activity in real time

Question 22

how does the ids carry out detection

Answer 22

via signature, anomaly, and specification based detection

Question 23

what does signature detection do and what is a drawback of this

Answer 23

identify known attack patterns
since it compares to signatures you must capture attacks first to create the pattern database

Question 24

what is a negative of signature detection

Answer 24

doesnt detect 0 day attacks

Question 25

what are two positives of signature detection

Answer 25

accurate and fewer false alarms

Question 26

what does anomaly detection do and what must you do first before being able to implement it

Answer 26

identify abnormal behaviour must first establish normal behaviour by observing the system/network hen identify deviations

Question 27

what is a positive of anomaly detection

Answer 27

can detect unknown attacks

Question 28

what are two negatives of anomaly detection

Answer 28

lots of false alarms limited by the training data

Question 29

specification-based detection

Answer 29

uses predetermined universal profiles developed by security managers that have accepted definitions of benign activity

Question 30

how does the ids carry out alerting

Answer 30

tells admins when the threats are detected

Question 31

how does the ids carry out logging

Answer 31

record activities for later analysis and forensics

Question 32

what is an ethical issue with intrusion detection

Answer 32

privacy concerns as it monitors the entire network

Question 33

what are the three types of intrusion detection

Answer 33

network based ids; nids host based ids; hids hybrid ids

Question 34

network based ids

Answer 34

deployed in the network to monitor traffic

Question 35

host based ids

Answer 35

deployed on a host to monitor system logs and detects malicious activities

Question 36

hybrid ids

Answer 36

combines the benefits of nids and hids

Question 37

what is the difference between the ids and ips ( intrusion preventin system)

Answer 37

ids monitors and alarms whilst the ips takes blocking and isolation measures when a threat is detected

Question 38

what are four security protocols

Answer 38

vpn; virtual private network tls; transport layer security ssl; secure socket layer ipsec; internet protocol security

Question 39

what is ipsec

Answer 39

a protocol suite for protecting ip communications and provide data security via encryption, authentication and integrity protection at the network layer

Question 40

what are the three protocols used in ipsec

Answer 40

ah; authentication header esp; encapsulating security payload sa; security association

Question 41

authentication header

Answer 41

checks of the data comes from a trusted source and hasnt been changed

Question 42

encapsulating security payload

Answer 42

authenticates and encrypts data

Question 43

security association

Answer 43

defiens security parameters used in ipsec communication e.g. shared keys, protocol mode

Question 44

what are the two operation modes in ipsec

Answer 44

transport tunnel

Question 45

transport mode (ipsec)

Answer 45

operates on payload/data of the og packet so only the payload is encrypted and the header stays the same

Question 46

what is transport mode usually used for

Answer 46

end to end communication

Question 47

tunnel mode (ipsec)

Answer 47

the og packet is encapsulated into a new one and the payload of it is the og packet

Question 48

what is tunnel mode usually used for

Answer 48

network to network/ host to network communication e.g. vpn

Question 49

what is the communication initiation process for ipsec

Answer 49

we need to create and share cryptographic keys via the internal key exchange (ike)

Question 50

how does the internal key exchange work in ipsec (phase 1 and 2)

Answer 50

1: the sender exchanges proposals for security services (e.g. the encryption algorithm) then the sender and receiver agree on a collection of parameters that the two devices use 2: devices between the sender and receiver choose which protocol (ah / esp) and algorithm to use

Question 51

what is the secure socket layer (ssl)

Answer 51

an encryption protocol used to protect network communication

Question 52

how does ssl work

Answer 52

it establishes an encrypted connection between the client and sever ensuring confidentiality integrity and identitiy authentication of data during transmission via the handshake protocol

Question 53

what are the steps in the handshake protocol

Answer 53

negotiate encryption algorithm to be used establish a shares session authenticate server authenticate client (optional) complete session and can now start communicating with secure data transmission

Question 54

transport layer security (tls)

Answer 54

an encryption protocol used to protect network communication security

Question 55

what are the three protocols used in tls

Answer 55

tls handshake protocol tls record protocol tls alert protocol

Question 56

tls handshake protocol

Answer 56

uses asymmetric cryptography varies based on the key exchange algorithm but similar to ssl handhsake

Question 57

tls record protocol

Answer 57

splits data into smaller records which are all encrypted and transferred separately

Question 58

tls alert protocol

Answer 58

conveys errors/ warning info

Question 59

what to vpns do

Answer 59

virtual private network; establishes a secure connection via a public network (e.g. the internet) and allows users to remotely access private network resources

Question 60

how does vpn work

Answer 60

it creates an encrypted tunnel between the users device and the target network therefore data cannot be eavesdropped or tampered with during transmissin

Question 61

what are the steps used in vpn

Answer 61

connect to the vpn authenticate the users identity establish an encrypted tunnel transmit data through it user accesses the resources through the tunnel

Question 62

when do we use ipsec with a vpn

Answer 62

when using a site-to-site vpn connecting two or more private networks

Question 63

what do we use ssl/tls with a vpn

Answer 63

remote access vpn; encrypted tunnel ensure confidentiality and data integrity