Network Security Basics

Question 1

Known Attack methods (Threats)

Answer 1

1 - Known Vulnerabilities not patched.
2 - Network Storms/Floods – DOS, Fuzzing.
3 - Spoofing – Fake Identity, Impersonation.
4 - Man-In-The-Middle.
5 - Replay attacks – Modify packets and send.
6 - Sniffing – taking a copy of data.
7 - Session Hijacking – stealing session token.
8 - Buffer or Stack Overflow – Used for remote code injection.

Question 2

What is Unidirectional Gateways (Data Diode)?

Answer 2

1 - Network device allowing data to travel only in one direction.
2 - Normal flow control SY, SYN-ACK, ACK must be emulated.
3 - Used in defense and Nuclear plants.
4 - Finding way into IACS.

Question 2

Network Security Technologies

Answer 2

1 - Network Security Devices.
A) Firewalls.
B) Data Diodes.
2 - Network Architectures.
3 - Intrusion Detection Systems.
A) NIDS
B) HIDS

Question 2

Types Of IDS

Answer 2

1- NIDS
A) Monitors Network traffic
B) Pre-defined rules (signature based)
C) Behaviors (anomaly-based)
D) Passive Sniffing
E) Inline Deployment (bump in the wire)

2 - HIDS
A) Monitors Host
B) Pre-defined rules (signature-based)
C) Behaviors (anomaly-based)
D) Software agent running on host

Question 3

What is IDS

Answer 3

1 - Intrusion Detection System.
2 - Tools to detect attempts to break into or misuse a computer system.

Question 3

What is Firewall?

Answer 3

• Filters Network Traffic.
• Available in hardware and software platforms.
• Different categories:
  A) Packet Filter
  B) Stateful Inspection
  C) Application proxy and Deep Packet Inspection (DPI)

Question 4

IDS Issues

Answer 4

1 - False Positives
2 - Deployment and Operational Costs
3 - Limited signature for control system protocols
4 - Requires continuous care and feeding

Question 5

IPS

Answer 5

1 - Intrusion Prevention System.
2 - Blocks malicious activities.
3 - Not generally used in IACS.

Question 6

IDS/IPS best practices?

Answer 6

1 - Distributed deployment - install NIDS at zone entry points.
2 - Enhance IT IDS signatures with SCADA IDS signatures (industrial protocols oriented)
3 - IPS should be implemented with extreme care to avoid inadvertently blocking necessary traffic.

Question 6

UTM

Answer 6

• Unified Threat Management
• Single Appliance, multiple features.
• Network Firewalling
• Network Intrusion Prevention
• Gateway Anti-virus
• Gateway Anti-spam
• VPN
• Content Filtering
• Load Balancing
• Data Leak Prevention

Question 7

VPN

Answer 7

• Virtual Private Network
• Network that uses a public telecommunication infrastructure such as the Internet to provide remote offices or individual users access to their proprietary data.

Question 7

VPN Appliance

Answer 7

Ideal VPN appliance offers central management and multi-platform functionality and is compatible with all essential network applications and legacy platforms.

Question 8

VPN Protocols

Answer 8

1 - TLS VPN is a commonly used protocol for managing the security of message transmission via the web browser.

Question 9

Types of VPN

Answer 9

1 - Site-to-Site VPN
2 - Remote Access VPN

Question 10

Site-to-Site VPN

Answer 10

The two endpoints of the VPN are intermediatory devices that pass traffic from a trusted network to another trusted network while relying on the VPN technology to secure the traffic on the untrusted transport network.

Question 11

Remote Access VPN

Answer 11

One endpoint is the host computing device, and the other endpoint is an intermediate device that passes traffic from the host to the trusted network behind the security gateway while relying on the VPN technology to secure the traffic on the untrusted network.