Section 4: Network and Security Foundations

Question 1

Describe the packet filtering type of firewall and which layers of OSI it operates on

Answer 1

• They operate on layers 3 and 4 of OSI
• They inspect ingress and egress of traffic and compare:
  
  • Protocol (typically IP)
  • Source IP Address
  • Destination IP Address
  • Source TCP or UDP port number
  • Destination TCP or UDP port number

Question 1

What is a firewall?

Answer 1

A barrier that intercepts and inspects network traffic moving from one network to another

Question 2

Describe circuit-level gateway and which levels of OSI it operates on

Answer 2

Middleman that keeps the true identify of client and server hidden. Operates on layer 5, session layer of OSI

Question 3

What is NAT?

Answer 3

Network Address Translation

Question 4

What is PAT?

Answer 4

Port Address Translation

Question 5

Describe ‘Stateful Inspection’

Answer 5

Stateful inspection reduces the number of firewall rules by acknowledging that a connection is a single conversation. Only one rule is needed; an acknowledgment that communication has begun

Question 6

Describe ‘Stateless Inspection’

Answer 6

Stateless inspection views a connection as two things; a request and response, between a client and a server

Question 7

What is an ephemeral port?

Answer 7

An ephemeral port is a temporary communication hub used for Internet Protocol (IP) communications and is opened on the clients end

Question 8

Describe application level firewalling

Answer 8

proxy servers which inspect and parse the data and then send on to receiver if deemed safe

Question 9

Describe IDS

Answer 9

Intrusion Detection System. Passive system which monitors traffic and notifies admin if a suspicious pattern is noticed

Question 10

Describe IPS

Answer 10

Intrusion Prevention System. Active system which can stop all traffic if a suspicious pattern is noticed

Question 11

What is ‘in-line’ mode in the context of IPS?

Answer 11

physically in between networks

Question 12

What are the layers of OSI?

Answer 12

1. Physical
   
   2. Data link
   3. Network
   4. Transport
   5. Session
   6. Presentation
   7. Application

Question 13

Summarize the function of Layer 1 in the OSI model

Answer 13

How computers are physically connected

Question 14

Summarize the function of Layer 2 in the OSI model

Answer 14

• How computers are logically connected
  
  • Data is encapsulated into a frame, and transmitted through medium on layer 1

Question 15

Summarize the function of Layer 3 in the OSI model

Answer 15

Allows computers on different networks to exchange data

Question 16

Summarize the function of Layer 4 in the OSI model

Answer 16

• The heart of OSI
• Ensures that all data from the upper layers (5,6,7) are delivered according to the needs of an application

Question 17

Summarize the function of Layer 5 in the OSI model

Answer 17

• Allows a computer to distinguish between connections with the same host
• Like managing different conversations with the same person… You may switch topics, and then go back to the first one etc..

Question 18

Summarize the function of Layer 6 in the OSI model

Answer 18

• Translation and security layer between applications
• Encoding and encrypting data

Question 19

Summarize the function of Layer 7 in the OSI model

Answer 19

How users connect to services using HTTP

Question 20

Define ‘encoding’

Answer 20

The process of structuring data in a specific way, like XML of GIF

Question 21

Define ‘encrypting’

Answer 21

The process of concealing data. Commonly used with TLS (transport layer security)

Question 22

What are some threats that may occur at layer 1?

Answer 22

• Wire tapping
• Insecure physical security
  
  • No security guard
  • unlocked doors

Question 23

What are some threats that may occur at layer 2?

Answer 23

• ARP poisoning
• Allows an attacker to eavesdrop on all network traffic sent through an ethernet switch

Question 24

What are some threats that may occur at layer 3?

Answer 24

- Ping flood DoS attacks - Spoofing, which can also occur on layer 2 - Attacker will configure a network card to impersonate a victims computer, hence forwarding all data being sent to the victims MAC address, to the hacker’s instead

Question 25

What are some threats that may occur at layer 4?

Answer 25

Port scanning could reveal open ports

Question 26

What are some threats that may occur at layer 6?

Answer 26

- TLS and SSL have been the target of many attacks which move to exploit weakness in the protocols - man-in-the-middle attacks

Question 27

What are some threats that may occur at layer 7?

Answer 27

- Many! - SQL injections - Buffer overrun attacks

Question 28

What is a major difference between TCP and UDP

Answer 28

TCP requires confirmation that data was delivered successfully, while UDP does not

Question 29

What is the difference between symmetric and asymmetric encryption techniques?

Answer 29

Symmetric encryption uses 1 key for encoding and decoding. Asymmetric uses two different keys

Question 30

Describe PKI

Answer 30

Public key infrastructure (PKI) assigns identities to keys so that recipients can accurately verify the owners.

Question 31

Describe ECC

Answer 31

Elliptic curve cryptography (ECC) uses the algebraic structure of elliptic curves to create a key that is even smaller than traditional asymmetric keys, yet it is substantially more difficult to crack without the aid of quantum computers.

Question 32

Describe symmetric encryption

Answer 32

aka private key encryption, uses the same key for encryption and decryption. Sender and receiver have to have the same key

Question 33

Describe asymmetric encryption

Answer 33

Relies on two different keys to encrypt and decrypt respectively.

Question 34

Describe SSL/TLS encryption

Answer 34

- Creates a secure channel by exchanging a public key in the form of a certificate - The public key is shared any time someone access the TLS secured website. - The private key lives on the server as well, but is not shared - The client creates a token, and encrypts it using the websites public key - The website then decrypts the token, which is then used as a private key in symmetric encryption.

Question 35

Describe IPSec encryption

Answer 35

- Secures network traffic at layer 3 (Network) - IPsec creates VPN tunnels across an untrusted network (like the internet), which creates the illusion that the computers are directly connected

Question 36

Why is it important to classify your data?

Answer 36

It’s important to classify your data correctly to avoid leaks and fines

Question 37

Why is it important to encrypt data at rest?

Answer 37

This will prevent the data from being accessed, even if the server is stolen

Question 38

What is a DEK?

Answer 38

a *Data Encryption Key (DEK)* is used to encrypt and decrypt data

Question 39

What is a KEK?

Answer 39

an asymmetric encryption key called a *KEK or key encryption key*

Question 40

What is a KMS?

Answer 40

Storage for the encrypted DEK in a key management server

Question 41

Describe the two ways one can manage security of a DEK

Answer 41

Never disclose the DEK. Change the DEK frequently.

Question 42

Describe the safest way to manage a DEK?

Answer 42

Never disclose it. Instead, the key is encrypted and stored on a special server which can only be accessed with a key, and only decrypted with another key.

Question 43

Describe federated identity management

Answer 43

Allows users to authenticate using Google, Facebook, Twitter, and other sites where they may already have an account

Question 44

Define IAM

Answer 44

*Identity and Access Management (IAM)* services can help give users permission to specific data

Question 45

What is an extranet?

Answer 45

an extranet is a secured region on your private network configured with firewalls and IPS to mitigate server-to-server attacks

Question 46

How can an extranet mitigate attacks on a compromised public facing server?

Answer 46

Extra firewalls, IDS and IPS can help restrict and/or analyze network data

Question 47

What is multi-factor authentication?

Answer 47

Multi-factor auth requires two things: proof of something you know (like a username and password), and proof of something you are (fingerprint or biometric data) or proof of something you have (token or device)

Question 48

What is a service account?

Answer 48

- When an application needs to access resources within a cloud provider, it typically using something called a *service account* - Service accounts are similar to user accounts, but they don't have passwords, and they cannot access the admin dashboards - They are authenticated using API keys - If there is an application that needs access to special services, consider adding a service account

Question 49

How are service accounts authenticated?

Answer 49

using API keys

Question 50

Describe what the protocol 802.1x attempts to solve

Answer 50

a way to stop unauthorized users from accessing info while being unobtrusive to the legitimate users in a company.

Question 51

Describe Deauth attack

Answer 51

- attacker can force any client off the network which could lead to: - preventing access to the network (DoS) - force users to reconnect to the attackers access point instead - capture 4-way handshake of WAP to gain intell that allows the hacker to get closer to a corpo network

Question 52

Describe a fake access attack

Answer 52

Attacker sets up illegitimate wifi point and then tricks users into connecting

Question 53

Describe AAA

Answer 53

Authentication Authorization & Accounting (AAA)

Question 54

Describe Authentication

Answer 54

Verifying that the user is who they say they are

Question 55

Describe Authorization

Answer 55

Define what permissions the user has/ what data they have access to

Question 56

Describe Accounting

Answer 56

- Account for and report on the access that a user has been granted, including how often the user accesses the resource or data - Verify that restriction put into place are working as they should

Question 57

Describe MFA

Answer 57

Multi-factor authentication (MFA) - Add-on to authentication process which verifies that you not only have user-id and password credentials, but that you are in possession of something as well - could be bio-metric details, a key fob, pin number, etc.

Question 58

What is device hardening?

Answer 58

- Hardening devices is the process of adding layers of security - This includes reviewing security settings, updating device software, and testing the security of the device by attempting to breach it’s defenses

Question 59

Describe some ways in which we harden devices

Answer 59

Change default passwords, remove unnecessary logins, enforce strong passwords policy, remove unnecessary services, keep patches up-to-date, limit physical access to the device, only allow changes from a trusted network, require encryption for wireless networks, audit access, and backup data.