Security Architecture (Chapter 3)

Question 1

Network Segmentation

Answer 1

Is splitting a network into separate segments to create a “security zone”

Question 2

Trunk link

Answer 2

Are links between switches that allows VLANs to extend over multiple switches.

Question 3

Physical segmentation of a network

Answer 3

Air-gap
- Is the process of segmenting a portion of a network so that it has no connection to the network.
- most secure
- vulnerability: Removable media, Environmental control compromise

Question 4

VLAN Segmentation

Answer 4

Is segmenting a network over switches by dividing the ports up into VLANs
- Can be extended over multiple switches via trunk links
- Vulnerability: VLAN hopping

Question 5

High Availability

Answer 5

Refers to a system that continuously operates, with no downtime.
- accomplished by having multiple redundancy features, to allow for components failure and repairs

Question 6

Clustering

Answer 6

Having 2 or more hosts that act as a single unified system, that s
Share data and run the same service
- hosts needs to have a link between eachother for ‘heartbeat’ communication
- each host has it’s own IP address and MAC address
- the cluster itself has a separate IP address and MAC address, which the DNS uses
- active/standby

Question 7

Load balancing

Answer 7

Multiple hosts that act as a single system, that runs the same service but doe not share data
- clients connect to a load balancing application that forwards request to the service hosts
- hosts have separate IP and MAC address
- load balancer has itself a IP and MAC address

Question 8

Replication

Answer 8

Similar to load balancing but does not share a common name, IP address or MAC address and are often on separate networks, each server runs a copy of the service and data are replicated across the servers.
- eg Directory Domain Controllers

Question 9

Virtualization

Answer 9

Is creating multiple systems (Virtual Machines) that runs on a singular machines that can utilize all of th machines resources making it more efficient.

Question 10

Virtual Desktop Infrastructure (VDI)

Answer 10

Aka thin client
Is a virtualization infrastructure that creates multiple virtual desktop for each users that is run off of a server.
The user connects to the server via a VPN link and all applications and data are stored in the VM.

Question 11

Software Defined Networking (SDN)

Answer 11

A virtual network, that uses software based controllers that communicates with underlying hardware infrastructure, direct traffic on a network.
Allows for VMs to communicate

Question 12

Containerization

Answer 12

Is a lightweight Virtual Machine that has everything it needs to run a specific apps.

Question 13

Infrastructure as Code (IaC)

Answer 13

The managing and provisioning of infrastructure (servers) through code instead of manual processes

Question 14

Serverless Architecture

Answer 14

A way of building and running applications and services without having to manage the infrastructure (servers, VLAN, ect)

Question 15

Microservices

Answer 15

An organisational approach to software development that is composed of small independent services that communicate over well defined APIs. Having independent services allows each service to be independently updated

Question 16

IoT Architecture

Answer 16

End devices
- devices with sensors that gather telemetry data
IoT Gateway
- gateway to connect IoT to other devices on a network
Data System
-Allows the IoT devices to connect, store and process telemetry data
Remote Control
- apps can be used to access IoT devices remotely

Question 17

RTOS System

Answer 17

Real-time Operating System are systems that accepts and performs process within a short amount of time (1/10 of a second).
-Used in mission critical applications that overrides other processes including security

Question 18

Embedded systems

Answer 18

A system in which avcomputer is included as an integral part of an overall system

Question 19

Reducing Attack Surface

Answer 19

• Maintain consistent policies
• defense-in-depth
• zero Trust
• endpoint protection protects the network from the devices

Question 20

Failure Modes

Answer 20

Fail Closed
- mode that if a system detects a failure the system will shut down and stop functioning.
- used to secure the device
Failed Open
- a mode that if a system detect a failure the system will continue to work as intended
- used when access is more important than security

Question 21

Web application Firewall (WAF)

Answer 21

Used to inspect web traffic and blocks malicious traffic
- needs decryption certificate so it can inspect HTTPS

Question 22

Unified Threat Management (UTM)

Answer 22

A multi-purpose appliance that contains a firewall, VPN server, Antivirus and other security features

Question 23

Next-generation Firewall (NGFW)

Answer 23

A firewall that performs deep packet inspection (can look into the payload of traffic)

Question 24

Layer 4 firewall

Answer 24

A firewall that doesn’t inspects application-layer payloads but looks at the encapsulation headers

Question 25

Layer 7 firewall

Answer 25

A firewall that looks at all layers of TCP/IP

Question 26

Stateless Firewall

Answer 26

A firewall that is set up to inspect every packet and is compared to a list of rules - has no memory of previous packets - best used for when high performance is critical

Question 27

Stateful Firewall

Answer 27

A firewall the inspects packets and compares them with a list of rules. - it maintains a state table for every connection which is used to verify that connection is legit - filters packet at the network and transport layer

Question 28

Circuit-level Gateway

Answer 28

Works at session Layer (layer 5) - allows/disallows entire connections as opposed to individual packets

Question 29

Application level Gateway

Answer 29

Filters packets at the application Layer (layer 7), and examines the payload

Question 31

Types of Intrusion Detection Systems

Answer 31

**Network based** - NIDS (network intrusion detection system) - NIPS (Network intrusion prevention system) - a separate system on the network that monitors the traffic on the network for any malicious activities **Host Based** -HIDS (Host-based Intrusion Detection Systems) - HIPS (host-based prevention system) - application on a host system that audits events and monitors of malicious activity on the host

Question 32

Network Intrusion Detection

Answer 32

**Signature Based** - uses a list 'signatures' of a previously used attacks to detect an attack - is only protected against known attacks and not 0-Days **Anomaly-Based** - Uses a previously created baseline of the network activity to detects any anomalies that could be malicious - Prone to false positives

Question 33

NIDS

Answer 33

Network Intrusion Detection Systems - a passive monitoring system that monitors traffic when it passes a IDS sensors which is then compared to a rule set - if traffic matches a rule then it's logged and an alert can be triggered

Question 34

NIPS

Answer 34

Network Intrusion Prevention System - an active monitoring and control system that compares traffic to 'signatures' - if a signature is matched packet is dropped

Question 35

Host-based HIDs/HIPs

Answer 35

Software based Intrusion systems are installed on a host system and only monitors the activity of that host. HIDs - logs suspicious activity HIPs - prevent suspicious activity

Question 36

WiFi IPs

Answer 36

Wireless intrusions prevention system - monitors the radio spectrum for the presence of unauthorized access points and automatically implements countermeasures is detected

Question 37

Proxy

Answer 37

A server that fetches data on behalf of a client, thus hiding the clients information. Forward Proxy - fetches data from the internet Reverse Proxy - fetched data from a private network

Question 38

Jump server

Answer 38

A secure system that spans two or more networks allowing a connected client to 'jump' onto another network

Question 39

VPN

Answer 39

Virtual Private Network - a mechanism that creates a secure connection over an unsecured network - traffic is encrypted before transmission

Question 40

TLS

Answer 40

Transport Layer Security A secure means of transmitting traffic on a network by encrypting the Payload for an HTTPs connection (port 443)

Question 41

IP Security

Answer 41

Most common type of VPN thatbises Internet Key Exchange to negotiate a session. consists of 2 protocols - Authentication Header - Encapsulating Security Payload As well as it's ability for Tunneling and Transport (Encryption)

Question 42

IPSEC Transport mode

Answer 42

Host-to-Host VPN

Question 43

IPSEC Tunnel Mode

Answer 43

Router-to-Router VPN used for site to site connection