Security Technologies

Question 1

Firewall

Answer 1

Uses a set of rules defining the traffic types permitted or denied through device
▪ Software or hardware
▪ Virtual or physical
▪ Host-based or network-based
▪ Can perform Network Address Translation (NAT) and/or Port Address
Translation (PAT)

Question 2

Stateful Firewall

Answer 2

Inspects traffic as part of a session and recognizes where the traffic
originated

Question 3

NextGen Firewall (NGFW)

Answer 3

Third-generation firewall that conducts deep packet inspection and
packet filtering

Question 4

Access Control List (ACL)

Answer 4

Set of rules applied to router interfaces that permit or deny certain traffic
● Switch
o MAC address
● Router
o IP address
Switch Firewall
o IP address or port
▪ Source/destination IP
▪ Source/destination port
▪ Source/destination MAC

Question 5

Firewall Zone

Answer 5

▪ Firewall interface in which you can set up rules
● Inside
o Connects to corporate LAN
● Outside
o Connects to the Internet
● Demilitarized Zone (DMZ)
o Connects to devices that should have restricted access
from the outside zone (like web servers)

Question 6

Unified Threat Management (UTM) Device

Answer 6

▪ Combines firewall, router, intrusion detection/prevention system, antimalware, and other features into a single device

Question 7

Signature-based Detection

Answer 7

Signature contains strings of bytes (a pattern) that triggers detection

Question 8

Policy-based Detection

Answer 8

▪ Relies on specific declaration of the security policy

Question 9

Statistical Anomaly-based Detection

Answer 9

Watches traffic patterns to build baseline

Question 10

Non-statistical Anomaly-based Detection

Answer 10

▪ Administrator defines the patterns/baseline
● Network-based (NIDS/NIPS)
o A network device protects entire network
● Host-based (HIDS/HIPS)
o Software-based and installed on servers and clients
▪ Network and host-based systems can work together for a more complete
protection

Question 11

Telnet Port 23

Answer 11

Sends text-based commands to remote devices and is a very old
networking protocol
▪ Telnet should never be used to connect to secure devices

Question 12

Secure Shell (SSH) Port 22

Answer 12

Encrypts everything that is being sent and received between the client
and the server

Question 13

Remote Desktop Protocol (RDP) Port 3389

Answer 13

Provides graphical interface to connect to another computer over a
network connection

Question 14

o Remote Desktop Gateway (RDG)

Answer 14

▪ Provides a secure connection using the SSL/TLS protocols to the server
via RDP
● Create an encryption connection
● Control access to network resources based on permissions and
group roles
● Maintain and enforce authorization policies
● Monitor the status of the gateway and any RDP connections
passing through the gateway

Question 15

Virtual Private Network (VPN)

Answer 15

▪ Establishes a secure connection between a client and a server over an
untrusted public network like the Internet

Question 16

o In-Band Management

Answer 16

Managing devices using Telnet or SSH protocols over the network

Question 17

Out-of-Band Management

Answer 17

▪ Connecting to and configuring different network devices using an
alternate path or management network
▪ Prevents a regular user’s machine from connecting to the management
interfaces of your devices
▪ Out-of-band networks add additional costs to the organization

Question 18

Password Authentication Protocol (PAP)

Answer 18

Sends usernames and passwords in plain text for authentication

Question 19

Challenge Handshake Authentication Protocol (CHAP)

Answer 19

Sends the client a string of random text called a challenge which is then
encrypted using a password and sent back to the server

Question 20

MS-CHAP

Answer 20

▪ Microsoft proprietary version that provides stronger encryption keys and
mutual authentication

Question 21

Extensible Authentication Protocol (EAP)

Answer 21

Allows for more secure authentication methods to be used instead of just
a username and a password
▪ Use EAP/TLS in conjunction with a RADIUS or TACACS+ server

Question 22

Virtual Private Networks (VPNs)

Answer 22

o Extends a private network across a public network and enables sending and
receiving data across shared or public networks
▪ Site to site
▪ Client to site
▪ Clientless

Question 23

Full Tunnel VPN

Answer 23

Routes and encrypts all network requests through the VPN connection
back to the headquarters

Question 24

Split Tunnel VPN

Answer 24

▪ Routes and encrypts only the traffic bound for the headquarters over the
VPN, and sends the rest of the traffic to the regular Internet
● For best security, use a full tunnel
● For best performance, use a split tunnel

Question 25

Clientless VPN

Answer 25

Creates a secure, remote-access VPN tunnel using a web browser without requiring a software or hardware client

Question 26

o Secure Socket Layer (SSL)

Answer 26

Provides cryptography and reliability using the upper layers of the OSI model, specifically Layers 5, 6, and 7

Question 27

Transport Layer Security (TLS)

Answer 27

▪ Provides secure web browsing over HTTPS ▪ SSL and TLS use TCP to establish their secure connections between a client and a server

Question 28

Datagram Transport Layer Security (DTLS)

Answer 28

UDP-based version of the TLS protocol which operates a bit faster due to having less overhead

Question 29

Layer 2 Tunneling Protocol (L2TP)

Answer 29

Lacks security features like encryption by default and needs to be combined with an extra encryption layer for protection

Question 30

Point-to-Point Tunneling Protocol (PPTP)

Answer 30

Supports dial-up networks but also lacks native security features except when used with Microsoft Windows

Question 31

IP Security (IPSec)

Answer 31

Provides authentication and encryption of packets to create a secure encrypted communication path between two computers

Question 32

Main Mode

Answer 32

Conducts three two-way exchanges between the peers, from the initiator to the receiver ● First Exchange o Agrees upon which algorithms and hashes will be used to secure the IKE communications throughout the process ● Second Exchange o Uses a Diffie-Hellman exchange to generate shared secret keying material so that the two parties can prove their identities ● Third Exchange o Verifies the identity of the other side by looking at an encrypted form of the other peer’s IP address

Question 33

Authentication methods used

Answer 33

▪ Encryption and hash algorithms used ▪ Diffie-Hellman groups used ▪ Expiration of the IKE SA ▪ Shared secret key values for the encryption algorithms

Question 34

Quick Mode

Answer 34

Only occurs after IKE already established the secure tunnel in Phase 1 using either main or aggressive mode

Question 35

Aggressive Mode

Answer 35

▪ Uses fewer exchanges, resulting in fewer packets and faster initial connection than main mode ● Diffie-Hellman public key ● Signed random number ● Identity packet ● Negotiate the IPSec SA parameters protected by an existing IKE SA ● Establish IPSec SA ● Periodically renegotiate IPSec SAs to maintain security ● Perform additional Diffie-Hellman exchanges, if needed

Question 36

Diffie-Hellman Key Exchange

Answer 36

▪ Allows two systems that don’t know each other to be able to exchange keys and trust each other ● PC1 sends traffic to PC2 and then RTR1 initiates creation of IPSec tunnel

Question 37

Transport Mode

Answer 37

Uses packet’s original IP header and used for client-to-site VPNs ▪ By default, maximum transmission unit (MTU) size in most networks is 1500 bytes

Question 38

Tunneling Mode

Answer 38

Encapsulates the entire packet and puts another header on top of it ▪ For site-to-site VPNs, you may need to allow jumbo frames ● Transport o Client to site ● Tunneling o Site to site

Question 39

Simple Network Management Protocol (SNMP) o Managed Device

Answer 39

Any device that can communicate with an SNMP manager known as the management information base (MIB) o Simple Network Management Protocol (SNMP) is used to send and receive data from managed devices back to a centralized network management station o Granular

Question 40

Management Information Base (MIB)

Answer 40

The structure of the management data of a device subsystem using a hierarchical namespace containing object identifiers

Question 41

Verbose

Answer 41

SNMP traps may be configured to contain all the information about a given alert or event as a payload

Question 42

SNMPv1 and SNMPv2

Answer 42

Use a community string to give them access to the device as their security mechanism ▪ Default community strings of public (read-only) or private (read-write) devices are considered a security risk

Question 43

SNMPv3

Answer 43

Provides three security enhancements which added integrity, authentication, and confidentiality to the SNMP protocol ● Integrity o message hashing ● Authentication o source validation ● PoE+ 802.3at Confidentiality o DES 56-bit encryption

Question 44

● Network Logging o System Logging Protocol (Syslog)

Answer 44

▪ Sends system log or event messages to a central server, called a syslog server ● Security Information Management (SIM) ● Security Event Management (SEM) ● Security Information and Event Management (SIEM)

Question 45

Traffic Log

Answer 45

▪ Contains information about the traffic flows on the network ▪ Traffic logs allow for investigation of any abnormalities

Question 46

Application Log

Answer 46

Contains information about software running on a client or server ● Informational ● Warning ● Error

Question 47

Security Information and Event Management (SIEM)

Answer 47

o Provides real-time or near-real-time analysis of security alerts generated by network hardware and applications