1.3 Network and Security Components

Descripción

Given a scenario, analyse network and security components, concepts and architectures.
DJ Perrone
Fichas por DJ Perrone, actualizado hace más de 1 año
DJ Perrone
Creado por DJ Perrone hace alrededor de 7 años
18
1

Resumen del Recurso

Pregunta Respuesta
What are some different methods of remote access? - VPN - SSH - RDP - VNC - SSL - FTP / TFTP
What are some advantages of RDP? - Data is in the data center - Work location flexability - Possibly cost reduction where all users are using baseline VM.
What are some disadvantages of RDP? - Server downtime is huge issue - Insufficient processing power can cause bottlenecks. - High learning curve
What is VNC? Virtual Network Computing.
What are 3 components of VNC? - VNC Server - VNC Client - VNC Protocol (RFB) - Remote Frame Buffer
What port does VNC use by default? 5900
What are some IPv4 to IPv6 transition mechanisms? - 6 to 4 - Teredo - Dual Stack - GRE Tunnels
What is 6 to 4 Allows IPv6 sites to talk over IPv4 network. Treats IPv4 network as unicast point to point.
What is Teredo? Assigning addresses and creates host-to-host tunnels for unicast IPv6 traffic when IPv6 hosts are located behind IPv4 NAT's
- What is dual stack? Running IPV4 and IPv6 on the same devices.
What is a GRE Tunnel? Generic Routing Encapsulation - Carries IPv6 packets across an IPv4 network by encapsulating them in GRE IPv4 packets.
Name at least 3 Network Authentication Methods - Password Authentication Protocol (PAP) - Challenge Handshake Authentication Protocol (CHAP) - Extensible Authentication Protocol (EAP)
What is PAP? Password Authentication Protocol Provides authentication, credentials are sent in plaintext and can be read by sniffer
What is CHAP ? Challenge Handshake Authentication Protocol - The server sends client a random string of text as a challenge, the client then encrypts the text with the password and sends it back to the server.
How many versions of CHAP are there? - MS-CHAP v1 - MS-CHAP v2
What is MS-CHAP v1 Works only with MS devices. More secure than CHAP but still susceptible to brute force attacks.
What is MS-CHAP v2? An update to v1. Provides stronger encryption and mutual authentication.
What is EAP? Extensible Authentication Protocol A framework for port based access control using components used in RADIUS. Can use multiple authentication methods.
How many versions of EAP are there? - EAP-MD5-CHAP - EAP-TLS - EAP-TTLS
What is EAP-MD5-CHAP? Uses CHAP as challenge process, but challenges and response are sent as EAP message. Allows password use.
What is EAP-TLS - Requires PKI due to needing certs on both client and server. - Immune to password attacks.
What is EAP-TTLS? Requires cert on server only. Client uses password which is sent within EAP message.
What are the different authentication factors? - Knowledge factor authentication - Ownership factor authentication - Characteristic factor authentication - Location factor authentication - Action factor authentication
What is knowledge factor authentication? - Something you know - Type 1 authentication
What is ownership factor authentication? - Something you have - Type 2 authentication
What is characteristic factor authentication? - Something you are - Type 3 authentication
What is location factor authentication? Somewhere you are
What is action factor authentication Something you do
What is 802.1X? Framework for port based authentication - Port security
What 3 components make up 802.1X? - Supplicant: User or device requesting access - Authenticator: Device which supplicant attempts to access the network - Authentication Server: Centralized device providing authentication
What are some characteristics of RADIUS? - An open standard - Uses UDP - Encrypts only the password - Combines authentication and auth. - Doesn't support: ARA, NetBIOS, X.25 PAD - Less traffic than TACACS+
What are some characteristics of TACACS+ - Cisco proprietary - Uses TCP - Encrypts entire body of packet - Separates authentication, auth and accounting. - Supports all protocols - More traffic than RADIUS
What is UTM? Unified Threat Management - Performing multiple security functions on the same device.
What are some advantages of using UTM? - Low upfront and maintenance cost - Lower power consumption - Easier to fully integrate - Easier to install and configure
What are some disadvantages of using UTM? - Single point of failure - Lacks granularity - Performance issues
What is NIPS and what does it do? Network Intrusion Prevention System - Scans network traffic for signs of malicious activity and takes action against it.
What is NIDS and what does it do? Network Intrusion Detection System - Detects unauthorized access or attacks.
What is an IDS and what are the categories? Intrusion Detection System - Signature Based IDS - Anomaly Based IDS
What are some characteristics of signature-based IDS? - Pattern matching - Stateful matching
With a signature-based IDS, what is pattern matching? Compares traffic to a database of attack patterns. Carries out pre-plannned steps if an attack matches pattern.
With a signature-based IDS, what is stateful-matching? Records the initial state of OS. Any changes in state that violates a defined rule is reported.
What an an anomaly-based IDS? Analyzes traffic and compares it to normal traffic to determine a threat.
What are the different types of anomaly-based IDS's? - Statistical anomaly-based IDS - Protocol anomaly-based IDS - Traffic anomaly-based IDS - Rule or heuristic-based IDS - Application-based IDS
What is a statistical anomaly-based IDS? Samples the live environment and records activity. The longer the IDS is running, the more accurate it is. Activity thresholds are important to prevent false negatives and false positives.
What is a protocol anomaly-based IDS? Has knowledge of protocols it will monitor.
What is a traffic anomaly-based IDS? Tracks traffic patterns. All future patterns are compared to sample. Must tune threshold. Useful if user activity is static.
What is a rule or heuristic-based IDS? Uses a knowledge base, and interference engine and rule-based programming. Often referred to as an if/then system or expert system.
What is an application based IDS? Analyzes transaction logs for a single application.
What is an INE or HAIPE? Inline Network Encryptor High Assurance Internet Protocol Encryptor Type 1 encryption device
What is SIEM? Security Information and Event Management - Utils that receive information from log files and centralize the collection and analysis of that data.
What is an HSM? Hardware Security Module Manages digital keys. Attaches directly to server.
For device placement, where should you place a UTM? Between the LAN and the internet connection.
For device placement, where should you place a NIDS? Dependent on org needs. - Inside firewall: identify internal attacks and attacks that get through firewall - Outside firewall: identify attacks coming from internet.
For device placement, where should you place an INE? The point where then network has a connection to an unprotected network.
For device placement, where should you place a NIPS? The border of the network and connect it inline between the external and internal network.
For device placement, where should you place a SIEM device? In a centralized location where all devices can reach it.
What is a WAF? Web Application Firewall - Applies rules to HTTP. Covers common attacks like XSS and SQL injections. - Usually placed behind firewall - Operate inline and out of band
What are advantages and disadvantages of in-line operation? - Advantage: Can prevent live attacks. - Disadvantage: May prevent legit traffic. May slow web traffic.
What are advantages and disadvantages of out-of-band operation? - Advantages: Non-intrusive, doesn't mess with traffic. - Disadvantages: Cannot block live traffic.
What is a NGFW? Next Generation Firewall - Addresses traffic inspection shortcomings of traditional stateful firewalls.
Where can a NGFW be placed? -In line - Out of Path - Out of Path means the gateway redirects traffic to NGFW.
What is an IPS? Intrusion Protection System Prevents attacks.
What are the two IPS types? - Passive Vulnerability Scanners (PVS) - Active Vulnerability Scanners (AVS)
What is a DAM? Database activity monitor Monitors transactions of the activity of database services.
What are some DAM architectures? - Interception-based Model - Memory-based Model - Log-based Model
With regards to DAM, what is the interception-based model Watches the communications between the client and the server
With regards to DAM, what is the memory-based model Uses a sensor attached to the database and continually polls the system to collect SQL statements.
With regards to DAM, what is the log-based model Analyzes and extracts information from transaction logs.
For device placement, where should you place a DAM? - In Line - It can also perform remote monitoring.
What is ARP poisoning? Disrupting the ARP cache on a switch.
What are two mitigation techniques for ARP poisoning? - Dynamic ARP Inspection (DAI) - DHCP Snooping
What are the 5 types of firewalls? - Packet-filtering Firewalls - Stateful Firewalls - Proxy Firewalls - Dynamic Packet-filtering - Kernel Proxy Firewalls
What is a packet filtering firewall? - Only inspects header of packet for IP addresses and port.
What is a stateful firewall? - Aware of TCP handshake and track connections in reference to the 3 way handshake. - Maintains a state table of all current connections.
What is a proxy firewall? - Stands between an internal-to-external connection. - Makes connections on behalf of endpoints. - Operates on L5 and L7
What is a kernel proxy firewall? - Fifth generation firewall. - Inspects packets at every layer of OSI without performance hit of L7 firewall.
Which proxy firewall operates at the session layer (L5) - Circuit level proxy - Makes decisions based on header and session information
Which proxy firewall operates at the application layer (L7) - Application level proxy - Performs deep packet inspection. - Maintains a different proxy function for each protocol. - Big impact on performance
Where is a packet-filtering firewall placed? Between subnets, which must be secures.
Where is a circuit level proxy placed? At the network edge
Where is an application-level firewall placed? Close to the application server it's protecting.
Where is a kernel proxy firewall placed? Close to the system it's protecting.
What is a bastion host? - Refers to position of any device. - Any device exposed to an untrusted network. - Important to reduce attack surface.
What is a dual-homed firewall? A FW with 2 network interfaces. One for internal network and one for external.
What is a multi-homed firewall? - 3 legged firewall is popular - One connection to untrusted network, one to trusted and one to DMZ.
What are some features of WLC? Wireless LAN Controllers - Interference detection and avoidance - Load balancing - Coverage gap detection.
What forms of authentication do WLAN controllers support? - PEAP - LEAP - EAP-TLS - WPA - WPA2 - L2TP
What do firewalls use to do their job? Rule sets
What is the order that firewall rules are examined? - Type of traffic - Source of traffic - Destination of traffic - Action to take on traffic
What are the 5 steps of the formal change control process? - Submit/resubmit a change request - Review the change request - Coordinate the change - Implement the change - Measure the results of change
What are two types of availability controls? - Redundant hardware - Fault-tolerant technologies
What are 2 types of metrics used to measure control availability? - SLA - MTBF and MTTR
What is an SLA? - Service level agreement - Support agreed upon for a service
What is MTBF and MTTR - Mean Time Between Failures - Mean Time to Repair - Both of these define how long it will take to get the device or service back online.
What is RAID 0? - Disk striping - Writes data across multiple drives - No fault tolerance
What is RAID 1? - Disk mirroring - Fault tolerance - Usable storage is half of total to account for 1:1 mirror
What is RAID 3? - Disk striping with parity - Requires at least 3 disks - Parity disk is used to rebuild in case of drive failure. - All parity data is stored on single disk
What is RAID 5? Disk striping with parity - Requires at least 3 drives - Information and parity distributed throughout RAID.
What is fail over? The ability of a system to switch to backup system.
What is fail soft? The capability of a system to terminate noncritical processes.
What are different types of load balancing? - Clustering (Software) - Load Balancing (Hardware)
What are the 3 planes in a typical SDN architecture? - Control plane - Data plane - Management plane
In reference to SDN, what is a control plane? - Carries signaling traffic to or from a router. - Allows the building of routing tables.
In reference to SDN, what is a data plane? - Also known as the forwarding plane. - Carries user traffic.
In reference to SDN, what is a management plane? - The plane that administers the router.
What are different types of cloud managed networks? - IaaS - PaaS - SaaS
What are some indications, and sources of authentication attacks? - Multiple unsuccessful attempts at login - AD, Syslog, RADIUD, TACACS+
What are some indications, and sources of firewall attacks? - Multiple drop/reject/deny events from same IP address. - Firewall, Routers and Switches
What are some indications, and sources of IPD/IDS attacks? - Multiple drop/reject/deny events from the same IP address. - IPS and IDS
What is switch spoofing? When an attacker sets port to "Dynamic Desirable" and forms a trunk, therefore capturing all VLAN traffic.
How do you prevent VLAN hopping? Change default Native VLAN of trunk interface. - #switchport trunk native vlan 99
What are the 5 services in Data-Flow enforcement? - Boundary control services - Access control services - Integrity services - Cryptography services - Auditing and monitoring services
What is NAC? Network Access Control - Examines the state of the computer in combination with authentication.
What are the 5 steps of Network Access Protection? - Request access - Health state send to NPS (RADIUS) - NPS evaluates against local health policies - If compliant, grant access - If not, restrict network access and remediation
What is BACNet? Building Automation and Control Network
What is SCADA? Supervisory Control and Data Acquisition - Coded signals over comms channels to provide remote equipment controls.
What are the components of SCADA? - Sensors - Remote Terminal Units (RTU) - Programmable Logic Controllers (PLC) - Telemetry System - Human Interface
What publications is useful for SCADA/ICS information? NIST SP 800-82
Mostrar resumen completo Ocultar resumen completo

Similar

CCNA Security 210-260 IINS - Exam 1
Mike M
OCR gcse computer science
Jodie Awthinre
CCNA Security 210-260 IINS - Exam 2
Mike M
GCSE AQA Computer Science - Definitions
James Jolliffe
A2 WJEC Networks Quiz
Henry Cookson
IT quiz
Aaron Foo
SY0-401 Part 1 (50 questions)
desideri
7.1 Internet Protocols
Karina A
Wireless Networking
Tunds
CCNA Security 210-260 IINS - Exam 1
Ricardo Nuñez
social network
sumaya Alfuhid