Lesson 16 Attacks , threats and vulnerabilities\\ Wireless Security Protocols// Soho Router Security // Security measures//Configure a SOHO ROUTER// configuring Soho Network Security
Duress
A duress alarm could be implemented as a wireless pendant, concealed sensor or trigger, or call contact.
Shoulder Surfing
A shoulder surfing attack means that the threat actor learns a password or PIN (or other secure information) by watching the user type it.
A security company was asked to help set up physical security at a massive company to identify concealed weapons coming into the building. What should the company implement? A.Access control vestibule B.Magnetometer C.Bollard D.Fencing
Magnetometer
A network administrator is setting up administrative access to network devices. What common solution is used for this? Kerberos TACACS+ RADIUS EAP
TACACS+
Circuit
A circuit-based alarm sounds when the circuit is opened or closed. This could be caused by a door or window opening or by a fence being cut.
The building will house a number of servers contained within a secure room and network racks. You have recommended that the provisioning requirement includes key-operated chassis faceplates. What threats will this mitigate?
A lockable faceplate controls who can access the power button, external ports, and internal components. This mitigates the risk of someone gaining access to the server room via social engineering. It also mitigates risks from insider threat by rogue administrators, though to a lesser extent (each request for a chassis key would need to be approved and logged).
Motion sensors
A motion-based alarm is linked to a detector triggered by movement within an area. The sensors in these detectors are either microwave radio reflection or passive infrared (PIR), which detects moving heat sources.
3. A threat actor crafts an email addressed to a senior support technician inviting him to register for free football coaching advice. The website contains password-stealing malware. What is the name of this type of attack?
A phishing attack tries to make users authenticate with a fake resource, such as a website. Phishing emails are often sent in mass as spam. This is a variant of phishing called spear phishing because it is specifically targeted at a single person, using personal information known about the subject (his or her football-coaching volunteer work).
4. In AAA architecture, what type of device might a RADIUS client be?
AAA refers to Authentication, Authorization, and Accounting and the Remote Access Dial-in User Service (RADIUS) protocol is one way of implementing this architecture. The RADIUS server is positioned on the internal network and processes authentication and authorization requests. The RADIUS client is the access point, and it must be configured with the IP address of the server plus a shared secret passphrase. The access point forwards authentication traffic between the end-user device (a supplicant) and the RADIUS server but cannot inspect the traffic.
MFA (Multifactor Authentication)
An authentication technology is considered strong if it is multifactor. Multifactor authentication (MFA) means that the user must submit at least two different kinds of credentials.
1. Confidentiality and integrity are two important properties of information stored in a secure retrieval system. What is the third property?
Availability—information that is inaccessible is not of much use to authorized users. For example, a secure system must protect against denial of service (DoS) attacks.
An IT manager wants to secure a storage room with expensive server equipment. Which of the following will provide the best contactless security? A.Badge reader B.Electronic lock C.Conventional lock D.Bollard
Badge reader
Katie works in a high-security government facility. When she comes to work in the morning, she places her hand on a scanning device installed at a turnstile in the building lobby. The scanner reads her palmprint and compares it to a master record of her palmprint in a database to verify her identity. What type of security control is this?
Biometric authentication deployed as part of a building's entry-control system.
A server administrator wants to secure a whole row of servers. What would be the best way to secure access to the servers? A.Kensington locks B.Chassis locks C.Fingerprint readers D.Cabinet locks
Cabinet locks
Chassis locks
Chassis locks and faceplates prevent the covers of server equipment from being opened. These can prevent access to external USB ports and prevent someone from accessing the internal fixed disks.
A user wants to secure their home router. Which of the following are strong security practices? (Select all that apply.) Content filtering Disable 2.4 GHz Broadcast Firmware update AAA
Content filtering Firmware update
2. You are reviewing a secure deployment checklist for home router wireless configuration. Following the CompTIA A+ objectives, what additional setting should be considered along with the following four settings? • Changing the service set identifier (SSID) • Disabling SSID broadcast • Encryption settings • Changing channels
Disabling guest access. It might be appropriate to allow a guest network depending on the circumstances, but the general principle is that services and access methods that are not required should be disabled.
Dumpster Diving
Dumpster diving refers to combing through an organization's (or individual's) garbage to try to find useful documents.
A security analyst is looking at the overall security status of systems on the network. Which of the following represents the greatest risk? A.EOL system B.Unprotected system C.Zero-day D.Non-compliant system
EOL system
A hotel manager notices that a wireless access point with the same service set identifier (SSID) is broadcasting with higher power. What attack could this indicate? Whaling Phishing Footprinting Evil twin
Evil Twin
3. What two factors must a user present to authenticate to a wireless network secured using EAP-TLS?
Extensible Authentication Protocol (EAP) allows for different types of mechanisms and credentials. The Transport Layer Security (TLS) method uses digital certificates installed on both the server and the wireless station. The station must use its private key and its certificate to perform a handshake with the server. This is one factor. The user must authenticate to the device to allow use of this private key. This device authentication—via a password, PIN, or bio gesture—is the second factor.
2. True or false? The level of risk from zero-day attacks is only significant with respect to EOL systems.
False. A zero-day is a vulnerability that is unknown to the product vendor and means that no patch is available to mitigate it. This can affect currently supported as well as unsupported end-of-life (EOL) systems. The main difference is that there is a good chance of a patch being developed if the system is still supported, but almost no chance if it is EOL.
1. True or false. TKIP represents the best available wireless encryption and should be configured in place of AES if supported.
False. Advanced Encryption Standard (AES) provides stronger encryption and is enabled by selecting Wi-Fi Protected Access (WPA) version 2 with AES/CCMP or WPA3 encryption mode. The Temporal Key Integrity Protocol (TKIP) attempts to fix problems with the older RC4 cipher used by the first version of WPA. TKIP and WPA1 are now deprecated.
Fingerprint readers
Fingerprint readers are not commonly used to secure rack cabinets. The technology is also non-intrusive and relatively simple to use, although moisture or dirt can prevent readings, and there are hygiene issues at shared-use gateways
A human resources specialist has started working from home. The specialist is somewhat security conscious and wants to keep their home network secure. What else besides the router operating system patches should the specialist keep patched? Firmware UPnP Default password AAA
Firmware
A penetration tester gains access to a regular user's box. The tester wants to escalate privileges, so they call into the help desk, as the regular user, and sets up a script that will capture the help desk user's Kerberos token to be able to replay. What is this social engineering technique called? A.Dumpster diving B.Impersonation C.Shoulder surfing D.Tailgating
Impersonation
Impersonation
Impersonation means that the penetration tester develops a pretext scenario to give themselves an opportunity to interact with an employee.
WPA3
In WPA2, Wi-Fi Enhanced Open traffic is unencrypted. WPA3 encrypts this traffic. This means that any station can still join the network, but traffic is protected against sniffing.
Kesington locks
Kensington locks are used with a cable tie to secure a laptop or other device to a desk or pillar and prevent theft.
Cabinet locks
Lockable rack cabinets control access to servers, switches, and routers installed in standard network racks. These can be supplied with key-operated or electronic locks.
A server administrator discovers that a server service account for a File Transfer Protocol (FTP) server was compromised. Which of the following exploits or vulnerabilities did the malicious actor use? A.XSS B.SQL injection C.Plaintext D.DoS
Plaintext
A network administrator analyzes the physical placement of routers or network appliances to ensure a secure location. What is the administrator helping to prevent? A.Default password B.Power off C.Firmware update D.Evil twin
Power off
. A different user wants to configure a multiplayer game server by using the DMZ feature of the router. Is this the best configuration option? Probably not. Using a home router's "demilitarized zone" or DMZ host option forwards traffic for all ports not covered by specific port-forwarding rules to the host. It is possible to achieve a secure configuration with this option by blocking unauthorized ports and protecting the host using a personal firewall, but using specific port-forwarding/mapping rules is better practice. The most secure solution is to isolate the game server in a screened subnet so that is separated from other LAN hosts, but this typically requires multiple router/ firewalls.
Probably not. Using a home router's "demilitarized zone" or DMZ host option forwards traffic for all ports not covered by specific port-forwarding rules to the host. It is possible to achieve a secure configuration with this option by blocking unauthorized ports and protecting the host using a personal firewall, but using specific port-forwarding/mapping rules is better practice. The most secure solution is to isolate the game server in a screened subnet so that is separated from other LAN hosts, but this typically requires multiple router/ firewalls.
Which of the following tasks is MOST likely to be an optional rather than required consideration during physical installation of the wireless router?
Proximity to wired PC workstation
A jewelry chain has just discovered how to make a new form of jewels that has never been created before. They want to set up some sort of alarm if the jewels are taken out of their designated area. What type of alarm should the jewelry chain set up specific to the jewels? Motion sensors Circuit RFID Duress
RFID
RFID (radio frequency identification)
Radio frequency ID (RFID) tags and readers can be used to track the movement of tagged objects within an area. This can form the basis of an alarm system to detect whether someone is trying to remove equipment
A network administrator wants to enable authentication for wireless access points against an Active Directory database. Which of the following will the administrator need to use? Kerberos TACACS+ OU RADIUS
Radius
A student is interning for a security team at a major company and wants to practice on their home network. They want to make sure devices are easily identified when traffic is examined. Which of the following will help them accomplish this? Port forward UPnP Reservation Port triggering
Reservation
A security manager at a top-secret facility assesses the feasibility of integrating biometric authentication but has heard that it is often not accurate. Which of the following is the most accurate form of biometrics? A.Retina scanner B.Palmprint scanning C.Fingerprint readers D.Badge reader
Retina Scanner
Retina Scanner
Retinal scanning is one of the most accurate forms of biometrics. Retinal patterns are very secure, but the equipment required is expensive and the process is relatively intrusive and complex.
A vulnerability manager is ramping up the vulnerability management program at their company. Which of the following is the most important consideration for prioritizing patching? Vulnerability Threat Risk MFA
Risk
Risk
Risk is the likelihood and impact (or consequence) of a threat actor exercising a vulnerability. This is the most important aspect of the prioritization of patches.
A server administrator for a corporation with an enterprise network was tasked with setting up a website hosted on-premise. How should the administrator set it up? Content filtering UPnP Port forward Screened subnet
Screened Subnet
A network professional sets up the ability to authenticate over Extensible Authentication Protocol over Wireless (EAPoW). Which of the following will the professional need to configure? A.Active directory B.WPA3 C.TACACS+ D.MFA
TACACS+
TACACS+
TACACS+ is an AAA protocol like RADIUS, but it is typically used for device administration rather than user access to the network.
Tailgating
Tailgating is a means of entering a secure area without authorization by following closely behind the person who has been allowed to open the door or checkpoint.
4. You are assisting with the development of end-user security awareness documentation. What is the difference between tailgating and shoulder surfing?
Tailgating means following someone else through a door or gateway to enter premises without authorization. Shoulder surfing means covertly observing someone type a PIN or password or other confidential data.
WPA
The first version of Wi-Fi Protected Access (WPA) was designed to fix critical vulnerabilities in the earlier wired equivalent privacy (WEP) standard.
WPA (Works Progress Administration)
The first version of Wi-Fi Protected Access (WPA) was designed to fix critical vulnerabilities in the earlier wired equivalent privacy (WEP) standard.
WPA3
The main features of WPA3 are Simultaneous Authentication of Equals (SAE), updated cryptographic protocols, protected management frames, and Wi-Fi enhanced open.
TACACS+
The network administrator will need to set up a TACACS+ server for an Authentication, Authorization, and Accounting (AAA) server. When the user has been authenticated, the AAA server transmits a master key (MK) to the wireless PC or laptop.
You are assisting with the design of a new campus building for a multinational firm. On the recommendation of a security consultant, the architect has added closely spaced sculpted stone posts with reinforced steel cores that surround the area between the building entrance and the street. At the most recent client meeting, the building owner has queried the cost of these. Can you explain their purpose?
These bollards are designed to prevent vehicles from crashing into the building lobby as part of a terrorist or criminal attack. The security consultant should only recommend the control if the risk of this type of attack justifies the expense.
Threat
Threat is the potential for someone or something to exploit a vulnerability and breach security. A threat may be intentional or unintentional. The person or thing that poses the threat is called a threat actor.
2. True or false? WPA3 personal mode is configured by selecting a passphrase shared between all users who are permitted to connect to the network.
True. WPA3-Personal uses group authentication via a shared passphrase. The simultaneous authentication of equals (SAE) mechanism by which this passphrase is used to generate network encryption keys is improved compared to the older WPA2 protocol, however.
Vulnerability
Vulnerability is a weakness that could be accidentally triggered or intentionally exploited to cause a security breach.
A network administrator sets up a network access control solution throughout the enterprise which allows them to see ports with multiple devices connected into a switch port. The administrator uses this to help identify wireless access points throughout the enterprise, especially older ones which may have been forgotten. Which of the following legacy wireless encryption mechanisms is the administrator going to change? (Select all that apply.) WPA2 WPA WPA3 WEP
WPA WEP
WPA2
WPA2 uses the Advanced Encryption Standard (AES) cipher deployed within the Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP).
A network manager for a growing coffee company sets up wireless access points at cafe locations for users. The manager wants to set up access to allow anyone in the vicinity to join without a password but also make it as secure as possible. Which standard introduced this ability? WPA3 WPA2 WPA WEP
WPA3
WEP
Wired Equivalent Privacy (WEP) is an old legacy standard. Neither WEP nor the original WPA version is considered secure enough for continued use.
WEP (Wired Equivalent Privacy)
Wired Equivalent Privacy (WEP) is an old legacy standard. Neither WEP nor the original WPA version is considered secure enough for continued use.
3. You are assisting a user with setting up Internet access to a web server on a home network. You want to configure a DHCP reservation to set the web server's IP address, allow external clients to connect to the secure port TCP/443, but configure the web server to listen on port TCP/8080. Is this configuration possible on a typical home router?
Yes. You need to configure a port-mapping rule so that the router takes requests arriving at its WAN IP for TCP/443 and forwards them to the server's IP address on TCP/8080. Using a known IP address for the server by configuring a Dynamic Host Configuration Protocol (DHCP) reservation simplifies this configuration. The home router's DHCP server must be configured with the media access control (MAC) address or hardware identifier of the web server.
