ITN100 Exam 3 End of Chapter Questions
3. Name and describe the main impact areas. Who should be responsible for assessing what is meant by low/medium/high impact for each of the impact areas? Explain your answer.
1. Financial - revenue and expenses 2. Productivity - business operations 3. Reputation - customer perceptions 4. Safety - health of customers and employees 5. Legal - potential for fines and litigation Business leaders should make the decisions on the impact of each impact area because these are business decisions.
13. Explain how a denial-of-service attack works.
A DOS attacks works by an attacker attempting to disrupt the network by flooding it with messages so that the network cannot process messages from normal users. The simplest approach is to flood a Web server, mail server, and so on, with incoming messages. The server attempts to respond to these, but there are so many messages that it cannot.
9. How does a DSL modem differ from a DSLAM?
A DSL modem produces Ethernet 10Base-T packets so it can be connected directly into a computer or router and hub so that it can serve the needs of a small network. The DSLAM de-multiplexes the data streams and converts them into ATM data, which are then distributed to the ISPs.
4. What is a POP?
A POP is an acronym for "point of presence." The POP is the place at which the ISP providers services to its customers.
18. What is a bottleneck, and why do network managers care about them?
A bottleneck is a place where performance of an entire system is limited by capacity at some point in a network. Bottlenecks can exist on physical circuits or networking devices. Managers care about them because these are points that can be fixed or upgraded and after doing so, the network performance becomes improved.
16. What is the difference between a building backbone and a campus backbone, and what are the implications for the design of each?
A building backbone distributes network traffic to and from the LANs. The building backbone typically uses the same basic technology that we use in the LAN (a network switch) but usually we buy faster switches because the building backbone carries more network traffic than a LAN. A campus backbone connects all the buildings on one campus. Some vendors call this the Core Layer. The campus backbone is usually faster than the backbones we use inside buildings because it typically carries more traffic than they do. We use routers or layer 3 switches that do routing when we design the campus. The cost of each can be significant as they each consist of high-speed fiber optic cable and hardware such as switches and routers. In designing each one though, we can provide an infrastructure that provides for efficient movement of data across the entire network.
39. What is a certificate authority?
A certificate authority (CA) is a trusted organization that can vouch for the authenticity of the person or organization using authentication (e.g., VeriSign). A person wanting to use a CA registers with the CA and must provide some proof of identify. There are several levels of certification, ranging from a simple confirmation from valid email address to a complete police-style background check with an in-person interview. The CA issues a digital certificate that is the requestor's public key encrypted using the CA's private key as proof of identify. This certificate is then attached to the user's email or Web transactions in addition to the authentication information. The receiver then verifies the certificate by decrypting it with the CA's public key -- and must also contact the CA to ensure that the user's certificate has not been revoked by the CA.
12. What is a computer virus? What is a worm?
A computer virus is an executable computer program that propagates itself (multiplies), uses a carrier (another computer program), may modify itself during replication, is intended to create some unwanted event. Viruses cause unwanted events -- some are harmless (such as nuisance messages), others are serious (such as the destruction of data). Most viruses attach themselves to other programs or to special parts on disks. As those files execute or are accessed, the virus spreads. Some viruses change their appearances as they spread, making detection more difficult. Macro viruses, viruses that are contained in documents or spreadsheet files, can spread when an infected file simply is opened. Macro viruses are the fastest growing type of virus, accounting for more than 75 percent of all virus problems. A worm is a special type of virus that spreads itself without human intervention. Worms spread when they install themselves on a computer and then send copies of themselves to other computers, sometimes by e-mail, sometimes via security holes in software.
11. What is the purpose of a disaster recovery plan? What are the major elements of a typical disaster recovery plan?
A disaster recovery plan should address various levels of response to a number of possible disasters and should provide for partial or complete recovery of all data, application software, network components, and physical facilities. The most important element of the disaster recovery plan are backup and recovery controls that enable the organization to recover its data and restart its application software should some portion of the network fail. Major elements of a typical disaster recovery plan are: • The name of the decision-making manager who is in charge of the disaster recovery operation. A second manager should be indicated in case the first manager is unavailable. • Staff assignments and responsibilities during the disaster. • A pre-established list of priorities that states what is to be fixed first. • Location of alternative facilities operated by the company or a professional disaster recovery firm and procedures for switching operations to those facilities using backups of data and software. • Recovery procedures for the data communication facilities (WAN, MAN, BN, and LAN), servers and application systems. This includes information on the location of circuits and devices, whom to contact for information, and the support that can be expected from vendors, along with the name and telephone number of the person to contact. • Action to be taken in case of partial damage, threats such as a bomb threat, fire, water or electrical damage, sabotage, civil disorders, or vendor failures. • Manual processes to be used until the network is functional. • Procedures to ensure adequate updating and testing of the disaster recovery plan • Storage of the data, software, and the disaster recovery plan itself in a safe area where they cannot be destroyed by a catastrophe. This area must be accessible, however, to those who need to use the plan.
25. What is a firewall?
A firewall is a router, gateway, or special purpose computer that examines packets flowing into and out of a network and restricts access to the organization's network. The network is designed so that a firewall is placed on every network connection between the organization and the Internet. No access is permitted except through the firewall. Some firewalls have the ability to detect and prevent denial-of-service attacks, as well as unauthorized access attempts. Two commonly used types of firewalls are packet level, and application level.
54. What is a honey pot?
A honey pot is a server that contains highly interesting fake information available only through illegal intrusion to "bait" or "entrap" the intruder and also possibly divert the hacker's attention from the real network assets. The honey pot server has sophisticated tracking software to monitor access to this information that allows the organization and law enforcement officials to trace and document the intruder's actions. If the hacker is subsequently found to be in possession of information from the honey pot, that fact can be used in prosecution.
26. How do the different types of firewalls work?
A packet-level firewall examines the source and destination address of every network packet that passes through it. It only allows packets into or out of the organization's networks that have acceptable source and destination addresses. An application level firewall acts as an intermediate host computer between the Internet and the rest of the organization's networks. Anyone wishing to access the organization's networks from the Internet most login to this firewall, and can only access the information they are authorized for based on the firewall account profile they access. The NAT firewall uses an address table to translate the private IP addresses used inside the organization into proxy IP addresses used on the Internet
23. What is a sniffer?
A sniffer program records all messages received for later (unauthorized) analysis. A computer with a sniffer program could then be plugged into an unattended hub or bridge to eavesdrop on all message traffic.
31. Compare and contrast symmetric and asymmetric encryption.
A symmetric (or single key) encryption algorithm is one in which the key used to encrypt a message is the same as the one used to decrypt it. Both parties to the transmission must possess the same key for encryption and decryption. The key must be kept secret, leading to a need for key management. An asymmetric algorithm is one in which the key used to decrypt a message is different from the one used to encrypt it. Public key encryption is the most common for asymmetric encryption. , there are two keys. One key (called the public key) is used to encrypt the message and a second, very different private key is used to decrypt the message. The net result is that if two parties wish to communicate with one another, there is no need to exchange keys beforehand. All public keys are published in a directory. Each knows the other's public key from the listing in the public directory and can communicate encrypted information immediately. The key management problem is reduced to the on-site protection of the private key.
32. Describe how symmetric encryption and decryption works.
A symmetric algorithm is an algorithm in which the key used to decrypt a particular bit stream is the same as the one used to encrypt it. Using any other key produces plaintext that appears as random as the ciphertext. No keys are exchanged between the sender and the receiver. Encryption is the process of disguising information into ciphertext, whereas decryption is the process of restoring it to readable form (plaintext). An encryption system has two parts: the algorithm itself and the key, which personalizes the algorithm by making the transformation of data unique. Two pieces of identical information encrypted with the same algorithm but with different keys produce completely different ciphertexts. When using most encryption systems, communicating parties must share this key. If the algorithm is adequate and the key is kept secret, acquisition of the ciphertext by unauthorized personnel is of no consequence to the communicating parties.
1. What are the keys to designing a successful data communications network?
A thorough needs analysis, developing one or more physical network designs, designing to operate and maintain with minimal staff intervention.
2. Briefly outline the steps required to complete a risk assessment.
A. Develop risk measurement criteria B. Inventory IT assets C. Identify threats D. Document existing controls E. Identify improvements
10. Explain how ADSL works.
ADSL is the most common type of DSL used today. It uses frequency division multiplexing to create three separate channels over the one local loop circuit. One channel is the traditional voice telephone circuit, the second channel is a relatively high-speed simplex data channel, and the third channel is a slightly slower duplex data channel.
12. What is an OE converter? A CMTS?
An OE is an optical-electrical converter, which converts between the coaxial cable on the customer side and fiber-optic cable on the cable TV company side. The CMTS contains a series of cable modems/multiplexers and converts the data from cable modem protocols into protocols needed for Internet traffic, before passing them to the router connected to an ISP POP.
52. How does IPS anomaly detection differ from misuse detection?
Anomaly detection compares monitored activities with a known "normal" set of activities for a stable network environment while misuse detection compares monitored activities with signatures of prior known attacks. Anomaly detection looks for extreme changes in certain kinds of behavior while misuse detection guards against a repeat of prior intrusions.
50. What is an intrusion prevention system?
Assuming that prevention efforts will not be sufficient to avoid all intrusions, intrusion prevention systems (IPSs) can be used to monitor networks, circuits, and particular applications and report detected intrusions.
5. Why is it important to analyze needs in terms of both application systems and users?
Because you want to make sure that the network can support the bandwidth and other operational characteristics required by the user applications.
1. What factors have brought increased emphasis on network security?
Both business and government were concerned with security long before the need for computer-related security was recognized. They always have been interested in the physical protection of assets through means such as locks, barriers, and guards. The introduction of computer processing, large databases, and communication networks has increased the need for security. For many people, security means preventing unauthorized access, such as preventing a hacker from breaking into your computer. Security is more than that, however. It also includes being able to recover from temporary service problems (e.g., a circuit breaks) or from natural disasters (e.g., fire, earthquake). The factors that have brought increased emphasis on network security are: • Numerous legal actions involving officers and directors of organizations • Pronouncements by government regulatory agencies requiring controls • Losses associated with computer frauds are greater on a per incident basis than those not associated with computers • Recent highly publicized cases of viruses and criminally instigated acts of penetration • Data is a strategic asset • The rise of the Internet with opportunities to connect computers anywhere in the world (increased potential vulnerability of the organization's assets) • Highly publicized denial-of-service incidents
4. What is the most important principle in designing networks?
Completing a thorough needs analysis that takes into consideration the needs of the organization over the short and long-term. From this analysis then a logical network design can be developed to ensure that the network can satisfy all needs over time.
53. What is computer forensics?
Computer forensics is the use of computer analysis techniques to gather evidence for criminal and/or civil trials and includes the following steps: • Identify potential evidence. • Preserve evidence by making backup copies and use those copies for all analysis. • Analyze the evidence. • Prepare a detailed legal report for use in prosecutions.
36. Compare and contrast DES and public key encryption.
DES is a symmetric algorithm, which means that the key used to decrypt a particular bit stream is the same as the one used to encrypt it. Using any other key produces plaintext that appears as random as the ciphertext. Because the DES algorithm is known publicly, the disclosure of a secret key can mean total compromise of encrypted messages. Managing this system of keys can be challenging. Public key encryption is inherently different from secret key systems like DES. because it is asymmetric; there are two keys. One key (called the public key) is used to encrypt the message and a second, very different private key is used to decrypt the message. Public key systems are based on one-way functions. Even though you originally know both the contents of your message and the public encryption key, once it is encrypted by the one-way function, the message cannot be decrypted without the private key. One-way functions, which are relatively easy to calculate in one direction, are impossible to "uncalculate" in the reverse direction. Public key encryption is one of the most secure encryption techniques available, excluding special encryption techniques developed by national security agencies. Note: DES key length is 56 bits (168 bits for 3DES) while private key length for public key encryption is 512 or 1,024 bits. The American government has tried to develop a policy to require key escrow. With key escrow, any organization using encryption must register its keys with the government. This enables the government, after receiving a legally authorized search warrant, to decrypt and read any messages sent by that organization. Without key escrow, the government is worried that criminal organizations will use encryption to prevent police agencies from performing legally authorized wiretaps. Free speech advocates are concerned that key encryption will be abused by police agencies who will illegally monitor transactions by otherwise innocent citizens. Key escrow is a good idea if it is used to combat the criminal organizations, but key escrow is not a good idea if it increases "big brother" and abuses our right to free speech.
35. How does DES differ from 3DES? From RC4? From AES?
DES uses a 56-bit key while 3DES uses a 168-bit key (3 x 56). RC4 uses keys from 40 to 256 bits in length. AES uses the Rijndael algorithm and has key sizes of 128, 192, and 256 bits.
8. Explain how DSL works.
DSL requires equipment that is installed at the end of the cable (within the house or office) which allows traditional telephone service (POTS) to take advantage of much higher data transmissions rates via the existing cable in the local loop.
55. What is desktop management?
Desktop management refers to security measures at the individual client level. Strong desktop management may include the use of thin clients (perhaps even network PCs that lack hard disks). Centralized desktop management, in which individual users are not permitted to change the settings on their computers with regular reimaging of computers to prevent Trojans and viruses and to install the most recent security patches. All external software downloads will likely be prohibited.
15. What is a disaster recovery firm? When and why would you establish a contract with them?
Disaster recovery firms provide second level support for major disasters. Building a network that has sufficient capacity to quickly recover from a major disaster such as the loss of an entire data center is beyond the resources of most firms. Therefore, contracts with disaster recovery firms are established. Disaster recovery firms provide a full range of services. At the simplest, they provide secure storage for backups. Full services include a complete networked data center that clients can use when they experience a disaster. Once a company declares a disaster, the disaster recovery firm immediately begins recovery operations using the backups stored on site and can have the organization's entire data network back in operations on the disaster recovery firm's computer systems within hours. Full services are not cheap, but compared to the potentially millions of dollars that can be lost per day from the inability to access critical data and application systems, these systems quickly pay for themselves in time of disaster.
8. In which step of the risk assessment should existing controls be documented?
Documenting existing controls is the fourth step in the process, between identifying threats and identifying improvements.
46. Why is the management of user profiles an important aspect of a security policy?
Each user's profile specifies what data and network resources he or she can access, and the type of access allowed (read only, write, create, delete).
22. What is eavesdropping in a computer security sense?
Eavesdropping refers to the process of unauthorized tapping into a computer network through local cables that are not secured behind walls or in some other manner.
27. What is IP spoofing?
IP spoofing means to fool the target computer (and any intervening firewall) into believing that messages from the intruder's computer are actually coming from an authorized user inside the organization's network. Spoofing is done by changing the source address on incoming packets from their real address to an address inside the organization's network. Seeing a valid internal address, the firewall lets the packets through to their destination. The destination computer believes the packets are from a valid internal user and processes them. The goal of an intruder using IP spoofing is to send packets to a target computer requesting certain privileges be granted to some user (e.g., setting up a new account for the intruder or changing access permission or password for an existing account). Such a message would not be accepted by the target computer unless it can be fooled into believing that the request is genuine.
5. Explain one reason why you might experience long response times in getting a Web page from a server in your own city.
If the other organization uses a different local ISP, which in turn uses a different regional ISP, the message may have to travel all the way to the Chicago IXP before it can move between the two separate parts of the Internet.
4. What are some of the criteria that can be used to rank security risks?
Importance can be based on number of criteria such as which would have the greatest dollar loss, be the most embarrassing, be the most prone to liability judgments, and have the highest probability of occurrence. The relative importance of a threat to your organization depends upon your business. A bank for example, is more likely to be a target of fraud than a restaurant with an electronic marketing site on the Web. The criteria will also depend on the industry in which the organization works. Some other criteria that can be used to rank risk in a data communication network are: • Most damaging, most dangerous, most risky. • Most sensitive, most critical to organization, most likely to cause political problems • Most costly to recover, most difficult to recover, most time consuming to recover • Greatest delay, most likely to occur
33. Describe how asymmetric encryption and decryption works.
In asymmetric encryption and decryption there are two keys. One key (called the public key) is used to encrypt the message and a second, very different private key is used to decrypt the message. Public key systems are based on one-way functions. Even though you originally know both the contents of your message and the public encryption key, once it is encrypted by the one-way function, the message cannot be decrypted without the private key. One-way functions, which are relatively easy to calculate in one direction, are impossible to "uncalculate" in the reverse direction. All public keys are published in a directory. When Organization A wants to send an encrypted message to Organization B, it looks through the directory to find its public key. It then encrypts the message using B's public key. This encrypted message is then send through the network to Organization B, which decrypts the message using its private key.
51. Compare and contrast a network-based IPS, a host-based IPS, and an application-based IPS.
In each case the IPS reports intrusions to an IPS management console: • The network-based IPS monitors key network circuits through IPS sensors that are placed on the key circuits to monitors all network packets on that circuit. • The host-based IPS monitors a server and incoming circuits. It is installed on the server that it is monitoring. • An application-based IPS is a specialized host-based IPS that monitors one application on its server such as a Web server.
45. Explain how a biometric system can improve security. What are the problems with it?
In high security applications, a user may be required to present something they are, such as a finger, hand, or the retina of their eye for scanning by the system. These biometric systems scan the user to ensure that user is the sole individual authorized to access the network account. While someone can obtain someone else's password and access card, it is most difficult to acquire another person's handprint or eye retina print. While most biometric systems are developed for high security users, several low cost biometric systems to recognize fingerprints are now on the market.
7. Compare and contrast cable modem and DSL.
Individuals connect to ISP's mostly via DSL and cable modems today. The speeds vary between the two technologies and it depends on location and provider as to which is faster. One of the main differences between the two is that DSL customers have a direct connection back to the end office with point-to-point technology, whereas cable modems use shared multipoint circuits.
47. How does network authentication work and why is it useful?
Instead of logging into a file server or application server, network authentication requires that users login to an authentication server. This server checks the user id and password against its database and if the user is an authorized user, issues a certificate. Whenever the user attempts to access a restricted service or resource that requires a user id and password, the user is challenged and his or her software presents the certificate to the authentication server. If the authentication server validates the certificate then the service or resource lets the user in. In this way, the user no longer needs to enter his or her password for each new service or resource he or she uses. This also ensures that the user does not accidentally give out his or her password to an unauthorized service—it provides mutual authentication of both the user and the service or resource.
3. What is an IXP?
Internet Exchange Points are connection points between Internet Service Providers.
20. What is Internet2®?
Internet2® comprises about 400 universities, corporations, government agencies, and organizations from more than 100 countries with a primary focus to develop advanced networking as well as other innovative technologies for research and education.
6. Describe the key parts of the technology design step.
It examines the available technologies and assesses which options will meet the users' needs. The designer makes some estimates about the network needs of each category of user and circuits in terms of current technology and matches needs to technologies.
10. Why is it important to identify improvements that are needed to mitigate risks?
It is important to identify improvements that are needed to mitigate risks because risks are always changing and responses (including technologies) are changing as well.
19. Is it important to have the fastest wireless LAN technology in your apartment? What about in the library of your school? Explain.
It is not necessarily important to have the fastest wireless LAN technology in your apartment because that technology may be faster than your Internet access to your apartment. For example, if you have 10 Mbps Internet access to your apartment, a 54 Mbps access point in your apartment is still limited to 10 Mbps downloads from the Internet. The 54 Mbps access within the apartment is only good for connections between networking devices within the apartment
34. What is key management?
Key management is concerned with dispersing and storing keys carefully. Because the DES algorithm is known publicly, the disclosure of a secret key can mean total compromise of encrypted messages. Managing this system of keys can be challenging, especially with symmetric algorithms.
17. What are typical speeds for the LAN, building backbone, and campus backbone? Why?
LAN - 1 Gbps Building backbone - 10 Gbps Campus backbone - 40 Gbps In most cases, because network traffic is consolidated onto the broader networks, the building backbone is one speed level above the LAN and the campus backbone speed is one speed level about the building backbone.
21. For what types of networks are network design tools most important? Why?
Large, complex networks require the use of network design tools. The many devices on such systems and the variety of services requested by users requires that network managers organize and manage the process using system management software.
18. There are many components in a typical security policy. Describe three important components.
Major elements of a security policy are: • The name of the decision-making manager who is in charge of security. • An incident reporting system and a rapid response team that to respond to security breaches in progress. • A risk assessment with priorities as to which components are most important. • Effective controls placed at all major access points into the network to prevent or deter access by external agents. • Effective controls placed within the network to ensure internal users cannot exceed their authorized access. • An acceptable use policy that explains to users what they can and cannot do. • A plan to routinely train users on security policies and build awareness of security risks. • A plan to routinely test and update all security controls that includes monitoring of popular press and vendor reports of security holes.
29. What is a security hole and how do you fix it?
Many commonly used operating system have major security problems (called security holes) well known to potential intruders; UNIX systems are among the worst. Many security holes have been documented and "patches" are available from vendors to fix them, but network managers may be unaware of all the holes or simply forget to regularly update their systems with new patches. Many security holes are highly technical; for example, sending a message designed to overflow a network buffer, thereby placing a short command into a very specific memory area that unlocks a user profile. Others are rather simple, but not obvious. Other security holes are not really holes, but simply policies adopted by computer vendors that open the door for security problems, such as computer systems that come with a variety of pre-installed user accounts.
16. Explain how WiMax works.
Mobile WiMax works in much the same way as Wi‐Fi. The laptop or smart phone has a WIMAX network interface card (NIC) and uses it to establish a connection to a WiMax access point (AP). Many devices use the same AP so WiMax is a shared multipoint service in which all computers must take turns transmitting. Media access control is controlled access, using a version of the 802.11 point coordination function (PCF). WiMax uses the 2.3 GHz, 2.5 GHz, and 3.5 GHz frequency ranges in North America, although additional frequency ranges may be added.
12. What is a network baseline, and when is it established?
Most network design projects today are network upgrades, rather than the design of entirely new networks. In this case, there is already a fairly good understanding of the existing traffic in the network, and most importantly, the rate of growth of network traffic. In this case, it is important to gain an understanding of the current operations (application systems and messages). The needs analysis step provides a network baseline against which future design requirements can be gauged. It should provide a clear picture of the present sequence of operations, processing times, work volumes, current communication network (if one exists), existing costs, and user/management needs. Whether the network is a new network or a network upgrade, the primary objective of this stage is to define the geographic scope of the network and the users and applications that will use the network.
49. What techniques can be used to reduce the chance that social engineering will be successful?
Most security experts no longer test for social engineering attacks; they know from experience that social engineering will eventually succeed in any organization and therefore assume that attackers can gain access at will to normal user accounts. Training end users not to divulge passwords may not eliminate social engineering attacks, but it may reduce its effectiveness so that hackers give up and move on to easier targets. Acting out social engineering skits in front of users often works very well; when a group of employees sees how they can be manipulated into giving out private information, it becomes more memorable and they tend to become much more careful.
3. Describe the three major steps in current network design.
Needs analysis, technology design and cost assessment.
7. How can a network design tool help in network design?
Network design tools can perform a number of functions to help in the technology design process. Other network design tools can discover the existing network; that is, once installed on the network, they will explore the network to draw a network diagram. For example, simulation is used to model the behavior of the communication network. Network modeling and design tools can perform a number of functions to help in the technology design process. With most tools, the first step is to enter a map or model of the existing network or proposed network design. Some modeling tools require the user to create the network map from scratch. That is, the user must enter all of the network components by hand, placing each server, client computer, and circuit on the map and defining what each. Other tools can "discover" the existing network. In this case, the user provides some starting point; the modeling software explores the network and automatically draws the map itself. Once the map is complete, the next step is to add information about the expected network traffic and see if the network can support the level of traffic that is expected. Simulation is used to model the behavior of the communication network. Once the simulation is complete, the user can examine the results to see the estimated response times and throughput. It is important to note that these network design tools only provide estimates, which may vary from the actual results. At this point the user can change the network design in an attempt to eliminate bottlenecks and re-run the simulation. Good modeling tools not only produce simulation results, but also highlight potential trouble spots (e.g., servers, circuits, or devices that experienced long response times). The very best tools offer suggestions on how to overcome the problems that the simulation identified (e.g., network segmentation, increasing from T1 to T3).
13. What issues are important to consider in explaining a network design to senior management?
One of the main problems in network design is obtaining the support of senior management. In their mind, the network is simply a cost center, something on which the organization is spending a lot of money with little apparent change. The network keeps on running just as it did the year before. The key to gaining senior management acceptance of the network design lies in speaking their language (cost, network growth, and reliability), not the language of the technology (ethernet, ATM, and DSL). It is pointless to talk about upgrades from 10 Mbps to 100 Mbps on the backbone, because this terminology is meaningless to them. A more compelling argument is to discuss the growth in network use. Likewise, a focus on network reliability is an easily understandable issue. For example, if the network supports a mission critical system such as order processing or moving point-of-sale data from retail stores to corporate offices, it is clear from a business perspective that the network must be available and performing properly, or the organization will lose revenue.
16. What is online backup?
Online backup allows you to back up data to a server across the Internet. Generally, software is installed on the client which allows the user to select which files/folders to backup.
38. What is PKI and why is it important?
PKI stands for Public Key Infrastructure. PKI refers to the encryption infrastructure that has developed around the most popular form of asymmetric encryption (also called public key encryption) called RSA. RSA was invented at MIT in 1977. The patent expired on the technology in 2000 and many new companies have now entered the market and public key software has dropped in price. Public key encryption is different from symmetric single key systems. Because pubic key encryption is asymmetric, there are two keys. One key (called the public key) is used to encrypt the message and a second, very different private key is used to decrypt the message. Public key encryption is one of the most secure encryption techniques available.
21. What is physical security and why is it important?
Physical security refers to policies and procedures that are designed to prevent outsiders from gaining access to the organization's offices, server room, or network equipment facilities. Good security requires implementing the proper access controls so that only authorized personnel can enter closed areas where servers and network equipment are located or access the network. Network components themselves also have a level of physical security. Computers can have locks on their power switches or passwords that disable the screen and keyboard.
40. How does PGP differ from SSL?
Pretty Good Privacy (PGP) is freeware public key encryption package developed by Philip Zimmermann that is often used to encrypt e-mail. Users post their public key on Web pages, for example, and anyone wishing to send them an encrypted message simply cuts and pastes the key off the Web page into the PGP software which encrypts and sends the message. Secure Sockets Layer (SSL) operates between the application layer software and the transport layer. SSL encrypts outbound packets coming out of the application layer before they reach the transport layer and decrypts inbound packets coming out of the transport layer before they reach the application layer. With SSL, the client and the server start with a handshake for PKI authentication and for the server to provide its public key and preferred encryption technique to the client (usually RC4, DES or 3DES). The client then generates a key for this encryption technique, which is sent to the server encrypted with the server's public key. The rest of the communication then uses this encryption technique and key.
37. Explain how authentication works.
Public key encryption permits authentication (or digital signatures). When one user sends a message to another, it is difficult to legally prove who actually sent the message. Legal proof is important in many communications, such as bank transfers and buy/sell orders in currency and stock trading, which normally require legal signatures. Thus a digital signature or authentication sequence is used as a legal signature on many financial transactions. This signature is usually the name of the signing party plus other key-contents such as unique information from the message (e.g., date, time, or dollar amount). This signature and the other key-contents are encrypted by the sender using the private key. The receiver uses the sender's public key to decrypt the signature block and compares the result to the name and other key contents in the rest of the message to ensure a match.
7. What is the purpose of the risk score and how is it calculated?
Risk scores are used to compare the risk scores among all the different threat scenarios to help us identify the most important risks we face. It is calculated by multiplying the impact score by the likelihood (using 1 for low likelihood, 2 for medium likelihood, and 3 for high likelihood).
41. How does SSL differ from IPSec?
SSL differs from IPSec in that SSL is focused on Web applications, while IPSec can be used with a much wider variety of application layer protocols.
48. What is social engineering? Why does it work so well?
Social engineering refers to breaking security simply by asking. For example, hackers routinely phone unsuspecting users and imitate someone else (e.g., a technician, a boss, a network expert) and ask for a password. Most security experts no longer test for social engineering attacks; they know from past experience that social engineering will eventually succeed in any organization and therefore assume that hackers can gain access at will to "normal" user accounts. Training end users not to divulge passwords may not eliminate social engineering attacks, but it may reduce its effectiveness so that hackers give up and move on to easier targets. A skilled social engineer is like a good con artist, he can manipulate people.
24. How do you secure dial-in access?
Some dial-up modem controls include changing the modem telephone numbers periodically, keeping the telephone numbers confidential, and requiring the use of computers that have an electronic identification chip for all dial-up ports. Another strategy is to use a call-back modem.
11. What are some major problems that can cause network designs to fail?
Some major problems that can cause network designs to fail can be categorized by the steps of the building block design approach. Technology design problems • buying the wrong equipment or services; often the right technology but the wrong products or features • vendor misrepresentation; the products and/or services did not work as promised Needs analysis problems • requirements were incomplete or inaccurate • a significant change in business requirements as the network was installed. Overall problems with the design process • lack of network design skills internally; did not use external consultants or systems integrators external network consultants or systems integrators who bungle the project
5. What are the most common security threats? What are the most critical? Why?
Some of the more common security threats include viruses, theft of equipment, theft of information, device failure, natural disaster, sabotage, and denial of services. The most critical will be the ones for a particular organization that have the highest impact score. This will vary based on the industry, geographic locations, etc.
18. How is the IETF related to the IRFT?
The ISOC comprises of four bodies that act together to govern, IETF and IRFT are two of the four.
19. What is the principal American organization working on the future of the Internet?
The Internet Society is an open-membership professional society with about 150 organizational members and 65,000 individual members in more than 100 countries, including corporations, government agencies, and foundations that have created the Internet and its technologies. Because membership is open, anyone, including students, is welcome to join and vote on key issues facing the Internet. Its mission is to ensure "the open development, evolution and use of the Internet for the benefit of all people throughout the world." It works in three general areas: public policy, education, and standards.
1. What is the basic structure of the Internet?
The Internet is hierarchical in structure. At the top are the very large national Internet service providers like AT&T, Sprint, etc. with regional and local internet service providers reporting up through this hierarchy.
2. Explain how the Internet is a network of networks.
The Internet was originally run by the U.S. National Science Foundation (NSF), but now the NAP's are commercial enterprises run by various common carriers. These NAP's are connected to other NAP's, who have several ISPs attached, who have regional ISPs attached to them, who have consumers attached to them. This spider web branches out into countless networks all over the world. There are agreements between the carriers to enable the exchange of messages, with varying payment mechanisms.
28. What is a NAT firewall and how does it work?
The NAT firewall (sometimes referred to as a proxy server) uses an address table to translate the private IP addresses used inside the organization into proxy IP addresses used on the Internet. When a computer inside the organization accesses a computer on the Internet, the NAT firewall changes the source IP address in the outgoing IP packet to its own address. When the external computer responds to the request, it addresses the message to the NAT firewall's IP address. The NAT firewall receives the incoming message, and after ensuring the packet should be permitted inside, changes the destination IP address to the private IP address of the internal computer and changes the TCP port id to the correct port id before transmitting it on the internal network. This way, systems outside the organization never see the actual internal IP addresses, and thus they think there is only one computer on the internal network.
11. Explain how a cable modem works.
The cable modem works very similar to DSL, with one very important difference, DSL is a point-to-point technology, whereas cable modems use shared multipoint circuits. Cable modems must compete with other users for the available capacity. Circuits that have many clients are thus slower than circuits with fewer circuits.
8. On what should the design plan be based?
The design plan should be based on the geographic scope of the network, the number of users and applications, the current and future network needs of the various network segments, and the costs of the network and maintaining the network.
10. What are the key parts of an RFP?
The following contains the key parts in an RFP: Background Information • Organizational profile • Overview of current network • Overview of new network • Goals of new network Network Requirements • Choice sets of possible network designs (hardware, software, circuits) • Mandatory, desirable, and wish list items • Security and control requirements • Response time requirements • Guidelines for proposing new network designs Service Requirements • Implementation time plan • Training courses and materials • Support services (e.g., spare parts on site) • Reliability and performance guarantees Bidding Process • Time schedule for the bidding process • Ground rules • Bid evaluation criteria • Availability of additional information Information required from vendor • Vendor corporate profile • Experience with similar networks • Hardware and software benchmarks • Reference list
15. What are some future technologies that might change how we access the Internet?
The next big technologies are Passive Optical Networking and Internet 2.
9. What are the four possible risk control strategies? How do we pick which one to use?
The risk control strategies are to accept the risk, mitigate it, share it, or defer it. Selection of a strategy depends on things such as the impact (positive or negative) of the risk, the likelihood of the event occurring, and the cost.
15. What are the seven network architecture components?
The seven network architecture components are LANs, building backbones, campus backbones, WANs, Internet access, e-commerce edge and data centers.
13. Which is better, cable modem or DSL? Explain.
The speeds for each of these has increased significantly over the past few years. In most cases, you need to check with the local service providers to see what speeds they offer.
19. What are the three major aspects of intrusion prevention (not counting the security policy)?
The three main aspects of preventing unauthorized access: securing the network perimeter, securing the interior of the network, and authenticating users.
43. What are the three major ways of authenticating users? What are the pros and cons of each approach?
The three major ways to authenticate users is to base account access on something you know, something you have, or something you are. The most common approach is something you know—usually, a password. Requiring passwords provides mid-level security, at best; it won't stop the professional intruder, but it will slow amateurs. More and more systems are requiring users to enter a password in conjunction with something they have, such as a smart card. Intruders must have access to both before they can break in. In high-security applications, a user may be required to present something they are—such as a finger, hand, or retina of their eye for scanning by the system. These biometric systems scan the user to ensure that the user is the sole individual authorized to access the network account.
14. Explain how FTTH works.
The traditional set of hundreds of copper telephone lines that run from the telephone company switch office is replaced by one fiber‐optic cable that is run past each house or office in the neighborhood. Data is transmitted down the signal fiber cable using wavelength division multiplexing (WDM), providing hundreds or thousands of separate channels. At each subscriber location, a Optical Network Unit (ONU) (also called an Optical Network Terminal (ONT)) acts like a DSL modem or cable modem and converts the signals in the optical network into an Ethernet format. The ONU acts as an Ethernet switch and can also include a router. FTTH is a dedicated point‐to‐point service like DSL, not a shared multipoint service like cable modem.
14. What is the turnpike effect, and why is it important in network design?
The turnpike effect results when the network is used to a greater extent than was anticipated because it is available, is very efficient, and provides new services. The growth factor for network use may vary from 5 to 50 percent and, in some cases, exceed 100 percent for high growth organizations. It is important in network design not only because usage is higher than anticipated, which slows response time, but also because the types of messages may be different than those for which the network was originally designed.
17. People who attempt intrusion can be classified into four different categories. Describe them.
There are four types of intruders who attempt to gain unauthorized access to computer networks. The first are casual computer users who have only a limited knowledge of computer security. They simply cruise along the Internet trying to access any computer they come across. Their unsophisticated techniques are the equivalent of trying doorknobs, and only those networks that leave their front doors unlocked are at risk. The second type of intruders are experts in security, but whose motivation is the thrill of the hunt. They break into computer networks because they enjoy the challenge. Sometimes they also enjoy showing off for friends or embarrassing the network owners. Fortunately, they usually cause little damage and make little attempt to profit from their exploits. The third type of intruder is the most dangerous. They are professional hackers who break into corporate or government computer for specific purposes, such as espionage or fraud. Less than 5 percent of intrusions by these professionals are detected, unless of course, they have been hired to destroy data or disrupt the network. The fourth type of intruder is also very dangerous. These are organization employees who have legitimate access to the network, but who gain access to information they are not authorized to use. This information could be used for their own personnel gain, sold to competitors, or fraudulently changed to give the employee extra income. Most security break-ins are caused by this type of intruder. With a denial-of-service attack, a hacker attempts to disrupt the network by sending messages to the network that prevent other's messages from being processed. The simplest approach is to flood a server with incoming messages. When an external computer sends a message to a computer connected with a proxy server, it addresses the message to the proxy server. The proxy server receives the incoming message, and determines if the packet should be permitted inside. A proxy server receiving the flood of messages will log the attack and discard the messages (does not permit the messages inside.
24. Many experts predicted that small, local ISPs would disappear as regional and national ISPs began offering local access. This hasn't happened. Why?
There are technology changes made every day, which requires all ISP providers constant change. There have been some consolidation recently, but with all the change underway, what would the larger companies really be purchasing.
20. How do you secure the network perimeter?
There are three basic access points into most organizational networks: from LANs, the Internet, and WLANs. One important element of preventing unauthorized users from accessing an internal LAN is through physical security. A firewall is commonly used to secure an organization's Internet connection. NAT is a common security measure that can be used as well.
22. Today, there is no clear winner in the competition for higher-speed Internet access. What technology or technologies do you think will dominate in 2 years' time? Why?
There is no answer for this, as technology changes day by day; however, I think Internet 2 development is definitely something to watch.
17. What are the principal organizations responsible for Internet governance, and what do they do?
There is no one organization that operates the Internet. The closest thing the Internet has to an owner is the Internet Society (ISOC). This is an open membership professional society with more than 175 organizational and 8,000 individual members in over 100 countries. The ISOC mission is to ensure "the open development, evolution and use of the Internet for the benefit of all people.
21. What is a gigapop?
These are new points-of-presence (POP) that work at gigabit speeds.
20. Why do you think some organizations were slow to adopt a building-block approach to network design?
They were slow because this approach requires network managers to speak the language of upper management (cost, network growth, reliability) rather than the language of technology (Ethernet, ATM, and DSL).
23. Would you be interested in subscribing to 100 Mbps FTTH for a monthly price of $100? Why or why not?
This answer depends on the options that you currently have and the amount of uploading and downloading you actually perform. Many locations offer DSL and/or cable access for $30 per month with data rates up to 15 Mbps. Obviously increasing the download rate to 100 Mbps would provide a much faster connection, but at more than double the price. For those users who use email and do some light browsing, then the increased speed may not provide enough benefit. For those who are heavy users (file sharing, watching movies online, playing games, etc), the increased cost would be well worth it.
6. Explain the purpose of threat scenarios. What are the steps in preparing threat scenarios?
Threat scenarios describe how an asset can be compromised by one specific threat. An asset can be compromised by more than one threat, so it is common to have more than one threat scenario for each asset. The purpose is to begin preparation for mitigation of that threat. In order to prepare for threat scenarios, the following steps must be followed: 1. name the asset 2. describe the threat 3. explain the consequence (violation of confidentiality, integrity or availability) 4. estimate the likelihood of this threat happening (high, medium, low)
6. What type of circuits are commonly used to build the Internet today? What type of circuits are commonly used to build Internet 2?
Today, the backbone circuits of the major U.S. national ISPs operate at SONET OC-192 (10 Gbps). Internet 2 will consist of circuits at least at OC-192 levels, with OC-768 (80 Gbps) and possibly even OC-3072 (160 Gbps) available.
2. How does the traditional approach to network design differ from the building block approach?
Traditional network designs used a very structured approach for the analysis and design. This by default built in limitations to the growth and need to change network designs as the needs of the organization and technology itself changed.
30. Explain how a Trojan horse works.
Trojans are remote access management consoles that enable users to access a computer and manage it from afar. Trojans are often concealed in other software that unsuspecting users download over the Internet. Music and video files shared on the Internet are common carriers of Trojans. When the user downloads and plays the music file, it plays normally and the attached Trojan software silently installs a small program that enables the attacker to take complete control of the user's computer, so the user is unaware that anything bad has happened.
44. What are the different types of one-time passwords and how do they work?
Using a one-time password users connect to the network as usual, and after the user's password is accepted, the system generates a one-time password. The user must enter this password to gain access, otherwise the connection is terminated. Other systems provide users with a unique number that must be entered into a separate handheld device (called a token system), which in turn displays the password for the user to enter. Other systems used time based tokens in which the one-time password is changed every 60 seconds. The user has a small device (often attached to a key chain) that is synchronized with the server and displays the one-time password. With any of these systems, an attacker must know the user's account name, password, and have access to the user's password device before he or she can login.
9. What is an RFP, and why do companies use them?
While some network components can be purchased "off-the-shelf," most organizations develop a request for proposal (RFP) before making large network purchases. RFPs specify what equipment, software, and services are desired and ask vendors to provide their best prices. Some RFPs are very specific about what items are to be provided in what time frame. In other cases, items are defined as mandatory, important, or desirable, or several scenarios are provided and the vendor is asked to propose the best solution. In a few cases, RFPs specify generally what is required and the vendors are asked to propose their own network designs. Once the vendors have submitted their proposals, the organization evaluates them against specified criteria and selects the winner(s). Depending upon the scope and complexity of the network, it is sometimes necessary to redesign the network based on the information in the vendor's proposals. The RFP process helps the company to refine and determine what to purchase. It establishes a formal process that becomes well-documented and as a result leaves the company with not only a rationale for what has been purchased but documented proof of how the company arrived at its conclusions as to what vendors would be awarded contract(s) from the company.
14. How does a denial-of-service attack differ from a distributed denial-of-service attack?
While the source of a denial-of-service (DoS) attack could be a single computer, a distributed denial-of-service (DDoS) attack could involve hundreds of computers on the Internet simultaneously sending messages to a target site. A DDoS hacker plants DDoS agent software on these computers and then controls the agents with DDoS handler software, which can send instructions to the agent software on the computers controlled by the hacker for purposes of launching a coordinated attack.
42. Compare and contrast IPSec tunnel mode and IPSec transfer mode.
• IPSec transport mode provides only encryption of the message payload, while tunnel mode additionally encrypts the final destination by encrypting the entire IP packet which is then included in a new added packet that is address to an IPSec agent rather than to the true final destination. • In transport mode leaves the IP packet header unchanged so it can be easily routed through the Internet. It adds an additional packet (either an Authentication Header (AH) or an Encapsulating Security Payload (ESP)) at the start of the IP packet that provides encryption information for the receiver. • In tunnel mode, the newly added IP packet conceals the final destination (which is encrypted since it just identifies the IPSec encryption agent as the destination, not the final destination. As with the transport mode, encryption information is added in the form of an AH or ESP. When the IPSec packet arrives at the encryption agent, the encrypted packet is decrypted and sent on its way. In tunnel mode, attackers can only learn the endpoints of the tunnel, not the ultimate source and destination of the packets
