Network Security Concepts
Which of the following might you find in a network that is based on a defense-in-depth security implementation? A. Firewall B. IPS C. ACLs D. Current patches on servers
A, B, C, D.
During a Man-in-the-Middle attack, the attacker spoofs Layer 2 MAC addresses to make the devices on a LAN believe that the Layer 2 address of the attacker is the Layer 2 address of their default gateway. What is this called?
ARP poisoning
This countermeasure classification consists of written policies procedures, guidelines, and standards. Ex. Acceptable Use Policy, Change Control process, Background checks
Administrative
What are 3 types of countermeasures?
Administrative Physical Logical
What security term refers to a person, property, or data of value to a company? A. Risk B. Asset C. Threat prevention D. Mitigation Technique
Asset
Basic principle of security design. keeping records about what is occurring on the network.
Auditing
What is the best way to protect against Brute-force attacks?
Authentication attempts
Security concept. Keeping data available to authorized users. DoS, system failures affect this concept.
Availability
In relation to production networks, which of the following are viable options when dealing with risks? A. Ignore it B. Transfer it C. Mitigate it D. Remove it
B, C, D.
Attack method When attackers gain access to a system, they usually want future access, as well, and they want it to be easy. An application can be installed to either allow future access or to collect information to use in further attacks.
Back doors
Attack method. Collection of infected computers that are ready to take instructions from the attacker. For example, if the attacker has the malicious backdoor software installed on 10,000 computers, from his central location, he could instruct those computers to all send TCP SYN requests or ICMP echo requests repeatedly to the same destination.
Botnet
Attack method Performed when an attacker's system attempts thousands of possible passwords looking for the right match.
Brute-force
What acronym is used to define the three basic concepts of network security?
CIA Confidentiality Integrity Availability
Security concept. Only the authorized individuals/systems can view sensitive or classified information. Unauthorized individuals should not have any type of access to the data.
Confidentiality
A safeguard that somehow mitigates a potential risk.
Countermeasure
Device or process (a safeguard) that is implemented to counteract a potential threat, which thus reduces risk.
Countermeasure
Which two approaches to security provide the most secure results on day 1? A. Role Based B. Defense in depth C. Authentication D. Least privilege
Defense in Depth Least Privilege
Basic principle of security design. Suggests that you have security implemented on nearly every point of your network. If a single security technology fails, additional levels, or mechanisms, of security are still in place to protect the data, applications, and devices on the network.
Defense in depth.
What can be implemented on a switch to mitigate the risk of layer 2 spoofing/ARP poisoning?
Dynamic ARP Inspection (DAI)
Which of the following represents a physical control? A. Change control policy B. Background checks C. Electronic locks D. Access lists
Electronic locks
What is the best way to address data confidentiality?
Encryption
What is the primary motivation for most attacks against networks today? A. Political B. Financial C. Theological D. Curiosity
Financial
Security concept. Changes made to data are done only by authorized individuals/systems. Corruption of data is a failure.
Integrity
This countermeasure classification consists of the technical controls. Ex. passwords, firewalls, IPS, ACLs, VPN
Logical
Attack method. Attackers place themselves in line between two devices that are communicating, with the intent to perform reconnaissance or to manipulate the data as it moves between them. The main purpose is eavesdropping, so the attacker can see all the traffic.
Man-in-the-Middle
An option of dealing with risk. Reduce risk by implementing countermeasure. Ex. Applying correct patches and using firewalls, IPS, and other safeguards to protect a web server.
Mitigate
This countermeasure classification consists of physical security for the network servers, equipment, and infrastructure. Ex. Locked doors, UPS
Physical
Attack method. the process of taking some level of access (whether authorized or not) and achieving an even greater level of access.
Privilege escalation
Attack method. This is the discovery process used to find information about the network. It could include scans of the network to find out which IP addresses respond, and further scans to see which ports on the devices at these IP addresses are open.
Reconnaisance
An option of dealing with a risk. Ex. Taking a web server off the internet so attackers can't see it.
Remove
The potential for unauthorized access to, compromise, destruction, or damage to an asset
Risk
What can be implemented on a switch to mitigate the risk of an attacker manipulating STP to make it become the root switch and see all traffic flowing through it?
Root guard
What can be implemented on a router to prevent a Man-in-the-Middle attack of placing a layer 3 device on the network with a better path?
Routing authentication protocols, route filtering
Basic principle of security design. States that minimal access is only provided to the required network resources, and not any more than that.
Rule of least privilege
What are the 4 basic principles and guidelines in place in the early stages of designing and implementing a network?
Rule of least privilege Defense in depth Separation of duties Auditing
Basic principle of security design. When you place specific individuals into specific roles, there can be checks and balances in place regarding the implementation of the security policy.
Separation of duties
Attack method. Leverages our weakest vulnerability in a secure system: the user. If the attacker can get the user to reveal information, it is much easier for the attacker than using some other method of reconnaissance.
Social engineering
Which type of an attack involves lying about the source address of a frame or packet? A. Man-in-the-Middle attack B. Denial-of-Service attack C. Reconnaissance attack D. Spoofing attack
Spoofing attack
Anything that attempts to gain unauthorized access to, compromise, destroy, or damage an asset. They are often realized via an attack or exploit that takes advantage of an existing vulnerability.
Threat
An option of dealing with risk. Ex. Instead of hosting your own server, outsource the functionality to a service provider who then takes responsibilities of dealing with the risks.
Transfer
An exploitable weakness in a system or its design. They can be found in protocols, operating systems, applications, and system designs.
Vulnerability
Which asset characteristic refers to risk that results from a threat and lack of a countermeasure? A. High availability B. Liability C. Threat prevention D. Vulnerability
Vulnerability