Chapter 5 Communications and Network Security
NOC and a SOC is the:
- increased emphasis on security, senior managers and stakeholders may feel that not having a security operations center is not taking the risks seriously enough. This may indeed be true in some organizations and in some marketplaces, but the organization should always let its business case for security drive the decision. -focus of a NOC is different than that of a SOC. NOC focuses on design, deployment, operation, and maintenance of the network and changes to it, and the SOC focus is on keeping it secure, detecting events and characterizing them, and containing and responding to them if necessary.
Traffic shaping, traffic management, or load balancing systems help identify or solve information security problems such as:
-Log data they generate and keep during operation may provide some useful insight after an incident, but nothing in real time would be helpful. -Such tools usually can generate alarms on out-of-limits conditions, which may be indicative of a system or component failure or an attack or intrusion in progress. -Given sufficient historical data, such systems may help network administrators see that greater-than-normal systems usage is occurring, which may be worthy of closer attention or investigation. *These all describe ways that having better insight into how your systems and networks are being used, right now, can help you determine if they might be suffering some kind of problems. And if they are, that data can help you resolve whether this is a security event or not.
To reduce the security risks of allowing W-Fi, Bluetooth, and NFC devices to be used to access your company's networks and information systems your recommend that:
-MDM systems can help track, force compliance, block, or lock down a device reported lost or stolen. -Effective access control and identity management, including device-level control can reduce exposure to many threats related to mobile device access.
Then following information about Ports and the Internet are INCORRECT:
-using port numbers as part of addressing and routing was necessary during the early days of the Internet, largely because of the small size of the address field, but IPv6 makes most port usage obsolete. -many modern devices, such as those using Android, cannot support ports, and so apps have to be redesigned to use alternate service connection strategies. *Ports are a fundamental part of the way apps request services from processes running on other nodes on the Internet. Standardized port numbers make applications designs easier to manage; thus, port 80 and HTTP are associated with each other.
Your team chief is worried about all of those Bluetooth devices being used at the office; she's heard they are not very secure and could be putting the company's information and systems at great risk. You respond with the biggest threat is that:
Bluetooth on most of your staff's smartphones is probably not secure; talk with your MDM service provider and see if they can help reduce that exposure.
Basic network topology best describes the Internet is
Mesh. There are billions of nodes on the Internet all acting as on very large mesh.
Is IPv6 backward compatible with IPv4?
No, because the differences in addressing, packet header structure, and other features would not allow an IPv4 packet to successfully travel on an IPv6 network
Transmission media presents the greatest security challenges for a network administrator through
Radio frequency wireless. Wi-Fi is, quite literally, everywhere; it is expected to be available; people and businesses demand it; and many Wi-Fi devices, such as SOHO routers. Are trivially easy to set up and leave unsecured. Wi-Fi is subject to many kinds of eavesdropping, snooping, and spoofing attacks unless properly secured.
You've been asked to investigate a possible intrusion on your company's networks.The protocols or design concepts you find most valuable, and why are to implement a
TCP/IP, the OSI 7-layer reference model, and the data, control, and management diagrams and information about your company's networks to fully understand and contain this incident.
The best form of Wi-Fi security to use today is;
WPA2. This brings AES encryption to Wi-Fi.
Cache poisoning means that
almost every device on the network, from a smartphone or laptop on up, has address and DNS cache on it; these can be poisoned in a variety of ways, exposing the user and the network to various attacks.
Subnetting is
both IPv4 and IPv6 provide for subnetting, but the much larger IPv6 address field makes this a lot simpler to design and manage.
You're trying to diagnose why a system is not connecting to the Internet. You've been able to find out that your system's IP address is 169.254.0.0. Your next best step is to:
check the DHCP server on your LAN to see if it's functioning correctly. This IP address is the link local address, which is assigned to your system by the operating system and its network protocol stack when a DHCP server does not respond. Check the configuration settings for any switches, routers, and modems between your system and your ISP so that you know where the DHCP service resides; then find that device.
The relationship between nodes provides the greatest degree of control over service delivery is the
client-server. This correctly identifies that most services need one node to control the service delivery process, and the other node, requesting the service, follows the first node's control of the conversation
The TCP/IP and OSI 7-Layer reference model as sets of protocols are:
hardware and systems are built using both models and both models are vital to threat assessment and network security. This reflects the use of both of these as conceptual models and protocol stacks—by builders, attackers, and defenders alike.
Man-in-the-middle (MITM) attacks can
occur at any layer and against connectionless or connection-oriented protocols. From the Physical layer on up, the injection of unauthorized traffic into a network can cause almost any protocol to fall for a "mistaken identity" that leads to an Man-in-the-Middle (MITM) attack.
Datagrams that are passed through the protocol stack from the Data Link layer to the Transport layer becomes
shorter as the headers and footers are removed as the datagrams move from layer to the next. This is "unwrapping" as datagrams have their headers and footers removed on their way up the stack.
The risk of leaving the default settings on the access control lists in routers or firewalls is that:
the defaults tend to allow any device, any protocol, any port, any time, you risk leaving yourself wide open to any attacker or reconnaissance probes. Thus, the risk is very great.
Your IT team has a limited budget for intrusion detection and prevention systems and wants to start with a central server and a small number of remote IDS/IPS devices. You feel that the remote devices should be placed on
the links between your ISP's point of presence and your internal systems. In almost all circumstances, the boundary between an organization's information infrastructure and the outside world of the Internet is the highest-risk threat surface. Any channel crossing this boundary should be rigorously assessed for vulnerabilities, and all access via it should be well controlled and well monitored
The layer of the OSI protocol stack in the IPSec function is layer
three. It is an internetworking layer security process and protocol set added to IPv4. IPSec works with packets not frames.
