Network Security (4.0)

Advanced Encryption Algorithm (AES)

Symmetric Encryption Algorithm

know for its efficiency and strong security

used with WPA3

VLAN hopping measures

Disable DTP on all switch ports to best prevent VLAN hopping attacks

DTP allows unauthorized devices to send frames with 802.1Q tags

Shutdown violation mode on a port

A port security feature that disables a port if an unauthorized device attempts to connect

prevents any further connection until issue is solved manually by network admin

Remote Authentication Dial-in User Service (RADIUS)

follows AAA

used for authentication, authorization, and accounting

DOES NOT ENCRYPT DATA in transit

Buffer Overflow

An attack in which the attacker exploits vulnerabilities in software or systems by overrunning memory buffers with data

allows an attacker to execute code remotely on a system to escalate privileges and take full control of a system

Port shutdown

happens when a port receives traffic from devices with multiple MAC addresses

Triggers port security to disable the ports

Can occur when port security is configured to limit number of MAC addresses allowed per port

Asymmetric Encryption

one key (public key) is intended to be distributed to the clients

Other key (private key) is kept secure

Ensure the public key is distributed securely to prevent interception

Symmetric Encryption

Same key for both encryption and decryption

if one key is used to decrypt, the other key is used to encrypt (both keys cannot both encrypt and decrypt)

Access Control List (ACL)

Functions as a filtering mechanism in network security

Allows or denys packets based on predefined criteria such as IP address, protocol, or port numbers

helps control flow of traffic within a network and enhances security by restricting unauthorized access

Bitlocker

a tool used to encrypt entire drives (USB)

ensures that data remains secure even if drive is lost or stolen

802.1X

Defines the standard for port based network access control (PNAC)

ensures only authenticated devices can connect to the network

Public Key infrastructure (PKI)

provides a framework for managing, distributing, and validating digital certificates issues by trusted Certificate authorities (CAs)

ensures authenticity and integrity of certificates

“error-disabled” port state on a switch

Port security Violation due to an unauthorized device

TACACS+

used for centralized AAA

similar to RADIUS DOES NOT ENCRYPT DATA in transit

Access Control Entries in ACLs

entries are processed sequentially from top to bottom

a more restrictive rule placed above a less restrictive rules can block traffic that should be allowed

ensure the order is correct to allow legitimate traffic before the restrictive rules are applied

Symmetric Vs Asymmetric encryption

Symmetric encryption uses a single key for both encryption and decryption

Asymmetric encryption uses two separate keys

TACACS+ Vs RADIUS

TACACS+ is an authentication protocol that provides encryption for the entire authentication process, including users credentials

RADIUS also handles authentication but only encrypts the password during the authentication process

/etc/shadow in Linux

a files used to store hashed passwords securely

/etc/passwd in Linux

a file that is readable by all users and contains user account information

Remote Access Server (RAS) Documentation

Should include its uses, security risks, and how to mitigate them, and who is authorized to use the service

Identity Provider (IdP)

responsible for authenticating the users identity and issuing claims (tokens or documents) that assert the users identity and permissions to services provider

Authenticates the user and issues claims

Security Assertion Markup Language (SAML)

designed for exchanging authentication and authorization data between trusted parties

enables SSO and secure access to multiple systems

Advanced Persistent Threat (APT)

threat actor who can obtain, maintain, and diversify access to network systems using exploits and malware.

Network Access Control (NAC) VS ACL

NAC - approach to computer security (anti virus, host intrusion prevention, vulnerability assessment)

ACL- network traffic filter that can control incoming or outgoing traffic

VLAN hopping

the attacker is able to send traffic from one VLAN to another by either double tagging that traffic or conducting switch spoofing

if an attacker configures their machine to report itself as a switch when connected to a wired network

Dynamic ARP inspection (DAI)

Ensures that only legitimate ARP responses are accepted by verifying each ARP packet against a trusted database of IP-to-MAC address mapping

prevents ARP spoofing and other related attacks

Screened subnet

designed to improve security by serparating internal network from the external internet

reduces risk of external attacks from reaching internal network directly

focused on security rather than increasing network bandwidth or traffic distribution

often implemented using a DMZ

not used for storage or application testing

ARP spoofing

attacker sends falsified ARP messages over a LAN

attackers MAC is linked with IP of legitimate user

traffic goes from network to attackers MAC instead then forwards data to original addresses

DHCP snooping

allows the network to distinguish between legitimate and unauthorized DHCP servers by allowing only trusted ports to provide DHCP services

DMZ

serves as a buffer zone between an organizations internal network and external threats

hosts public facing services (web servers and email servers) while providing a layer of protection for the internal network