Network Security Study Guide

Information theft is breaking

into a computer to obtain confidential information.

Information can be used or sold for various purposes such as

when someone is stealing proprietary information of an organization, like research and development data.

Data loss and manipulation is breaking

into a computer to destroy or alter data records.

An example of data loss is a

threat actor sending a virus that reformats a computer hard drive. An example of data manipulation is breaking; into a records system to change information, such as the price of an item.

Identity theft is a form of

information theft where personal information is stolen for the purpose of taking over the identity of someone.

Using this information, a threat actor can obtain

legal documents, apply for credit, and make unauthorized online purchases.

Identifying theft is a

growing problem costing billions of dollars per year.

Disruption of service is preventing

legitimate users from accessing services to which they are entitled. Examples include denial of service (DoS) attacks on servers, network devices, or network communications links.

Vulnerability is the degree of

weakness in a network or a device.

Some degree of vulnerability is inherent in

routers, switches, desktops, servers, and even security devices.

Typically, the network devices under attack are the

endpoints, such as servers and desktop computers.

What are the three primary vulnerabilities or weaknesses in networking?

Technological, configuration, and security policy

TCP/IP Protocol Weakness

Hypertext Transfer Protocol (HTTP), File Transfer Protocol (FTP), and Internet Control Message Protocol (ICMP) are inherently insecure. Simple Network Management Protocol (SNMP) and Simple Mail Transfer Protocol (SMTP) are related to the inherently insecure structure upon which TCP was designed.

Operating System Weakness

Each operating system has security problems what must be addressed.

Network Equipment Weakness

Various types of network equipment, such as routers, firewalls, and switches have security weaknesses that must be recognized and protected against. Their weaknesses include password protection, lack of authentication, routing protocols, and firewall holes.

Hardware threats

This includes physical damage to servers, routers, switches, cabling plant, and workstations.

Environmental threats

This includes temperature extremes (too hot or too cold) or humidity extremes (too wet or too dry).

Electrical threats

This includes voltage spikes, insufficient supply voltage (brownouts), unconditioned power (noise), and total power loss.

Maintenance threats

This includes poor handling of key electrical components (electrostatic discharge), lack of critical spare parts, poor cabling, and poor labeling.

A computer virus is a

type of malware that propagates by inserting a copy of itself into, and becoming part of, another program

Computer worms are similar to viruses in that

they replicate functional copies of themselves and can cause the same type of damage.

In contrast to viruses, which require the spreading of an infected host file, worms are

standalone software and do not require a host program or human help to propagate.

A Trojan horse is another type of malware named after the wooden horse the Greeks used to infiltrate Troy. It is a

harmful piece of software that looks legitimate.

Trojan horses are also known

to create back doors to give malicious users access to the system.

Trojan horses must spread through

user interaction such as opening an email attachment or downloading and running a file from the internet.

Reconnaissance attacks

The discovery and mapping of systems, services, or vulnerabilities.

Access attacks

The unauthorized manipulation of data, system access, or user privileges.

Denial of service

The disabling or corruption of networks, systems, or services.

An access attack allows

individuals to gain unauthorized access to information that they have no right to view

What are the four classified types in Access attacks?

password attacks, trust exploitation, port redirection, and min in the middle.

Threat actors can implement password attacks by using what methods?

Brute-force, trojan horse, packet sniffers.

In a trust exploitation attack

a threat actor uses unauthorized privileges to gain access to a system, possibly compromising the target

In a port redirection attack

a threat actor uses a compromised system as a base for attacks against other targets

In a man-in-the-middle attack

the threat actor is positioned in between two legitimate entities in order to read or modify the data that passes between the two parties

Denial of service (DoS) attacks are

the most publicized form of attack and among the most difficult to eliminate.

DoS attacks are a major risk because

they interrupt communication and cause significant loss of time and money

A DDoS is similar to a DoS attack, but it

originates from multiple, coordinated sources. The treat actor builds a network of infected hosts called Zombines and instructs them to carry out DDos Attacks.

What is a group of infected hosts (zombies) called?

botnet.

VPN

A router is used to provide secure VPN services with corporate sites and remote access support for remote users using secure encrypted tunnels.

ASA Firewall

This dedicated device provides stateful firewall services. It ensures that internal traffic can go out and come back, but external traffic cannot initiate connections to inside hosts.

IPS

An intrusion prevention system (IPS) monitors incoming and outgoing traffic looking for malware, network attack signatures, and more. If it recognizes a threat, it can immediately stop it.

ESA/WSA

The email security appliance (ESA) filters spam and suspicious emails. The web security appliance (WSA) filters known and suspicious internet malware sites.

AAA Server

This server contains a secure database of who is authorized to access and manage network devices. Network devices authenticate administrative users using this database.

True or False: Backing up device configurations and data is one of the most effective ways of protecting against data loss.

True

True or False: Data backups are usually stored offsite to protect the backup media if anything happens to the main facility.

True

Frequency

Perform backups on a regular basis as identified in the security policy. Full backups can be time-consuming, therefore perform monthly or weekly backups with frequent partial backups of changed files

Validation

Always validate backups to ensure the integrity of the data and validate the file restoration procedures.

Storage

Backups should be transported to an approved off site storage location on a daily, weekly, or monthly rotation, as required by the security policy.

Security

Backups should be protected using strong passwords. The password is required to restore the data.

True or False: The most effective way to mitigate a worm attack is to download security updates from the operating system vendor and patch all vulnerable systems

True

True or False: All network devices should be securely configured to provide only authorized individuals with access.

True

What does the AAA or "triple A" stand for?

Authentication, authorization, and accounting.

AAA is a way to control who is

permitted to access a network (authenticate), what actions they perform while accessing the network (authorize), and making a record of what was done while they are there (accounting).

A firewall protects

computers and networks by preventing undesirable traffic from entering internal networks.

Packet filtering

Prevents or allows access based on IP or MAC addresses

Application filtering

Prevents or allows access by specific application types based on port numbers

URL filtering

Prevents or allows access to websites based on specific URLs or keywords

Stateful packet inspection (SPI)

Incoming packets must be legitimate responses to requests from internal hosts. Unsolicited packets are blocked unless permitted specifically. SPI can also include the capability to recognize and filter out specific types of attacks, such as denial of service (DoS)

Servers accessible to outside users are usually located on a special network referred to as

the demilitarized zone (DMZ).

One method to create a strong password is to use the space bar and create a phrase made of many words. This is called a

passphrase.

A passphrase is

often easier to remember than a simple password. It is also longer and harder to guess.