Chapter 1: Modern Network Security Threats

Questions and Answers

Which of the following best describes the term 'threat' in the context of network security?

A weakness in a network that can be exploited.

A measure taken to reduce the impact of an attack.

A potential danger that could exploit a vulnerability. (correct)

The likelihood of a successful cyberattack.

Which of the following is NOT identified as a common vector for data loss?

Removable storage such as USB drives.

Encrypted hardware devices. (correct)

Email and webmail services.

Cloud-based file storage.

What is the primary purpose of 'mitigation' in network security?

To increase network exposure to attacks.

To identify potential weaknesses in a system.

To exploit network vulnerabilities for penetration testing.

To reduce or eliminate the impact of a successful attack. (correct)

Which of these best describes a network 'vulnerability'?

A weakness or gap in network security. (C)

Which of the following is NOT a mentioned vector for data loss that should be secured?

Operating System patches (D)

Which network type is NOT explicitly mentioned in the provided content?

Storage Area Network (B)

What is a primary security measure for the inside perimeter of a Data Center Network, according to the information?

Electronic motion detectors (B)

Which of the following is a modern hacking title as described?

Script Kiddie (C)

What kind of security measure is a ‘security trap’?

A physical security measure within a data center's inside perimeter. (D)

According to the content, what is the focus of Section 1.2?

Understanding network threats. (B)

Which of these tools is primarily used for identifying weaknesses in a system?

Vulnerability Scanner (C)

Which type of network attack involves an attacker intercepting and potentially altering communications between two parties?

Man-in-the-middle (B)

What is the primary function of a 'fuzzer' in the context of security tools?

To discover software vulnerabilities by providing invalid data (D)

Which of the following is NOT considered a classification of a Trojan horse?

Firewall (D)

What does 'packet crafting' refer to in the context of security tools?

The creation of custom or malformed network packets for testing or exploitation (D)

Which attack category involves an attacker attempting to exhaust system resources to prevent legitimate users from accessing a service?

Denial-of-service (C)

Within a network attack, what is the meaning of 'eavesdropping'?

Silently listening to network communications undetected (B)

What is the primary function of a rootkit detector?

To detect the presence of malware that hides its existence (B)

Which attack involves an attacker using a false IP address to conceal their identity or impersonate another system?

IP address spoofing (D)

Which tool is specifically designed to capture and analyze data packets traversing a network?

Packet sniffer (A)

Campus Area Networks are primarily designed for small office and home office use.

False (B)

Continuous video surveillance is used for inside perimeter security, but not outside perimeter security.

False (B)

Vulnerability Brokers are a type of modern hacker who exploit weaknesses for personal gain.

True (A)

Electronic motion detectors are primarily used for outside perimeter security.

False (B)

The primary focus of Section 1.2 is to explain the evolution of networking technologies.

False (B)

The security of networks is only important for large organizations, not small ones.

False (B)

A 'mitigation' is a potential weakness in a system or network.

False (B)

Sending data via unencrypted devices is not a vector of data loss.

False (B)

The term 'risk' in network security represents the likelihood of a threat exploiting a vulnerability.

True (A)

Data loss via hard copy documents is not considered a security risk.

False (B)

A sniffer is categorized as a network hacking attack tool that captures network traffic.

True (A)

Data modification involves altering data in transit, which is a type of eavesdropping.

False (B)

Password cracking is a penetration testing tool focused on obtaining user credentials.

True (A)

Debuggers are primarily used as network scanning tools to identify open ports.

False (B)

A denial-of-service attack always involves modifying data in transit.

False (B)

A 'proxy' is a classification of Trojan Horses that provides remote access to systems.

False (B)

Rootkit detectors are penetration tools aimed to uncover hidden malware.

True (A)

Vulnerability scanners are used to create encrypted network packets.

False (B)

A compromised-key attack involves using a compromised key to bypass encryption.

True (A)

FTP is a classification of Trojans that can be used to create file transfers that are hidden from user access.

True (A)

Flashcards

Network Threat

Any action or event that can potentially harm a network or its resources.

Network Vulnerability

A weakness or flaw in a network system or its configuration that can be exploited by attackers.

Threat Mitigation

Actions taken to reduce the likelihood or impact of security threats.

Network Risk

The potential for loss or harm due to a threat exploiting a vulnerability.

Vectors of Network Attacks

The different paths or methods attackers can use to gain access to or disrupt a network.

Script Kiddies

Individuals who lack advanced technical skills but use readily available hacking tools for malicious purposes.

Vulnerability Brokers

They identify and sell or disclose vulnerabilities to organizations so they can fix them.

Hacktivists

They use hacking techniques to promote a political cause or social message.

Cyber Criminals

They carry out cyberattacks for financial gain, often targeting individuals or businesses.

State-Sponsored Hackers

Hackers who are backed by governments to conduct cyber espionage or attack other countries.

What are hacker tools?

Tools designed to help attackers compromise computer systems. These tools vary based on the attack type and the desired outcome.

What is penetration testing?

The process of using specialized tools and techniques to simulate real-world attacks on a system or network to identify weaknesses and vulnerabilities.

What does a security software disabler Trojan Horse do?

This type of tool aims to bypass or disable security software, enabling attackers to operate undetected.

What is a remote-access Trojan Horse?

This type of malware grants unauthorized remote access to a compromised system, allowing attackers to control it remotely.

What is a denial-of-service attack?

This type of attack aims to flood a target system with traffic, making it unavailable to legitimate users.

What are vulnerability scanners?

Tools specifically designed to find vulnerabilities in software and applications.

What are viruses?

This is a broad category of malware that replicates itself and spreads to other systems, often causing damage or disruption.

What are network hacking attacks?

These attack tools involve intercepting and modifying network traffic, allowing attackers to steal data, manipulate information, or disrupt communication.

What is a packet sniffer?

Designed to capture and analyze network traffic, allowing attackers to see the data being transmitted between systems.

What is IP address spoofing?

They manipulate data packets to disguise their source, enabling attackers to trick systems into accepting malicious data.

What is a network threat?

Any action or event that can potentially harm a network or its resources.

What is a network vulnerability?

A weakness or flaw in a network system or its configuration that can be exploited by attackers.

What are mitigation techniques?

Actions taken to reduce the likelihood or impact of security threats.

What is network risk?

The potential for loss or harm due to a threat exploiting a vulnerability.

What are vectors of network attacks?

The different paths or methods attackers can use to gain access to or disrupt a network.

What are hackers?

Hackers who break into computer systems without authorization, often for personal gain or to cause harm.

Who are hacktivists?

These hackers are motivated by political or social causes, often targeting organizations or governments to make a statement.

What are state-sponsored hackers?

They are skilled attackers who are sponsored and funded by governments to carry out cyber espionage or disrupt other nations' systems.

Who are cyber criminals?

These hackers are motivated by financial gain and often target individuals or businesses to steal data or money.

Who are script kiddies?

People who lack advanced hacking skills but use readily available tools to exploit vulnerable systems.

Hacker Tool

A specialized program used by attackers to identify and exploit vulnerabilities in computer systems or networks.

Penetration Testing

The process of systematically testing a system or network for vulnerabilities that could be exploited by attackers, simulating real-world attacks.

Password Cracker

A type of hacker tool used to crack passwords by trying various combinations of characters until the correct one is found.

Virus

A type of malicious software that can replicate itself and spread to other systems, often causing damage or disruption.

Trojan Horse

Categorized as malicious software that disguises itself as a legitimate program to gain access to a system. Once inside, it can steal data, control the system remotely, or cause damage.

Security Software Disabler

A type of Trojan horse that disables security software on a system, allowing attackers to operate undetected.

Remote-access Trojan Horse

A type of Trojan horse that gives attackers unauthorized remote control over a compromised system.

Data-sending Trojan Horse

A type of Trojan horse that allows attackers to steal sensitive data from the compromised system and send it to a remote location.

Network Hacking Tools

A category of hacker tools designed to intercept and manipulate network traffic. This includes tools for eavesdropping, data modification, spoofing, DoS attacks, and more.

Packet Sniffer

A type of network hacking tool specifically used to capture and analyze network traffic. This can be used to steal data or observe user activity.

Study Notes

Chapter 1: Modern Network Security Threats

• Course: CCNA Security v2.0
• Instructor: Dr. Nadhir Ben Halima

Chapter Outline

• Introduction
• Securing Networks
• Network Threats
• Mitigating Threats
• Summary

Section 1.1: Securing Networks

• Learning Objectives:
  • Describe the current network security landscape.
  • Explain why all types of networks need protection.

Topic 1.1.1: Current State of Affairs

• Networks are targets
• Attacks originate from various locations globally
• Examples of attack origins, countries and types (based on image): China, United States, Brazil, etc.

Topic 1.1.2: Network Topology Overview

• Campus Area Networks (CAN):
  • AAA Server
  • ASA Firewall
  • Layer 3 Switches
  • Layer 2 Switches
  • IPS
  • ESA/WSA
  • DHCP Server
  • Web Server
  • Email Server
  • Hosts
• Small Office/Home Office Networks (SOHO):
  • Wireless router
  • Layer 2 Switch
  • Wireless Hosts
  • Computers
• Wide Area Networks (WAN):
  • Branch site
  • Regional site
  • SOHO site
  • Mobile Worker
  • Main site
  • Corporate
  • Cisco ASA Firewall
  • Point of Presence (POP)
  • Virtual Private Network (VPN)
• Data Center Networks:
  • Outside perimeter security: On-premise security officers, Fences and gates, Continuous video surveillance, Security breach alarms
  • Inside perimeter security: Electronic motion detectors, Security traps, Continuous video surveillance, Biometric access and exit sensors

Section 1.2: Network Threats

• Learning Objectives:
  • Describe the evolution of network security
  • Describe the different types of attack tools used by hackers
  • Describe malware
  • Explain common network attacks

Topic 1.2.1: Who is Hacking Our Networks?

• Modern Hacking Titles:
  • Script Kiddies
  • Vulnerability Brokers
  • Hacktivists
  • Cyber Criminals
  • State-Sponsored Hackers
  • White Hat Hackers
  • Grey Hat Hackers
  • Black Hat Hackers

Topic 1.2.2: Hacker Tools

• Sophistication of Attacker Tools vs. Technical Knowledge Needed (historical trends)
• Attack tools have evolved, making them more sophisticated and less reliant on technical expertise

Topic 1.2.3: Malware

• Viruses (malicious software executing a specific often harmful function on a computer)
• Worms (execute arbitrary code and install copies of itself automatically; self-replicate and spread across networks)
• Trojan Horses (malicious code disguised as legitimate software)
• Different types of malware: Spyware, Adware, Ransomware, Scareware, Phishing, Rootkits

Topic 1.2.4: Common Network Attacks

• Reconnaissance attacks: Initial query, Ping sweep, Port scan, Vulnerability scan, Exploitation tools
• Access Attacks: Password, Port redirection, Man-in-the-middle, Buffer overflow, IP, MAC, DHCP spoofing
• Social Engineering Attacks: Pretexting, Phishing, Spearphishing, Spam, Tailgating, Something for Something
• Denial of Service (DoS) Attacks: Flooding the server with requests
• Distributed Denial of Service (DDoS) Attacks: A network of infected machines (botnet) carries out the attack
• Data loss vectors: Email/Webmail, Unencrypted devices, Cloud storage devices, Removable media, Hard copy, Improper access control

Description

This quiz focuses on Chapter 1 of the CCNA Security v2.0 course, which outlines modern network security threats and the importance of securing various network types. You'll learn about the current security landscape, network topologies, and strategies for mitigating threats. Prepare to test your knowledge on these essential topics in network security.