Cybersecurity Fundamentals Part 3

Questions and Answers

Which activity is primarily focused on understanding vulnerabilities and their potential impacts in network security?

Risk Assessment [ID.RA] (correct)

Access Control [PR.AC]

Asset Management [ID.AM]

Network Security Governance [ID.GV]

What is the main purpose of implementing encryption in a network?

To enable end-to-end communication between devices

To analyze network traffic patterns for anomalies

To restrict unauthorized access to network resources

To protect data both in transit and at rest (correct)

Which function involves creating actions to follow during a network security event?

Log and Event Monitoring [DE.CM]

Business Continuity Planning [RC.RP]

Risk Assessment [ID.RA]

Network Incident Response Plan [RS.RP] (correct)

In the NIST framework, which activity is tasked with training users to recognize security threats?

Security Training [RP.AT]

Which core function of the NIST framework evaluates the effectiveness of incident responses after an event?

Lessons Learned [RC.IM]

What is the main role of Log and Event Monitoring within the Detect function?

To continuously monitor for anomalies and incidents

Which of the following is NOT a component of the Protect function in the NIST framework?

Forensics [RS.AN-3]

At which layer of the TCP/IP model does point-to-point communication between devices mainly occur?

Network Layer

What is the primary goal of access control in network security?

To restrict unauthorized access to network resources

Which of the following is NOT listed as a key responsibility of network security?

Remote user training on device usage

What role do intrusion detection systems (IDS) play in network security?

They continuously monitor network traffic for security incidents

Which of the following best describes perimeter defense in network security?

Filtering incoming and outgoing network traffic

What is the purpose of network vulnerability management?

To identify and fix weaknesses in network configurations

Which secure protocol is specifically mentioned for protecting data in transit?

IPSec

What type of system would be utilized to prevent security incidents effectively?

Intrusion Prevention Systems (IPS)

Which option is least likely to be a focus of network security training?

Enhancing personal productivity tools

What is the primary goal of a Man-in-the-Middle (MitM) attack?

To intercept and manipulate communication.

Which technique is NOT associated with Denial of Service (DoS) attacks?

Session hijacking.

What countermeasure helps mitigate the risk of flooding attacks in Denial of Service (DoS)?

Rate limiting.

What is one common method to detect unauthorized port scanning activities?

Host-based IDS/IPS.

Which of the following best describes the term 'Brute Force Attack'?

Trying multiple username and password combinations to gain access.

Which practice is a key component in mitigating the effects of brute force attacks?

Strong password policies.

What is the purpose of SSL stripping in a Man-in-the-Middle attack?

To intercept and downgrade secure HTTPS connections to HTTP.

Which of the following techniques relies on overwhelming a service with excessive requests?

SYN flood attacks.

What is the primary function of a firewall in network security?

To act as a barrier between trusted and untrusted networks

Which type of firewall inspects packets on a per-packet basis without maintaining any state information?

Packet Filtering Firewalls

What security measure is implemented when a firewall blocks all traffic that does not match its defined rules?

Deny by default

Which of the following is NOT a countermeasure against external threat actors?

Regular employee training sessions

In firewall operations, what does 'filtering' primarily refer to?

Controlling incoming and outgoing network traffic

What is the importance of having a reliable operating system for a firewall?

To ensure firewall immunity to intrusions

What is the role of predefined security policies in firewall functionality?

To establish access rules for incoming and outgoing traffic

Which of the following features is a characteristic of Stateful Inspection Firewalls?

They maintain a record of active connections.

What is the primary function of an Intrusion Detection System (IDS)?

To alert on suspicious activity without taking direct action

Which VPN type allows remote users to connect to the internal network?

Remote access VPN

What is a significant drawback of signature-based detection methods used by IDS/IPS?

They exhibit poor performance with new or previously unseen threats.

Which of the following is not an example of an application layer VPN?

PPTP

What critical flaw in ARP contributes to the possibility of a Man in the Middle (MitM) attack?

ARP lacks authentication for ARP-Reply messages

Which of the following describes a characteristic of the Intrusion Prevention System (IPS)?

It can take proactive measures to block or prevent threats.

Which component of IPsec is responsible for providing encryption using symmetric algorithms?

Encapsulating Security Payload (ESP)

What form of VPN encapsulates IP packets into a secure tunnel?

IPsec Tunnels

What is the primary purpose of the Handshake Protocol in TLS?

To authenticate endpoints and establish a secure connection

Which type of detection method establishes a baseline of normal behavior for alerts on deviations?

Anomaly-based detection

Which of the following protocols specifically addresses the security of DNS queries and responses?

DNSSEC

Which statement accurately describes Host-Based IDS (HIDS)?

It monitors system-level activities and logs on individual devices.

What is the primary function of SSH in secure networking?

To enable secure remote access via encrypted interactive sessions

Which IDS/IPS detection method uses predefined patterns to identify attacks?

Signature-based detection

What type of communication does IPSec primarily secure?

IP communications at the network layer

What type of VPN is designed to offer transport layer encryption?

Wireguard

Which aspect of data does TLS ensure through its Record Protocol?

Encryption and authentication of transferred data

What is a primary use case for SSH?

Secure remote management of servers

Why is ARP spoofing considered a form of local ARP cache poisoning?

It impersonates devices to redirect traffic without detection.

What is a key characteristic of 'secure protocols'?

They enhance standard protocols through cryptographic techniques.

Study Notes

Cybersecurity Fundamentals (Part 3)

• Network Security: A set of measures and strategies to secure network infrastructure, protecting wired/wireless networks, routers, switches, firewalls, servers, and endpoints. Key responsibilities include access control, data protection, network monitoring, and intrusion detection.

Key Responsibilities/Tasks

• Access Control: Only authorized users and devices can access network resources.
• Data Protection: Encrypts data in transit and at rest using protocols like IPSec, SSL/TLS to secure sensitive information.
• Network Monitoring and Logging: Continuous monitoring of network traffic, detecting security incidents, monitoring network activity, analyzing logs to find anomalies, and using IDS/IPS systems to block or alert on suspicious activity and threats.

Network Security (II)

• Perimeter Defense: Security controls at the network perimeter to filter incoming/outgoing traffic (firewalls and DMZs), monitor/detect intrusion using IDS/IPS, and secure remote access with VPNs.
• Network Vulnerability Management: Regularly assessing the network for vulnerabilities and taking action to mitigate them, such as ensuring network devices are configured securely (patches/updates), and conducting security assessments (penetration testing).

Network Security (III)

• Network Security Activities (NIST Framework Core Functions):
  • Identify: Asset Management (ID.AM), Risk Assessment (ID.RA), Network Security Governance (ID.GV).
  • Protect: Access Control (PR.AC), Network Segmentation (PR.AC-5), Encryption (PR.DS-2), Endpoint Protection (PR.PT), Security Training (RP.AT)
  • Detect: Network Traffic Analysis (DE.AE), Log and Event Monitoring (DE.CM), Intrusion Detection (DE.DP)

Network Security (IV)

• Respond: Network Incident Response Plan (RS.RP), Security Incident Investigation (RS.AN), Mitigation and Containment (RS.MI), Communication and Reporting (RS.CO), Forensics (RS.AN-3)
• Recover: Business Continuity (BC) Planning (RC.RP), System Restoration (RC.RP), Lessons Learned (RC.IM), Post-Incident Review (RC.IM)

TCP/IP Network Model

• Key Points: Stacked protocol layers and data encapsulation. This shows a clear relationship between the TCP/IP and OSI models illustrating how protocols and services relate to each layer.

TCP/IP Vulnerabilities, Threats and Attacks

• Main Weakness: Lack of built-in security, and lack of native methods for encryption, integrity, and authentication.
• Generic Threats/Attacks:
  • Sniffing: Unauthorized interception/monitoring of network traffic (exploits lack of encryption).
  • Spoofing: Masquerading as something or someone else in a network communication (lack of authentication).
  • Hijacking: Attacker takes control of an established network session/connection between two parties (lack of authentication/integrity and weaknesses in session management).
  • Man-in-the-Middle (MitM) Attacks: Attacker intercepts (and potentially alters) communication between sender and receiver without their knowledge (MitM exploits issues in the network layers).
  • Denial of Service (DoS): Make network resources, services, or applications unavailable to legitimate users by overwhelming them with excessive traffic/requests.
  • Hostile network activity: Actions taken by attackers or malicious actors to compromise network security, gain unauthorized access, or disrupt network operations. This includes actions like port scanning, brute-force attacks.

Secure Protocols

• Secure protocols: Address security concerns (confidentiality, integrity, authenticity) in data and communications, improving upon the classic TCP/IP functionality. Protocols can be implemented at various layers of the stack, applying cryptographic techniques.

IPsec (Internet Protocol Security)

• Network Layer (Layer 3): A suite of protocols used to secure IP communications at the network layer. Provides IP packet authentication and (optionally) encryption using HMAC and ESP. IKE provides secure key exchanges. Uses Asymmetric encryption, Different Hellman, Digital Certificates

TLS (Transport Layer Security)

• Transport Layer (Layer 4): Secure communication channel between a client and server at the transport layer. Provides data integrity, confidentiality, and authentication at the packet level. Uses Handshake Protocol and Record Protocol.

SSH (Secure Shell)

• Application Layer (Layer 7): Provides end-to-end encryption for interactive sessions, adds user authentication methods such as password and public keys.

Perimeter Protection

• Objective: Securing an organization's network by protecting the outer boundary (perimeter) from external threats/attacks.
• Countermeasures:
  • Firewalls and network segmentation
  • Virtual Private Networks (VPNs)
  • Intrusion Detection and Prevention Systems (IDS/IPS)
  • Security Information and Event Management (SIEM) Systems
  • Web Application Firewalls (WAFs), Content Filtering

Firewalls

• Network Access Control Devices: Barrier between the organization's internal network and the untrusted external network. Uses filtering and controlling incoming/outgoing network traffic based on predefined security rules. All traffic passes through to permit or deny authorized traffic

Virtual Private Networks (VPNs)

• Extension of a private local network over an uncontrolled public network infrastructure.
• Typical Function: Establishing secure connections to maintain the confidentiality of traffic, relies on tunneling by creating a logical connection between endpoints, encapsulating one protocol within another. Common use cases include secure interconnection across parts of an organization, and remote access for users to connect to the internal network.
  • Different ways of tunneling

Intrusion Detection/Prevention Systems (IDS/IPS)

• IDS: Monitors network/system activity for signs of unauthorized access, attacks, or abnormal behavior. Passive and alerts on potential threats.
• IPS: Same detection methods as IDS, takes automated actions to prevent or mitigate detected threats. Proactive, blocking traffic to/from specific IP addresses, dropping malicious packets, and resetting connections.
• Deployment Types: Network-based (NIDS) sensors monitor traffic, and host-based (HIDS) agents monitor individual device activities, such as file changes, logs, and system calls.
• Detection Methods: Signature-based and Anomaly-based.

Description

This quiz covers key concepts in network security, including access control, data protection, and network monitoring. Learn how to secure network infrastructures and the responsibilities involved in maintaining cybersecurity. Test your knowledge on perimeter defense and intrusion detection strategies.