Podcast
Questions and Answers
How does network security differ from cybersecurity?
How does network security differ from cybersecurity?
- Network security focuses solely on protecting data in transit, while cybersecurity includes data at rest.
- Network security primarily addresses insider threats, while cybersecurity manages external threats.
- Network security involves physical and software preventative measures, while cybersecurity protects systems and networks from digital attacks. (correct)
- Network security emphasizes compliance with regulatory standards, whereas cybersecurity prioritizes incident response.
How does implementing BitLocker on a device contribute to the CIA triad?
How does implementing BitLocker on a device contribute to the CIA triad?
- It boosts integrity by offering a failsafe against data breaches, providing a reliable audit trail of access attempts.
- It improves confidentiality by encrypting the data, restricting unauthorized access. (correct)
- It primarily enhances availability by ensuring quick data recovery in case of system failures.
- It ensures integrity of the data by providing a secure hashing algorithm to verify data consistency.
In the context of network security, what is the most critical implication of a 'single point of failure' (SPOF)?
In the context of network security, what is the most critical implication of a 'single point of failure' (SPOF)?
- Minor slowdown in network speeds during peak usage times.
- Compromised confidentiality because of unauthorized access to sensitive data.
- Complete system failure, where a single component's malfunction halts the entire network. (correct)
- Increased vulnerability to Distributed Denial of Service (DDoS) attacks, leading to temporary service disruptions.
Which statement accurately describes the relationship between vulnerability, threat, and risk in network security?
Which statement accurately describes the relationship between vulnerability, threat, and risk in network security?
Which of the following illustrates a primary benefit of using on-premises solutions compared to cloud solutions for data and application hosting?
Which of the following illustrates a primary benefit of using on-premises solutions compared to cloud solutions for data and application hosting?
How do Logic Bombs operate, and what is their primary purpose in a malicious context?
How do Logic Bombs operate, and what is their primary purpose in a malicious context?
What is the distinguishing characteristic of 'State-sponsored' threat actors in the realm of cybersecurity?
What is the distinguishing characteristic of 'State-sponsored' threat actors in the realm of cybersecurity?
What unique characteristic distinguishes an 'ethical hacker' from other types of hackers?
What unique characteristic distinguishes an 'ethical hacker' from other types of hackers?
Which of the following strategies is most effective for organizations aiming to mitigate the risks associated with Single Points Of Failure (SPOFs) in their network infrastructure?
Which of the following strategies is most effective for organizations aiming to mitigate the risks associated with Single Points Of Failure (SPOFs) in their network infrastructure?
What is the primary goal of 'cable tapping' (wiretapping) at Layer 1 of the OSI model, and what type of data is most vulnerable in this attack?
What is the primary goal of 'cable tapping' (wiretapping) at Layer 1 of the OSI model, and what type of data is most vulnerable in this attack?
In the context of Layer 1 attacks, how does "Jamming (DoS)" specifically compromise wireless communication, and what makes this attack challenging to mitigate?
In the context of Layer 1 attacks, how does "Jamming (DoS)" specifically compromise wireless communication, and what makes this attack challenging to mitigate?
Which of the following statements accurately represents a significant challenge in implementing robust security measures for Layer 1 of the OSI model?
Which of the following statements accurately represents a significant challenge in implementing robust security measures for Layer 1 of the OSI model?
What is the primary function of a 'tamper detection' mechanism in the context of Layer 1 security, and how does it protect network infrastructure?
What is the primary function of a 'tamper detection' mechanism in the context of Layer 1 security, and how does it protect network infrastructure?
How does encrypting data at the Physical Layer contribute to overall network security, and what primary protection does it offer?
How does encrypting data at the Physical Layer contribute to overall network security, and what primary protection does it offer?
Why is wireless spectrum monitoring particularly critical in Layer 1 security, and what potential threats can it help detect?
Why is wireless spectrum monitoring particularly critical in Layer 1 security, and what potential threats can it help detect?
Which of the following best describes the purpose and function of Dynamic ARP Inspection (DAI) on a network?
Which of the following best describes the purpose and function of Dynamic ARP Inspection (DAI) on a network?
Which of the following describes a critical function of a 'DHCP Snooping Binding Database' and what security benefits does it offer?
Which of the following describes a critical function of a 'DHCP Snooping Binding Database' and what security benefits does it offer?
What is the main purpose for configuring Root Guard on designated ports of a network switch, and what type of threat does it help mitigate?
What is the main purpose for configuring Root Guard on designated ports of a network switch, and what type of threat does it help mitigate?
Why is it important to use PortFast in conjunction with BPDU Guard on access ports connected to end-user devices?
Why is it important to use PortFast in conjunction with BPDU Guard on access ports connected to end-user devices?
What is the fundamental security risk associated with failing to change the native VLAN on a trunk port, and how can this vulnerability be exploited?
What is the fundamental security risk associated with failing to change the native VLAN on a trunk port, and how can this vulnerability be exploited?
What is the key operational distinction between 'Control Plane Policing (CoPP)' and a standard Access Control List (ACL) in a network security context?
What is the key operational distinction between 'Control Plane Policing (CoPP)' and a standard Access Control List (ACL) in a network security context?
What unique security benefits does 'Scrypt' offer compared to an 'MD5 hash' when securing passwords on network devices?
What unique security benefits does 'Scrypt' offer compared to an 'MD5 hash' when securing passwords on network devices?
How does a MAC address flooding attack compromise the security and performance of a network switch?
How does a MAC address flooding attack compromise the security and performance of a network switch?
What are the two variations of spanning-tree attacks?
What are the two variations of spanning-tree attacks?
Why is storm control important?
Why is storm control important?
Which can best block VLAN hopping?
Which can best block VLAN hopping?
What are layer 2 attack?
What are layer 2 attack?
What is the default type for console encryption?
What is the default type for console encryption?
The switch is looping what is the solution?
The switch is looping what is the solution?
An engineering workstation is being denied Internet access. The workstation is connected to a switch on the same VLAN. What configuration is needed on the access port?
An engineering workstation is being denied Internet access. The workstation is connected to a switch on the same VLAN. What configuration is needed on the access port?
What is the best way for an organization to test network device with no outside connections?
What is the best way for an organization to test network device with no outside connections?
Which one of those items does the storm control is not?
Which one of those items does the storm control is not?
How can you protect from man in the middle attack?
How can you protect from man in the middle attack?
Which of these protocols are the most secure remote access?
Which of these protocols are the most secure remote access?
One computer has connected one inexpensive unmanaged switch then the network will be down, what has happened?
One computer has connected one inexpensive unmanaged switch then the network will be down, what has happened?
Which is/are the main functions of Information Security?
Which is/are the main functions of Information Security?
In the context of cybersecurity practices, what does the CIA Triad represent?
In the context of cybersecurity practices, what does the CIA Triad represent?
Under which of the following scenarios would cloud-based cybersecurity solutions be most advantageous compared to on-premise solutions?
Under which of the following scenarios would cloud-based cybersecurity solutions be most advantageous compared to on-premise solutions?
What is the definition of “risk”?
What is the definition of “risk”?
Flashcards
Information Security
Information Security
Processes to protect confidential data from unauthorized modification or destruction.
Cybersecurity
Cybersecurity
Protecting digital systems, networks, and data from cyber attacks.
Network Security
Network Security
Securing network infrastructure from unauthorized access, misuse, malfunction, modification, or destruction.
Availability
Availability
Signup and view all the flashcards
Confidentiality
Confidentiality
Signup and view all the flashcards
Integrity
Integrity
Signup and view all the flashcards
Asset
Asset
Signup and view all the flashcards
Vulnerability
Vulnerability
Signup and view all the flashcards
Exploit
Exploit
Signup and view all the flashcards
Threat
Threat
Signup and view all the flashcards
Attack
Attack
Signup and view all the flashcards
Risk
Risk
Signup and view all the flashcards
Countermeasure
Countermeasure
Signup and view all the flashcards
On-Premises
On-Premises
Signup and view all the flashcards
Cloud Solutions
Cloud Solutions
Signup and view all the flashcards
Malware
Malware
Signup and view all the flashcards
Virus
Virus
Signup and view all the flashcards
Worm
Worm
Signup and view all the flashcards
Trojan
Trojan
Signup and view all the flashcards
Rootkit
Rootkit
Signup and view all the flashcards
Spyware
Spyware
Signup and view all the flashcards
Adware
Adware
Signup and view all the flashcards
Scareware
Scareware
Signup and view all the flashcards
Botnet
Botnet
Signup and view all the flashcards
Logic Bomb
Logic Bomb
Signup and view all the flashcards
Keylogger
Keylogger
Signup and view all the flashcards
Ransomware
Ransomware
Signup and view all the flashcards
Threat Actors
Threat Actors
Signup and view all the flashcards
Script Kiddies
Script Kiddies
Signup and view all the flashcards
Organized Crime Groups
Organized Crime Groups
Signup and view all the flashcards
State Sponsors
State Sponsors
Signup and view all the flashcards
Hacktivists
Hacktivists
Signup and view all the flashcards
Terrorist Groups
Terrorist Groups
Signup and view all the flashcards
Hacker
Hacker
Signup and view all the flashcards
White hat hacker
White hat hacker
Signup and view all the flashcards
Black hat hacker
Black hat hacker
Signup and view all the flashcards
Gray hat hackers
Gray hat hackers
Signup and view all the flashcards
Single point of Failure
Single point of Failure
Signup and view all the flashcards
Redundant links
Redundant links
Signup and view all the flashcards
Cable Tapping
Cable Tapping
Signup and view all the flashcards
Jamming
Jamming
Signup and view all the flashcards
Study Notes
Lesson 1
- The lesson covers Information Security, Cybersecurity, and Network Security, CIA Triad, Common Network Security Terms, On-premise & Cloud Solutions, Malware types, Threat actors, Increasing Network Availability and Project topics
Misunderstanding Information Security, Cybersecurity, and Network Security
- Information security applies processes and methodologies designed to protect confidential, private, and sensitive data in any form from unauthorized access, use, misuse, disclosure, destruction, modification, or disruption
- Cybersecurity refers to the practice of protecting systems, networks, and programs from digital attacks
- These attacks aim to access, change, or destroy sensitive information, extort money, or interrupt normal business processes
- Network security involves physical and software preventative measures to protect networking infrastructure from unauthorized access, misuse, malfunction, modification, destruction, or improper disclosure
- This creates a secure platform for computers, users, and programs to perform permitted critical functions
CIA Triad
- It involves three basic components and goals of network security: Confidentiality, Integrity, and Availability
Confidentiality
- This means identifying what information should be controlled, who is authorized to access it, and controlling access to ensure only authorized individuals can access the information
- Confidential data examples include bank and credit card details, criminal records, patient health records, and military secrets
- Encryption tools such as Bitlocker, AxCrypt, are used when information must be stored, which enhances confidentiality
Integrity
- This stands as the second goal of network security, and means the data provided must be accurate, consistent, and unaltered
- Only authorized people can change it
Availability
- It stands as the third goal of network security, requiring that systems, applications, and data are available to authorized users when needed
- Denial-of-Service (DoS) or Distributed DoS attacks are the most common threats to availability
- Access controls, monitoring, and data redundancy are recommended to ensure resource availability
Common Security Terms
- Asset refers to anything of value to an organization, such as properties, vehicles, equipment, plants, buildings, employees, computers, data, and intellectual property
- Protecting assets represents the primary function of security, whether physical or network-based
- Vulnerability defines a weakness in a system that threat actors can exploit for unauthorized access
- Exploit represents a method or tool that an attacker uses to leverage a vulnerability and damage a system
Threat
- It refers to any potential danger to an asset, which can be triggered accidentally or intentionally
Attack
- It refers to the action taken by an attacker to harm an asset
Risk
- It is defined as the potential for loss, compromise, damage, destruction, or other negative consequences to an organization's asset
- Risk is expressed as Risk = Asset + Threat + Vulnerability
Countermeasure
- It refers to an action initiated by an organization, typically by security professionals, to mitigate a threat
On-Premise & Cloud Solutions
- An on-premises setup involves an organization hosting all its IT infrastructure in its offices, such as in a Data Center (DC)
- The IT staff is responsible for installing, running, and controlling all system and network services, with software and technological assets located on physical servers within the DC
- Pros: security, control, customizability, and no constant need for internet access
- Cons: High upfront and greater complexity, less flexibility, and longer implementation times
- Cloud hosting occurs on servers maintained by a vendor, who serves as the hosting company
- Cloud computing is an option to on-premises solutions and is often accessed via the Internet, and Microsoft Azure is an example
- Pros: disaster recovery, accessibility, cost effectiveness, and scalability
- Cons: Lack of control, internet dependency, privacy concerns, and fixed contract
Malware Types
- Malware refers to any file, code, or app designed to infect, explore, and steal data, and is an inclusive term for all malicious software
- Virus is defined as malicious software attached to an executable file, designed to destroy systems or data
- Worm is defined as malicious software with the ability to replicate itself and spread over a computer network
- Trojan pretends to be a regular program and contains payloads that provide a backdoor for unauthorized access to a system or network
- RAT (Remote Access Trojans), Security-Software disable Trojans, Data-hiding Trojans, and DOS (Denial of Service) Trojans are examples
- Rootkit is a collection of stealth software designed to permit malware, hiding its presence
Additional Malware Types
- Spyware is defined as a computer network term for malware that monitors computer activities to collect private data
- Adware, short for Advertising-Supported Malware, automatically generates revenue by serving ads to device users
- Scareware represents tricks that involves deceiving users into downloading useless software like registry cleaners or firewall applications
More on Malware
- Botnet is defined from two words - Bot (short for Robot) and Net (for Network) and represents a network of infected computers used by malware to spread.
- Logic Bomb is defined as malware triggered by launching an application, or when a certain date and time is reached, where it can embed an arbitrary code or fake application.
- Key Loggers record user's keyboard inputs, particularly targeting credentials
- Ransomware encrypts user data and demands decrypting key payment, with a recent example being the WannaCry attack
Threat Actors
- Threat actors refer to those who execute attacks and cause security incidents, and can be different groups or individuals like Script kiddies, Organized crime groups, State sponsors and governments, Hacktivists and Terrorist groups
Script Kiddies
- This describes inexpert people who use existing scripts\tools to hack computers and networks, but lack the expertise to write their own
Additional Threat Actors
- Organized crime groups main goal is to steal information, scam people, and make money.
- State sponsors and governments are interested in stealing data, including intellectual property, research-and-development, and they are from major manufacturers and governments
- Hacktivists use cybersecurity attacks to promote a social or political cause.
- Terrorist groups have religious and/or political motivations
Hackers
- It is defined as a person who enjoys understanding the workings of a system and continues to hack to learn everything about it
- Cracker refers to a criminal hacker
- Ethical hacker was coined to distinguish the good guys from the bad guys
Hacker Classifications
- White hat hackers utilize ethical hacking methods to help companies and organizations secure their systems
- Black hat hackers are those who perform illegal activities like organized crime
- Gray hat hackers follow the law generally, but sometimes follow the darker side of black hat hacking
Increasing Network Availability
- A single point of failure (SPOF) occurs when one component's failure stops the entire system from working
- To prevent SPOFs, networks need increased maintenance and redundant devices
- Fault Tolerance Systems: a network constructed specifically to prevent SPOFs; with multiple devices and connections (redundancy) the server infrastructure is protected from the failure of any one section
Hardware Redundancy
- It include redundant wide are network links for backup/failover as well as redundant power supply
Project Topics & Structure
- Included project topics: SQL Database Injection Attack, XSS - Cross Site Script Attack, Phishing Social Engineering Attack, Buffer Overflow Attack, Path Traversal Attack, MITM – Man-in-the-Middle Attack, and DOS - Denial of Service Attack
- The project will be presented in the semester’s last lesson
- It involves groups investigating a topic and preparing five slides for presentation, with practical related job being considered as extra points
Lesson 2
- This lesson covers Layer 1 attacks in the OSI model
OSI Model Layer 1 Attacks
- Physical Layer or Layer 1 is the first layer and handles actual hardware and physical connections that enable communication
- Layer 1 (physical layer) attacks target the network infrastructure, can case disruptions, data lossor complete system failure
- Cable tapping (wiretapping), jamming (DoS), physical destrcution of hardware, eavesdropping(sniffing) on wireless signal, rogue devices, MITM attack on physical links
Cable Tapping/Wiretapping
- It involves physically accessing network cables to intercept data, like Ethernet or fiber optic
- Since data can intercepted here, raw data transmission occurs
- Any data sent by cables is intercepted
Jamming (DoS)
- It interferes with wireless communication by sending signals that cause noise
- This impacts devices the same frequency as Wi-Fi networks and thus, devices will lose connection
Physical Destruction of Hardware
- It involves physically damaging or destroying network devices, like routers and switches
- An attacker might destroy cables, cut fiber optic lines, or damage hardware critical for a network's infrastructure
- The network then becomes inoperable
Eavesdropping (Sniffing)
- It is where an attacker intercepts the wireless communication to capture sensitive information
- Attackers use sniffing tools to capture and analyze packets transmitted over the air, in weakly secured Wi-Fi
Rogue Devices
- It is an unauthorized device that connects physically/wirelessly, such as a malicious device or rogue Wi-Fi access point
- They may attempt to intercept data, modify data, infect systems, or damage the network via malware
MITM Attacks
- It's where the attacker physically inserts themselves between 2 communicating device at the physical layer
- By compromising with cables or wireless channels, they capture and alter messages without detection
Mitigation of Layer 1 OSI Model Attacks
- Security measures that you can undertake as countermeasures to prevent Layer 1 intrusions: Securing access, cable security, encryption, ensuring secure & isolated wireless etc
Security Access
- It requires physical network equipment in locked rooms/data centers with restricted personnel and strong physical access control, like ID badges
Cable Security
- It inolves using conduits/cable trays to protect cables from tampering/burial cables underground to make tampering difficult. tamper evident seals detect any access
Data and Wireless Encryption
- It involves encrypting Layer 3 data even when Layer 1 focuses on raw transmission
- It requires use of reliable wireless encryption standards like WPA3, MAC address filtering, to avoid rogue devices
Network Monitoring
- Use systems to monitor for unauthorized jamming or devices. Monitor for disruptions, as this is an indicator of jamming attack
Device and Data Inspections
- Utilize detection tools and have regular scans for rogue switches. and physical audits+inspections for malicious connections.
Response, Redundancy, Recovery
- Establish a plan to respond to breaches, with backup systems. Ensure to have redundant channels, and backups to ensure network operations in face of attacks
Network segmentation, Core Access
- Segment critical infrastructure, to minimize an attacker’s impact if they gain single entry. Utilize failover solutions to backup data
Layer 3
- Its the (network layer) attack that can happen if attackers insert themselves to communication devices to read and alter information. The mitigation methods inclue: real time alerting, video surveillance over cables
Lesson 3
- The lesson covers OSI Model Layer 2 Data Link attacks such as MAC address Flooding, DHCP Starvation and ARP Spoofing Attacks
MAC address Flooding Attack
- In this attack, the Switch CAM Table becomes full from fake source addresses. This occurs due to flooded ethernet frames/different MAC addresses, flooding the table
- As a result, the switch malfunctions and traffic is broadcast to all
- A protection is to setup port security to a specific switch, to only allow certain MAC addressed on that switch
- Actions can range from messages to effectively shutting down the interface
Port Security Summarization
- Examines if frames received have issues and defines a maximum number of unique source MAC addresses, that can cause errors
Port Security Configuration
- Steps to configure port security involve the following:
- Setting switch to static/trunk Interface using switchport mode access
- Enabiling Port Security using switchport port-security and maximum number of allowed MAC addresses
- Setting violation mode
Port Security Modes
- There are 3 options you can chose for port security and these modes can affect dropping
- Protect - Drops without logging it
- Restrict - Drops and notes with Simple Network Maintenance Protocol trap
- Shutdown - Puts the switch interface in an error disable state
DCHP Starvation Attack
- Refers to a malicious device where a large number of DCHP are requested in order to exhaust addresses
- This causes legitimate users to lose access and results in further exploits and attacks
- mitigation: Implement IP-MAC binding to prevent requests and minimizing the lease time
DHCP Snooping
- It’s a feature used to protect against attacks, by monitoring DHCP traffic - to make sure only devices act as DCHP
- It involves setting trusted vs untrusted ports, including monitoring DCHP information -Trusted ports are ports by servers are connected and only replies are accepted
- Untrusted ports are regular connections by end users, where only requests are sent
ARP Spoofing\Poisoning Attacks
- Refers to fake ARP messages sent over a network that associates another’s MAC address
- This leads to mitm attacks, Denial of Service, and traffic redirection
Results of ARP Poisoning Attacks
- MITM attacks - the attacker can intercept data and alter it
- Denial of Service - Attacker can cause devices to stop communicating from legitimate devices - leading to a DoS effect Traffic Redirection - Attackers can capture sensitive and personal information
ARP dynamic inspection and Config
- ARP dynamic Inspection is a security feature used to prevent DHCP attacks. IT needs snooping to verify ip-mac addresses
Lesson 4
- Covering data link layer 2 attacks such as Root Bridge Spoofing attacks
Root Bridge Spoofing Attack
- This is where an attacker sends out lower priority fake BPDU attacks and causes disruption
- The protection from this: utilize port fast, and STP guard, filtering etc
PortFast Considerations
- portfast is enabled on ports where there is no STP device or network
- when portfast is properly in place. The switch moves to STP forwards for the NIC for normal fast traffic
Spanning Tree
- Attackers who can manipulate ports with low values become root switch and intercept data
BPDU Guard
- In the event of BPDU being received help prevent problems by only using access ports that connect 2 user devices, as the local switch can disable what is causing that BPDU
Root Guard, traffic and BPDU Filters
- It is a security feature where it prevents unauthorized switches but also allows BPDUs from legitimate root switches while filtering unnecessary BDPU transmissions.
Unidirectional Link Failure
- It is where there is one-way loop as a connector is transmitting but failing to receive connector data
Loop Guard
- One of the solutions from previous side, that stops traffic from illegitimate sources
Lesson 5
- This lesson covers the following Data Link Layer 2 attacks: VLAN Hopping attacks, Storm Controls as well as looking at Network planes
VLAN Hopping attacks
- In this attack, the attacker attempts to hop from 1 VLAN to unauthorized VLANs
- there are 2 kinds of attacks involving: spoofing and double tagging
Switch Port Spoofing
- Where attacker pretends to be another switch by sending dynamic trunking potrol to estabilish a trunk link
- This allows attacker to send\receive VLANS
Mitigations
- It is best to disable Dynamic Trunking Protocol, implement private VLANS,
Double Tagging
- It is where the attacker sends double tagged VLANs, but then is forwarded from the inner VLAN to another
Storm Control
- It is used as a traffic management on ports, that will limit potential unicasts, multi casts and broadcasts
- Packets received to the port
- By default it automatically is diabled but can be set as % bandwidth or PPS by setting storm control actions to shutdown which stop attacks in the event they occur
Network Planes
- Modern networking devices are divided into 3 planes or layers
- Management - Administration access to devices e.g. connecting with SSH
- Control - Handled logic for traffic - Protocols for routing such as Open Shortest Path First (OSPF), Border Gateway Protocol (BGP), Enhanced Interior Gateway Routing Protocol (EIGRP)
- Data Layer- where actual use traffic is done e.g. with Internet Protocol forwarding and network address translation
Network Ports and Security
- Console - Port used on device in order to connect even without an network
- To connect to devices with protocols such as SSH is what is called “in band”, where console cable use is called “ out band”
Passwords
- Passwords are shown a key aspect to use for modern devices. These types relate to the strength of the passcodes; here are the various types and their strengths
- Plain has no strength and should not be used. In the event you cannot configure password to type 7 and stronger they are easily reversed
Studying That Suits You
Use AI to generate personalized quizzes and flashcards to suit your learning preferences.
