Network Security Concepts Quiz

Questions and Answers

What term describes a weakness in a system that could be exploited?

• Vulnerability (correct)
• Threat
• Mitigation
• Risk

Which of the following is NOT identified as a vector for data loss?

• Improper Access Controls
• Encrypted Devices (correct)
• Removable Media
• Email/Webmail

What is the general term for actions taken to reduce the negative impact of a threat?

• Mitigation (correct)
• Vulnerability
• Risk
• Threat

Which of the following is a driver for network security?

Data Loss (C)

What term best describes the potential for a threat to exploit a vulnerability?

Risk (A)

What type of network is typically used in a small office or home setting?

Small Office and Home Office Network (C)

Which of the listed items is considered a measure of inside perimeter security?

Electronic motion detectors (D)

Which of these is considered a motivation for Hacktivists?

Political or Social Agenda (D)

Which of these is NOT typically a security measure aimed at the outside perimeter?

Electronic motion detectors (A)

What is the term used for individuals who exploit known weaknesses in software or hardware?

Vulnerability Brokers (A)

Which of the following is NOT typically considered a penetration testing tool?

Web browser (C)

Which tool is used to find flaws in a system by sending invalid or unexpected input?

Fuzzer (A)

What term describes intercepting network traffic to gain unauthorized information?

Eavesdropping (C)

Which of these is a type of network attack where the attacker pretends to be someone else?

IP address spoofing (B)

Which of these is NOT a classification of a Trojan Horse?

Encryption (A)

Which of these tools would be used to analyze the contents of network communications?

Packet sniffer (A)

What is the primary purpose of a 'security software disabler' Trojan?

To disable security applications (B)

Which term refers to a type of attack that aims to disrupt access to network resources?

Denial-of-service (C)

What is a 'packet crafting' tool primarily used for?

Creating custom network packets (C)

Which attack involves an attacker positioning themselves between two communicating parties?

Man-in-the-middle (D)

The use of fences and gates is classified as an inside perimeter security measure.

False (B)

A Script Kiddie is a type of modern hacking title that refers to highly skilled hackers with advanced programming and network knowledge.

False (B)

The term 'mitigation' refers to the potential for a threat to exploit a vulnerability.

False (B)

Cyber criminals are primarily motivated by their political views and use their hacking skills to promote a specific social agenda.

False (B)

On-premise security officers are part of inside perimeter security.

False (B)

Unencrypted digital devices are not considered a vector of data loss.

False (B)

Vulnerability Brokers focus on creating new viruses and worms to distribute to a wide range of systems.

False (B)

A 'vulnerability' describes an action intended to disrupt the availability of a host or service.

False (B)

Risk is a measure of the likelihood of a potential threat agent to exploit a mitigation.

False (B)

The term 'threat' refers to a weakness that can be taken advantage of in a system.

False (B)

A 'rootkit detector' is primarily used to identify network vulnerabilities.

False (B)

Eavesdropping is classified as a type of malware attack.

False (B)

A 'proxy' Trojan horse is primarily used to send spam emails from infected systems.

False (B)

Data modification attacks involve an attacker gaining control of a system via exploiting software.

False (B)

Using packet sniffers, attackers can manipulate network packets in transit.

False (B)

A 'DoS' trojan is designed to disrupt the operations of network services.

True (A)

IP address spoofing is a form of malware that disguises itself as a legitimate application.

False (B)

Vulnerability exploitation tools are used to perform forensic analysis of infected systems.

False (B)

Compromised-key attacks involve an attacker stealing encryption keys, not exploiting software vulnerabilities.

True (A)

Debuggers are a type of malware used in network attacks.

False (B)

Flashcards

Vulnerability

A weakness in a system, network, or device that can be exploited by an attacker.

Threat

Any potential danger that could exploit a vulnerability, leading to harm or loss.

Mitigation

A technique, strategy, or action used to address and reduce the impact of a threat.

Risk

The likelihood of a threat exploiting a vulnerability and causing harm.

Vectors of Network Attacks

The ways in which attackers target a network or system.

Script Kiddies

Individuals with limited technical skills who use pre-made hacking tools to exploit vulnerabilities.

Vulnerability Brokers

People who discover and report vulnerabilities to organizations but may also sell them to attackers.

Hacktivists

Hackers motivated by political or social causes to disrupt or damage systems for ideological reasons.

Cyber Criminals

Individuals or groups motivated by financial gain, committing cybercrimes like data theft, ransomware, or fraud.

State-Sponsored Hackers

Hackers backed by a government for espionage, sabotage, or political influence through cyberattacks.

Penetration Testing Tools

A tool used to test the security of a system or network by simulating real-world attacks to identify vulnerabilities.

Exploit

A software program designed to exploit vulnerabilities in a system, often for malicious purposes.

Virus

A type of malware that replicates by attaching itself to other programs or files.

Trojan Horse

A program disguised as legitimate software that performs malicious actions when executed.

Packet Sniffer

A program designed to monitor network traffic and capture packets, potentially revealing sensitive information.

Data Modification

A technique used to alter or manipulate data transmitted over a network, often with malicious intent.

Denial-of-Service (DoS)

An attack that aims to disrupt the normal functioning of a system by overwhelming it with traffic, preventing legitimate users from accessing it.

Worm

A type of malware that spreads through networks, taking control of infected systems and forming a botnet.

IP Address Spoofing

A technique used to create fake network traffic, disguising the attacker's real identity and location.

Man-in-the-Middle Attack

A type of attack where the attacker intercepts communications between two parties, potentially stealing data or manipulating information.

Why are networks targets?

Attackers target networks for various reasons, including stealing data, disrupting operations, or gaining control.

What are the key network security terms?

Vulnerability: A weakness in a system that can be exploited. Threat: Any potential danger that could exploit a vulnerability. Mitigation: Actions to reduce the impact of a threat. Risk: The likelihood of a threat exploiting a vulnerability.

What are the main vectors of data loss?

Email/Webmail: Compromised accounts or phishing emails. Unencrypted Devices: Laptops, phones without passwords. Cloud Storage: Weak access controls. Removable Media: USB sticks with sensitive data. Hard Copy: Misplaced documents. Improper Access Control: Weak logins or shared passwords.

Why do all networks need security?

Networks are interconnected, so an attack on one network could affect others. All network types need protection, from small home networks to large enterprise networks.

What are the goals of network attackers?

Attackers often target network vulnerabilities to gain unauthorized access, steal data, or disrupt services.

Security Software Disabler Trojan

A type of Trojan horse designed to disable security software on a system, making it vulnerable to other attacks by bypassing security measures.

Study Notes

Modern Network Security Threats

• This chapter outlines modern network security threats
• Course name: CCNA Security v2.0
• Instructor: Dr. Nadhir Ben Halima

Chapter Outline

• Introduction to network security concepts
• Network security threats
• Methods for mitigating threats
• Summary of key concepts

Securing Networks

• Upon section completion:
  • Students can describe the current network security landscape
  • Students can explain the need for protection of all network types

Current State of Affairs

• Networks are common targets for attacks
• Different locations and countries are affected

Drivers for Network Security

• Common network security terms:
  • Threat
  • Vulnerability
  • Mitigation
  • Risk

Vectors of Network Attacks

• External threats attack networks from the outside
• Internal threats attack networks from the inside
• Hosts are often the target

Data Loss

• Vectors of data loss include:
  • Email/Webmail
  • Unencrypted devices
  • Cloud storage devices
  • Removable media
  • Hard copy
  • Improper access control

Network Topology Overview

• Different types of networked systems are common security targets

Campus Area Networks

• AAA Server, ASA Firewall, Layer 2/3 Switches, VPN, IPS, ESA/WSA are components of modern networks

Small Office and Home Office Networks

• A wireless router, layer 2 switch, and client devices are example components

Wide Area Networks

• Components include branch sites, points of presence (POP), VPNs, regional sites, corporate sites, and mobile workers

Data Center Networks

• Outside perimeter security:
  • On-premise security officers
  • Fences and gates
  • Continuous video surveillance
  • Security breach alarms
• Inside perimeter security:
  • Electronic motion detectors
  • Security traps
  • Continuous video surveillance
  • Biometric access sensors

Network Threats

• Evolution of network security
• Hackers' attack tools
• Different types of malware (viruses, worms, Trojans)

Who is Hacking Our Networks?

• Modern hacking titles include:
  • Script Kiddies
  • Vulnerability Brokers
  • Hacktivists
  • Cyber Criminals
  • State-Sponsored Hackers

Hacker Tools

• A discussion of the types of tools hackers use.
• Increasing sophistication and technical knowledge required.

Introduction of Attack Tools

• Attack sophistication and technical knowledge needed have increased

Evolution of Security Tools

• Penetration testing tools:
  • Password crackers
  • Wireless hacking
  • Network scanning
• Forensic tools:
  • Debuggers
  • Hacking operating systems
  • Encryption
• Security tools:
  • Packet sniffers
  • Rootkit detectors
  • Vulnerability scanners
  • Fuzzers to search for vulnerabilities

Categories of Attack Tools

• Network Hacking Attacks:
  • Eavesdropping
  • Data modification
  • IP address spoofing
  • Denial-of-service (DoS)
  • Man-in-the-middle
  • Compromised-key
  • Sniffer

Malware

• Various types of malware
• Virus: specific function on a computer
• Worm: replicates and spreads across a network
• Trojan Horse: disguised as legitimate software or file

Viruses

• Malicious software often harmful

Trojan Horse Classification (Examples)

• Security software disabler
• Remote access
• Data-sending
• Destructive
• Proxy
• FTP
• Denial-of-service (DoS)

Worms

• The initial infection and propagation of a worm illustrates attacks
• Examples like the Code Red worm: highlighted infection spread

Worm Components

• Enabling vulnerability
• Propagation mechanism
• Payload

Other Malware

• Other types of malware are
  • Ransomware
  • Spyware
  • Adware
  • Scareware
  • Phishing
  • Rootkits

Common Network Attacks

• Types of network attacks include:
  • SYN floods
  • Smurf attacks
  • Data modification
  • Reconnaissance attacks (initial queries, ping sweeps, port scans, vulnerability scans, exploitation tools)
  • Denial-of-service (DoS) attacks (and Distributed Denial-of-Service (DDoS) attacks)

Reconnaissance Attacks

• Initial query of a target network
• Ping sweep of the target network
• Port scan of active IP addresses
• Vulnerability scanners
• Exploitation tools

Access Attacks

• Reasons for access attacks:
  • Retrieving data
  • Gaining access
  • Escalating access privileges
• Types of access attacks
  • Password attacks
  • Port redirection
  • Man-in-the-middle attacks
  • Buffer overflow attacks
  • IP, MAC, DHCP spoofing

Social Engineering Attacks

• Pretexting
• Phishing
• Spearphishing
• Spam
• Tailgating
• Something for Something

Denial of Service Attacks

• The DDoS Attacker technique and effect of denial of service attacks to the client
• Websites and servers experience overload due to pings
• A DoS Attacker overload network servers with requests to block access

DDoS Attacks

• Hacker builds a botnet of infected machines
• Zombies, or compromised computers, are controlled by systems
• Further attacks on more targets infect more zombies
• DDoS attacks carried out when attacks are initiated.
• Emphasis on botnets and zombies as essential components