Network Security Principles

Questions and Answers

What primarily distinguishes unskilled attackers from more sophisticated threat actors?

They conduct espionage activities.

They can create their own attack scripts.

They run pre-made scripts without understanding their function. (correct)

They possess extensive funding.

Which motivation is NOT commonly associated with nation-state attackers?

Data exfiltration

Financial gain (correct)

Disruption/chaos

Philosophical beliefs

Which of the following best describes the capabilities of a hacktivist?

They hack for fun without a particular purpose.

They typically run automated vulnerability scans.

They conduct espionage for national security interests.

They are motivated by philosophical or political beliefs. (correct)

What is a characteristic of Advanced Persistent Threats (APTs) associated with nation-states?

They have extremely high levels of sophistication.

What distinguishes internal threat actors from external ones?

Internal actors operate within the organization they are targeting.

What is the main function of the data plane in a network?

Performing the actual security processes

Which statement correctly describes NAT?

It allows multiple devices to share a single public IP address.

What role does the control plane play in a network?

It manages actions of the data plane and defines policies.

Which type of IP address is used for internal communication within a network?

Private IP address

What does 'adaptive identity' involve in controlling trust?

It examines an individual’s identity and applies controls based on various risk indicators.

How is a public IP address typically assigned to a network?

Assigned dynamically by the internet service provider (ISP).

What is NOT a function of the control plane?

Processing network data

In the context of network architecture, what does 'extending the physical architecture' refer to?

Incorporating functions into hardware or software.

What is one primary function of barricades and bollards in physical security?

To channel people through specific access points

How do access control vestibules enhance security?

They ensure that one door can be opened at a time.

What type of fencing typically provides robust security features?

Razor wire fencing

Which feature of CCTV is used to alert security when motion is detected?

Motion recognition

In a scenario with two-person integrity, what is the core principle of this security measure?

Two security personnel must verify actions to prevent policy circumvention.

What type of security feature is used to build a perimeter and may not always be visually obvious?

Transparent fencing

What is the main purpose of using physical security guards at a facility?

To manage access and validate employee identification

Which of the following statements about moats as a physical security method is accurate?

Moats can act as a barrier to impede unauthorized access to a building.

What is a key reason to consider the timing of changes in production environments?

Downtime during work hours can disrupt production.

Which statement best describes the concept of an allow list in security policy?

Only applications that are explicitly approved can run.

What defines the scope of a change in change management?

It outlines all components involved in the change process.

Why is change management considered critical within an organization?

It impacts all members and operations of the organization.

What is a common risk associated with allowing unauthorized applications to run?

Higher risks of vulnerabilities and malware attacks.

What is the purpose of a backout plan during a change process?

To define steps to revert changes if issues arise.

Which of the following statements is true regarding the technical change management process?

The plan requires execution despite complexities in the upgrade.

Which strategy is advisable to minimize downtime during system changes?

Switch to secondary systems, upgrade the primary, and revert back.

What is the primary purpose of using asymmetric encryption in key exchange?

To securely deliver the symmetric session key.

Which characteristic is essential for implementing session keys?

They need to be changed often and remain unpredictable.

What is a primary function of a Trusted Platform Module (TPM)?

It provides unique cryptographic keys during manufacturing.

What advantage does a Hardware Security Module (HSM) provide in a large environment?

It securely stores thousands of cryptographic keys.

What is an essential feature of a key management system?

It allows the management of keys from a single centralized location.

Which type of encryption key is created using public and private key cryptography?

Symmetric key.

What feature distinguishes a symmetric session key from an asymmetric key?

Symmetric keys require both parties to use the same key.

How does a key management system enhance data security?

By allowing keys to be associated with specific users.

Study Notes

Network Security Planes

• Networks can be divided into functional planes: data plane, control plane
• Data plane: processes network data (e.g., packets, frames)
  • Performs tasks like forwarding, trunking, encryption, NAT
• Control plane: manages data plane actions
  • Defines policies and rules for data plane operations
  • Manages routing tables, session tables, NAT tables

Trust and Adaptive Identity

• Adaptive identity: dynamically assesses user and resource trustworthiness
  • Considers source, requested resources, relationship to organization, location, connection type, IP address
  • Enforces security controls based on accumulated information

Physical Security Measures

• Barricades/Bollards: Prevent access, channel people through specific points, can be used for extreme security (concrete barriers, moats).
• Access Control Vestibules: Control access through a series of doors, ensuring only one door is open at a time.
• Fencing: Builds a perimeter, can be transparent or opaque, robust to prevent cutting or climbing.
• Video Surveillance: Utilizes CCTV, includes features like motion recognition, object detection, and networked recording.
• Guards and Access Badges: Physical protection at reception, validation of employee identification, and implementation of two-person integrity for enhanced security.

Change Management

• Process: Well-documented and accessible on the Intranet. Includes standard processes and procedures. Changes to the process are reflected in the living document.
• Technical Implementation: Concerned with the "how" of change, focusing on executing a plan to implement the change.

Allow/Deny Lists

• Security policy can control application execution through allow lists or deny/block lists.
• Allow list: Only approved applications can run, highly restrictive.
• Deny list: Applications on the list are blocked from execution, common for anti-virus/malware solutions.

Restricted Activities

• Scope: Defines components impacted by the change, ensuring limited changes within the plan.
• Expansion: Scope may need to be broadened during the change window due to unforeseen outcomes.
• Process: Determines next steps for successful change implementation.

Downtime

• Impact: Change processes can result in service disruptions, often scheduled for non-production hours.
• Minimization: Primary systems are upgraded via secondary systems to minimize downtime. Automated processes are used to prevent or minimize downtime.
• Communication: Updates are sent out through email and calendars to keep stakeholders informed.

Restarts

• Purpose: Implement new configurations, reboot systems, power cycle devices.
• In-Band Exchange: Protects key with additional encryption using asymmetric encryption for key delivery.
• Real-Time Encryption/Decryption: Efficient security through shared symmetric session keys using asymmetric encryption. Session keys should be ephemeral (temporary) and unpredictable.

Key Exchange

• Symmetric Key Generation: Combines public and private keys to generate a symmetric key. Ensures mutual key exchange for secure communication.

Encryption Technologies

• Trusted Platform Module (TPM): Cryptographic hardware integrated into devices like motherboards for secure key storage and generation.
• Hardware Security Module (HSM): High-end cryptographic hardware for large environments, securely stores numerous keys, and accelerates cryptographic operations.
• Key Management Systems: Centralized management of keys for various services, provided as third-party software for secure key storage and management.

Threat Actors

• Internal vs. External: Attacker origin, inside the network or attempting to gain entry.
• Resources: Financial and technical capabilities of the attacker.
• Sophistication: Attacker's skill level, automation, and ability to write custom malware.
• Motivation: Purpose behind the attack: data exfiltration, espionage, service disruption, financial gain, political beliefs, revenge, etc.

Nation-States

• External entity: Government-backed attackers with motivations ranging from data exfiltration to war.
• Resources and Sophistication: High resources and advanced capabilities, often associated with Advanced Persistent Threats (APTs).
• Targets: Critical infrastructure, military systems, financial institutions.

Unskilled Attackers

• Scripts: Run pre-made scripts without understanding the attack process.
• Motivation: Curiosity, disruption, data exfiltration.
• Resources: Limited capabilities and funds.

Hacktivists

• Purpose: Motivated by philosophical, political, or revenge-driven objectives. Target specific organizations or systems to disrupt operations.

Description

Test your understanding of network security principles, including the functions of data and control planes, adaptive identity assessment, and physical security measures. Explore how these concepts contribute to safeguarding networks in various scenarios.