Network Security Terms and Components

Questions and Answers

Which of the following best describes 'mitigation' in the context of network security?

• Action taken to reduce the likelihood of an attack. (correct)
• A weakness in the system.
• The process of identifying threats.
• The potential for a negative event to occur.

Which of the following is an example of a vector for network attacks?

• Encrypted network traffic.
• Regular security audits.
• A strong firewall configuration.
• A user who bypasses firewall restrictions. (correct)

In network security, what does a campus area network (CAN) typically include?

• Only wireless access points.
• Firewalls and intrusion prevention systems. (correct)
• A virtual private network.
• Satellite uplinks.

What primary function does a VPN provide for Internet users?

Protecting privacy through traffic encryption. (A)

Which of the following is considered an outside perimeter security measure for data center networks?

On-premise security officers. (B)

What is a key function of Mobile Device Management (MDM) in a BYOD network related to data protection?

Data encryption. (D)

What is the primary activity associated with 'script kiddies' in the context of hacking?

Using readily available hacking tools. (D)

Which activity is performed by 'packet sniffers' during penetration testing?

Capturing data transmitted over a network. (B)

What is the main purpose of a 'rootkit'?

To hide malicious activity on a system. (B)

What is the primary characteristic of a 'worm'?

It self-replicates across a network. (B)

What does a SYN flood attack attempt to achieve?

Overwhelming resources to cause a denial-of-service. (C)

What is the purpose of 'IP spoofing' in a network attack?

To conceal the attacker's identity. (D)

Which of the following is a characteristic of a 'reconnaissance' attack?

Information gathering. (B)

What is the primary goal of social engineering attacks?

To trick individuals into divulging sensitive information. (B)

What is the main difference between a DoS and a DDoS attack?

DDoS attacks involve multiple compromised systems. (D)

In cryptography, what does 'integrity' refer to?

Guaranteeing data has not been altered. (B)

A security artichoke is a way to protect something, but also introduces another form of potential attack, what is it called?

The artichoke of attack. (A)

What is 'Inoculation' as it applies to mitigating worms?

A preventative method against network attacks before infection. (C)

What is covered under the NFP (Network Performance and Security) Framework's 'data plane'?

Layer 2 security including port security. (D)

In the context of network security, consider a scenario where an attacker, known for their advanced persistent threat (APT) capabilities, successfully breaches a high-security data center. The attacker employs a sophisticated custom-built exploit that leverages a zero-day vulnerability in the data center's intrusion detection system (IDS), effectively rendering it blind to their presence. Simultaneously, they initiate a series of man-in-the-middle attacks by compromising the cryptographic keys used for secure communications, enabling them to intercept and modify sensitive data in real-time. To further obfuscate their activities, the attacker then deploys a polymorphic rootkit across the data center's servers, making it virtually impossible for traditional antivirus solutions to detect their presence. All of this happens while also utilizing an advanced social engineering attack in order to gain physical access to the hardware. What is the name of the only defense the organization has left?

There is no remaining method of defense. (C)

Flashcards

What is a Threat?

Something that has the potential to cause damage or danger to a network or system.

What is Vulnerability?

A weakness or flaw in a system that can be exploited by a threat.

What is Mitigation?

The action of reducing the chance of an attack or potential harm.

What is Risk?

The possibility that something bad will happen, often associated with potential harm or damage.

What is a Firewall?

A hardware device or software that protects a network from unauthorized access.

What is VPN?

Service that encrypts online traffic to protect sensitive data on the Internet.

Who are Script Kiddies?

Unskilled attackers who use readily available programs to perform attacks.

Who are Vulnerability Brokers?

Individuals who find and sell information about vulnerabilities to other parties.

Who are Hacktivists?

Hackers who use their skills to fight for a cause or someone's rights.

Who are Cyber Criminals?

Attackers who are primarily motivated by financial gain.

Who are State-Sponsored Hackers?

Hackers who work for governments, often involved in espionage or cyber warfare.

What is Password Cracker?

A tool used to crack or discover passwords, often through brute-force or dictionary attacks.

What are Packet sniffers?

Capture network packets to analyze data transmitted.

What is Malware?

Software designed to disrupt, damage, or gain unauthorized access to a computer system.

What is a Virus?

Malware that attaches itself to a program and propagates copies of itself to other programs.

What is Trojan Horse?

Non-self-replicating malware containing unexpected additional functionality.

What is Worm?

Propagates copies of itself through a network to infect other systems.

What is Ransomware?

Malware that prevents users from accessing systems unless a ransom is paid.

What is Phishing?

Scam attackers deceive people to reveal sensitive information.

What is DOS attack?

An attempt to overwhelm a network or server with excessive traffic.

Study Notes

• Common network security terms are:
• A threat is anything that can cause damage or danger.
• Vulnerability refers to a weakness.
• Mitigation is reducing the chance of an attack.
• Risk represents the possibility of something bad happening.

Network Attack Vectors

• All users can pass through the network after going through firewalls.
• Firewalls can either block or allow users.

Data Loss Vectors

• Potential vectors for data loss include:
• Email and webmail
• Unencrypted devices
• Cloud storage devices
• Removable media like USB drives and disks
• Hard copies
• Improper access control, like an untrusted person accessing email

Campus Area Network Components

• Campus Area Network contains elements such as:
• ASA firewall to filter traffic
• AAA server for authentication, authorization, and accounting
• IPS for intrusion prevention
• DMZ, which includes DHCP, email, and web servers, ESA/WSA

Security Devices

• A firewall can be hardware or software and protects one network from another.
• VPNs (Virtual Private Networks) protect privacy by encrypting online traffic. This sensitive data can be protected data from hackers and government surveillance agencies.
• Firewalls and VPN features are sometimes combined into a single device.

Network Types

• Small Office and Home Office (SOHO) networks use a wireless router and a Layer 2 switch.
• Wide Area Networks (WANs) are used by companies with many branches, often using a VPN to secure the line.

Data Center Security

• Outside perimeter security includes:
• On-premise security officers, fences, and gates
• Continuous video surveillance
• Security breach alarms
• Inside perimeter security includes:
• Electronic motion detectors and security traps
• Continuous video surveillance
• Biometric access and exit sensors

Virtual Machine Threats

• VM (Virtual Machine) threats include:
• Hyperjacking
• Instant On activation, and antivirus storms
• Secure Data Center components include:
• Secure segmentation
• Threat defense, and visibility
• Critical MDM (Mobile Device Management) functions for BYOD (Bring Your Own Device) networks include:
• Data encryption
• PIN enforcement, data wipe
• Data loss prevention
• Jailbreak/root detection

Modern Hacking Titles

• Current hacking roles include:
• Script Kiddies: unskilled attackers that use readily available programs
• Vulnerability Brokers
• Hacktivists: individuals who fight for a cause
• Cyber Criminals
• State-Sponsored Hackers: those who work for governments

Penetration Testing

• Penetration testing tools:
• Password crackers, wireless hacking, network scanning,
• Packet crafting and sniffers, rootkit detectors
• Fuzzers, forensics, debuggers
• Hacking operating systems and vulnerability scanners

Network Hacking Attacks

• Types of network hacking attacks:
• Eavesdropping and data modification
• IP address spoofing and password-based attacks (like guessing)
• Denial-of-service, man-in-the-middle, compromised-key attacks, and sniffers

Malware Types

• Malware is software designed to disrupt, damage, or gain unauthorized access to a system.
• Types of malware:
• Viruses attach to programs and replicate.
• Trojan Horses are non-self-replicating malware that contain unexpected functions.
• Worms propagate copies of self through a network.
• Ransomware is malicious software that prevents users from accessing their systems
• Spyware spies on someone
• Adware delivers malicious code and fake displayed ads when clicked.
• Scareware is pop ups.
• Phishing scams are used by attackers, deceive people into revealing sensitive information.
• Rootkits are like trojan viruses.

Trojan Classifications

• Trojan Horses are classified as:
• Security software disablers, used for remote access, data-sending
• Destructive, used as a proxy, FTP
• DoS
• Worms' components are:
• Enabling vulnerability, propagation mechanism, and payload

Network Targeting Reasons

Networks are targeted because of:

• Data manipulation: changing data for a purpose.
• SYN flood: overwhelms a system with SYN requests.
• Smurf attack: uses ICMP packets with a spoofed source IP broadcast to a network like DoS or DDoS.
• IP Spoofing: gains unauthorized access by impersonating another machine.
• Systems compromised by hackers become zombies.

Network Attack Variants

• Additional network attacks include:
• Syn flood (DoS)
• Data Modification
• Smurf attack (DDoS)
• Reconnaissance Attacks involve:
• Initial queries, ping sweeps, port scans, vulnerability scans
• Exploitation tools

Hacker Attack Objectives

• Hackers use access attacks to:
• Retrieve data.
• Gain access.
• Escalate access privileges.

Common Access Attacks

• Types of access attacks include:
• Password attacks.
• Trust exploitation and port redirection.
• Man-in-the-middle attacks.
• Buffer overflow attacks.
• IP, MAC, DHCP spoofing.

Social Engineering Attacks

• Social engineering attacks consist of:
• Pretexting: Using an invented scenario to persuade victims to divulge information or perform actions
• Phishing: Sending fraudulent emails or messages that appear to be from legitimate sources to trick individuals into providing sensitive information
• Spear Phishing: Targeting specific individuals or groups with personalized phishing attacks
• Spam: Sending unsolicited bulk emails as a form of advertising or to distribute malware
• Something for Something (Trojan): Offering a seemingly valuable item or service in exchange for the victim's cooperation, leading to the installation of malware
• Baiting: Using a false promise (e.g., a free download or enticing offer) to lure victims into a trap, often involving malware or data theft

DoS and DDoS Attacks

• A DoS (Denial of Service) attack overwhelms a network or server with excessive traffic.
• A DDOS (Distributed Denial of Service) attack
• A hacker builds a network of infected machines called a botnet controlled by handler systems, with compromised computers are called zombies.
• Zombie computers scan for more targets while the hacker instructs the botnet to carry out the DDoS attack.

Network Security Roles

• Network security professionals include:
• Chief Information Officer (CIO)/Chief Information Security Officer (CISO)
• Security Operations (SecOps) Manager
• Chief Security Officer (CSO)
• Security Manager
• Network Security Engineer

Security Organizations

• Types of network security organizations:
• CERT: www.cert.org
• SANS: www.sans.org
• MITRE: www.mitre.org
• FIRST (Forum of Incident Response and Security Teams): www.first.org
• InfoSec (Information System Security): www.infosyssec.org
• (ISC)² (International Information System Security Certification Consortium): www.isc2.org
• MS-ISAC (Multi-State Information Sharing & Analysis Center): msisac.cisecurity.org

Cryptography Components

• Cryptography components:
• Confidentiality: Uses encryption to hide data.
• Integrity: Uses hashing algorithms to ensure data is unaltered.
• Availabilit Assures data is accessible. Guaranteed by network hardening mechanisms and backup systems.

Network Security Domains

• Network security domains include:
• Risk assessment and security policy
• Organization of information security and asset management
• Human resources security
• Physical and environmental security
• Communications and operations management
• Information systems acquisition, development, and maintenance
• Access control
• Information security incident management
• Business continuity management
• Compliance
• Network security policy: is used for mitigation.
• Network security policy questions to be made:
• What do others want from you?
• Which processes, things, or systems are critical to you?
• What would stop your company or organization from doing its goals?

Security Artichoke

• A security artichoke protects something by using many layers of security.
• The artichoke attack: describes when an attacker breaks through layers of security one by one of defensives.

SecureX

• SecureX product families:
• Server Edge and Branch
• Secure Email and Web
• Secure Mobility
• Secure Access
• Secure Data Center and Virtualization

Network Scanning Element

• Centralized Context-Aware Network Scanning Elements define security policies based on:
• Type of device being used for access
• Person's identity
• Application in use
• Location
• Time of access

Mitigating Malware

• Mitigating Malware: involves using antivirus, antispyware, firewalls, antispam, and antiphishing measures, removing the malware, blocking its spread, and fixing any problems caused.

Mitigating Worms

• To mitigate worms via:
• Inoculation: is a preventive method (Before infection).
• Quarantine: Restriction to prevent the spread of worms (After infection).
• Treatment: Remove the worm.

Mitigating Reconnaissance Attacks

What are mitigation techniques used to mitigate reconnaissance attacks?

• Implement authentication
• Use encryption
• Use anti-sniffer tools.
• Implement a switched infrastructure.
• Use a firewall and IPS.

Mitigating Access Attacks

• Mitigation methods for access attacks include:
• Strong password security.
• Principle of minimum trust.
• Cryptography.
• Applying OS and application patches.

Mitigating DoS Attacks

To mitigatie DoS attacks:

• IPS and firewalls (Cisco ASAs and ISRs).
• Anti Spoofing technologies.
• Quality of service-traffic policing.

Securing NPS Framework

• To secure the control plane:
• Configure AutoSecure
• Implement routing protocol authentication
• Implement Control Plane Policing (CoPP)
• How to secure the management plane:
• By enabling login/password policies, presenting legal notifications
• Ensuring data confidentiality via SSH and HTTPS
• Enabling role-based access control, authorizing actions, and enabling management access reporting
• To secure the data plane:
• Use ACLs
• Anti Spoofing
• Layer 2 security, DHCP snooping, dynamic ARP inspection (DAI)

Chapter Objectives

• Key objectives include explaining network security, describing various types of threats and attacks, and explaining tools and procedures to mitigate malware and common network attacks.

Description

Explore network security terms like threats, vulnerabilities, mitigation, and risk. Learn about network attack vectors, data loss vectors including email, unencrypted devices, and removable media. Understand campus area network components such as ASA firewalls, AAA servers, IPS, and DMZ.