Network Security: Terms, Attacks, Components

Questions and Answers

Which of the following best describes 'mitigation' in the context of network security?

• Determining the potential damage from a threat.
• Reducing the likelihood of a successful attack. (correct)
• Exploiting vulnerabilities in a network.
• Identifying weaknesses in a system.

What is a primary function of a firewall in network security?

• To allow all users to bypass security checks.
• To encrypt all network traffic.
• To block or allow network traffic based on defined rules. (correct)
• To monitor network traffic for malicious activity.

Which of the following presents a potential vector for data loss?

• Cloud storage devices with unknown security measures. (correct)
• Encrypted communication channels.
• A regularly updated firewall.
• Strict access control policies.

Which component of a campus area network is responsible for filtering network traffic?

ASA Firewall (A)

What is the main purpose of a Virtual Private Network (VPN)?

To provide anonymity and encrypt internet traffic, protecting sensitive data. (D)

What is a key characteristic of Wide Area Networks (WANs)?

They are commonly used by organizations with multiple branches. (C)

What is the purpose of security breach alarms in data center security?

To alert personnel to potential unauthorized access. (B)

Which of the following is an example of inside perimeter security for data center networks?

Biometric access and exit sensors. (A)

What is 'hyperjacking' in the context of virtual machine threats?

Unauthorized control of a hypervisor. (D)

Which function is considered a critical function of Mobile Device Management (MDM) for Bring Your Own Device (BYOD) networks to ensure data security?

Data encryption (B)

What is a 'Script Kiddie' in the context of modern hacking?

An unskilled individual who uses pre-made tools to perform attacks. (C)

What is the primary function of 'password crackers' in penetration testing?

To attempt to discover passwords. (A)

Which type of malware requires a user to pay a ransom in order to regain access to their system or data?

Ransomware (B)

Which of the following is a characteristic of a 'Trojan Horse' malware?

It presents itself as legitimate software but contains hidden malicious functions. (C)

What is a 'SYN flood' attack?

A denial-of-service attack that overwhelms a server with connection requests. (D)

What is the purpose of 'IP spoofing' in a network attack?

To gain unauthorized access to machines by impersonating another machine. (B)

What is the goal of reconnaissance attacks?

To gather information about a target network. (C)

What is the purpose of 'Quality of Service (QoS) - traffic policing' in mitigating DoS attacks?

To prioritize legitimate traffic and limit malicious traffic. (C)

Consider a scenario where a network administrator discovers multiple compromised computers on the internal network. Further investigation reveals that these computers are being remotely controlled to launch coordinated attacks against external targets. According to the content, what term best describes this scenario?

Botnet (C)

An organization has a policy requiring all employees to use strong, unique passwords and to change them every 90 days. Additionally, the IT department conducts regular security awareness training to educate employees about phishing and other social engineering attacks. They also employ multi-factor authentication for all remote access to the corporate network. Despite these measures, a sophisticated attacker manages to compromise a privileged user account by exploiting a zero-day vulnerability in a critical application, allowing them to gain unauthorized access to sensitive data. What defense strategy could have most likely prevented this account compromise?

Adopting a zero-trust security model that assumes all users, devices, and applications are untrusted, regardless of their location or authentication status, and continuously verifies their access rights. (B)

A threat is a weakness in a system that can be exploited.

False (B)

Mitigation refers to increasing the chance of an attack occurring.

False (B)

All network users must pass through firewalls, both external and internal, to access the network.

False (B)

Unencrypted devices are not considered a potential vector for data loss.

False (B)

A DMZ typically includes systems like DHCP servers, email servers, and web servers.

True (A)

An ASA firewall is an example of Adaptive Security Attribution.

False (B)

A firewall and a VPN are the same thing in terms of network security.

False (B)

A SOHO network typically uses enterprise-grade firewalls exclusively.

False (B)

Electronic motion detectors are considered part of the outside perimeter security of data center networks.

False (B)

Hyperjacking is a threat specific to virtual machines.

True (A)

Visibility is not a component of a secure data center.

False (B)

State-sponsored hackers primarily work for private corporations.

False (B)

Packet crafting involves capturing network packets and analyzing their contents.

False (B)

Adware is a type of malware that replicates itself.

False (B)

Worms require user interaction to spread from one computer to another.

False (B)

A Syn Flood utilizes ICMP packets.

False (B)

In network security, pretexting involves physical intrusion to gain access to a secure area.

False (B)

A botnet is a network of infected machines.

True (A)

A Security Operations (SecOps) Manager has more responsibility than a Chief Information Security Officer (CISO).

False (B)

The three components of cryptography are: confidentiality, integrity, and non-repudiation.

False (B)

Flashcards

What is a Threat?

Something that can cause damage or danger to a network.

What is a Vulnerability?

A weakness in a network that can be exploited by a threat.

What is Mitigation?

The action of reducing the chance of getting an attack.

What is Risk?

A possibility that something bad will happen.

What does a Firewall do?

A hardware device or software that is used to protect one network from another.

What is a VPN?

A service that helps protect your privacy online by encrypting your internet traffic.

What is Malware?

Malicious software specifically designed to disrupt, damage, or gain unauthorized access to a computer system.

What is a Virus?

Malware that attaches itself to a program and propagates copies of itself to other programs.

What is a Trojan Horse?

Non-self replicating malware that contains unexpected additional functionality.

What is a Worm?

Malware that propagates copies of itself through a network.

What is Ransomware?

Malicious software that prevents users from accessing their systems unless they pay a ransom.

What is Phishing?

Attackers deceiving people into revealing sensitive information.

What is a DoS attack?

An attempt to overwhelm a network or server with excessive traffic to make it unavailable to users.

What is a Botnet?

A network of infected hosts controlled by handler systems to carry out DDoS attacks.

Confidentiality

Uses encryption to encrypt and hide data.

Integrity

Uses hashing algorithms to ensure data is unaltered during operation.

Mitigating Malware

Taking steps to stop or reduce the damage caused by malicious software.

Inoculation

A preventive method against network attacks (Before infection).

Quarantine

Restriction to remove an infected system or portion of a network from main network to prevent the spread of worms (After infection).

Mitigating Reconnaissance Attacks

Techniques used to ensure proper access.

Outside Perimeter Security

On-premise security officers, fences and gates, continuous video surveillance, and security breach alarms.

Inside Perimeter Security

Electronic motion detectors, security traps, continuous video surveillance, and biometric access and exit sensors.

Script Kiddies

Unskilled attackers using available programs.

Hacktivist

Someone who fights for someone's rights

State-Sponsored Hackers

Work for governments.

Packet sniffers

Capture packets of data transmitted over a network.

VM-Specific Security

Attack surface is increased, harder to manage, and requires continuous monitoring.

Reconnaissance Attacks

Initial query of a target, pinging.

Hackers use access attacks?

To retrieve data, to gain access, to escalate access privileges.

Access attack types?

Password, trust exploitation, port redirection, man-in-the-middle, buffer overflow, IP, MAC, DHCP spoofing.

Social Engineering attacks

Pretexting, Phishing, Spear Phishing, Spam, and Baiting.

Cryptography

Uses encryption to encrypt and hide data.

Network Security Domains?

Taking steps to stop or reduce the damage caused by malicious software. This can involve actions like using antivirus, antispyware, firewall, antispam, anti phishing, removing the malware, blocking it from spreading, and fixing any problems it caused.

Treatment

Is a restriction to remove an infected system or portion of a network from the main network which is intended to prevent the spread of worms (After infection).

Study Notes

Common Network Security Terms

• Threat: Something causing damage or danger.
• Vulnerability: Weakness.
• Mitigation: Reduces the chance of an attack.
• Risk: The possibility of something bad happening.

Vectors of Network Attacks

• All users can pass through the network after going through firewalls.
• Firewalls can either block or allow users.

Data Loss Vectors

• Email/Webmail
• Unencrypted Devices
• Cloud Storage Devices: Location of information is unknown.
• Removable Media: USB drives, disks.
• Hard Copy
• Improper Access Control: Someone untrusted accessing email.

Campus Area Network Components

• ASA Firewall (Adaptive Security Appliance): Filters traffic.
• AAA Server (Authentication, Authorization, Accounting).
• IPS (Intrusion Prevention System).
• DMZ (DHCP server, Email Server, Web Server, ESA/WSA).

Firewalls and VPNs

• Firewall: Hardware or software protecting a network from another.
• VPN (Virtual Private Network): Protects privacy by encrypting online traffic, securing sensitive data from hackers and surveillance, even on public WiFi.
• Firewall/VPN Device: Combines features of both.

Small Office and Home Office Networks (SOHO Network)

• SOHO networks are used in small offices and home offices

Wide Area Networks (WAN)

• Used by companies with many branches.
• VPN use secures the connection.

Security of Data Center Networks

• Outside Perimeter Security:
  • On-premise security officers.
  • Fences and gates.
  • Continuous video surveillance.
  • Security breach alarms.
• Inside Perimeter Security:
  • Electronic motion detectors.
  • Security traps.
  • Continuous video surveillance.
  • Biometric access and exit sensors.

VM Specific Threats

• Hyperjacking.
• Instant On activation.
• Antivirus storm.

Components of a Secure Data Center

• Secure segmentation.
• Threat defense.
• Visibility.

Critical MDM Functions for BYOD Networks

• Data encryption.
• PIN enforcement.
• Data wipe.
• Data loss prevention.
• Jailbreak/root detection.

Modern Hacking Titles

• Script Kiddies: Unskilled attackers using available programs.
• Vulnerability Brokers.
• Hacktivists: Fight for someone's rights.
• Cyber Criminals.
• State-Sponsored Hackers: Work for governments.

Penetration Testing Tools

• Password crackers: Crack passwords.
• Wireless hacking: Man in the middle attacks.
• Network scanning/hacking: Nmap.
• Packet crafting.
• Packet sniffers: Capture network data packets.
• Rootkit detectors.
• Fuzzers: Search vulnerabilities.
• Forensic tools.
• Debuggers.
• Hacking operating systems.
• Encryption.
• Vulnerability exploitation.
• Vulnerability Scanners.

Network Hacking Attacks

• Eavesdropping.
• Data modification.
• IP address spoofing.
• Password-based attacks.
• Denial-of-service.
• Man-in-the-middle.
• Compromised-key.
• Sniffer.

Malware

• Software designed to disrupt, damage, or gain unauthorized access to a computer system.
• Types of Malware:
  • Virus: Attaches to a program, replicates.
  • Trojan Horse: Non-self replicating, unexpected functionality.
  • Worm: replicates through a network.
  • Ransomware: Prevents access unless ransom is paid.
  • Spyware: Spies on someone.
  • Adware: Fake displayed ad.
  • Scareware: Pop up.
  • Phishing: Scams to deceive people, revealing information.
  • Rootkits: Like trojan.
• Trojan Horse Classifications:
  • Security software disabler
  • Remote-access
  • Data-sending
  • Destructive
  • Proxy
  • FTP
  • DoS components of Worm
  • Enabling vulnerability.
  • Propagation mechanism.
  • Payload.

Why Networks Are Targeted

• Data manipulation: Changing data for a purpose.
• SYN flood: Denial-of-service attack, consuming resources.
• Smurf attack: Distributed denial-of-service attack using ICMP packets. Uses DOS (1 device) and DDOS (Multiple devices, done with zombies)
• IP Spoofing: Gaining unauthorized access by impersonating another machine.
• System Compromise: Zombies.

Network Attacks

• Syn flood (DOS).
• Data Modification.
• Smurf attack (DDOS).

Reconnaissance Attacks

• Initial query of a target.
• Ping sweep of the target network.
• Port scan of active IP addresses.
• Vulnerability scanners.
• Exploitation tools.

Why Hackers Use Access Attacks

• Retrieve data.
• Gain access.
• Escalate access privileges

Types of Access Attacks

• Password.
• Trust exploitation.
• Port redirection.
• Man-in-the-middle.
• Buffer overflow.
• IP, MAC, DHCP spoofing.

Social Engineering Attacks

• Pretexting.
• Phishing.
• Spear Phishing.
• Spam.
• Something for Something (Trojan).
• Baiting.

DOS Attack

• DOS (Denial of Service): Overwhelming a network/server with excessive traffic.

DDOS Attack

• DDOS (Distributed Denial of Service):
  • Hacker builds a network of infected machines (botnet).
  • Compromised computers (zombies) are controlled by handler systems.
  • Zombie computers scan and infect more targets.
  • Hacker instructs handler system to carry out DDoS attack.

Types of Network Security Professionals

• Chief Information Officer (CIO).
• Chief Information Security Officer (CISO).
• Security Operations (SecOps) Manager.
• Chief Security Officer (CSO).
• Security Manager.
• Network Security Engineer.

Security Organizations

• CERT - www.cert.org
• SANS - www.sans.org
• MITRE - www.mitre.org
• FIRST (Forum of Incident Response and Security Teams) - www.first.org
• InfoSec (Information System Security) - www.infosyssec.org
• (ISC)² (International Information System Security Certification Consortium) - www.isc2.org
• MS-ISAC (Multi-State Information Sharing & Analysis Center) - msisac.cisecurity.org
• Components of Cryptography
  • Confidentiality: Encryption to hide data.
  • Integrity: Hashing algorithms to ensure data is unaltered.
  • Availability: Assuring data accessibility, network hardening, and backups.

Network Security Domains

• Risk assessment.
• Security policy.
• Organization of information security.
• Asset management.
• Human resources security.
• Physical and environmental security.
• Communications and operations management.
• Information systems acquisition, development, and maintenance.
• Access control.
• Information security incident management.
• Business continuity management.
• Compliance.

Network Security Policy Use

• Used for mitigation.

Network Security Policy

• Based on specific questions.
  • What do you have that others want?
  • What processes, data, or information systems are critical to you?
  • What would stop your business or organization?

Security Artichoke

• Way to protect with many layers of security.
• Artichoke attack: Attacker breaks through layers one by one to reveal data.

SecureX Product Families

• Server Edge and Branch.
• Secure Email and Web.
• Secure Mobility.
• Secure Access.
• Secure Data Center and Virtualization.

Security Policies Based on Five Parameters

• Type of device being used.
• Person's identity.
• Application in use.
• Location.
• Time of access.

Mitigating Malware

• Stopping or reducing damage from malicious software.

Mitigating Worms

• Inoculation: Preventive method against network attacks.
• Quarantine: Removing infected system to prevent worm spread.
• Treatment: Removing the worm and repairing damage.

Mitigating Reconnaissance Attacks

• Implementing authentication.
• Using encryption.
• Using anti-sniffer tools.
• Implementing switched infrastructure.
• Using a firewall and IPS.

Mitigating Access Attacks

• Strong password security.
• Principle of minimum trust.
• Cryptography.
• Applying OS and application patches.

Mitigating DoS Attacks

• Using IPS and firewalls (Cisco ASAs and ISRs).
• Anti Spoofing technologies.
• Quality of service-traffic policing.

NFP Framework

Securing the Control Plane

• AutoSecure.
• Routing protocol authentication.
• Control Plane Policing (CoPP).

Securing the Management Plane

• Enabling login and password policy.
• Presenting legal notification.
• Ensuring confidentiality via SSH and HTTPS.
• Enabling role-based access control.
• Authorizing actions.
• Enabling management access reporting.

Securing the Data Plane

• Using ACLs.
• Anti Spoofing.
• Layer 2 security including port security, DHCP snooping, and DAI.

Chapter Objectives

• Explain network security.
• Describe various types of threats and attacks.
• Explain tools and procedures to mitigate the effects of malware and common network attacks.

Description

Explore common network security terms like threat, vulnerability, mitigation, and risk. Learn about network attack vectors and data loss vectors. Understand campus area network components and the difference between firewalls and VPNs.