Network Segmentation and Security

Questions and Answers

What is the primary purpose of a firewall in a network?

To control the flow of traffic into and out of a network

What is a choke point in a network?

A point where network traffic is inspected and controlled

What is a personal firewall?

A software that controls network traffic to and from a computer

Which of the following is an example of a firewall?

A Checkpoint firewall that allows or disallows traffic based on protocol

What is the purpose of segmenting a network?

To reduce network security risks

What is a common function of a firewall?

To allow or disallow traffic based on protocol

What is the primary advantage of using WPA2?

It offers the strongest inherent security.

Which of the following is a type of firewall?

Application proxy

What is the main difference between a firewall and a personal firewall?

A firewall is used for networks, while a personal firewall is used for personal computers

What is the primary function of FTP?

Transferring files insecurely.

What is the secure equivalent of Telnet?

Secure Shell (SSH)

What is the purpose of a honeypot?

To detect, monitor, and sometimes tamper with the activities of an attacker.

What is the name of the tool used for port scanning?

Nmap

What is the name of the tool used for firewall tools?

Hping3

What is the main advantage of using security tools?

They are used by authorized users.

What is the term used to describe new or unpublished attacks or vulnerabilities?

Zero-day attacks

What is a DMZ typically a combination of?

A network design feature and a firewall

Why do we need to ensure the security of devices such as mail servers and web servers?

Because they are exposed to external networks such as the Internet in order to function

What is the purpose of putting a layer of protection between the device and the Internet, and between the rest of the network and the device?

To ensure the security of the device and the network behind it

What do IDSes monitor for?

Unauthorized activity

What type of IDS monitors the network traffic?

Network-based intrusion detection system (NIDS)

What is the method of detection used by Signature-based IDSes?

Maintaining a database of attack signatures

What is the method of detection used by Anomaly-based IDSes?

Maintaining a baseline of normal traffic and measuring against it

How do Signature-based IDSes work?

By comparing incoming traffic to a database of attack signatures

Study Notes

Network Security

• A properly laid out network can prevent some attacks, mitigate others, and fail in a graceful way when necessary.
• Network segmentation can reduce the impact of attacks by dividing a network into smaller subnets, controlling traffic flow between them, and blocking traffic when necessary.

Choke Points

• Choke points are points in the network where traffic is funneled through to inspect, filter, and control traffic.
• Examples of choke points include routers, firewalls, proxies, and application proxies.

Firewalls

• A firewall is a mechanism for controlling traffic that flows into and out of a network.
• Firewalls can allow or disallow traffic based on protocol, allowing Web and e-mail traffic to pass while blocking everything else.

Personal Firewall

• A personal firewall is a lightweight software that controls network traffic to and from a computer, permitting or denying communications based on a security policy.
• Personal firewalls typically work as an application-layer firewall and only protect the computer on which they are installed.

DMZs

• A DMZ (demilitarized zone) is a combination of a network design feature and a protective device, such as a firewall.
• DMZs are used to protect devices that need to be exposed to external networks, such as mail servers, proxy servers, and Web servers.

Network Intrusion Detection Systems

• IDSes monitor networks, hosts, or applications for unauthorized activity.
• There are three types of IDSes: Host-based intrusion detection systems (HIDSes), Application protocol-based intrusion detection systems (APIDSes), and Network-based intrusion detection systems (NIDSes).

IDS Detection Methods

• IDSes are classified into two main categories: signature-based detection and anomaly-based detection.
• Signature-based detection works by comparing incoming traffic to a database of known attack signatures.
• Anomaly-based detection works by taking a baseline of normal traffic and measuring the present state of traffic against it to detect patterns that are not present in normal traffic.

Secure Protocols

• Secure protocols can protect data by using secure equivalents of insecure protocols.
• Examples of secure protocols include Secure Shell (SSH) instead of Telnet, and Secure File Transfer Protocol (SFTP) instead of FTP.

Network Security Tools

• Network security tools can improve network security and are often the same as those used by attackers.
• Examples of security tools include Kismet, coWPAtty, and Aircrack-NG for wireless, Nmap for port scanning, HPing3 for firewall tools, and Tcpdump, WinDump, and OptiView for packet sniffers.

Honeypot

• Honeypots are a controversial tool that can detect, monitor, and sometimes tamper with the activities of an attacker.
• Honeypots are configured to deliberately display vulnerabilities or materials that would make the system attractive to an attacker.