Network Segmentation and Zero Trust Framework

Questions and Answers

What is the primary function of a virtual firewall?

To manage traffic in virtual environments (correct)

To protect individual hosts from attacks

To connect different locations within the same organization

To filter web content based on predefined categories

Which type of firewall specifically focuses on application-level traffic?

NAT Gateway

Host-based firewall

Virtual firewall

Web Application Firewall (WAF) (correct)

What does a NAT Gateway do?

Masks private IP addresses with a public IP (correct)

Blocks malicious web content

Filters web traffic based on content type

Scans for network intrusions

What is a characteristic of signature-based detection in IDS?

Relies on predefined attack signatures

What capability does the Client-to-Site VPN provide?

Enables secure connections for individual remote users

Which of the following statements is true about HIDS?

It is focused on protecting individual hosts.

What does anomaly-based detection in IDS build its model from?

Normal behavior for a system

What is one of the advantages of heuristic-based detection?

It updates its signatures dynamically.

What is the main advantage of using Full Tunnel over Split Tunnel in a VPN?

It encrypts all traffic for better security.

Which VPN protocol is commonly used for site-to-site connections?

IPSec

How does MAC Filtering enhance port security?

By allowing only certain devices to connect through specific ports.

What causes broadcast storms in a network?

Multiple paths between two endpoints at Layer 2.

What is the purpose of DHCP Snooping?

To authenticate DHCP servers within the network.

Which method can help prevent network loops?

Exchanging Bridge Protocol Data Units (BPDU).

What does load balancing primarily improve in a network?

Server capacity and reliability.

Which component is essential for preventing DHCP Starvation attacks?

Trusted and untrusted ports in DHCP Snooping.

What is the primary purpose of network segmentation?

To partition a network into segments for enhanced security

Which zone in network segmentation contains sensitive resources only accessible by authorized users?

Trusted Zone

What does the Zero Trust framework require for all users and devices?

Continuous authentication and authorization

What characterizes a stateful firewall?

Tracks the state of active connections

What is the function of a Jump Server in network security?

A controlled access point for managing resources

Which of the following best describes a next-generation firewall (NGFW)?

Combines firewall functions and intrusion detection

What does the control plane manage in a Zero Trust architecture?

Authentication and authorization

What is a characteristic of an untrusted zone in network segmentation?

Has the lowest trust level

What is the primary benefit of session persistence?

It improves user experience and reduces latency.

What distinguishes the active/passive mode from the active/active mode in load balancers?

Active/passive mode features a standby load balancer.

Which scheduling algorithm distributes traffic to the server with the least number of active connections?

Least connection

What is east-west traffic?

Internal data traffic within a single data center.

What is the key difference between an intranet and an extranet?

An extranet offers limited access to an organization’s intranet.

What type of traffic involves data entering or leaving a data center?

North-south traffic

Which term refers to the secure network used exclusively by an organization's internal users?

Intranet

What happens in the active/active mode of load balancers?

Both load balancers distribute traffic simultaneously.

Study Notes

Network Segmentation

• Is dividing a network into secure zones to better manage access and enhance security
• Trusted zones contain sensitive resources and are only accessible by authorized users
• Untrusted zones are external networks with the lowest trust level, like the internet
• Demilitarized zones (DMZs) protect the trusted network from untrusted traffic, often used for web servers
• Jump servers are controlled access points for managing resources across different security zones, typically used for managing resources securely.

Zero Trust Framework

• Assumes both internal and external threats exist, requiring continuous authentication and authorization for all users and devices, regardless of location
• Core principles include:
  • The network is considered compromised
  • Trust is not based on device location
  • Every access request is authenticated and authorized
  • Security policies are dynamic and derived from multiple data sources
• Controlled plane manages authentication, authorization, and policy enforcement
• Data plane enforces security policies and controls access to protected resources through a policy enforcement point (PEP).

Firewalls

• Controls traffic based on rules, isolating trusted internal networks from untrusted external networks
• Stateless firewalls filter packets based on header information like Access Control Lists (ACLs)
• Stateful firewalls track the state of network traffic and allow packets belonging to established sessions
• Unified Threat Management (UTM) combines multiple security functions into a single device, simplifying management
• Next-Generation Firewalls (NGFWs) enhance traditional firewalls with deep packet inspection, application-level controls, and real-time threat intelligence integration
• Host-based firewalls are software running on individual hosts, managing their traffic
• Virtual firewalls operate inside virtual environments, controlling traffic via bridge or hypervisor modes
• Application firewalls focus on application-level traffic and protect against attacks like SQL injection
• Web Application Firewalls (WAFs) are a type of application firewall.

NAT Gateway

• Provides internet access to hosts in private networks by masking their private IP addresses with a single public IP
• Adds an extra layer of security.

Web Filtering

• Protects organizations from malicious or inappropriate web content
• DNS filtering blocks access to entire domains
• URL filtering blocks access to specific URLs
• Content filtering analyzes content to block risky or unwanted data based on predefined categories.

Network Intrusion Detection and Prevention Systems (NIDS/NIPS)

• NIDS (Network-based Intrusion Detection System) monitors network traffic for malicious activity
• HIDS (Host-based IDS) focuses on protecting individual hosts
• NIPS (Network-based Intrusion Prevention System) actively blocks threats in real-time
• Inline mode actively blocks attacks at the network edge
• Passive mode monitors network traffic without directly interacting, typically used for analysis but cannot prevent attacks
• Signature-based detection identifies threats using pre-defined attack signatures but struggles with new attacks (e.g., zero-day threats)
• Anomaly-based detection flags deviations from established normal behavior, but can lead to false positives
• Behavior-based detection focuses on abnormal actions by processes (e.g., scanning multiple ports)
• Heuristic-based detection is adaptive, updating its signatures dynamically and useful for detecting new threats.

VPN (Virtual Private Network)

• Enables private communication over public networks, ensuring confidentiality
• Site-to-Site VPNs connect different locations within the same organization
• Client-to-Site VPNs allow individual remote users to securely connect to a network (e.g., remote work)
• Full Tunnel encrypts all traffic, is more secure but slower
• Split Tunnel only encrypts private traffic, is faster but less secure
• SSL/TLS (Secure Sockets Layer/Transport Layer Security) ensures secure communication over the web, used in SSL VPNs
• IPSec secures data at the network layer, commonly used for site-to-site connections
• L2TP (Layer 2 Tunneling Protocol) is often paired with IPSec for secure tunneling at the data link layer.

Port Security

• Protects data link layer (OSI Layer 2) traffic on devices like switches, firewalls, and routers
• Port Disablement disables unused ports to prevent unauthorized devices from connecting
• MAC Filtering allows only specific MAC addresses to connect to a port
• IEEE 802.1X requires devices to authenticate before accessing the network

Network Loop Prevention

• Network loops occur when there are multiple paths between two endpoints at Layer 2, causing broadcast storms
• Broadcast storm prevention methods include disabling ports and limiting broadcast traffic
• Bridge Protocol Data Unit (BPDU) packets are exchanged by switches to detect loops and prevent them using the Spanning Tree Protocol (STP).

DHCP Snooping

• Prevents unauthorized DHCP servers from providing network configuration to clients
• Trusted Ports receive traffic from legitimate DHCP servers
• Untrusted Ports block rogue DHCP traffic
• Attacks Prevented by DHCP Snooping:
  • DHCP Spoofing - Redirects client traffic by providing forged DHCP responses
  • DHCP Starvation - Depletes the DHCP server's IP address pool, preventing legitimate clients from connecting (a form of DoS attack).

Load Balancing

• Distributes network or application traffic across multiple servers to improve capacity, reliability, and performance
• Typically operates at the transport layer (Layer 4) or application layer (Layer 7)
• Session Persistence (Sticky Session) ensures a client's requests are directed to the same server during a session
• Active/active mode increases capacity and redundancy, but is more costly
• Active/ passive mode has a primary load balancer active and a secondary standby, is commonly used for disaster recovery
• Load Balancer Scheduling Algorithms include:
  • Least connection
  • Least response time
  • Round robin
  • IP hash

Data Center Traffic

• East-west traffic is internal data traffic between components within the same data center or between data centers in the same security zone
• North-south traffic involves data that enters or leaves a data center, crossing security zones

Intranet and Extranet

• Intranet is a private, secure network accessible only by authorized internal users
• Extranet is a controlled network that provides limited access to an organization's intranet by external partners or customers.

Description

This quiz explores essential concepts of network security, focusing on network segmentation and the Zero Trust framework. Participants will learn about trusted and untrusted zones, DMZs, jump servers, and the importance of continuous authentication. Test your understanding of how these principles work together to enhance security in modern network environments.