Securing Networks

Questions and Answers

Which of the following BEST describes a 'threat' in the context of network security?

• A weakness in a system that can be exploited.
• The measure of uncertainty regarding a future event.
• The method of reducing the likelihood of a successful attack.
• A potential danger that can exploit a vulnerability. (correct)

What is the primary goal of network security?

• To ensure complete, unrestricted access to all network resources.
• To implement the latest security technologies, regardless of need.
• To protect the confidentiality, integrity, and availability of network resources and data. (correct)
• To maximize network bandwidth and minimize latency.

Which of the following is an example of an internal threat vector for data loss?

• Unencrypted Devices
• Email/Webmail
• Improper Access Control (correct)
• Removable Media

In the context of network security, what does 'mitigation' refer to?

Reducing the impact or likelihood of a threat exploiting a vulnerability. (B)

Which network type is commonly found in homes and small businesses?

Small Office/Home Office (SOHO) network (C)

Which of the following roles is primarily responsible for overseeing an organization's information security?

Chief Information Security Officer (CISO) (C)

What is the main characteristic that distinguishes a worm from a virus?

A worm self-replicates and spreads automatically, while a virus typically requires user action to spread. (D)

What is the primary purpose of a Trojan horse?

To disguise itself as legitimate software to gain access to a system. (C)

Which of the following BEST describes a 'zero-day' vulnerability?

A vulnerability that is actively being exploited but is unknown to the vendor. (B)

Which of the following attack types involves an attacker intercepting communications between two parties without their knowledge?

Man-in-the-Middle (MITM) (C)

What is the primary purpose of 'penetration testing'?

To evaluate the security of a system or network by simulating attacks. (A)

Which of the following is a common method for mitigating a Denial-of-Service (DoS) attack?

Using a firewall and intrusion prevention system (IPS). (A)

Which security principle uses hashing algorithms to ensure data has not been altered during transmission or storage?

Integrity (C)

What is the purpose of 'data loss prevention' technology?

To prevent sensitive data from leaving the organization's control. (A)

In the context of network security, what is the 'principle of least privilege'?

Granting users only the minimum necessary rights and permissions to perform their job functions. (B)

Which of the following is a key element of physical security for a data center?

Biometric access control. (C)

Which security measure can be used to segment a network and control traffic flow between different segments?

Firewall (D)

What is the purpose of Control Plane Policing (CoPP)?

To protect the control plane of a network device from being overwhelmed by traffic. (D)

An attacker spoofs the MAC address of a legitimate device on the network, redirecting traffic intended for that device to the attacker's machine. Which type of attack refers to this scenario?

ARP poisoning (C)

Which of the modern hacking titles below would most likely perform security tasks on a network without malicious intent, but may occasionally cross ethical lines for personal gain or curiosity?

Grey Hat Hacker (B)

Threat, vulnerability, mitigation, and risk are all important elements of network security.

True (A)

Internal and external threats are insignificant in modern network attacks.

False (B)

Hard copy documents are not considered as vectors of data loss.

False (B)

Campus Area Networks (CANs) typically do not include components like AAA Servers and ASA Firewalls.

False (B)

Wide Area Networks (WANs) do not commonly use VPNs.

False (B)

Outside perimeter security for data centers includes electronic motion detectors.

False (B)

Describing the evolution of network security is not crucial when discussing network threats.

False (B)

Hacking operating systems is not considered a penetration testing tool.

False (B)

Eavesdropping is not a network hacking attack.

False (B)

A trojan is a self-replicating type of malware.

False (B)

The primary function of a worm is disrupting hardware performance.

False (B)

Initial query of a target is a type of reconnaissance attack

True (A)

DHCP spoofing is not a type of access attack.

False (B)

Social engineering attacks do not involve psychological manipulation.

False (B)

A botnet is a type of hardware firewall used in DDoS mitigation.

False (B)

Network hardening contributes to data availability.

True (A)

Human resources security is not considered a network security domain

False (B)

Network Security Policies are rigid documents that never require updating once implemented.

False (B)

Implementing a non-switched infrastructure is an effective technique for mitigating reconnaissance attacks.

False (B)

The Cisco Network Foundation Protection Framework (NFP) primarily addresses the ethical considerations of network administrators, rather than the technical aspects of security.

False (B)

Flashcards

What is a Virus?

A malicious software which executes a specific unwanted, often harmful function on a computer.

What is a Worm?

Executes arbitrary code and installs copies of itself in the memory of the infected computer, automatically replicating and spreading across the network.

What is a Trojan horse?

A non-self-replicating type of malware, often containing malicious code, designed to look like something else, such as a legitimate application or file

What is a Black Hat Hacker?

Someone with malicious intent who seeks to compromise computer systems and networks.

What is a White Hat Hacker?

A computer security expert who specializes in penetration testing and other testing methodologies to ensure that a company's information systems are secure.

What is a Hacker?

An individual who illegally gains access to computer systems and/or networks to gather information, steal data, and/or disrupt operations.

What is Social Engineering?

The exploitation of human psychology to manipulate individuals into performing actions or divulging confidential information.

What is Phishing?

An attempt to acquire sensitive information such as usernames, passwords, and credit card details by disguising as a trustworthy entity in an electronic communication.

What is a SYN Flood?

A type of denial-of-service (DoS) attack in which an attacker floods a target system with SYN packets in an attempt to overwhelm it.

What is a Smurf Attack?

A type of denial-of-service (DoS) attack that floods a network with spoofed ICMP packets, overwhelming the target and causing it to become unresponsive.

What is a Botnet?

A network of infected hosts.

What are network security drivers?

The drivers of network security include threat, vulnerability, mitigation and risk.

What is a vulnerability?

A weakness or gap in security efforts.

What is Mitigation?

Action taken to reduce the severity of a threat.

What is Risk?

The potential for loss, damage or destruction.

What are different network topologies?

Campus Area Networks, Small Office Home Office Networks, Wide Area Networks and Data Center Networks.

What are Network Security Job Titles?

Security Operation, Security Manager and Network Security Engineer

What are Network Security Domains?

Organization of Information Security, Asset Management and Business Continuity Management

How can we Defend the Network?

Develop a Written Security Policy, Encrypt and Password Protect Sensitive Data and Perform Security Audits

What is included in Mitigating Malware?

Antivirus, Antispyware and Firewall

Who are Cyber Criminals?

Individuals or groups who seek to exploit vulnerabilities for personal gain.

Who are Hacktivists?

Individuals who use hacking techniques to promote a political agenda or social change.

Who are Script Kiddies?

Inexperienced individuals who use existing tools and scripts to perform attacks without fully understanding the underlying concepts.

Who are State-Sponsored Hackers?

Individuals or groups who use hacking skills on behalf of a government or nation-state.

Who are Vulnerability Brokers?

Individuals who discover and sell information about software vulnerabilities to other parties.

What is a Password Cracker?

A program used to obtain user authorization, which is cracked and distributed by black hats.

What is Network Scanning?

The act of scanning a network to identify active hosts, open ports, and services.

What is Packet Crafting?

The process of manipulating network packets to create custom packets for specific attacks or tests.

What is a Packet Sniffer?

A program that captures network traffic, allowing an attacker to analyze data being transmitted.

What are Rootkit Detectors?

A program that detects rootkits, which are sets of tools that allow an attacker to maintain covert access to a system.

What are Fuzzers?

A software testing technique that involves providing invalid, unexpected, or random data as inputs to a program.

What is Eavesdropping?

Secretly listening to private network communications.

What is Data modification?

Unauthorized alteration of network transmitted data.

What is IP address spoofing?

Concealing the source IP address to impersonate another system.

What is Man-in-the-middle attack?

An attack where the attacker intercepts communications between two parties without their knowledge.

What is Spyware?

A type of malware classification that disguises as legitimate software, but harms the system.

What is Ransomware?

A fraudulent scam that coerces users into paying money to unlock their computers or files.

What is Scareware?

A deceptive way to trick users into downloading malicious software.

What are Rootkits?

A type of malware that is designed to gain administrator-level control over a computer system without being detected.

What is Principle of Minimum Trust?

The principle that network access to resources and data should only be granted if it is truly needed for legitimate purposes.

Study Notes

Securing Networks

• Completion of this section enables describing present network security and explains how all network types require protection.

Current State of Affairs

• Networks face constant attacks from various origins like China, the United States, and Turkey.
• Common attack targets include the United States, Philippines, and South Korea.
• Attack types vary, affecting services, ports, and systems.

Drivers for Network Security

• Common network security terms include threat, vulnerability, mitigation, and risk.

Vectors of Network Attacks

• Network attacks can originate externally through the internet, targeting systems directly
• Attacks can originate internally from compromised hosts, infiltrating the internal network.

Data Loss

• Data loss vectors include email/webmail, unencrypted devices, cloud storage, removable media, hard copies, and improper access control.

Network Topology Overview

• Network topologies include:
  • Campus Area Networks with elements like AAA servers, ASA firewalls, VPNs, and DHCP servers.
  • Small Office/Home Office (SOHO) Networks with wireless routers and layer 2 switches.
  • Wide Area Networks (WANs) connecting branch sites, regional sites, and mobile workers.
  • Data Center Networks employing on-premise security officers, fences, video surveillance, and biometric sensors for security.

Network Threats

• Section completion allows description of network security evolution
• Section completion allows description of attack tools variety used by hackers
• Section completion allows description of malware
• And explanation of typical network attacks

Who is Hacking Our Networks?

• Modern hacking titles include:
  • Script Kiddies.
  • Vulnerability Brokers.
  • Hacktivists.
  • Cyber Criminals.
  • State-Sponsored Hackers.

Hacker Tools

• Penetration testing tools include:
  • Password crackers and wireless hacking tools
  • Network scanning and hacking tools plus packet crafting tools.
  • Packet sniffers and Rootkit detectors.
  • Fuzzers to find vulnerabilities.
• Security tools include:
  • Forensic tools and debuggers.
  • Hacking operating systems and encryption programs.
  • Vulnerability exploitation and vulnerability scanners.

Categories of Attack Tools

• Network hacking attacks:
  • Eavesdropping and data modification
  • IP address spoofing and denial-of-service.
  • Man-in-the-middle and compromised-key attacks.
  • Sniffers

Malware

• Types of malware:
  • Viruses execute unwanted and potentially harmful functions on a device.
  • Worms replicate and spread across networks automatically.
  • Trojan horses disguise themselves as legitimate files or applications to perform malicious acts.
• Trojan horse classifications:
  • Security software disablers and Remote-access tools
  • Data-sending and destructive tools
  • Proxy, FTP, and DoS tools
• Worm components:
  • Enabling vulnerability, Propagation mechanism, and payload
  • Worm propagation happens in cycles including propagating for 19 days, launching an attack for 7 days then going dormant, before repeating

Other Malware

• Other forms of Malware include:
  • Ransomware, Scareware
  • Spyware, Phishing
  • Adware, Rootkits

Types of Network Attacks

• Attacks include:
  • Reconnaissance, used to gather info
  • Access, used to gain access
  • DoS, denial of service
  • Data modification, used to manipulate data
  • Syn Flood, a type of DoS attack
  • Smurf attack, type of DoS

Reconnaissance Attacks

• Actions include:
  • Initial query of target and ping sweep of target network
  • Port scans of active IP addresses, vulnerability scanners, and use of exploitation tools

Access Attacks

• Access attacks are used:
  • To retrieve data and gain access
  • To escalate access privileges
• Types of access attacks:
  • Password attacks and port redirection
  • Man-in-the-middle attacks and buffer overflows.
  • IP, MAC, and DHCP spoofing.

Social Engineering Attacks

• Common attacks include:
  • Pretexting and phishing.
  • Spearphishing and spamming
  • Tailgating and quid pro quo tactics ("something for something").

Denial of Service Attacks

• This disrupts access to services

DDoS Attacks

• A hacker builds a network of infected machines called a botnet, where compromised computers are zombies controlled by handler systems.
• Zombie computers continue to scan and infect more targets.
• The hacker instructs the handler system to make the botnet of zombies carry out the DDoS attack.

Mitigating Threats

• Completion of this section means the ability:
  • To describe defending methods and resources to protect network.
  • To know the domains collection for network security.
  • To explain Cisco SecureX Architecture purpose.
  • To describe techniques used to mitigate common network attacks.
  • To explain securing the three functional areas of Cisco routers and switches.

Defending the Network

• Best practices include:
  • Developing a written security policy.
  • Educating employees about social engineering risks to validate identities.
  • Controlling physical access to systems.
  • Using strong passwords, encrypting sensitive data, and implementing security hardware/software.
  • Performing regular backups, shutting down unnecessary services, and keeping patches up-to-date to prevent privilege escalation.
  • Performing security audits to assess network.

Network Security Professionals

• Personnel roles:
  • CIO and CISO
  • Security Operations Manager and Chief Security Officer
  • Security Manager and Network Security Engineer

Network Security Organizations

• Common organzations include:
  • CERT and SANS
  • MITRE and FIRST
  • (ISC)2 and MS-ISAC

CIA Triad

• Confidentiality uses encryption to protect data, Integrity uses hashing ensures data is pristine during use, Availability assures accessibility through network hardening and backups.

Network Security Domains

• Include:
  • Risk assessment.
  • Security policy and organization of information security, asset management, and human resources security.
  • Physical and environmental security and communications/operations management.
  • Information systems acquisition, development, and maintenance, access control and information security incident management.
  • Compliance and business continuity management.

Mitigating Malware

• Mitigating software to employ:
  • Antivirus, antispyware and internet security
  • Firewall, antispam and antiphishing

Mitigating Worms

• Employ inoculation and quarantines

Mitigating Reconnaissance Attacks

• Implementing authentication to ensure proper access.
• Using encryption to render packet sniffer attacks useless.
• Employ antisniffer tools and a switched infrastructure
• A firewall and IPS should be employed

Mitigating Access Attacks

• Strong password security
• Principle of minimum trust
• Cryptography and applying OS and APP patches protects from access attacks

Mitigating DoS Attacks

• IPS and firewalls (Cisco ASAs and ISRs)
• Antispoofing technologies and Quality of Service-traffic policing

NFP Framework

• Framework including :
  • Control Plane with a Routing Protocol and IP Routing Table.
  • Management Plane with Management Processes.
  • Data Plane with an IP Forwarding Table.
• Elements connect using Exchange of Routing Information, Management Sessions, Incoming and Outgoing packets

Securing the Control Plane

• Employ:
  • AutoSecure actions and routing protocol authentication
  • Control Plane Policing (CoPP)

Securing the Management Plane

• Employ: -Enabling login and password policy.
  • Presenting legal notification.
  • Ensuring the confidentiality of data using SSH and HTTPS.
  • Enabling role-based access control, authorizing actions and enabling management access reporting.

Securing the Data Plane

• Employ:
  • ACLs and antispoofing actions
  • Layer 2 security including port security, DHCP snooping, dynamic ARP inspection (DAI).

Summary

• Chapter aims to explain network security
• Chapter aims to describe threats and attacks types
• Chapter aims to explain tools/procedures to mitigate the effects of malware and network attacks