10850869
Description
Flashcards by DJ Perrone, updated more than 1 year ago
|
|
Created by DJ Perrone
over 6 years ago
|
|
| Question | Answer |
| What are some different methods of remote access? | - VPN - SSH - RDP - VNC - SSL - FTP / TFTP |
| What are some advantages of RDP? | - Data is in the data center - Work location flexability - Possibly cost reduction where all users are using baseline VM. |
| What are some disadvantages of RDP? | - Server downtime is huge issue - Insufficient processing power can cause bottlenecks. - High learning curve |
| What is VNC? | Virtual Network Computing. |
| What are 3 components of VNC? | - VNC Server - VNC Client - VNC Protocol (RFB) - Remote Frame Buffer |
| What port does VNC use by default? | 5900 |
| What are some IPv4 to IPv6 transition mechanisms? | - 6 to 4 - Teredo - Dual Stack - GRE Tunnels |
| What is 6 to 4 | Allows IPv6 sites to talk over IPv4 network. Treats IPv4 network as unicast point to point. |
| What is Teredo? | Assigning addresses and creates host-to-host tunnels for unicast IPv6 traffic when IPv6 hosts are located behind IPv4 NAT's |
| - What is dual stack? | Running IPV4 and IPv6 on the same devices. |
| What is a GRE Tunnel? | Generic Routing Encapsulation - Carries IPv6 packets across an IPv4 network by encapsulating them in GRE IPv4 packets. |
| Name at least 3 Network Authentication Methods | - Password Authentication Protocol (PAP) - Challenge Handshake Authentication Protocol (CHAP) - Extensible Authentication Protocol (EAP) |
| What is PAP? | Password Authentication Protocol Provides authentication, credentials are sent in plaintext and can be read by sniffer |
| What is CHAP ? | Challenge Handshake Authentication Protocol - The server sends client a random string of text as a challenge, the client then encrypts the text with the password and sends it back to the server. |
| How many versions of CHAP are there? | - MS-CHAP v1 - MS-CHAP v2 |
| What is MS-CHAP v1 | Works only with MS devices. More secure than CHAP but still susceptible to brute force attacks. |
| What is MS-CHAP v2? | An update to v1. Provides stronger encryption and mutual authentication. |
| What is EAP? | Extensible Authentication Protocol A framework for port based access control using components used in RADIUS. Can use multiple authentication methods. |
| How many versions of EAP are there? | - EAP-MD5-CHAP - EAP-TLS - EAP-TTLS |
| What is EAP-MD5-CHAP? | Uses CHAP as challenge process, but challenges and response are sent as EAP message. Allows password use. |
| What is EAP-TLS | - Requires PKI due to needing certs on both client and server. - Immune to password attacks. |
| What is EAP-TTLS? | Requires cert on server only. Client uses password which is sent within EAP message. |
| What are the different authentication factors? | - Knowledge factor authentication - Ownership factor authentication - Characteristic factor authentication - Location factor authentication - Action factor authentication |
| What is knowledge factor authentication? | - Something you know - Type 1 authentication |
| What is ownership factor authentication? | - Something you have - Type 2 authentication |
| What is characteristic factor authentication? | - Something you are - Type 3 authentication |
| What is location factor authentication? | Somewhere you are |
| What is action factor authentication | Something you do |
| What is 802.1X? | Framework for port based authentication - Port security |
| What 3 components make up 802.1X? | - Supplicant: User or device requesting access - Authenticator: Device which supplicant attempts to access the network - Authentication Server: Centralized device providing authentication |
| What are some characteristics of RADIUS? | - An open standard - Uses UDP - Encrypts only the password - Combines authentication and auth. - Doesn't support: ARA, NetBIOS, X.25 PAD - Less traffic than TACACS+ |
| What are some characteristics of TACACS+ | - Cisco proprietary - Uses TCP - Encrypts entire body of packet - Separates authentication, auth and accounting. - Supports all protocols - More traffic than RADIUS |
| What is UTM? | Unified Threat Management - Performing multiple security functions on the same device. |
| What are some advantages of using UTM? | - Low upfront and maintenance cost - Lower power consumption - Easier to fully integrate - Easier to install and configure |
| What are some disadvantages of using UTM? | - Single point of failure - Lacks granularity - Performance issues |
| What is NIPS and what does it do? | Network Intrusion Prevention System - Scans network traffic for signs of malicious activity and takes action against it. |
| What is NIDS and what does it do? | Network Intrusion Detection System - Detects unauthorized access or attacks. |
| What is an IDS and what are the categories? | Intrusion Detection System - Signature Based IDS - Anomaly Based IDS |
| What are some characteristics of signature-based IDS? | - Pattern matching - Stateful matching |
| With a signature-based IDS, what is pattern matching? | Compares traffic to a database of attack patterns. Carries out pre-plannned steps if an attack matches pattern. |
| With a signature-based IDS, what is stateful-matching? | Records the initial state of OS. Any changes in state that violates a defined rule is reported. |
| What an an anomaly-based IDS? | Analyzes traffic and compares it to normal traffic to determine a threat. |
| What are the different types of anomaly-based IDS's? | - Statistical anomaly-based IDS - Protocol anomaly-based IDS - Traffic anomaly-based IDS - Rule or heuristic-based IDS - Application-based IDS |
| What is a statistical anomaly-based IDS? | Samples the live environment and records activity. The longer the IDS is running, the more accurate it is. Activity thresholds are important to prevent false negatives and false positives. |
| What is a protocol anomaly-based IDS? | Has knowledge of protocols it will monitor. |
| What is a traffic anomaly-based IDS? | Tracks traffic patterns. All future patterns are compared to sample. Must tune threshold. Useful if user activity is static. |
| What is a rule or heuristic-based IDS? | Uses a knowledge base, and interference engine and rule-based programming. Often referred to as an if/then system or expert system. |
| What is an application based IDS? | Analyzes transaction logs for a single application. |
| What is an INE or HAIPE? | Inline Network Encryptor High Assurance Internet Protocol Encryptor Type 1 encryption device |
| What is SIEM? | Security Information and Event Management - Utils that receive information from log files and centralize the collection and analysis of that data. |
| What is an HSM? | Hardware Security Module Manages digital keys. Attaches directly to server. |
| For device placement, where should you place a UTM? | Between the LAN and the internet connection. |
| For device placement, where should you place a NIDS? | Dependent on org needs. - Inside firewall: identify internal attacks and attacks that get through firewall - Outside firewall: identify attacks coming from internet. |
| For device placement, where should you place an INE? | The point where then network has a connection to an unprotected network. |
| For device placement, where should you place a NIPS? | The border of the network and connect it inline between the external and internal network. |
| For device placement, where should you place a SIEM device? | In a centralized location where all devices can reach it. |
| What is a WAF? | Web Application Firewall - Applies rules to HTTP. Covers common attacks like XSS and SQL injections. - Usually placed behind firewall - Operate inline and out of band |
| What are advantages and disadvantages of in-line operation? | - Advantage: Can prevent live attacks. - Disadvantage: May prevent legit traffic. May slow web traffic. |
| What are advantages and disadvantages of out-of-band operation? | - Advantages: Non-intrusive, doesn't mess with traffic. - Disadvantages: Cannot block live traffic. |
| What is a NGFW? | Next Generation Firewall - Addresses traffic inspection shortcomings of traditional stateful firewalls. |
| Where can a NGFW be placed? | -In line - Out of Path - Out of Path means the gateway redirects traffic to NGFW. |
| What is an IPS? | Intrusion Protection System Prevents attacks. |
| What are the two IPS types? | - Passive Vulnerability Scanners (PVS) - Active Vulnerability Scanners (AVS) |
| What is a DAM? | Database activity monitor Monitors transactions of the activity of database services. |
| What are some DAM architectures? | - Interception-based Model - Memory-based Model - Log-based Model |
| With regards to DAM, what is the interception-based model | Watches the communications between the client and the server |
| With regards to DAM, what is the memory-based model | Uses a sensor attached to the database and continually polls the system to collect SQL statements. |
| With regards to DAM, what is the log-based model | Analyzes and extracts information from transaction logs. |
| For device placement, where should you place a DAM? | - In Line - It can also perform remote monitoring. |
| What is ARP poisoning? | Disrupting the ARP cache on a switch. |
| What are two mitigation techniques for ARP poisoning? | - Dynamic ARP Inspection (DAI) - DHCP Snooping |
| What are the 5 types of firewalls? | - Packet-filtering Firewalls - Stateful Firewalls - Proxy Firewalls - Dynamic Packet-filtering - Kernel Proxy Firewalls |
| What is a packet filtering firewall? | - Only inspects header of packet for IP addresses and port. |
| What is a stateful firewall? | - Aware of TCP handshake and track connections in reference to the 3 way handshake. - Maintains a state table of all current connections. |
| What is a proxy firewall? | - Stands between an internal-to-external connection. - Makes connections on behalf of endpoints. - Operates on L5 and L7 |
| What is a kernel proxy firewall? | - Fifth generation firewall. - Inspects packets at every layer of OSI without performance hit of L7 firewall. |
| Which proxy firewall operates at the session layer (L5) | - Circuit level proxy - Makes decisions based on header and session information |
| Which proxy firewall operates at the application layer (L7) | - Application level proxy - Performs deep packet inspection. - Maintains a different proxy function for each protocol. - Big impact on performance |
| Where is a packet-filtering firewall placed? | Between subnets, which must be secures. |
| Where is a circuit level proxy placed? | At the network edge |
| Where is an application-level firewall placed? | Close to the application server it's protecting. |
| Where is a kernel proxy firewall placed? | Close to the system it's protecting. |
| What is a bastion host? | - Refers to position of any device. - Any device exposed to an untrusted network. - Important to reduce attack surface. |
| What is a dual-homed firewall? | A FW with 2 network interfaces. One for internal network and one for external. |
| What is a multi-homed firewall? | - 3 legged firewall is popular - One connection to untrusted network, one to trusted and one to DMZ. |
| What are some features of WLC? | Wireless LAN Controllers - Interference detection and avoidance - Load balancing - Coverage gap detection. |
| What forms of authentication do WLAN controllers support? | - PEAP - LEAP - EAP-TLS - WPA - WPA2 - L2TP |
| What do firewalls use to do their job? | Rule sets |
| What is the order that firewall rules are examined? | - Type of traffic - Source of traffic - Destination of traffic - Action to take on traffic |
| What are the 5 steps of the formal change control process? | - Submit/resubmit a change request - Review the change request - Coordinate the change - Implement the change - Measure the results of change |
| What are two types of availability controls? | - Redundant hardware - Fault-tolerant technologies |
| What are 2 types of metrics used to measure control availability? | - SLA - MTBF and MTTR |
| What is an SLA? | - Service level agreement - Support agreed upon for a service |
| What is MTBF and MTTR | - Mean Time Between Failures - Mean Time to Repair - Both of these define how long it will take to get the device or service back online. |
| What is RAID 0? | - Disk striping - Writes data across multiple drives - No fault tolerance |
| What is RAID 1? | - Disk mirroring - Fault tolerance - Usable storage is half of total to account for 1:1 mirror |
| What is RAID 3? | - Disk striping with parity - Requires at least 3 disks - Parity disk is used to rebuild in case of drive failure. - All parity data is stored on single disk |
| What is RAID 5? | Disk striping with parity - Requires at least 3 drives - Information and parity distributed throughout RAID. |
| What is fail over? | The ability of a system to switch to backup system. |
| What is fail soft? | The capability of a system to terminate noncritical processes. |
| What are different types of load balancing? | - Clustering (Software) - Load Balancing (Hardware) |
| What are the 3 planes in a typical SDN architecture? | - Control plane - Data plane - Management plane |
| In reference to SDN, what is a control plane? | - Carries signaling traffic to or from a router. - Allows the building of routing tables. |
| In reference to SDN, what is a data plane? | - Also known as the forwarding plane. - Carries user traffic. |
| In reference to SDN, what is a management plane? | - The plane that administers the router. |
| What are different types of cloud managed networks? | - IaaS - PaaS - SaaS |
| What are some indications, and sources of authentication attacks? | - Multiple unsuccessful attempts at login - AD, Syslog, RADIUD, TACACS+ |
| What are some indications, and sources of firewall attacks? | - Multiple drop/reject/deny events from same IP address. - Firewall, Routers and Switches |
| What are some indications, and sources of IPD/IDS attacks? | - Multiple drop/reject/deny events from the same IP address. - IPS and IDS |
| What is switch spoofing? | When an attacker sets port to "Dynamic Desirable" and forms a trunk, therefore capturing all VLAN traffic. |
| How do you prevent VLAN hopping? | Change default Native VLAN of trunk interface. - #switchport trunk native vlan 99 |
| What are the 5 services in Data-Flow enforcement? | - Boundary control services - Access control services - Integrity services - Cryptography services - Auditing and monitoring services |
| What is NAC? | Network Access Control - Examines the state of the computer in combination with authentication. |
| What are the 5 steps of Network Access Protection? | - Request access - Health state send to NPS (RADIUS) - NPS evaluates against local health policies - If compliant, grant access - If not, restrict network access and remediation |
| What is BACNet? | Building Automation and Control Network |
| What is SCADA? | Supervisory Control and Data Acquisition - Coded signals over comms channels to provide remote equipment controls. |
| What are the components of SCADA? | - Sensors - Remote Terminal Units (RTU) - Programmable Logic Controllers (PLC) - Telemetry System - Human Interface |
| What publications is useful for SCADA/ICS information? | NIST SP 800-82 |
Want to create your own Flashcards for free with GoConqr? Learn more.