lesson two

Card Set Information

lesson two
2015-02-22 15:20:38
ST Lesson two
Savannah Tech
Savannah Tech lesson 2
Show Answers:

  1. are applications that use rule-based management. According to the specific rule-set that it operates from, it filters incoming and outgoing network traffic to decide what services or protocols to permit or deny passage through it.
  2. specifies the exact parameters that apply to any traffic arriving at the firewall. These parameters define the resulting action on a packet.
  3. In general, a firewall rules should address these, at a minimum?
    • -Source Address
    • -Destination Address
    • -A service (port)
    • -Positive (agrees with the rule) or negative (disagrees with the rule) action to use for either result.
  4. NOTE: Rules commonly configured on a firewall include:
    -Allow out any packet sent from inside the network.
    -Allow SMTP messaging services to pass
    -Disable ICMP services, such as ping.
    -Block Telnet access to all internal servers from the internet.
  5. In the absence of a firewall, this is the security gateway between a local network and a wide area network (WAN).
    A router
  6. To configure a secure router, you should include the following standards in its set up:
    • -There are no local user accounts enabled on the router. Only secure network administrators should have access to the network's routers.  All user authentications use TACACS+ or another separate authentication and authorization service.
    • -The following packet datagram types are disabled by the router.
    •      -IP directed broadcasts
    •      -Incoming packets with an invalid source address
    •      -TCP and UDP small services
    •      -All source routing
    •      -All Web services on router
  7. Is a proprietary Cisco Systems protocol that performs access control for a router, network access server, and some networked computing devices. It operates on one or more centralized servers to provide authentication, authorization, and accounting (AAA) services.
  8. Poses a very real security risk to a router and the network behind it. Examples are Wake-on-LAN (WoL) and backup commands.
    IP directed broadcasts

    Cisco introduced IP directed broadcasts to allow for WoL or backup actions, but IP directed broadcasts may also launch malicious denial-of-service (DoS) attacks.
  9. are those ports numbered 20 and below, plus port 37. In virtually all routers, small services ports are safe to disallow.
    TCP and UDP small services
  10. What port numbers is tcpmux (TCP port service Multiplexer)?
  11. What port number is rje (Remote Job Entry)?
  12. What port number is echo?
  13. What port number is discard?
  14. What port number is systat? (active users)
  15. What port number is netstat? (Netstat Command)
  16. What port number is qotd? (Quote of the day)
  17. What port number is ftp-data?
    (File Transfer Protocol)
  18. What port number is time?
  19. allows the source of a packet to suggest or specify a partial or specific route the packet is to use to reach its destination.
    source routing
  20. Like load-balancing and caching services, can be very insecure by nature. To secure a router, these services should be on a dedicated device placed before the router.
    Web services
  21. NOTE: Do not manage a network device using Telnet outside of a secure tunnel that protects an entire communication path. The recommended management protocol for accessing a router for maintenance is SSH (Secure Shell).
  22. creates a logical grouping of network nodes to create a logical broadcast domain. Provides a security advantage in that its security policy applies to all of its workstations, which are typically users who perform the same similar functions.
    Virtual Local Area Network (VLAN)
  23. is a network that exist virtually. its nodes don't need to be in close physical proximity.
    Logical network
  24. defines the action for a range of IP addresses or a specific object, such as a particular port number. The action is typically either permit or deny. It can be for a specific user, a system process, or an object. It can control either inbound or outbound traffic, or both, in which case it performs actions similar to a firewall.
    Access Control List (ACL)
  25. What are some of the concepts that you apply to increase the security level of a secure network and to ensure that the security rules synchronize with the business rules:
    • Port Security
    • IEEE 802.1x
    • Flood Guards
    • Loop Protection
    • Implicit Deny
    • Disabling Unused Ports
    • Network Bridging
    • Log Analysis
  26. A router that supports ______________ feature has the capability to limit access to the router through that interface (such as an Ethernet link) to only one or more workstations MAC addresses.
    Port Security

    A secure port only forwards packets from the workstations within the specified group. A port security violation occurs when a workstation (MAC address) outside of the secure address group attempts to send a packet through the port.
  27. What are the two actions of port security?
    • -Restrict
    • -Shutdown

    The port security violation can be either restrict, which restricts data and generates an SNMP notification message, or shutdown, which immediately shuts down the interface port.
  28. this standard defines interface port-based access control and authentication services for workstations (and their users) that attempt to connect to a network (wired or wireless). Defines the Extensible Authentication Protocol over LAN (EAPoL).
    IEEE 802.1x
  29. which supports both services identification and point-to-point (PTP) transmission of encapsulated and encrypted data on a local network segment.
    Extensible Authentication Protocol over LAN (EAPoL)
  30. on a router, gateway, or even a server is able to detect the attack and prevent the DoS attack by shutting down the affected interface, reversing the flood with ACK responses, or reducing the memory available to the port.
    Flood Guard

    The cause of most DoS attacks is a flood of packets, such as a stream of SYN packets that busy-out a gateway device (router or firewall), thereby denying service to all other traffic.
  31. typically between routers or switches, consumes bandwidth and burdens the router or switch with unnecessary processing.
    A loop on a network
  32. To prevent or protect against loops
    Loop Protection
  33. Loop protection used by switches. by disabling the port on which the loop is occurring.
    Spanning Tree Protocol (STP)
  34. The main loop protection used by routers?
    TTL (Time-to-Live)

    Routers use several methods and features, but the basic tool to prevent routing loop is TTL.
  35. is a counter in a packet's payload that is incremented each time the packet hops.  When the counter reaches its limit, the packet ceases to exist.
    Loop Protection
  36. automatically denies access to any packet not identified as allowable by an ACL.
    Implicit deny.
  37. NOTE: Access control lists regulate traffic by permitting or denying access using a source address, destination address, port, or protocol. However, an implicit deny (deny all) entry should be the last entry of the ACLs.
  38. NOTE: An active but unused interface port poses a security threat to a network. An attacker can access the network through the port, which is effectively an open door. Disabling any unused interface ports on switches, routers, servers, firewalls, and even workstations prevents traffic from accessing the network that way.
  39. is a natural state of operations for network switches and the underlying mechanism that helps a switch maintain its bridging table. However, this can create security issues as the number of nodes on a network grows.
    Network Bridging
  40. One of the safest practices to apply in network design. Networks that are physically separate or don't have a need to communicate should be separated using a router or firewall. Within a network, separate networks segments using subnets and routers.
    Network Separation
  41. involves reviewing audit trails, log files, and the logs and records of network devices and servers.
    Log analysis

    Services like intrusion detection systems and intrusion prevention systems can automatically analyze some logs, but a scan of all access logs and records should be a part of a regular system review. What may appear to be acceptable to a rule-based analysis may not appear so in a human scan.
  42. Whether written down formally or not, every organization has rules that set the boundaries of its operating procedures. These rules answer the who, what, when, where, why, and how questions that pop up frequently in the course of normal operations.
    Business Rules
  43. which policies, activities, and even roles, enact and enforce the applicable business rules to secure the organization's information technology investments and its data resources.
    Security Rules

    The job of a secure network administrator is primarily rule-based management, which ensures that the security rules synchronize with the business rules.
  44. NOTE: The most crucial objective of a secure network is, of course, security.  However, network performance is also very important. When considering the design of a network, you should be aware of and understand the building blocks that provide security without sacrificing performance. In this chapter, we'll explore the design elements that can assure both security and performance.
  45. Is a logical segmentation of an IP network.
    Subnetwork or Subnet

    An IP address consist of two parts: a network address and a host address. A subnet further divides these two parts logically, and a few of the host address bits become part of the network address. The extended network address is a routing prefix, and the remaining bits now form a modified host address. The new host address specifies individual hosts, workstations, or network devices.
  46. NOTE: From your knowledge of computer networking, you should know the process used to subnet a network. You should also know that subnets communicate with each other through a router, which can be either a router appliance or a computer running routing software.
  47. NOTE: For the Security + exam, you need to understand that subnets are a means to segment networks into smaller broadcast domains on which you can apply different security policies to different network segments.
  48. is a physical or logical group of hosts or subnets that share a common set of security policies
    Security Zones
  49. What are the three types of Security Zones?
    • -DMZ
    • -Intranet
    • -Extranet
  50. is a special-purpose subnet that exists to service public access requests and receive unauthorized or unidentified traffic. It serves as a buffer zone between the Internet and an internal network (intranet). If anyone breeches the security of this, the internal network remains safe.
    Demilitarized Zone (DMZ)
  51. is a secure network type that is available only to authorized users within an organization. It may host several internal websites (portals) or reporting vehicles for users on the internal network and those users accessing the network via a VPN.
  52. Is an network security zone that provides for access to internal network resources to outside users, who are typically communicating over the internet.

    In effect, an extranet is an extension of an organization's intranet accessible to trusted outside users, like vendors, suppliers, customers, and so on. In many ways, an extranet is like another DMZ.
  53. NOTE: As I mentioned earlier in this lesson, a VLAN is another way to segment a network logically into smaller broadcast domains with specific security policies. Because a VLAN must pass through a switch or router to communicate, and neither of these devices forwards broadcast messages, there is less opportunity for a security intrusion than there would be on a standard LAN.
  54. Because of the proliferation of the Internet, unique IPv4 addresses that are set aside strictly for this purpose. While private IP addresses are great for internal networks (those behind a router or firewall), they don't work on the internet. The solution is the use of ______________________?
    Network Address Translation (NAT)
  55. NOTE: NAT runs on a gateway device, typically a router. When a request for information outside of the network arrives at the router, NAT replaces the private IP source address with a public IP address in the packet and forwards the packet on to the appropriate route. The public IP address now in use as the request's source address is an address of the router. NAT tracks the private IP address of the host making the request and the corresponding public IP address, so that when the response arrives, it goes to the appropriate requesting host. Since NAT hides the identity of the network host, it remains hidden to the  external network.
  56. which is now mostly accomplished through LAN/WAN connections, was at one time limited to the use of dial-up modems and a remote access server (RAS). Dial-up modems, when they are used, can present network intrusion problems, but if the appropriate security measures are running on the RAS, the potential for security issues is lower.
    Remote Access Server (RAS)
  57. Another threat that posed by the use of dial-up models, which gets its name from the film War Games.
    War Dialing
  58. What happens during War dialing?
    An attacker uses a computer to dial all of the suffixes in a given telephone exchange, looking for a modem connection.  If the dialing attack locates a connection, the attacker then turns his or her attention to breaking through the login process.
  59. A security measure which will prevent war dialing when in place. There would be no predefined telephone number on file for the attacker, and the callback would not establish a connection.
  60. NOTE: On most of today's networks, remote access uses RDP (Remote Desktop Protocol), VNC (Virtual Network Computing), or products like GoToMyPC from Citrix. These tools allow remote users to access and control PCs, and some servers, over a LAN/WAN connection. Be definition, this presents a security risk.
  61. Is a term that refers to a variety of methods through which an organization obtains telephone services for voice or data communication.

    Only a few years ago, telephony was about POTS (Plain Old Telephone Service), PSTN (Public Switched Telephone Network), and modems. Today telephony includes services like PBX (Private Branch Exchange), VoIP (voice over IP), and VPN (virtual private network).
  62. POTS
    Plain Old Telephone Service

    an older version of telephony communication
  63. PSTN
    Public Switched Telephone Network

    Another older version of telephony communication
  64. PBX
    Private Branch Exchange
  65. VoIP
    Voice Over IP
  66. VPN
    Virtual Private Network
  67. is a computer-based or network-controlled telephone system.
    A PBX
  68. In terms of security, one feature of a PBX that poses perhaps the most risk is ______________. This feature allows a caller from outside the premises to call into the PBX and obtain a dial tone. Charges for the call, which can be long-distance or toll-based, collect at the PBX and not on the caller's phone. On PBX systems that have no outgoing call restrictions, this can be a serious vulnerability.
    Remote Calling
  69. What are 4 actions you can take to secure a PBX?
    • -Secure access to all maintenance features.
    • -Change access and account codes and passwords regularly, and activate logging.
    • -Restrict outgoing calls.
    • -Train all users and attendants on the security features.
  70. Is a collective term that refers to a group of technologies, protocols, and transmission methods that transport voice and data across an IP network. Also known as Internet Telephony - it provides voice. fax, short message service (SMS), and voice mail services using the Internet as its transport network. It is vulnerable to DoS attacks because it is essentially a service that runs on a network, any attack on a network can seriously affect its operations.
  71. IEEE 802.1x provides a baseline version for this but no specific standard exists. Its objective is to allow access control decisions based on information about the requesting system.
    Network Access Control (NAC)
  72. What are the two types of NAC systems?
    • -Pre-admission NAC
    • -Post admission NAC
  73. those that apply rules and policies before authenticating a requesting host or network and allowing access to a network.  It examines the requesting message and then makes its permit or deny decision using any intelligence it gains from the packet or by querying the requesting host directly. For example, a server farm servicing sensitive databases may grant admission to only remote hosts running a certain reporting client.
    Pre-admission NAC
  74. Those that apply the rules and policies after granting admission. Makes its authentication decision using the actions of the user after the host gains admission. For example, if a user gains access to a large Web server and then only displays static pages, the NAC can alter its permissions to allow the user access to only that space.
    Post-admission NAC
  75. Creates a virtual (rather than a real or physical)version of a computing environment, including hardware, operating systems, storage devices, and network resources.
  76. What is the goal of Virtualization?
    The goal is to centralize administrative tasks, including security.
  77. What are the three primary forms of computing virtualization?
    • -Hardware (platform) virtualization
    • -Operating System Virtualization
    • -Application (desktop) virtualization
  78. A virtual computing environment that performs like a real computer and operating system. This type of virtualization allows a real computer running Windows 7 (the host machine) to create and host a virtual machine that looks and runs like another computer running Linux (the guest machine), on which users can run Linux-based applications.
    Hardware Virtualization
  79. A guest machine runs under the supervision of a _____________________ (virtual machine monitor) software or firmware.
  80. What are the three levels of Hardware Virtualization?
    • -Full Virtualization
    • -Partial Virtualization
    • -Para-Virtualization
  81. Is a network server virtualization in which the operating system kernel supports multiple user-space instances. These instances are containers, virtual private servers (VPS), or jails, depending on the hypervisor in use. Each instance looks and operates like a normal instance on the server, completely independent and isolated from other instances.
    Operating System Virtualization
  82. A virtualized application runs on a computer completely encapsulated from the operating system on that computer, although the application appears to run directly on the operating system. _________________ is actually encapsulation--it's virtual in the sense of hardware or operating systems.
    Application Virtualization
  83. NOTE: The primary focus of security in a virtualized environment is authentication, authorization, access controls, and the security controls protecting network devices and the network operating system (NOS).
  84. This term refers to any computing activity that takes place over the internet with one or more levels of access provided as a service.
    Cloud Computing
  85. What are the three primary cloud services?
    • -Platform as a Service (PaaS)
    • -Software as a Service (SaaS)
    • -Infrastructure as a Service (IaaS)
  86. Delivers a computing platform and solution stack as a billable service. The solution stack could include a Web server, middleware, database system, a programming language, and certain application software.
    Platform as a Service (PaaS) - pronounced "pace".

    PaaS allows a developer or an application service provided (ASP) to develop or deliver a service without having to purchase and manage the hardware and system necessary. Examples of PaaS include Google's App Engine and Microsoft's Azure, which enable subscribers to create custom applications.
  87. consists of hardware and an operating system.
    Computing Platform
  88. is the software or hardware components specific to a certain product or service (solution). Can include a Web server, middleware, database system, a programming language, and a certain application software.
    Solution Stack
  89. Provides on-demand software that resides centrally or through a service provider. Is rapidly growing method for many business-related applications, such as collaboration, enterprise resource planning (ERP), content management (CM), and service desk management software. Users access an application with a Web browser and without the requirement of resources for the application of their local computer.
    SaaS (Software as a Service)-pronounced "sace".

    Examples of Saas include any of the hosted email servers, including those from Google, Microsoft, Yahoo, and more: SurveyMonkey.com; and Ancestry.com
  90. is a virtualization of a computing platform, although across the internet. Typically, it includes storage and networking services.  In place of purchasing the equipment and services required. Customers buy and pay for only the resources they need and consume.
    Infrastructure as a Service (IaaS) -pronounced "ice"

    Examples of IaaS include Amazon Web Services' Elastic Compute Cloud (EC2) and any service that hosts a subscriber's website, performs caching services, or charges customers only for services they need at any given time, such as usage and billing sites (elastic clouds).
  91. Are cloud computing and virtualization just different names for essentially the same service?
    No, Cloud computing includes a variety of service levels that are provided on a remote server (which could be virtualized) and accessed completely over the internet. Virtualization typically occurs within the same network, with a virtualization server providing a complete processing environment to a virtualization client on a host. Cloud computing is application or service-based, and virtualization is generally hardware- and operating system-based.
  92. Devices like firewalls, proxy servers, and routers control, manage, and monitor networking events using what form of management?
    A. Loop management
    B. Access control management
    C. Rule-based management
    D. Business rules and policies management
    C. Rule-based management
    (this multiple choice question has been scrambled)
  93. What IEEE standard defines interface port-based access control and authentication services?
    IEEE 802.1x
  94. What is the military-sounding name for a special-purpose subnet that services public access requests and receives unauthorized or unidentified traffic?
    A. NAC (network access control).
    B. War Dialing.
    C. DMZ (demilitarized zone)
    D. Port security
    C. DMZ (demilitarized zone)
    (this multiple choice question has been scrambled)
  95. What TCP/IP service replaces a packet's private IP address with a public IP address before forwarding the packet onto the public network?
    A. NAT (network address translation)
    B. NAC (network access control)
    C. PaaS (platform as a service)
    D. RAS (remote access server)
    NAT (Network Address Translation)
  96. What technology creates a simulated version of a computing environment?
    A. Telephony
    B. EAPoL
    C. Cloud computing
    D. Virtualization
    D. Virtualization
    (this multiple choice question has been scrambled)