SECFND 11: Network Security Technologies Flashcards Preview

CCNA Cyber Ops SECFND > SECFND 11: Network Security Technologies > Flashcards

Flashcards in SECFND 11: Network Security Technologies Deck (45)
Loading flashcards...
1
Q

3 Phases of Attack Continuum

A

Before, During, After

2
Q

3 attributes of “Before” attack continuum

A

Control, Enforce, Harden

3
Q

3 attributes of “During” attack continuum

A

Detect, Block, Defend

4
Q

3 attributes of “After” attack continuum

A

Scope, Contain, Remediate

5
Q

“Before” characteristics

A

Identify what’s on the extended network to implement policies and controls to defend it

6
Q

“During” characteristics

A

Detect and block malware continuously

7
Q

“After” characteristics

A

Reduce the impact of an attack by identifying point of entry, determining the scope, containing the threat, eliminating the risk of reinfection, and remediating

8
Q

AAA protocols

A

RADIUS & TACACS+

9
Q

RADIUS port

A

UDP 1812 for auth, 1813, Accounting (or 1645 & 1646)

10
Q

RADIUS encrypts…

A

Only the password in an access request packet

11
Q

TACACS+ port

A

TCP 49

12
Q

TACACS encrypts…

A

body of the packet (not the header)

13
Q

IAM

A

Control users and devices connecting to the network. (NAC Like).

Contextual network attributes

14
Q

NAD

A

network access device

15
Q

IAM benefit

A

Different levels of access and service based on the device.

16
Q

Firewall “routed mode”

A

Interfaces on multiple networks. Makes routing decision

17
Q

Firewall “transparent mode”

A

L2 “bump in the wire”. All interfaces on same network

18
Q

Network taps monitor which pins

A

Tx. Requires two NICS. One for inbound, one for outbound

19
Q

Other span port names

A

Port mirroring, port monitoring

20
Q

Steps to define SPAN port

A
  1. Define source port or VLAN. 2. Define destination
21
Q

RSPAN

A

Remote span

22
Q

RSPAN traffic

A

Flooded to dedicated VLAN

23
Q

IPS Anomaly detection

A

IPS learns and alerts on deviations from baseline

24
Q

Rule-based Detection

A

aka Signatures

25
Q

IPS Reputation-based detection

A

Informed decisions based on reputation of sources. Drop traffic before more significant inspection

26
Q

IPS installation methods

A

Appliance. Module installed in another device.

27
Q

IPS evasion techniques

A

Traffic Fragmentation, traffic substitution and insertion, Encryption and tunneling

28
Q

Traffic fragmentation techniques

A

Attacker fragments all IP traffic if IPS doesn’t perform reassembly. If it does, attacker fragments oddly to trick IPS.

Modify how TCP frame is segmented so IPS ignores. Can cause overwrite of segment.

29
Q

Traffic substitution

A

Substitute payload data with other data in a different format. Unicode for letters, spaces with tabs, case sensitivity

30
Q

Traffic insertion

A

Adding extra bytes to data

31
Q

Parts of:

alert tcp $EXTERNAL_NET ANY -> $HTTP_SERVERS $HTTP_PORTS

A
Action (alert, drop, pass, etc.)
Protocol (TCP, UDP, ICMP, IP)
Source IP, Port
Direction <> or -> only
Destination IP, Port
32
Q

What does IPS rule body do?

A

Keyword, colon, argument. Can have multiple arguments

33
Q

Snort rule “Content” option

A

Set rules for specific content (sequence of characters or hex values).

34
Q

Snort rule “msg” and “sid”

A

Message to print and Snort ID

35
Q

WCCP

A

Web Cache Communication Protocol. WCCP is a protocol for communication between routers and Web caches.

36
Q

transparent proxy vs. explicit proxy

A

Transparent proxy doesn’t require client settings. Explicit proxy requires client config.

37
Q

Next Gen Firewall features

A

Application visibility and control, malware protection, URL filtering, SSL decryption, and next-generation IPS

38
Q

Threat Intelligence

A

Evidence based knowledge about existing or emerging threat to assets that informs response to the threat

39
Q

bogon

A

Bogus IP addresses

40
Q

Bro

A

Network analysis framework like IDS

41
Q

ELSA

A

Syslog framework

42
Q

OSSEC

A

Open Source IDS/HIDS

43
Q

Sguil

A

Network security monitoring. Event analysis

44
Q

Squert

A

Web app for Sguil

45
Q

Snort

A

IPS