Term
| What are the four goals in creating a secure network environment |
|
Definition
availability
confidentiality
functionality
access control |
|
|
Term
| Ensuring network ___ means authorized users have access to information services and network resources |
|
Definition
|
|
Term
| What is the most common type of network attacks against corporations? |
|
Definition
|
|
Term
| IN the context of network security, ___ means preventing unauthorized users from gaining information about the network's infrastructure, data flowing across it, protocols used or packet header values |
|
Definition
|
|
Term
| ___ = identify based on known characteristics |
|
Definition
|
|
Term
| ___ means preventing attackers from altering the capabilities or operation of the netwrok |
|
Definition
|
|
Term
| policy driven control of access to systems data and dialoguses |
|
Definition
|
|
Term
| State the reasons securing corporate networks is difficult |
|
Definition
New attack vectors emerge
old attack vectors that were fixed are repurposed |
|
|
Term
| ___ are ways of attacking networks |
|
Definition
|
|
Term
| ___ model of network defense had good guys inside and attackers on the outside. There was a well guarded ___ point of entry. |
|
Definition
|
|
Term
| a phrase used by network administrators to convey the idea that creating a 100% secure network is impossible |
|
Definition
|
|
Term
| the ___ model of a network has no distinct perimeter and has multiple ways of entering. |
|
Definition
|
|
Term
| for a city model, you must have more ___ |
|
Definition
intrusion detection systems
virtual LANs
central authentication servers
encrypted internal traffic |
|
|
Term
| a ___ attack attempts to make a server or network unavailable to legitimate users |
|
Definition
|
|
Term
| Hackers primarily target ___ and ___ with DoS attacks |
|
Definition
|
|
Term
| Are all service interruptions attacks? |
|
Definition
|
|
Term
| A common nonattack loss of service happens when a larger site ___ |
|
Definition
| links to a much smaller site |
|
|
Term
| The ultimate goal of a DoS attack is to ___ |
|
Definition
|
|
Term
| DoS attacks cause harm by ___ or ___ |
|
Definition
stopping critical service
degrading service over time |
|
|
Term
| at attack that ___ services is harder to detect because ___ |
|
Definition
slowly degrades
there isn't an abrupt change in network quality |
|
|
Term
| The main DoS attack methods are |
|
Definition
indirect/direct
intermediary
reflected
sending malformed packets |
|
|
Term
| A ___ occurs when an attacker tries to flood a victim with a stream of packets directly from ___ |
|
Definition
direct attack
the attackers computer |
|
|
Term
| ___ tries to flood the victim with a spoofed IP. |
|
Definition
|
|
Term
| ___ or ___ attacks can only succeed if the attacker can flood the victim with more requests than the victim can handle |
|
Definition
| direct or indirect attacks |
|
|
Term
| ___ attacks are rare because ___ |
|
Definition
direct
attackers dont like their IP shown on the incoming packets |
|
|
Term
| ___ occurs when a victim sends responses to the spoofed IP address used by the attacker, thus flooding an unintended victim |
|
Definition
|
|
Term
| Name the types of packets that can be used in a DoS attack |
|
Definition
SYN: victim is flooded with SYN packets to use all the memory to respond to the packets
Ping" victim is flooded with ICMP, aka Echo requests, that appear to be normal traffic. Bandwidth and CPU is allocated until crashing
HTTP: a victim, normally a webserver, is flooded with application layer web requests |
|
|
Term
| The second primary DoS method is to use ___ to attack the victim. |
|
Definition
|
|
Term
| ___ are typically referred to as ___ which are compromised hosts running malware controlled by the attacker |
|
Definition
|
|
Term
| A botmaster can send updates that give ___ to bots |
|
Definition
|
|
Term
| ___ are an additional layer of compromised hosts that are used to manage large groups of bots |
|
Definition
|
|
Term
| Similar to a DDoS attack, a ___ attack uses many hosts to overwhelm a victim using normal P2P traffic |
|
Definition
|
|
Term
| A P2P redirect differs from a DDoS because |
|
Definition
| the attacker doesn't have to control each host (make them bots), just convince them to redirect their legitimate P2P traffic |
|
|
Term
| Similar to a P2P redirect, a ___ uses responses from legitimate service to flood a victim |
|
Definition
|
|
Term
| in a reflected attack the attacker sends ___ to existing legitimate servers. All ___ are sent to the victim. |
|
Definition
spoofed requests
responses |
|
|
Term
| Using a botnet in a reflected attack is known as a |
|
Definition
| Distributed reflected denial of service (DRDoS) |
|
|
Term
| ___ is a variation of a reflected attack that takes advantage of an indirectly configured network device to flood a victim |
|
Definition
|
|
Term
| in a smurf flood, the attacker sends a ___ to a network device that forwards the request to ___. |
|
Definition
spoofed ICMP echo request
all internal hosts |
|
|
Term
| ___ is a well known older attack that uses an illegally large IP packet to crash the victim's operating system |
|
Definition
|
|
Term
| Malformed SMS messages can be used to crash cell phones in an attack called ___ |
|
Definition
|
|
Term
| ___ is dropping all IP packets from an attacker to stop a DoS attack |
|
Definition
|
|
Term
| A firewall can create a ___. This is done when an SYN segment arrives, the firewall itself sends back a SYN/ACK agreement without passing traffic to the server |
|
Definition
|
|
Term
| ___ can be used to reduce a certain type of traffic to a reasonable amount |
|
Definition
|
|
Term
| DoS attacks are community problems that can only be stopped with the help of ___ and ___ |
|
Definition
ISPs
organizations whose computers are bots |
|
|
Term
| ___ is used to resolve 32 bit IP addresses into 48 bit local MAC adresses |
|
Definition
| Address Resolution Protocol (ARP) |
|
|
Term
| ___ is a network attack that manipulates host ARP tables to reroute LAN traffic |
|
Definition
|
|
Term
| An attacker uses ARP poisoning to reroute traffic for a ___ |
|
Definition
|
|
Term
| ARP poisoning only works on ___ traffic |
|
Definition
|
|
Term
| rerouting traffic using ARP poisoning is an attack on both ___ and ___ |
|
Definition
| functionality and confidentiality |
|
|
Term
| an ARP DoS attack is an attack on the ___ of the network |
|
Definition
|
|
Term
| Describe normal ARP operation |
|
Definition
a router receives a packet to an IP.
it sends an ARP request to every host asking if they have that IP
Only the host with the requested IP responds with an ARP reply that contains the MAC address.
The switch records the MAC and sends the packet for the IP to that MAC. It doesn't use the IP |
|
|
Term
| ARP requests and replies don't require ___ or ___ |
|
Definition
| authentication or verification |
|
|
Term
| ___ uses false ARP replies to map any IP address to any MAC address |
|
Definition
|
|
Term
| With modification spoofed ARP replies can be used to stop all traffic on the LAN as part of a ___ |
|
Definition
|
|
Term
| ARP poisoning can be prevented by using ___ and ___ |
|
Definition
| Static IP tables and Static ARP tables |
|
|
Term
| A ___ can sit outside of corporate walls and attack a wireless LAN |
|
Definition
|
|
Term
| A ___ can be used to intercept and read legitimate traffic |
|
Definition
|
|
Term
| the ___ standard provides access control to prevent illegitimate clients from associating with a network |
|
Definition
|
|
Term
| 802.1X makes the Ethernet workgroup switch the ___ to the network |
|
Definition
|
|
Term
| the 802.1X standard is ___ |
|
Definition
| port based access control |
|
|
Term
| A switch isn't burdened with heavy authentication work. For that a switch relies on ___ |
|
Definition
| central authentication server |
|
|
Term
| A central authentication server has ___ |
|
Definition
| credentials checking authentication data and the processing power needed to check passwords biometrics and other credentials |
|
|
Term
| What are the advantages in using a central authentication server instead of each workgroup switch doing the work? |
|
Definition
Cost savings: reduces the cost of each workgroup switch
Consistency: checking is always the same no matter what workgroup switch the attacker connects to.
Immediate Changes: can immediately access control changes |
|
|
Term
| 802.1X relies on another protocol, the ___ to govern the specifics of authentication interactions. |
|
Definition
| Extensible Authentication Protocol (EAP) |
|
|
Term
| For EAP, authentication messages go between the authentication server and the supplicant. The autheticator switch passes the message through. This is ___ |
|
Definition
|
|
Term
| EAP is called ___ becuase it is easy to add new authentication methods |
|
Definition
|
|
Term
| With pass through operation means once a firm's switches run EAP there is no need to ___ whenever authentication methods change |
|
Definition
|
|
Term
| ___ is a client/server protocol with the authenticator being the client and the central authentication being the server |
|
Definition
|
|
Term
| the RADIUS protocol provides ___ and ___ |
|
Definition
| authentication and authorization |
|
|
Term
| Users connect to wireless LANs via radiowaves to a ___ using ___ standards developed by the ___ |
|
Definition
wireless access point (AP)
802.11
IEEE 802.11 Working Group. |
|
|
Term
| Wireless attacks focus on ___ |
|
Definition
|
|
Term
| Name the three types of wireless network attacks: |
|
Definition
unauthorized network access
man in the middle using an evil twin
wireless DoS |
|
|
Term
| ___ are unauthorized access points set up by individuals or departments with little or no security |
|
Definition
|
|
Term
| Reasons to prevent unauthorized users from accessing WLAN: |
|
Definition
prevent harm to internal resources
prevent external harm that appears to come from your network |
|
|
Term
| ___ is used in order to pick up wireless packets addressed to other hosts. |
|
Definition
| radio frequency monitoring (RFMON) |
|
|
Term
| An attacker can pick up packets in ___ which allows him to receive messages addressed to other users |
|
Definition
|
|
Term
| Focusing electronic attacks on specific high value targets is known as ___ |
|
Definition
|
|
Term
| An ___ is simply a PC that has software to allow it to masquerade as an access point |
|
Definition
|
|
Term
| To address an evil twin threat, some companies require clients coming in via remote access to establish a ___ as well |
|
Definition
|
|
Term
| wireless DoS attacks are designed to affect the ___ of the network |
|
Definition
|
|
Term
| Wireless 802.11 networks transmit on a ___ and/or ___ |
|
Definition
|
|
Term
| Attackers can alter wireless devices to flood frequency bands with ___, AKA ___. This extra ___ damages packages |
|
Definition
electromagnetic interference (EMI)
radio frequency interference (RFI)
Noise |
|
|
Term
| An attacker can send attack commands to clients, APs or both. These attack commands are actually 802.11 ___ or ___ used to manage the connection of hosts and transmission signals. |
|
Definition
|
|
Term
___ tell other wireless clients that you want to transmit for a given amount of time.
___ tell other clents that you have received an RTS frame and they shouldn't transmit until the designated time expires. |
|
Definition
Request to send (RTS) frame
Clear to send (CTS) frame |
|
|
Term
| 802.1X cant't be applied directly to 802.11 wireless LANs. It had to be extended and it is called ___. |
|
Definition
|
|
Term
| EAP has a serious security limitation. What is it? |
|
Definition
| It assumes the connection between the supplicant and the authenticator is secure |
|
|
Term
| To provide security between the wireless client and the access point, and prevent and EAP attack, 802.1X was enhanced to a new standard called ___ |
|
Definition
|
|
Term
| The 802.11i enhancement comes through ___ to add security.In this new security, the authenticator establishes an SSL/TLS secure connection to the wireless client. In this ___, the access point has a digital certificate used to authenticate itself to the client. |
|
Definition
extending EAP standards
outer authentication |
|
|
Term
| After the outer authentication, the next step is the wireless client authenticates itself via EAP. This is called ___ |
|
Definition
|
|
Term
| There are two extended EAP standards that are common. What are they and what are they used for. |
|
Definition
EAP-TLS: the inner authentication also uses TLS. This requires the supplicant to have a digital certificate. Secure but expensive.
Protected EAP (PEAP): For inner authentication using PEAP, the client can use any method specified in the EAP standard, ranging from passwords through digital certificates |
|
|
Term
| for 802.11 WLANs, ___ protect communication between the wireless client and the access point. |
|
Definition
| core wireless security protocols |
|
|
Term
| the ___ standards provides basic security between wireless access points and the wireless clients. This turned out to be ___. |
|
Definition
wired equivalent privacy (WEP)
fatally flawed |
|
|
Term
| Using WEP is worse than no security because it provides a ___ |
|
Definition
|
|
Term
| WEP mandates ___ meaning the access point and all stations using it use the same key for all cryptographic communications |
|
Definition
|
|
Term
| If an attacker reads two messages encrypted with the same key using RC4, the attacker can find___ immediately. |
|
Definition
|
|
Term
| WEP encrypts each frame with a ___ that consists of the shared RC4 key plus a ___ that is different for each frame. |
|
Definition
per-frame key
24 bit initialization vector (IV) |
|
|
Term
| WPA extends teh security of RC4 primarily by increasing the IV from ___ to ___ |
|
Definition
|
|
Term
| Nearly all wireless access points and wireless network interfaces cards today can support ___ |
|
Definition
|
|
Term
| ___/___ was created for homes or small businesses that only have a single access point |
|
Definition
| Pre Shared Key (PSK)/personal mode |
|
|
Term
| all wireless clients authenticate themselves to the access point using a ___ used by all clients. They are bad for security because people ___ |
|
Definition
shared initial key
give them to unauthorized people |
|
|
Term
| After authentication, the access point sends the client an ___ |
|
Definition
|
|
Term
| in 802.11i or WPA in PSK/Personal mode, passphrases must be at least ___ characters long |
|
Definition
|
|
Term
| companies that have central management for their many access points can purchase |
|
Definition
| centralized wireless intrusion detection system software |
|
|
Term
| There are two alternatives to using centralized wireless IDS: Name them . Neither are ___. |
|
Definition
Not worry about intrusion detection
walk around with a laptop that has wireless IDS software
effective |
|
|
Term
| All 802.11 wireless LAN standards use ___ which spreads the signal over a wide range of frequencies |
|
Definition
| spread spectrum transmission |
|
|
Term
| To work with an access point, a station must know the access point's ___. |
|
Definition
| Service Set Identifier (SSID) |
|
|
Term
| Turning of ___ would seem to offer security. However, even if it is off, the ___ will still be transmitted in the clear in the header of each transmitted ___. |
|
Definition
SSID broadcasting
SSID
Frame |
|
|
Term
| Changing WEP keys is ___. |
|
Definition
|
|
