Week 4 – Securing Your Networks

1. Why is normalizing log data important in a centralized logging setup?

Answers

·        Log normalizing detects potential attacks.

·        Uniformly formatted logs are easier to store and analyze.

·        The data must be decrypted before sending it to the log server.

·        It’s difficult to analyze abnormal logs.

2. What type of attacks does a flood guard protect against? Check all that apply.

Answers

·        DDoS attacks

·        SYN floods

·        Man-in-the-middle attacks

·        Malware infections

Explanation: A security system known as a flood guard is one that is intended to safeguard against a wide variety of flooding-related threats. It helps to prevent the system or network from being overloaded with an excessive amount of traffic or requests. The deployment of flood guards is an essential component of network security that must be carried out in order to guarantee the availability and dependability of services in the face of intentional flooding assaults.

3. What does DHCP Snooping protect against?

Answers

·        DDoS attacks

·        Rogue DHCP server attacks

·        Brute-force attacks

·        Data theft

Explanation: A network may be protected against malicious DHCP (Dynamic Host Configuration Protocol) servers by using a security feature called DHCP Snooping. Rogue DHCP servers may introduce vulnerabilities into a network by providing clients with network configuration information that is either inaccurate or malicious. This kind of attack may be avoided with the assistance of DHCP Snooping, which validates DHCP servers.

4. What does Dynamic ARP Inspection protect against?

Answers

·        Malware infections

·        ARP poisoning attacks

·        Rogue DHCP server attacks

·        DDoS attacks

Explanation: ARP (Address Resolution Protocol) spoofing attacks may be avoided with the use of a security feature known as Dynamic ARP Inspection, or DAI for short. Sending bogus ARP packets is part of the process known as ARP spoofing. This technique is used to disguise an attacker's MAC address by making it seem to come from the IP address of a valid network device. Validating ARP packets inside a network is one of the ways in which DAI contributes to the prevention of attacks of this kind.

5. What does IP Source Guard protect against?

Answers

·        Brute-force attacks

·        Rogue DHCP server attacks

·        IP spoofing attacks

·        DDoS attacks

Explanation: IP Source Guard is a feature of a security system that guards a network against assaults that include IP address spoofing. An attacker may conduct a variety of assaults against a network by using a technique known as IP address spoofing. This technique includes the attacker faking the source IP address of packets in order to trick the network. By guaranteeing that only legitimate and approved IP addresses are permitted on the network, IP Source Guard contributes to the prevention of assaults of this kind.

6. What does EAP-TLS use for mutual authentication of both the server and the client?

Answers

·        Digital certificates

·        Usernames and passwords

·        One-time passwords

·        Biometrics

Explanation: The Extensible Authentication Protocol with Transport Layer Security, often known as EAP-TLS, is a protocol that utilizes digital certificates for the purpose of performing mutual authentication between the client and the server.Because each party (server and client) owns a distinct certificate that is signed by a reliable certificate authority (CA), the usage of digital certificates in EAP-TLS offers a high degree of security for mutual authentication. This is because EAP-TLS makes use of digital certificates. This facilitates the establishment of a communication channel that is both safe and encrypted between the client and the server.

7. Why is it recommended to use both network-based and host-based firewalls? Check all that apply.

Answers

·        For protection for mobile devices, like laptops

·        For protection against man-in-the-middle attacks

·        For protection against DDoS attacks

·        For protection against compromised hosts on the same network

8. What are some weaknesses of the WEP scheme? Select all that apply.

Answers

·        Its poor key generation methods

·        Its small IV pool size

·        Its use of ASCII characters for passphrases

·        Its use of the RC4 stream cipher

Explanation: Because of these flaws, the WEP encryption protocol is regarded as being very unsafe, and its usage is severely discouraged. The weaknesses of the WEP security protocol have inspired the development of more recent Wi-Fi security protocols such as WPA (Wi-Fi Protected Access) and WPA2/WPA3, which together provide wireless networks a higher level of protection.

9. What symmetric encryption algorithm does WPA2 use?

Answers

·        AES

·        DSA

·        DES

·        RSA

Explanation: The Advanced Encryption Standard (AES) is the primary technique that is used for symmetric encryption in WPA2, also known as Wi-Fi Protected Access 2. In particular, the Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP) is used by WPA2 in order to ensure both the secrecy and integrity of transmitted data.

The Advanced Encryption Standard (AES) is a symmetric encryption algorithm that is well renowned for its high level of security. The incorporation of AES into WPA2 increases the overall security of Wi-Fi networks by providing strong encryption for wireless communications. It took the place of the Temporal Key Integrity Protocol (TKIP), which was used in the first version of WPA (Wi-Fi Protected Access) and was considered to be less secure. When compared to its predecessors, the usage of AES-CCMP in WPA2 is seen as a substantial enhancement in terms of the level of security it provides.

10. How can you reduce the likelihood of WPS brute-force attacks? Check all that apply.

Answers

·        Use a very long and complex passphrase.

·        Update firewall rules.

·        Implement lockout periods for incorrect attempts.

·        Disable WPS.

Explanation: Implementing security measures to defend against unauthorized efforts to guess or break the WPS PIN is one way to reduce the possibility of WPS (Wi-Fi Protected Setup) brute-force attacks. This is done as part of the process of reducing the risk of WPS (Wi-Fi Protected Setup) brute-force attacks. The use of a combination of these security measures improves the safety of WPS and lowers the likelihood that an unsuccessful brute-force attack would be attempted.

11. Select the most secure WiFi security configuration from below:

Answers

·        WPA enterprise

·        WPA2 personal

·        WEP 128 bit

·        WPA personal

·        None

·        WPA2 enterprise

12. What process authenticates clients to a network?

Answers

·        WPA2

·        HMAC-SHA1

·        TKIP

·        Four-way handshake

13. What does tcpdump do? Select all that apply.

Answers

·        Analyzes packets and provides a textual analysis

·        Captures packets

·        Generates packets

·        Encrypts your packets

Explanation: Tcpdump is a sophisticated tool that is often used by developers, network administrators, and security experts for the purpose of debugging, monitoring, and analyzing network traffic. During the process of gathering and analyzing network traffic, it provides flexibility and granularity.

14. What does wireshark do differently from tcpdump? Check all that apply.

Answers

·        It can capture packets and analyze them.

·        It understands more application-level protocols.

·        It has a graphical interface.

·        It can write packet captures to a file.

Explanation: Wireshark has a graphical user interface, which enables users to visually view recorded packets in an approach that is friendlier to newcomers to the software. Tcpdump, on the other hand, is an application that is run from the command line and does not have a graphical user interface.

The display of packets in Wireshark is colorized, which makes it much simpler to identify between the several protocols and packet kinds. The readability of the various sorts of packets is improved by the use of colors that are distinct from one another. Tcpdump presents data in a simple text format without any colorization of the packets it examines.

15. What factors should you consider when designing an IDS installation? Check all that apply.

Answers

·        Internet connection speed

·        Traffic bandwidth

·        OS types in use

·        Storage capacity

Explanation: In order to guarantee that an Intrusion Detection System (IDS) installation is designed properly and can effectively identify and react to security occurrences, considerable attention has to be given to a variety of elements throughout the design process.

It is important to have a solid understanding of the organization's network topology, which includes the positioning of vital resources, subnets, and network segments. Determine the locations where to strategically put IDS sensors in order to monitor the relevant traffic.

Conduct an investigation on the kinds of network traffic that should be anticipated in the setting, including the typical patterns and protocols. Having this insight is beneficial when it comes to establishing proper detection rules and thresholds.

Determine which essential assets and systems need more monitoring and protection, then rank them in order of importance. Put the emphasis of your intrusion detection system (IDS) on the places that would suffer the greatest damage in the event of a security breach.

16. What is the difference between an Intrusion Detection System and an Intrusion Prevention System?

Answers

·        An IDS can actively block attack traffic, while an IPS can only alert on detected attack traffic.

·        An IDS can alert on detected attack traffic, but an IPS can actively block attack traffic.

·        An IDS can detect malware activity on a network, but an IPS can’t

·        They are the same thing.

Explanation: Both an Intrusion Detection System, also known as an IDS, and an Intrusion Prevention System, also known as an IPS, are examples of cybersecurity technologies that are intended to prevent intrusions.

17. What factors would limit your ability to capture packets? Check all that apply.

Answers

·        Network interface not being in promiscuous or monitor mode

·        Anti-malware software

·        Encryption

·        Access to the traffic in question

18. What does tcpdump do?

Answers

·        Handles packet injection

·        Brute forces password databases

·        Generates DDoS attack traffic

·        Performs packet capture and analysis

Explanation: Oh, the tcpdump tool! It's like having access to the networking version of Sherlock Holmes. On a network, it actively searches for and seizes data packets. You may use it to examine what's occurring in the data stream, solve issues, or simply satisfy your natural interest about it.

19. What can protect your network from DoS attacks?

Answers

·        DHCP Snooping

·        Dynamic ARP Inspection

·        Flood Guard

·        IP Source Guard

20. What occurs after a Network Intrusion Detection System (NIDS) first detects an attack?

Answers

·        Triggers alerts

·        Shuts down

·        Blocks traffic

·        Disables network access

21. What does a Network Intrusion Prevention System (NIPS) do when it detects an attack?

Answers

·        It blocks the traffic.

·        It does nothing.

·        It triggers an alert.

·        It attacks back.

Explanation: In its most basic form, NIPS is concerned not only with detecting intrusions but also with actively preventing such intrusions from inflicting damage. It is the watchdog of the digital sphere, keeping constant vigilance and standing ready to repel any attacks from the internet.

22. How do you protect against rogue DHCP server attacks?

Answers

·        IP Source Guard

·        Flood Guard

·        Dynamic ARP Inspection

·        DHCP Snooping

Explanation: This is analogous to having reliable court attendants who keep an eye on which DHCP servers are authorized to distribute content to clients. Your network switches should have DHCP snooping enabled so that they will only let DHCP answers to come from authorized servers.

23. What underlying symmetric encryption cipher does WEP use?

Answers

·        RSA

·        AES

·        RC4

·        DES

Explanation: The Wired Equivalent Privacy protocol, often known as WEP, employs the RC4 stream cipher as its underlying symmetric encryption method. This protocol is no longer used since it is seen to be unsafe and has become outdated. The RC4 stream cipher is a symmetric key stream cipher, which means that it encrypts and decrypts data using the same key.

However, it is essential to keep in mind that WEP is riddled with substantial security flaws, and thus, its use in contemporary Wi-Fi networks is not encouraged. Its encryption may be cracked with relative ease, and as a result, more secure solutions such as WPA (Wi-Fi Protected Access) and WPA2 have been created to compensate for these flaws.

24. What traffic would an implicit deny firewall rule block?

Answers

·        Outbound traffic only

·        Nothing unless blocked

·        Everything that is not explicitly permitted or allowed

·        Inbound traffic only

Explanation: The implicit refuse rule in a firewall is sometimes referred to as "the silent guardian." It acts as an unsung hero that, by default, prevents traffic from being permitted unless it is specifically approved. If a firewall contains an implicit deny rule at the very end of its rule set, then it will prevent any traffic that does not meet any of the explicit allow rules that came before it from passing through.

To put it another way, it's the same as telling someone, "Unless I've specifically said you can come in, you're not getting past the gate." Therefore, the implicit deny rule will cause the firewall to reject any traffic that does not comply with the requirements specified in the rules for the firewall. It provides an additional degree of protection to ensure that only authorized traffic passes through the area.

25. What allows you to take all packets from a specified port, port range, or an entire VLAN and mirror the packets to a specified switch port?

Answers

·        DHCP Snooping

·        Promiscuous Mode

·        Network hub

·        Port Mirroring

Explanation: Oh, you're referring about port mirroring or the Switched Port Analyzer, right? It's just like having a closed-circuit television camera monitoring the traffic on your network! You can duplicate or mirror the packets that are sent from a particular port, port range, or even an entire VLAN by using port mirroring and sending them to another switch port that has been specifically selected.

When doing network analysis, monitoring, or troubleshooting, this comes in helpful. It would be the same as having a copy of all the letters written and received in the kingdom forwarded to a hidden room for review.

To configure port mirroring, you will normally need to visit the settings of your switch and choose the source (the location from which you want to copy the packets) and the destination (the location to which you want to transmit the mirrored packets).

It is a strong tool that network managers may use to maintain a vigilant check on the traffic without interfering with the usual data flow.

26. What kind of attack does IP Source Guard (IPSG) protect against?

Answers

·        IP Spoofing attacks

·        DoS attacks

·        ARP Man-in-the-middle attacks

·        Rogue DHCP Server attacks

Explanation: IP Source Guard (IPSG) operates like a watchful guard tasked with defending the kingdom from the introduction of imposter messengers. It protects especially against attacks that involve impersonating IP addresses.

When conducting an attack using IP address spoofing, hostile actors would intentionally falsify the source IP address of their packets to trick the network. It is the same as mailing letters to people with a fictitious return address to deceive them. IPSG contributes to preventing this issue by checking to see if the IP addresses included inside the incoming packets on a network are identical to the allowed IP addresses connected to the particular ports.

IPSG helps to protect the network's integrity by acting in this manner, which prevents potential attackers from pretending to be someone else on the network. To protect the integrity of the network and guarantee that data packets are only accepted from trusted origins, this critical layer of protection is essential.

27. What can be configured to allow secure remote connections to web applications without requiring a VPN?

Answers

·        Reverse proxy

·        RC4

·        NIDS

·        Web browser

Explanation: Make it mandatory for all of your online apps to utilize HTTPS. SSL/TLS protocols give an extra degree of security by encrypting the data that is sent between the user's device and the web server. This helps to avoid eavesdropping. Put in place multi-factor authentication for an additional degree of protection. To access the online apps, users would need more than simply a password. Typically, users would require a combination of something they know (password) and something they have (for example, a code from a mobile app).