Endpoint security and authentication
Endpoint authentication:
An authentication mechanism used to verify the identity of a networks
external or remote connecting device.
This method ensures that only valid or authorized endpoint devices are
connected to a network
Endpoint devices include laptops, smartphones, tablets and servers
Endpoint security:
An approach to network protection that requires each computing device on a
corporate network to comply with certain standards before network access is
granted
Forms of endpoint security include personal firewalls, anti-virus software
Which of the following is not a characteristic of an NIDS?
Generates false positives (THIS ONE)
High maintenance
Resource intensive
Effective at stopping a wide variety of attacks
Can stop any packets identified as malicious
Process memory protection and isolation
Turn on DEP for essential Windows programs and services only
Which of the following kinds of firewall can explicitly target HTTP protocol
attacks?
Probe – scanning the network for vulnerabilities
Penetrate – exploiting the victim machine
Persist – making sure the exploit sticks to the victim
Propagate – spreading and propagating the virus to other machines
Paralyze – causing permanent damage to machine. Computer crash,
corrupt data, etc.
Virus – type of malicious malware that, when executed, replicates by inserting
copies of itself into other programs
Rootkit – set of software tools that enable an unauthorized user to gain control of a
computer system without being detected
Conficker worm – computer worm targeting windows operating system. It uses
flaws in Windows software and dictionary attacks on administrator passwords to
propagate while forming a botnet
Intrusion Prevention and Detection Systems
Intrusion Detection System:
Monitors traffic
An IDS cannot take immediate action
Intrusion Prevention System:
An IPS can take immediate action
Stops attacks
IPS takes action when attack signature detected
IPS is not cheap or low-maintenance
False positives, maintenance cost, resource intensive
Honeypot is a decoy system
Honeypots lure and then trap hackers
Can distract and confuse attackers
Can log attacks in detail
Collect data on attackers and methods
Describe the purpose and operation of VPN types
Virtual Private Networks
A Virtual Private Network (VPN) provides the same network connectivity for
remote users over a public infrastructure as they would have over a private
network
VPN services for network connectivity include: authentication, data integrity,
confidentiality
Lower cost, More flexible, simpler management, tunnel topology
Site-to-site VPNs:
Intranet VPNs connect corporate headquarters, remote offices, and branch
offices over a public infrastructure.
Extranet VPNs link customers, suppliers, partners, or communities of interest
to a corporate Intranet over a public infrastructure
Remote Access VPNs:
Which securely connect remote users, such as mobile users and
telecommuters, to the enterprise
Describe the components and operations of IPSec VPNs
A “framework” of open standards developed by the IETF to create a secure tunnel at
the network (IP) layer
IPsec is not bound to any specific encryption or authentication algorithms, keying
technology, or security algorithms
IPSec provides two different modes to exchange protected data across the different
kinds of VPNs:
Transport Mode
This mode is applicable only for host-to-host security. Here protection extends
to the payload of IP data. The IP addresses of the hosts must be public IP
addresses
Tunnel Mode
This mode is used to provide data security between two networks. It provides
protection for the entire IP packet and is sent by adding an outer IP header
corresponding to the two tunnel end-points. The unprotected packets
generated by hosts travel through the protected "tunnel" created by the
gateways on both ends. The outer IP header in Figure 2 corresponds to these
gateways. Both intranet and extranet VPNs are enabled through this mode.
Since tunnel mode hides the original IP header, it facilitates security of the
networks with private IP address space
What is the function of the IPsec transform set?
The IPsec transform set specifies the cryptographic algorithms and functions
(transforms) that a router employs on the actual data packets sent through
the IPsec tunnel. These algorithms include the encryption, encapsulation,
authentication, and data integrity services that IPsec can apply
Describe cryptographic methods for implementing data
confidentiality and integrity
RSA, DES, 3DES. They use a combination of crypto algorithm and a hashing
method
RSA (Rivest-Shamir-Adleman)
Is an internet encryption and authentication system
Is a cryptosystem, known as one of the first practicable public-key
cryptosystems and is widely used for secure data transmission
DES (Data Encryption Standard)
Symmetric-key algorithm for the encryption of electronic data
3DES
Symmetric-key block cipher which applies the Data Encryption Standard
cipher algorithm 3 times to each data block
Cryptography
Study of code and cipher systems
Provides confidentiality but not secrecy
Cryptoanalysis
How to break codes and ciphers
SIGINT
Intelligence from interception of signals
COMINT
Communication intelligence (signals between people)
ELINT
Electronic intelligence (radar, other non-communications)
Interception could violate confidentiality and integrity