Security+ SY0-301 Chapter 8

Flashcard maker : Lily Taylor
Security failures can occur in two ways
First, a failure can allow unauthorized users
access to resources and data they are not authorized to use, compromising information security. Second, a failure can prevent a user from accessing resources and data the user is authorized to use.
Devices are needed to
connect the clients and servers and to regulate the traffic between them
Devices come in many forms and with many
from hubs and switches, to routers, wireless access points, and special-purpose devices such as virtual private network (VPN) devices. Each device has a specific
network function and plays a role in maintaining network infrastructure security.
The workstation
is the machine that sits on the desktop and is used
every day for sending and reading e-mail, creating spreadsheets, writing reports in a word processing program, and playing games.
Even secure networks can fall prey to virus and worm contamination
and infection has been known to come from commercial packages.
Out-of-date definitions can lead to a false sense of security
and many of the most potent virus and worm attacks are the newest ones being developed.
A virus is
a piece of software that must be introduced to the network and then executed on a machine. Workstations are the primary mode of entry for a virus into a network.
Although a lot of methods can be used to introduce a virus to a network
the two most common are transfer of an infected file from another networked machine and from e-mail.
Apple Macintosh computers had very few examples of malicious software in the wild.
As Mac has increased in market share, so has its exposure, and today a variety of Mac OS X malware steals files and passwords and is even used to take users’
pictures with the computer’s built-in webcam.
When the transferred file is executed
the virus is propagated.
The practice of disabling or removing unnecessary devices and software from workstations is also a sensible precaution
If a particular service, device, or account is not needed, disabling or removing it will prevent its unauthorized use by others.
The primary method of controlling the security impact of a workstation on a network is to reduce the available attack surface area.
Turning off all services that are not needed or permitted by policy will reduce the number of vulnerabilities.
are the computers in a network that host applications and data for everyone to share.
The key management issue behind running a secure server setup is to
identify the specific needs of a server for its proper operation and enable only items necessary for those functions.
Some types of servers, such as e-mail servers, can require
extensive antivirus protection because of the services they provide.
network interface card (NIC)
is a card with a connector port for a particular type of network connection, either Ethernet or Token Ring. The most common network type in use for local area networks is the Ethernet protocol, and the most common connector is the RJ-45 connector.
The purpose of a NIC is to provide lower level protocol functionality from
the OSI (Open System Interconnection) model. A NIC is the physical connection between a computer and the network.
NICs are serialized with a unique code, referred to as
a Media Access Control address (MAC address). These are created by the manufacturer, with a portion being manufacturer and a portion being a serial number, guaranteeing uniqueness.
are networking equipment that connect devices using the same protocol at the physical layer of the OSI model.
All connections on a hub share a single collision domain,
a small cluster in a network where collisions occur. As network traffic increases, it can become limited by collisions.
are networking equipment that connect devices using the same protocol at the physical layer of the OSI model. A bridge operates at the data link layer, filtering traffic based on MAC addresses.
form the basis for connections in most Ethernet-based local area networks (LANs).
A switch has separate collision domains for each port.
This means that for each port, two collision domains exist: one from the port to the client on the downstream side and one from the switch to the network upstream. When full duplex is employed, collisions are virtually eliminated from the two nodes, host and client.
Switches operate at the data link layer, while routers act at the network layer.
For intranets, switches have become what routers are on the Internet.
A switch is usually a layer 2 device
but layer 3 switches incorporate routing functionality.
Switches are commonly administered using
the Simple Network Management Protocol (SNMP) and Telnet protocol, both of which have a serious weakness in that they send passwords across the network in clear text.
An additional problem is that switches are shipped with default passwords,
and if these are not changed when the switch is set up, they offer an unlocked door to a hacker.
virtual local area networks (VLANs)
“broadcast domain within a switched network,” meaning that information is carried in broadcast mode only to
devices within a VLAN.
Switches that allow multiple VLANs to be defined enable broadcast messages to be segregated into the specific VLANs.
This configuration increases network segregation, increasing throughput and security.
Unused switch ports can be preconfigured into
empty VLANs that do not connect to the rest of the network. This significantly increases security against unauthorized network connections.
Switches operate at level 2, and at this level there is no countdown mechanism to kill packets that get caught in loops or on paths that will never resolve
To prevent loops, a technology called Spanning Trees
is employed by virtually all switches, allows for multiple,
redundant paths, while breaking loops to ensure a proper broadcast pattern.
are network traffic management devices used to connect different network segments together. Routers operate at the network layer of the OSI model, routing traffic using the network address (typically an IP address) utilizing routing protocols to determine optimal routing paths across a network.
Routers form the backbone of the Internet
moving traffic from network to network, inspecting packets from every communication as they move traffic in optimal paths.
Routers use access control lists (ACLs) as a method of
deciding whether a packet is allowed to enter the network.
As with switches, it is important to ensure that the administrative password
is never passed in the clear, only secure mechanisms are used to access the router, and all of the default passwords are reset to strong passwords.
he most assured point of access for router management control is
via the serial control interface port. This allows access to the control aspects of the router without having to deal with traffic related issues.
A firewall can
be hardware, software, or a combination whose purpose is to enforce a set of network security policies across network connections.
Security policies
are rules that define what traffic is permissible and what traffic is to be blocked or denied.
At a minimum, the corporate connection
to the Internet should pass through a firewall.
This firewall should block all network traffic except that specifically authorized by the firm.
Firewalls are designed to block attacks before they reach a target machine.
Common targets are web servers, e-mail servers, DNS servers, FTP services, and databases.
Firewalls enforce the established security policies through a variety of mechanisms,
including the following:
• Network Address Translation (NAT)
• Basic packet filtering
• Stateful packet filtering
• ACLs
• Application layer proxies
NAT is a technique used
in IPv4 to link private IP addresses to public ones. Private IP addresses are sets of IP addresses that can be used by anyone and by definition are not routable across the Internet.
Basic packet filtering, the next most common firewall technique
involves looking at packets, their ports, protocols, and source and destination addresses, and checking that
information against the rules configured on the firewall.
Stateful means
that the firewall maintains, or knows, the context of a conversation. In many cases, rules depend on the context of a specific communication connection.
A disadvantage of stateful monitoring is that
it takes significant resources and processing to perform this type of monitoring, and this reduces efficiency and requires more robust and expensive hardware.
Some high-security firewalls also employ application layer proxies.
Packets are not allowed to traverse the firewall, but data instead flows up to an application that in turn decides what to do with it.
Firewalls can be very effective in blocking a variety of flooding attacks
including port floods, SYN floods, and ping floods.
The point of entry from a wireless device to a wired network is performed at a device called
a wireless access point, it can support multiple concurrent devices accessing network resources through the network node they provide.
is a shortened form of modulator/demodulator, covering the functions actually performed by the device as it converts analog signals to digital and viceversa.
A DSL modem provides a direct connection between
a subscriber’s computer and an Internet connection at the local telephone company’s switching station.
The most common security device used in cable/DSL connections is
a firewall.
Private branch exchanges (PBXs) are an extension of the public telephone network into a business.
PBXs are computer-based switching equipment designed to connect telephones into the local phone system.
Remote Access Service (RAS)
is a portion of the Windows OS that allows the connection
between a client and a server via a dial-up telephone connection.
is a construct used to provide a secure communication
channel between users across public networks such as the Internet.
Intrusion detection systems (IDSs)
are designed to detect, log, and respond to unauthorized
network or host use, both in real time and after the fact.
Network Access Control
Managing the endpoints on a case-by-case basis as they
connect is a security methodology
SNMP was developed to perform
to enable a central monitoring and control center to maintain, configure, and repair network devices, such as switches and routers, as well as other network services such as firewalls, IDSs, and remote access servers.
network operations center (NOC)
allows operators to observe and interact with the network, using the self-reporting and in some cases self-healing nature of network devices to ensure efficient network operation.
is the creation of virtual systems rather than actual hardware and software. The separation of the hardware and software enables increased flexibility in the enterprise.
Mobile Devices
These devices add several challenges for network
administrators. When they synchronize their data with that on a workstation or server, the opportunity exists for viruses and malicious code to be introduced to the
The base of communications between devices is the physical layer of the OSI model. Four common methods are used to connect
equipment at the physical layer
• Coaxial cable
• Twisted-pair cable
• Fiber-optics
• Wireless
Coaxial Cable
is similar to satellite or cable services, coax was used from machine to machine in early Ethernet implementations at 10 Mbps.
UTP/STP Shielded twisted-pair/Unshielded twisted-pair
Twisted-pair wires have all but completely replaced coaxial cables in Ethernet networks. Twisted-pair wires use the same technology used by the phone company for the movement of electrical signals. Single pairs of twisted wires reduce electrical crosstalk and electromagnetic interference.
Twisted-pair lines are categorized by the level of data transmission they can support
• Category 3 (Cat 3) minimum for voice and 10 Mbps Ethernet
• Category 5 (Cat 5/Cat5e) for 100 Mbps Fast Ethernet; Cat 5e is an enhanced version of the Cat 5 specification to address Far End Crosstalk
• Category 6 (Cat 6) for Gigabit Ethernet
Fiber-optic cable uses beams
of laser light to connect devices over a thin glass wire. The
biggest advantage to fiber is its bandwidth, with transmission capabilities into the terabits per second range.
The high cost of connections to fiber and the higher cost of fiber per foot also make
it less attractive for the final mile in public networks where
users are connected to the public switching systems.
Unguided media is a phrase used
to cover all transmission media not guided by wire, fiber, or other constraints; it includes radio frequency (RF), infrared (IR), and microwave methods.
Infrared (IR)
can also be used to connect devices in a network configuration, but it is slow compared to other wireless
RF waves are a common method of communicating
in a wireless world. Point-to-point microwave links have been installed by many network providers to carry communications over long distances and rough terrain.
A sniffer can
record all the network traffic, and this data can be mined for accounts, passwords, and traffic content, all of which can be useful to an unauthorized user.
One starting point for many intrusions
is the insertion of an unauthorized sniffer into the network, with the fruits of its labors driving the remaining unauthorized activities.
involves using a laptop and software to find wireless networks from outside the premises. A typical use of wardriving is to locate a wireless network with poor (or no) security and obtain free Internet access, but other uses can be more devastating.
Magnetic media
Common forms include hard drives, floppy disks, zip disks, and magnetic tape.
One of the latest advances is full drive encryption built into the drive hardware
Using a key that is controlled, through a Trusted Platform Module (TPM) interface for instance, this technology protects the data if the drive itself is lost or stolen.
Several types of magnetic tape are in use today
ranging from quarter inch to digital linear tape (DLT) and digital audiotape (DAT).
Optical media involve the use of
a laser to read data stored on a physical device.
The advent of large capacity USB sticks has enabled users to
build entire systems, OSs, and tools onto them to ensure security and veracity of the OS and tools.
Cloud computing is a common term used to
describe computer services provided over a network. These computing services are computing, storage, applications and services that are offered via the Internet Protocol.
Clouds can be created by many entities
internal and external to an organization.
Software as a service
acts as software on demand, where the software runs from the cloud
Platform as a service
is a marketing term used to describe the offering of a computing platform in the cloud.
Infrastructure as a service
is a term used to describe cloud-based systems that are delivered as a virtual platform for computing.
A key characteristic of a network is its layout, or topology
A proper network topology takes security into consideration and assists in “building security” into the network.
Security Zones
Different zones are designed to provide layers of defense,
with the outermost layers providing basic protection and the innermost layers providing the highest level of protection.
DMZ in a computer network is used to
acts as a buffer zone between the Internet, where no
controls exist, and the inner secure network, where an organization has security policies in place.
The idea behind the use of the DMZ topology is to
force an outside user to make at least one hop in the DMZ before he can access information inside the trusted network.
The term World Wide Web (WWW) is frequently used synonymously to
represent the Internet, but the WWW is actually just one set of services available via the Internet.
Intranet is a term used to
describe a network that has the same functionality as the Internet for users but lies completely inside the trusted area of a network and is under the security control of the system and network administrators. Typically referred to as campus or corporate networks, intranets are used every day in companies around the world.
Content on intranet web servers is not available over the Internet to untrusted users.
This layer of security offers a significant amount of control
and regulation, allowing users to fulfill business functionality while ensuring security.
Should users inside the intranet require access to information from the Internet
a proxy server can be used to mask the requestor’s location.
An extranet is an extension of
a selected portion of a company’s intranet to external
partners. This allows a business to share information with customers, suppliers, partners, and other trusted groups while using a common set of Internet protocols to facilitate
The use of the term extranet implies
both privacy and security. Privacy is required for many communications, and security is needed to prevent unauthorized use and events from occurring.
Data and voice communications have coexisted in enterprises for decades
Recent connections inside the enterprise of Voice over IP and traditional PBX solutions increase both functionality and security risks.
Trunking is the process of
spanning a single VLAN across multiple switches. A trunkbased connection between switches allows packets from a single VLAN to travel between switches.
VLANs are used to divide
a single network into multiple subnets based on functionality.
Network Address Translation (NAT) uses
two sets of IP addresses for resources- one for internal use and another for external (Internet) use.
NAT is used to translate between the two
addressing schemes and is typically performed at a firewall or router
This permits enterprises to use the nonroutable private IP address space internally and reduces the number of external IP addresses used across the Internet.
Three sets of IP addresses are defined as nonroutable
• Class A –
• Class B –
• Class C –
NAT is one of the methods used for enforcing perimeter security by
forcing users to access resources through defined pathways such as firewalls and gateway servers.
Tunneling is a method of
packaging packets so that they can traverse a network in a secure, confidential manner. Tunneling involves encapsulating packets within packets, enabling dissimilar protocols to coexist in a single communication stream. It also can provide significant measures of security and confidentiality through encryption and encapsulation methods.

Get instant access to
all materials

Become a Member