- By Michael Gregg
- Objective 1.1: Explain the security function and purpose of network devices and technologies
- Objective 1.2: Apply and implement secure network administration principles
- Objective 1.3: Distinguish and differentiate network design elements and compounds
- Objective 1.4: Implement and use common protocols
- Objective 1.5: Identify commonly used default network ports
- Objective 1.6: Implement wireless networks in a secure manner
This section contains the answers to the “Can you answer these questions?” sections in this chapter.
Objective 1.1: Explain the security function and purpose of network devices and technologies
Yes, sniffers can capture many types of traffic, including unencrypted FTP traffic. This includes clear text, user name, and password.
You could choose to use an all-in-one device. Typically, these devices reside at the edge of a network and serve multiple purposes, such as SPAM detection, firewall, and virus detection.
URL filtering can be used to deal with this issue. URL filtering can be used to block specific sites that might contain objectionable content such as pornography and gambling.
NIDS are used to capture and analyze network traffic. This form of intrusion detection is widely used and typically deployed with sensors in various locations such as in the DMZ, at the gateway, and in the internal network.
While NIDS are very useful, they do have limits just like any security tool. NIDS can see encrypted traffic but cannot decrypt it or examine the contents.
Objective 1.2: Apply and implement secure network administration principles
The broadcast storm stopped because of loop protection. Loop protection functions by looking for loops in networks and blocking one of the ports to prevent the loop from occurring.
Use port security. With port security, you can filter allowed devices by MAC address. Only approved MAC addresses can connect to and use the active port.
Yes, you can use an ACL. With the ACL, you can set basic controls on the type of traffic that can ingress or egress your network.
Log analysis is a detective control because it is reviewed after the event.
Bridges are considered dumb devices. Switches are smarter and faster. They have replaced bridges in almost all networks.
Objective 1.3: Distinguish and differentiate network design elements and compounds
A natural mask for a class C network is 255.255.255.0. Any value in the last octet besides a zero indicates that it has been subnetted.
PaaS is a way to rent hardware, operating systems, storage, and network capacity over the Internet.
A PBX is a private telephone system designed for use by a company or business. Many companies might have one or more public phone lines and might use the PBX to connect this to many internal private extensions.
Virtualization. Common examples include VMware, Virtual PC, Virtual Server, Hyper-V, and VirtualBox.
NAC is designed to enforce adherence to security policy.
Objective 1.4: Implement and use common protocols
The Encapsulating Security Payload (ESP) header provides privacy and protects against malicious modification.
IPv4 uses a 32-bit address and is being phased out and replaced with IPv6.
The ping. Ping is the most common type of ICMP message.
SSL was developed to secure application data while in transit over the Internet. It was developed by Netscape and set the standard for Internet security at the time of its release. SSL makes use of hybrid encryption.
This CNAME record is an alias.
Objective 1.5: Identify commonly used default network ports
FTP uses port 20 for data exchange.
On Linux systems, SSH typically uses port 22.
TFTP uses UDP for a transport protocol.
HTTP uses TCP port 80.
HTTPS uses port 443.
Objective 1.6: Implement wireless networks in a secure manner
WEP used RC4 and an encryption algorithm.
WPA improved on WEP and made use of a 48-bit IV that does not repeat or roll over.
WPA2 uses AES and can support a 256-bit key.
CCMP provides data confidentiality, authentication, and access control.
EAP is an authentication framework.