Endpoint security and authentication

Endpoint authentication:

An authentication mechanism used to verify the identity of a networks

external or remote connecting device.
This method ensures that only valid or authorized endpoint devices are
connected to a network
Endpoint devices include laptops, smartphones, tablets and servers

Endpoint security:

An approach to network protection that requires each computing device on a

corporate network to comply with certain standards before network access is
granted
Forms of endpoint security include personal firewalls, anti-virus software

Which of the following is not a characteristic of an NIDS?

Generates false positives (THIS ONE)

High maintenance
Resource intensive
Effective at stopping a wide variety of attacks
Can stop any packets identified as malicious

Process memory protection and isolation

Turn on DEP for essential Windows programs and services only

Which of the following kinds of firewall can explicitly target HTTP protocol
attacks?

Stateless firewall
Stateful firewall
Circuit-level gateway (THIS ONE)
Application proxy

Probe scanning the network for vulnerabilities

Penetrate exploiting the victim machine

Persist making sure the exploit sticks to the victim

Propagate spreading and propagating the virus to other machines
Paralyze causing permanent damage to machine. Computer crash,
corrupt data, etc.

Virus type of malicious malware that, when executed, replicates by inserting

copies of itself into other programs
Rootkit set of software tools that enable an unauthorized user to gain control of a
computer system without being detected
Conficker worm computer worm targeting windows operating system. It uses
flaws in Windows software and dictionary attacks on administrator passwords to
propagate while forming a botnet

Access Management:

Administration, Maintenance, Monitoring, Revocation

Intrusion Prevention and Detection Systems

Intrusion Detection System:

Monitors traffic
An IDS cannot take immediate action

Intrusion Prevention System:

An IPS can take immediate action

Stops attacks
IPS takes action when attack signature detected
IPS is not cheap or low-maintenance
False positives, maintenance cost, resource intensive

Honeypot is a decoy system

Honeypots lure and then trap hackers

Can distract and confuse attackers
Can log attacks in detail
Collect data on attackers and methods

Describe the purpose and operation of VPN types

Virtual Private Networks

A Virtual Private Network (VPN) provides the same network connectivity for
remote users over a public infrastructure as they would have over a private
network
VPN services for network connectivity include: authentication, data integrity,
confidentiality
Lower cost, More flexible, simpler management, tunnel topology

Site-to-site VPNs:

Intranet VPNs connect corporate headquarters, remote offices, and branch

offices over a public infrastructure.
Extranet VPNs link customers, suppliers, partners, or communities of interest
to a corporate Intranet over a public infrastructure

Remote Access VPNs:

Which securely connect remote users, such as mobile users and

telecommuters, to the enterprise

Describe the components and operations of IPSec VPNs

A framework of open standards developed by the IETF to create a secure tunnel at
the network (IP) layer
IPsec is not bound to any specific encryption or authentication algorithms, keying
technology, or security algorithms
IPSec provides two different modes to exchange protected data across the different
kinds of VPNs:
Transport Mode

This mode is applicable only for host-to-host security. Here protection extends
to the payload of IP data. The IP addresses of the hosts must be public IP
addresses

Tunnel Mode

This mode is used to provide data security between two networks. It provides
protection for the entire IP packet and is sent by adding an outer IP header

corresponding to the two tunnel end-points. The unprotected packets

generated by hosts travel through the protected "tunnel" created by the
gateways on both ends. The outer IP header in Figure 2 corresponds to these
gateways. Both intranet and extranet VPNs are enabled through this mode.
Since tunnel mode hides the original IP header, it facilitates security of the
networks with private IP address space

What is the function of the IPsec transform set?

The IPsec transform set specifies the cryptographic algorithms and functions
(transforms) that a router employs on the actual data packets sent through
the IPsec tunnel. These algorithms include the encryption, encapsulation,
authentication, and data integrity services that IPsec can apply

Describe cryptographic methods for implementing data

confidentiality and integrity
RSA, DES, 3DES. They use a combination of crypto algorithm and a hashing
method
RSA (Rivest-Shamir-Adleman)

Is an internet encryption and authentication system

Is a cryptosystem, known as one of the first practicable public-key
cryptosystems and is widely used for secure data transmission

DES (Data Encryption Standard)

Symmetric-key algorithm for the encryption of electronic data

3DES

Symmetric-key block cipher which applies the Data Encryption Standard

cipher algorithm 3 times to each data block

Cryptography

Study of code and cipher systems

Provides confidentiality but not secrecy

Cryptoanalysis

How to break codes and ciphers

SIGINT

Intelligence from interception of signals

COMINT

Communication intelligence (signals between people)

ELINT

Electronic intelligence (radar, other non-communications)

Interception could violate confidentiality and integrity