100% satisfaction guarantee Immediately available after payment Both online and in PDF No strings attached
logo-home
SANS SEC401 Question and answer latest update $11.09   Add to cart

Exam (elaborations)

SANS SEC401 Question and answer latest update

 27 views  1 purchase
  • Course
  • Institution

SANS SEC401 Question and answer latest update Conceptual Design (network architecture) Includes the core components of a network architecture Will consider OS platforms, server services, critical core operational functions, etc. Helps to understand the overall purpose the network ('WHY' we ...

[Show more]

Preview 4 out of 53  pages

  • May 22, 2024
  • 53
  • 2023/2024
  • Exam (elaborations)
  • Questions & answers
avatar-seller
SANS SEC401 Question and answer latest
update
Conceptual Design (network architecture)
Includes the core components of a network architecture

Will consider OS platforms, server services, critical core operational functions, etc.

Helps to understand the overall purpose the network ('WHY' we have it and the "WHAT' it helps us to
achieve)

May utilize the concept of "closed-box" diagramming


TTP
Tactics
Techniques
Procedures


Logical design (network architecture)
Represents the logical functions in the system

Putting the conceptional design on paper

Maps the components of the conceptual design via the use of a network diagram

Next parts of the architecture understanding will leverage and build upon this design step

Uses icons to depict workstations servers printers routers switches and other devices connected to
the network


Physical design (network architecture)
Builds upon the logical design by providing detailed aspects of the network components

Details might include: versions, patch levels, hardening configurations, risk categorization, etc.

Physical design also considers physical risks such as network cable location, risk of communication
interception, etc.

Physical security can betray logical security controls

Details include OS version, patches, hardening configurations, risks, physical security


Communication Flow
Understanding Who accesses data ? When (at what times) data is accessed ? How much data is
accessed ?

Will lead to the development of a baseline - knowing normal allows abormal to stand out.


Never a 'one and done'. Continual updating is necessary.


Threat Agents

,Opportunistic

Organized cyber crime

Advanced Persistent Threats (nation states)


Attacks Against Routers (5 examples)
Denial of Service

Distributed Denial of Service

Packet Sniffing

Packet Misrouting

Routing Table Poisoning


Attacks against switches (5 examples)
CDP Information Disclosure

MAC Flooding

DHCP Manipulation

STP Manipulation

VLAN Hopping


CDP Information Disclosure
Cisco Discovery Protocol is used for switches to communicate about other devices are discoverable on
the network. Exploiting this protocol would give information about types and versions of switches, OS,
usernames and administrative accounts on the switches, etc.


MAC Flooding
Flooding the network with fake Media Access Control (MAC) addresses may degrade the switch and
force it into downgrading into a hub, giving the attackers access to the overall network.


DHCP Manipulation
Dynamic Host Configuration Protocol is used to communicate the network configuration to other
devices on the network. An attacker could monitor this protocol and respond to DHCP requests
sooner than the intended recipient, placing the attacker's device in the middle of legitimate network
traffic - a type of Machine in the Middle position.


STP Manipulation
Spanning Tree Protocol is used to ensure that switches do not get stuck in a switch loop. The protocol
is similar to CDP and the attack is similar - the manipulation could lead a network reconfiguration to
cause a DoS or a MiTM.


VLAN Hopping

,Virtual Local Area Network is a way for switches to segment a network into different areas for security
purposes. A VLAN hopping attack fools the VLAN into allowing packets into a prohibited VLAN
segment.


Physical Topology
How devices are physically connected together

How communications are sent over the physical connection (electrical signaling, pulses of light, radio,
etc.)


Logical Topology
How communication is logically formed prior to transmission


Ethernet
Most common communication mechanism on networks worldwide

Uses CSMA/CD (Carrier Sense with Multiple Access / Collision Detection) that is, it listens to ensure
only one station communicates at a time and monitors the transitions to detect collisions.


Segmentation (network design)
Segmentation = separation

Assets should not be able to communicate unabated

Concept of principle of least privilege


Software Defined Networking (SDN)
Networking from a virtualized concept

Can visualize the network as a whole and segment accordingly

Can be achieved programmatically


Benefits of network architecture understanding
Situational awareness

Prioritization of effort

Reduced cost of effort

Timely detection of attacks

Timely detection = timely response = reduction of damage


Network design objectives
Protect internal network from external attacks

Provide defense in depth through a tiered architecture

Control flow of information between systems

, Network sections
Public

Semi public (DMZ)

Middleware

Private


DMZ (network section, tier)
Demilitarized zone - a network tier intended to be public facing, systems include web servers, email
servers, DNS, etc.

This tier is at greater risk of compromise because it faces the public internet at all times. Assume it
will be compromised.


Middleware (network section, tier)
A network segmentation to separate the DMZ from the private, internal network. An example may
include a proxy, which inspects traffic coming in from the DMZ intended for a database on the private
network. The middleware inspects traffic for threats. Traffic from the private network intended for
the DMZ is also inspected in the proxy (reverse proxy).


Private (network section, tier)
The internal network of the organization, an area of higher trust and less risk, it is not connected
directly to the public internet, security, such as firewalls are still present.


3 rules of tiered network architecture
1. Any system visible from the internet must reside in the DMZ and may not contain sensitive data.

2. Sensitive data must reside on the internal, private network and not be accessible from the public,
internet

3. DMZ systems can only communicate with private systems through middleware proxies.


What is a network protocol
A set of rules dictating how computer networks communicate through network hardware and
software. The protocols define the format and order of messages and actions to be taken.


What is a protocol stack
A set of network protocol layers that work together to implement communications.


Three purposes for communication protocols
1. Standardize the format of a communication
2. Specify the order or time of communication
3. To allow all parties to determine the meaning of the communication


ISO OSI Protocol Stack

The benefits of buying summaries with Stuvia:

Guaranteed quality through customer reviews

Guaranteed quality through customer reviews

Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.

Quick and easy check-out

Quick and easy check-out

You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.

Focus on what matters

Focus on what matters

Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!

Frequently asked questions

What do I get when I buy this document?

You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.

Satisfaction guarantee: how does it work?

Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.

Who am I buying these notes from?

Stuvia is a marketplace, so you are not buying this document from us, but from seller LectAziim. Stuvia facilitates payment to the seller.

Will I be stuck with a subscription?

No, you only buy these notes for $11.09. You're not tied to anything after your purchase.

Can Stuvia be trusted?

4.6 stars on Google & Trustpilot (+1000 reviews)

67096 documents were sold in the last 30 days

Founded in 2010, the go-to place to buy study notes for 14 years now

Start selling
$11.09  1x  sold
  • (0)
  Add to cart