SANS SEC401 LATEST 2024 GRADED A+

SANS SEC401 LATEST 2024 GRADED A+ Conceptual Design (network architecture) Includes the core components of a network architecture Will consider OS platforms, server services, critical core operational functions, etc. Helps to understand the overall purpose the network ('WHY' we have it and the "WHAT' it helps us to achieve) May utilize the concept of "closed-box" diagramming TTP Tactics Techniques Procedures Logical design (network architecture) Represents the logical functions in the system Putting the conceptional design on paper Maps the components of the conceptual design via the use of a network diagram Next parts of the architecture understanding will leverage and build upon this design step Uses icons to depict workstations servers printers routers switches and other devices connected to the network Physical design (network architecture) Builds upon the logical design by providing detailed aspects of the network components Details might include: versions, patch levels, hardening configurations, risk categorization, etc. Physical design also considers physical risks such as network cable location, risk of communication interception, etc. Physical security can betray logical security controls Details include OS version, patches, hardening configurations, risks, physical security Communication Flow Understanding Who accesses data ? When (at what times) data is accessed ? How much data is accessed ? Will lead to the development of a baseline - knowing normal allows abormal to stand out. Never a 'one and done'. Continual updating is necessary. Threat Agents Opportunistic Organized cyber crime Advanced Persistent Threats (nation states) Attacks Against Routers (5 examples) Denial of Service Distributed Denial of Service Packet Sniffing Packet Misrouting Routing Table Poisoning Attacks against switches (5 examples) CDP Information Disclosure MAC Flooding DHCP Manipulation STP Manipulation VLAN Hopping CDP Information Disclosure Cisco Discovery Protocol is used for switches to communicate about other devices are discoverable on the network. Exploiting this protocol would give information about types and versions of switches, OS, usernames and administrative accounts on the switches, etc. MAC Flooding Flooding the network with fake Media Access Control (MAC) addresses may degrade the switch and force it into downgrading into a hub, giving the attackers access to the overall network. DHCP Manipulation Dynamic Host Configuration Protocol is used to communicate the network configuration to other devices on the network. An attacker could monitor this protocol and respond to DHCP requests sooner than the intended recipient, placing the attacker's device in the middle of legitimate network traffic - a type of Machine in the Middle position. STP Manipulation Spanning Tree Protocol is used to ensure that switches do not get stuck in a switch loop. The protocol is similar to CDP and the attack is similar - the manipulation could lead a network reconfiguration to cause a DoS or a MiTM. VLAN Hopping Virtual Local Area Network is a way for switches to segment a network into different areas for security purposes. A VLAN hopping attack fools the VLAN into allowing packets into a prohibited VLAN segment. Physical Topology How devices are physically connected together How communications are sent over the physical connection (electrical signaling, pulses of light, radio, etc.) Logical Topology How communication is logically formed prior to transmission Ethernet Most common communication mechanism on networks worldwide Uses CSMA/CD (Carrier Sense with Multiple Access / Collision Detection) that is, it listens to ensure only one station communicates at a time and monitors the transitions to detect collisions. Segmentation (network design)