SANS SEC401 Question and answer latest update
Conceptual Design (network architecture)
Includes the core components of a network architecture
Will consider OS platforms, server services, critical core operational functions, etc.
Helps to understand the overall purpose the network ('WHY' we ...
Physical design also considers physical risks such as network cable location, risk of communication
interception, etc.
Physical security can betray logical security controls
Details include OS version, patches, hardening configurations, risks, physical security
Communication Flow
Understanding Who accesses data ? When (at what times) data is accessed ? How much data is
accessed ?
Will lead to the development of a baseline - knowing normal allows abormal to stand out.
Never a 'one and done'. Continual updating is necessary.
Threat Agents
,Opportunistic
Organized cyber crime
Advanced Persistent Threats (nation states)
Attacks Against Routers (5 examples)
Denial of Service
Distributed Denial of Service
Packet Sniffing
Packet Misrouting
Routing Table Poisoning
Attacks against switches (5 examples)
CDP Information Disclosure
MAC Flooding
DHCP Manipulation
STP Manipulation
VLAN Hopping
CDP Information Disclosure
Cisco Discovery Protocol is used for switches to communicate about other devices are discoverable on
the network. Exploiting this protocol would give information about types and versions of switches, OS,
usernames and administrative accounts on the switches, etc.
MAC Flooding
Flooding the network with fake Media Access Control (MAC) addresses may degrade the switch and
force it into downgrading into a hub, giving the attackers access to the overall network.
DHCP Manipulation
Dynamic Host Configuration Protocol is used to communicate the network configuration to other
devices on the network. An attacker could monitor this protocol and respond to DHCP requests
sooner than the intended recipient, placing the attacker's device in the middle of legitimate network
traffic - a type of Machine in the Middle position.
STP Manipulation
Spanning Tree Protocol is used to ensure that switches do not get stuck in a switch loop. The protocol
is similar to CDP and the attack is similar - the manipulation could lead a network reconfiguration to
cause a DoS or a MiTM.
VLAN Hopping
,Virtual Local Area Network is a way for switches to segment a network into different areas for security
purposes. A VLAN hopping attack fools the VLAN into allowing packets into a prohibited VLAN
segment.
Physical Topology
How devices are physically connected together
How communications are sent over the physical connection (electrical signaling, pulses of light, radio,
etc.)
Logical Topology
How communication is logically formed prior to transmission
Ethernet
Most common communication mechanism on networks worldwide
Uses CSMA/CD (Carrier Sense with Multiple Access / Collision Detection) that is, it listens to ensure
only one station communicates at a time and monitors the transitions to detect collisions.
Software Defined Networking (SDN)
Networking from a virtualized concept
Can visualize the network as a whole and segment accordingly
Can be achieved programmatically
Benefits of network architecture understanding
Situational awareness
Prioritization of effort
Reduced cost of effort
Timely detection of attacks
Timely detection = timely response = reduction of damage
Network design objectives
Protect internal network from external attacks
Provide defense in depth through a tiered architecture
Control flow of information between systems
, Network sections
Public
Semi public (DMZ)
Middleware
Private
DMZ (network section, tier)
Demilitarized zone - a network tier intended to be public facing, systems include web servers, email
servers, DNS, etc.
This tier is at greater risk of compromise because it faces the public internet at all times. Assume it
will be compromised.
Middleware (network section, tier)
A network segmentation to separate the DMZ from the private, internal network. An example may
include a proxy, which inspects traffic coming in from the DMZ intended for a database on the private
network. The middleware inspects traffic for threats. Traffic from the private network intended for
the DMZ is also inspected in the proxy (reverse proxy).
Private (network section, tier)
The internal network of the organization, an area of higher trust and less risk, it is not connected
directly to the public internet, security, such as firewalls are still present.
3 rules of tiered network architecture
1. Any system visible from the internet must reside in the DMZ and may not contain sensitive data.
2. Sensitive data must reside on the internal, private network and not be accessible from the public,
internet
3. DMZ systems can only communicate with private systems through middleware proxies.
What is a network protocol
A set of rules dictating how computer networks communicate through network hardware and
software. The protocols define the format and order of messages and actions to be taken.
What is a protocol stack
A set of network protocol layers that work together to implement communications.
Three purposes for communication protocols
1. Standardize the format of a communication
2. Specify the order or time of communication
3. To allow all parties to determine the meaning of the communication
ISO OSI Protocol Stack
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller LectAziim. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for £8.58. You're not tied to anything after your purchase.
