100% tevredenheidsgarantie Direct beschikbaar na betaling Zowel online als in PDF Je zit nergens aan vast
logo-home
SANS SEC401 Question and answer latest update €10,31   In winkelwagen

Tentamen (uitwerkingen)

SANS SEC401 Question and answer latest update

 9 keer bekeken  0 keer verkocht
  • Vak
  • Instelling

SANS SEC401 Question and answer latest update Conceptual Design (network architecture) Includes the core components of a network architecture Will consider OS platforms, server services, critical core operational functions, etc. Helps to understand the overall purpose the network ('WHY' we ...

[Meer zien]

Voorbeeld 4 van de 53  pagina's

  • 24 juni 2024
  • 53
  • 2023/2024
  • Tentamen (uitwerkingen)
  • Vragen en antwoorden
avatar-seller
SANS SEC401 Question and answer latest
update
Conceptual Design (network architecture)
Includes the core components of a network architecture

Will consider OS platforms, server services, critical core operational functions, etc.

Helps to understand the overall purpose the network ('WHY' we have it and the "WHAT' it helps us to
achieve)

May utilize the concept of "closed-box" diagramming


TTP
Tactics
Techniques
Procedures


Logical design (network architecture)
Represents the logical functions in the system

Putting the conceptional design on paper

Maps the components of the conceptual design via the use of a network diagram

Next parts of the architecture understanding will leverage and build upon this design step

Uses icons to depict workstations servers printers routers switches and other devices connected to
the network


Physical design (network architecture)
Builds upon the logical design by providing detailed aspects of the network components

Details might include: versions, patch levels, hardening configurations, risk categorization, etc.

Physical design also considers physical risks such as network cable location, risk of communication
interception, etc.

Physical security can betray logical security controls

Details include OS version, patches, hardening configurations, risks, physical security


Communication Flow
Understanding Who accesses data ? When (at what times) data is accessed ? How much data is
accessed ?

Will lead to the development of a baseline - knowing normal allows abormal to stand out.


Never a 'one and done'. Continual updating is necessary.


Threat Agents

,Opportunistic

Organized cyber crime

Advanced Persistent Threats (nation states)


Attacks Against Routers (5 examples)
Denial of Service

Distributed Denial of Service

Packet Sniffing

Packet Misrouting

Routing Table Poisoning


Attacks against switches (5 examples)
CDP Information Disclosure

MAC Flooding

DHCP Manipulation

STP Manipulation

VLAN Hopping


CDP Information Disclosure
Cisco Discovery Protocol is used for switches to communicate about other devices are discoverable on
the network. Exploiting this protocol would give information about types and versions of switches, OS,
usernames and administrative accounts on the switches, etc.


MAC Flooding
Flooding the network with fake Media Access Control (MAC) addresses may degrade the switch and
force it into downgrading into a hub, giving the attackers access to the overall network.


DHCP Manipulation
Dynamic Host Configuration Protocol is used to communicate the network configuration to other
devices on the network. An attacker could monitor this protocol and respond to DHCP requests
sooner than the intended recipient, placing the attacker's device in the middle of legitimate network
traffic - a type of Machine in the Middle position.


STP Manipulation
Spanning Tree Protocol is used to ensure that switches do not get stuck in a switch loop. The protocol
is similar to CDP and the attack is similar - the manipulation could lead a network reconfiguration to
cause a DoS or a MiTM.


VLAN Hopping

,Virtual Local Area Network is a way for switches to segment a network into different areas for security
purposes. A VLAN hopping attack fools the VLAN into allowing packets into a prohibited VLAN
segment.


Physical Topology
How devices are physically connected together

How communications are sent over the physical connection (electrical signaling, pulses of light, radio,
etc.)


Logical Topology
How communication is logically formed prior to transmission


Ethernet
Most common communication mechanism on networks worldwide

Uses CSMA/CD (Carrier Sense with Multiple Access / Collision Detection) that is, it listens to ensure
only one station communicates at a time and monitors the transitions to detect collisions.


Segmentation (network design)
Segmentation = separation

Assets should not be able to communicate unabated

Concept of principle of least privilege


Software Defined Networking (SDN)
Networking from a virtualized concept

Can visualize the network as a whole and segment accordingly

Can be achieved programmatically


Benefits of network architecture understanding
Situational awareness

Prioritization of effort

Reduced cost of effort

Timely detection of attacks

Timely detection = timely response = reduction of damage


Network design objectives
Protect internal network from external attacks

Provide defense in depth through a tiered architecture

Control flow of information between systems

, Network sections
Public

Semi public (DMZ)

Middleware

Private


DMZ (network section, tier)
Demilitarized zone - a network tier intended to be public facing, systems include web servers, email
servers, DNS, etc.

This tier is at greater risk of compromise because it faces the public internet at all times. Assume it
will be compromised.


Middleware (network section, tier)
A network segmentation to separate the DMZ from the private, internal network. An example may
include a proxy, which inspects traffic coming in from the DMZ intended for a database on the private
network. The middleware inspects traffic for threats. Traffic from the private network intended for
the DMZ is also inspected in the proxy (reverse proxy).


Private (network section, tier)
The internal network of the organization, an area of higher trust and less risk, it is not connected
directly to the public internet, security, such as firewalls are still present.


3 rules of tiered network architecture
1. Any system visible from the internet must reside in the DMZ and may not contain sensitive data.

2. Sensitive data must reside on the internal, private network and not be accessible from the public,
internet

3. DMZ systems can only communicate with private systems through middleware proxies.


What is a network protocol
A set of rules dictating how computer networks communicate through network hardware and
software. The protocols define the format and order of messages and actions to be taken.


What is a protocol stack
A set of network protocol layers that work together to implement communications.


Three purposes for communication protocols
1. Standardize the format of a communication
2. Specify the order or time of communication
3. To allow all parties to determine the meaning of the communication


ISO OSI Protocol Stack

Voordelen van het kopen van samenvattingen bij Stuvia op een rij:

√  	Verzekerd van kwaliteit door reviews

√ Verzekerd van kwaliteit door reviews

Stuvia-klanten hebben meer dan 700.000 samenvattingen beoordeeld. Zo weet je zeker dat je de beste documenten koopt!

Snel en makkelijk kopen

Snel en makkelijk kopen

Je betaalt supersnel en eenmalig met iDeal, Bancontact of creditcard voor de samenvatting. Zonder lidmaatschap.

Focus op de essentie

Focus op de essentie

Samenvattingen worden geschreven voor en door anderen. Daarom zijn de samenvattingen altijd betrouwbaar en actueel. Zo kom je snel tot de kern!

Veelgestelde vragen

Wat krijg ik als ik dit document koop?

Je krijgt een PDF, die direct beschikbaar is na je aankoop. Het gekochte document is altijd, overal en oneindig toegankelijk via je profiel.

Tevredenheidsgarantie: hoe werkt dat?

Onze tevredenheidsgarantie zorgt ervoor dat je altijd een studiedocument vindt dat goed bij je past. Je vult een formulier in en onze klantenservice regelt de rest.

Van wie koop ik deze samenvatting?

Stuvia is een marktplaats, je koop dit document dus niet van ons, maar van verkoper ACADEMICAIDSTORE. Stuvia faciliteert de betaling aan de verkoper.

Zit ik meteen vast aan een abonnement?

Nee, je koopt alleen deze samenvatting voor €10,31. Je zit daarna nergens aan vast.

Is Stuvia te vertrouwen?

4,6 sterren op Google & Trustpilot (+1000 reviews)

Afgelopen 30 dagen zijn er 79650 samenvattingen verkocht

Opgericht in 2010, al 14 jaar dé plek om samenvattingen te kopen

Start met verkopen
€10,31
  • (0)
  Kopen