SANS SEC401 Question and answer latest update
Conceptual Design (network architecture)
Includes the core components of a network architecture
Will consider OS platforms, server services, critical core operational functions, etc.
Helps to understand the overall purpose the network ('WHY' we ...
Physical design also considers physical risks such as network cable location, risk of communication
interception, etc.
Physical security can betray logical security controls
Details include OS version, patches, hardening configurations, risks, physical security
Communication Flow
Understanding Who accesses data ? When (at what times) data is accessed ? How much data is
accessed ?
Will lead to the development of a baseline - knowing normal allows abormal to stand out.
Never a 'one and done'. Continual updating is necessary.
Threat Agents
,Opportunistic
Organized cyber crime
Advanced Persistent Threats (nation states)
Attacks Against Routers (5 examples)
Denial of Service
Distributed Denial of Service
Packet Sniffing
Packet Misrouting
Routing Table Poisoning
Attacks against switches (5 examples)
CDP Information Disclosure
MAC Flooding
DHCP Manipulation
STP Manipulation
VLAN Hopping
CDP Information Disclosure
Cisco Discovery Protocol is used for switches to communicate about other devices are discoverable on
the network. Exploiting this protocol would give information about types and versions of switches, OS,
usernames and administrative accounts on the switches, etc.
MAC Flooding
Flooding the network with fake Media Access Control (MAC) addresses may degrade the switch and
force it into downgrading into a hub, giving the attackers access to the overall network.
DHCP Manipulation
Dynamic Host Configuration Protocol is used to communicate the network configuration to other
devices on the network. An attacker could monitor this protocol and respond to DHCP requests
sooner than the intended recipient, placing the attacker's device in the middle of legitimate network
traffic - a type of Machine in the Middle position.
STP Manipulation
Spanning Tree Protocol is used to ensure that switches do not get stuck in a switch loop. The protocol
is similar to CDP and the attack is similar - the manipulation could lead a network reconfiguration to
cause a DoS or a MiTM.
VLAN Hopping
,Virtual Local Area Network is a way for switches to segment a network into different areas for security
purposes. A VLAN hopping attack fools the VLAN into allowing packets into a prohibited VLAN
segment.
Physical Topology
How devices are physically connected together
How communications are sent over the physical connection (electrical signaling, pulses of light, radio,
etc.)
Logical Topology
How communication is logically formed prior to transmission
Ethernet
Most common communication mechanism on networks worldwide
Uses CSMA/CD (Carrier Sense with Multiple Access / Collision Detection) that is, it listens to ensure
only one station communicates at a time and monitors the transitions to detect collisions.
Software Defined Networking (SDN)
Networking from a virtualized concept
Can visualize the network as a whole and segment accordingly
Can be achieved programmatically
Benefits of network architecture understanding
Situational awareness
Prioritization of effort
Reduced cost of effort
Timely detection of attacks
Timely detection = timely response = reduction of damage
Network design objectives
Protect internal network from external attacks
Provide defense in depth through a tiered architecture
Control flow of information between systems
, Network sections
Public
Semi public (DMZ)
Middleware
Private
DMZ (network section, tier)
Demilitarized zone - a network tier intended to be public facing, systems include web servers, email
servers, DNS, etc.
This tier is at greater risk of compromise because it faces the public internet at all times. Assume it
will be compromised.
Middleware (network section, tier)
A network segmentation to separate the DMZ from the private, internal network. An example may
include a proxy, which inspects traffic coming in from the DMZ intended for a database on the private
network. The middleware inspects traffic for threats. Traffic from the private network intended for
the DMZ is also inspected in the proxy (reverse proxy).
Private (network section, tier)
The internal network of the organization, an area of higher trust and less risk, it is not connected
directly to the public internet, security, such as firewalls are still present.
3 rules of tiered network architecture
1. Any system visible from the internet must reside in the DMZ and may not contain sensitive data.
2. Sensitive data must reside on the internal, private network and not be accessible from the public,
internet
3. DMZ systems can only communicate with private systems through middleware proxies.
What is a network protocol
A set of rules dictating how computer networks communicate through network hardware and
software. The protocols define the format and order of messages and actions to be taken.
What is a protocol stack
A set of network protocol layers that work together to implement communications.
Three purposes for communication protocols
1. Standardize the format of a communication
2. Specify the order or time of communication
3. To allow all parties to determine the meaning of the communication
ISO OSI Protocol Stack
Voordelen van het kopen van samenvattingen bij Stuvia op een rij:
Verzekerd van kwaliteit door reviews
Stuvia-klanten hebben meer dan 700.000 samenvattingen beoordeeld. Zo weet je zeker dat je de beste documenten koopt!
Snel en makkelijk kopen
Je betaalt supersnel en eenmalig met iDeal, creditcard of Stuvia-tegoed voor de samenvatting. Zonder lidmaatschap.
Focus op de essentie
Samenvattingen worden geschreven voor en door anderen. Daarom zijn de samenvattingen altijd betrouwbaar en actueel. Zo kom je snel tot de kern!
Veelgestelde vragen
Wat krijg ik als ik dit document koop?
Je krijgt een PDF, die direct beschikbaar is na je aankoop. Het gekochte document is altijd, overal en oneindig toegankelijk via je profiel.
Tevredenheidsgarantie: hoe werkt dat?
Onze tevredenheidsgarantie zorgt ervoor dat je altijd een studiedocument vindt dat goed bij je past. Je vult een formulier in en onze klantenservice regelt de rest.
Van wie koop ik deze samenvatting?
Stuvia is een marktplaats, je koop dit document dus niet van ons, maar van verkoper LectAziim. Stuvia faciliteert de betaling aan de verkoper.
Zit ik meteen vast aan een abonnement?
Nee, je koopt alleen deze samenvatting voor €10,46. Je zit daarna nergens aan vast.
