Implementing Network Security ( Version 2.0) – CCNAS Chapter 1 Exam Online

By sending too much data to a specific area of memory, adjacent memory locations are overwritten, which causes a security issue because the program in the overwritten memory location is affected.

A computer can have a worm installed through an email attachment, an executable program file, or a Trojan Horse. The worm attack not only affects one computer, but replicates to other computers. What the worm leaves behind is the payload–the code that results in some action.

Wireshark is a free download that allows network packet inspection. Someone using this tool for malicious intent would be performing a reconnaissance attack. Through the capture of network packets, weak security network connectivity protocols such as Telnet can be caught, inspected, and then analyzed for detailed network information, including passwords.

An access attack tries to gain access to a resource using a hijacked account or other means. The five types of access attacks include the following:password – a dictionary is used for repeated login attempts
trust exploitation – uses granted privileges to access unauthorized material
port redirection – uses a compromised internal host to pass traffic through a firewall
man-in-the-middle – an unauthorized device positioned between two legitimate devices in order to redirect or capture traffic
buffer overflow – too much data sent to a memory location that already contains data

DoS attacks can be launched using free software downloaded from the Internet. The software is designed to consume resources in order to disrupt network operations for legitimate network users and network devices. The L0phtCrack or LC5 application is used to perform a brute-force attack to obtain a Windows server password.

Antivirus software is used to protect a system against viruses. Encryption helps with reconnaissance and man-in-the-middle attacks. The most important components that are used to deal with DoS attacks are firewalls and IPSes.

Secure segmentation is used when managing and organizing data in a data center. Threat defense includes a firewall and intrusion prevention system (IPS). Data center visibility is designed to simplify operations and compliance reporting by providing consistent security policy enforcement.

The phrase Instant On describes a potential threat to a VM when it is brought online after it has not been used for a period of time. Because it is offline for a while, it may have outdated security policies that deviate from the baseline security and can introduce security vulnerabilities.

There are three functional areas of the Cisco Network Foundation Protection (NFP) framework:Control plane: Responsible for routing functions. Consists of the traffic generated by network devices to operate the network.
Management plane: Responsible for managing network devices.
Data (Forwarding) plane: Responsible for forwarding user data.

There are three components of information security that are ensured by cryptography:Confidentiality, which uses encryption algorithms to encrypt and hide data
Integrity, which uses hashing algorithms to ensure that data arrives at the destination unaltered
Availability, which ensures that data is accessible

The four phases of worm mitigation are:Containment
Inoculation
Quarantine
Treatment
Disinfecting systems is accomplished in the treatment phase and involves terminating the worm process, removing infected files, and patching vulnerabilities exploited by the worm.

Antivirus software installed on hosts is the most effective mitigation method to prevent the spread of malware. Automatic updates to antivirus software ensure that hosts are protected from the most current forms of malware.

There are 12 network security domains in the security framework specified by the ISO/IEC. The first task in this framework is to conduct a risk assessment.This assessment will enable an organization to quantify risks and threats.

Security Intelligence Operations (SIO) are able to distinguish legitimate traffic from malicious traffic. SIO uses a monitoring database for the sole purpose of identifying and stopping malicious traffic.

Internal threats can be intentional or accidental and cause greater damage than external threats because the internal user has direct access to the internal corporate network and corporate data.

Cybercriminals are commonly motivated by money. Hackers are known to hack for status. Cyberterrorists are motivated to commit cybercrimes for religious or political reasons.

State-sponsored attacks are government-funded and guided operations motivated by objectives of the government.

Worm malware can execute and copy itself without being triggered by a host program. It is a significant network and Internet security threat.

To mitigate ping sweeps, ICMP echo and echo-reply messages can be blocked on network edge routers. This does come at a cost. Because ICMP is also used for network diagnostic data, this diagnostic data will be blocked as well.

A Trojan horse carries out malicious operations under the guise of a legitimate program. Denial of service attacks send extreme quantities of data to a particular host or network device interface. Password attacks use electronic dictionaries in an attempt to learn passwords. Buffer overflow attacks exploit memory buffers by sending too much information to a host to render the system inoperable.

A ping sweep is a tool that is used during a reconnaissance attack. Other tools that might be used during this type of attack include a ping sweep, port scan, or Internet information query. A reconnaissance attack is used to gather information about a particular network, usually in preparation for another type of network attack.

An access attack tries to gain access to a resource using a hijacked account or other means. The five types of access attacks include the following:password – a dictionary is used for repeated login attempts
trust exploitation – uses granted privileges to access unauthorized material
port redirection – uses a compromised internal host to pass traffic through a firewall
man-in-the-middle – an unauthorized device positioned between two legitimate devices in order to redirect or capture traffic
buffer overflow – too much data sent to a memory location that already contains data

With a smurf attack, a large number of ICMP requests are sent using a spoofed source IP address of an intended target. All echo replies will be forwarded to the targeted host on the same network in an attempt to overwhelm it. A ping of death DoS attack sends an echo request in an IP packet that is larger than the maximum packet of 65,535 bytes. A TCP SYN flood attack sends a large number of packets with the TCP SYN flag set from a forged source address.

An intrusion prevention system (IPS) provides real-time detection and blocking of attacks.