Technologies like the Internet, wireless connectivity, instant messaging, and others have introduced new levels of concern for network security. In addition to providing additional access points to the network, the Internet is also a reference resource for hackers and security experts. Unfortunately, no rules or limitations exist on the information that can be posted, so it’s easy for harmful information to be widely distributed.
The secure network design example is to lay a basic design foundation for discussions throughout the book. Basically, three types of networks are separated by a firewall device, which can be a router running firewall features, a server running firewall features, or a dedicated firewall device. The three types of networks are the following:
Inside Those trusted hosts and networks that make up the area to be protected.
Outside Those hosts and networks that pose a threat to the inside network. In many cases, the outside includes a perimeter router, the ISP, the Internet, and any networks attached to it.
DMZ A network of shared servers, or bastion hosts, that provide resources to both the outside network and the inside network users.
The firewall configuration allows relatively free access from the outside to the DMZ; access from the DMZ to the inside is limited to sessions originating inside; and access from the outside to the inside is generally blocked, except in rare well-protected exceptions.
The three most common weaknesses or vulnerabilities that cause network security problems include technology weaknesses, such as IP or OS holes; policy weaknesses, such as missing or weak security policies; and configuration weaknesses, such as insecure default settings.
The four primary threat designations are unstructured, structured, inside, and outside. These designations can be used in combinations like outside—unstructured to better define the type of attack.
The four most common attack types include reconnaissance attacks, access attacks, denial of service attacks, and data manipulation attacks. Many references, including the PIX Firewall exam, consider data manipulation attacks to be variations of access attacks.
Cisco Architecture for Voice, Video, and Integrated Data (AVVID) and SAFE are Cisco-comprehensive strategies that help organizations to successfully and securely develop and implement end-to-end network designs.
1.? |
Which of the following is not a common cause of network security problems?
|
|
2.? |
Which four of the following are primary types of network threats?
|
|
3.? |
A virus is an example of which of the types of network threats?
|
|
4.? |
Which of the following is not one of the four primary types of network attack?
|
|
5.? |
In a reconnaissance attack, which one of the following is not a part of target discovery?
|
|
6.? |
Which one of the following is an example of social engineering relative to security?
|
|
7.? |
A standard DoS attack typically includes which one of the following?
|
|
8.? |
Which of the following is not a well-known DoS attack?
|
|
9.? |
IP spoofing is an example of which of the following?
|
|
10.? |
RFC 2827 filtering refers to which of the following?
|
|
11.? |
Which of the following involves denying responsibility for a transaction?
|
|
12.? |
Which of the following provides a standards-based network architecture and comprehensive set of best practices that allow businesses to develop business and technology strategies, which scale to meet the changing demands of e-business?
|
|
13.? |
RFC 1918 filtering refers to which of the following?
|
|
14.? |
Which of the following best describes a good security plan for an organization?
|
|
15.? |
Which one of the following is not a part of the Cisco Security Wheel?
|
|
16.? |
What is at the center of the Cisco Security Wheel?
|
|
17.? |
According to the “Site Security Handbook” (RFC 2196) a security policy is
|
|
18.? |
Which of the following is not a reason to create a network security policy?
|
|
19.? |
Developing a security policy is often described as a balancing act. Which three of the following are common compromises that need to be made?
|
|
20.? |
When evaluating risk associated with a security breach, which three of the following might result from someone accessing the companies sales order entry system?
|
|
21.? |
Which of the following might be included in an acceptable use policy (AUP)?
|
|
22.? |
Which of the following is likely to result in a security policy that will meet the needs of an organization?
|
|
23.? |
In developing a security policy, as in any risk analysis, the first two things you must identify are the
|
|
24.? |
According to the RFC, which of the following is not a characteristic required of a good security policy?
|
|
25.? |
When a group of sales reps plug a wireless access point into a network jack so they can use wireless NICs on their laptop, they
|
|
26.? |
Which of the following statements best describes monitoring and auditing?
|
|
Answers
1.? |
C. Planning weakness |
2.? |
B. Unstructured threats; C. External threats; D. Structured threats; and E. Internal threats |
3.? |
B. Unstructured threats |
4.? |
D. Programmed attacks |
5.? |
B. Ping of Death |
6.? |
C. Giving your password to the home office technician so they can test your account. There is never a reason to give someone your password, or for a legitimate tech to ask for it. |
7.? |
D. An attacker and the target |
8.? |
E. Script kiddy |
9.? |
C. Data manipulation attacks |
10.? |
C. Filtering based on source addresses that belong on a network segment |
11.? |
C. Repudiation |
12.? |
C. AVVID |
13.? |
A. Filtering private IP addresses |
14.? |
C. Evolutionary |
15.? |
B. Administer |
16.? |
C. Network security policy |
17.? |
B. A formal statement of the rules by which people who are given access to an organization’s technology and information assets must abide |
18.? |
D. It frees up network security personnel to work on other projects. |
19.? |
A. Security cost versus risk of loss; C. Security versus ease of use; and D. Security versus services provided |
20.? |
A. Loss of reputation B. Loss of company data or intellectual property; and E. Loss of privacy; (While loss of temper might occur, this isn’t one of the risk criteria.) |
21.? |
F. All of the above |
22.? |
C. Representatives of all major groups that use and manage the networks, plus representatives of management develop the policy. |
23.? |
B. Assets and D. Threats |
24.? |
C. It must be state of the art implementing all of the latest and most advanced technologies and procedures to protect the company resources. (While a good idea, this might be far from cost-effective for many organizations.) |
25.? |
C. Probably violate the wireless access policy of the security policy (While all the statements are true, within the context of this course, this is the important issue.) |
26.? |
D. Monitoring is routine scheduled reviewing of security, while auditing is a random and unpredictable reviewing of security. |