Chapter Review

Technologies like the Internet, wireless connectivity, instant messaging, and others have introduced new levels of concern for network security. In addition to providing additional access points to the network, the Internet is also a reference resource for hackers and security experts. Unfortunately, no rules or limitations exist on the information that can be posted, so it’s easy for harmful information to be widely distributed.

The secure network design example is to lay a basic design foundation for discussions throughout the book. Basically, three types of networks are separated by a firewall device, which can be a router running firewall features, a server running firewall features, or a dedicated firewall device. The three types of networks are the following:

Inside Those trusted hosts and networks that make up the area to be protected.
Outside Those hosts and networks that pose a threat to the inside network. In many cases, the outside includes a perimeter router, the ISP, the Internet, and any networks attached to it.
DMZ A network of shared servers, or bastion hosts, that provide resources to both the outside network and the inside network users.

The firewall configuration allows relatively free access from the outside to the DMZ; access from the DMZ to the inside is limited to sessions originating inside; and access from the outside to the inside is generally blocked, except in rare well-protected exceptions.

The three most common weaknesses or vulnerabilities that cause network security problems include technology weaknesses, such as IP or OS holes; policy weaknesses, such as missing or weak security policies; and configuration weaknesses, such as insecure default settings.

The four primary threat designations are unstructured, structured, inside, and outside. These designations can be used in combinations like outside—unstructured to better define the type of attack.

The four most common attack types include reconnaissance attacks, access attacks, denial of service attacks, and data manipulation attacks. Many references, including the PIX Firewall exam, consider data manipulation attacks to be variations of access attacks.

Cisco Architecture for Voice, Video, and Integrated Data (AVVID) and SAFE are Cisco-comprehensive strategies that help organizations to successfully and securely develop and implement end-to-end network designs.

Questions

1.?	Which of the following is not a common cause of network security problems? Technology weakness Configuration weakness Planning weakness Policy weakness
2.?	Which four of the following are primary types of network threats? Planned threats Unstructured threats External threats Structured threats Internal threats
3.?	A virus is an example of which of the types of network threats? Planned threats Unstructured threats External threats Structured threats Internal threats
4.?	Which of the following is not one of the four primary types of network attack? Access attacks Data manipulation attacks Reconnaissance attacks Programmed attacks Denial of service attacks
5.?	In a reconnaissance attack, which one of the following is not a part of target discovery? Ping sweeps Ping of Death Port scans DNS queries
6.?	Which one of the following is an example of social engineering relative to security? Guessing a password based on a person’s vanity license plate All users in a department using the same user name and password Giving your password to the home office technician, so they can test your account Using a password of eight characters, uppercase and lowercase, plus numbers
7.?	A standard DoS attack typically includes which one of the following? An attacker, a series of Zombies, and the target An attacker, a war dialer, and the target An attacker, a series of Zombies, and the target An attacker and the target
8.?	Which of the following is not a well-known DoS attack? Ping of Death Tribe Flood Network Trinoo TCP SYN Flood Script kiddy
9.?	IP spoofing is an example of which of the following? DoS attack Reconnaissance attacks Data manipulation attacks Brute force attack
10.?	RFC 2827 filtering refers to which of the following? Filtering private IP addresses Filtering based on trusted external addresses Filtering based on source addresses that belong on a network segment Filtering based on destination addresses that belong on a network segment
11.?	Which of the following involves denying responsibility for a transaction? Session replay Rerouting Repudiation Session hijacking
12.?	Which of the following provides a standards-based network architecture and comprehensive set of best practices that allow businesses to develop business and technology strategies, which scale to meet the changing demands of e-business? SAFE DrDos AVVID Digital signatures
13.?	RFC 1918 filtering refers to which of the following? Filtering private IP addresses Filtering based on trusted external addresses Filtering based on source addresses that belong on a network segment Filtering based on destination addresses that belong on a network segment
14.?	Which of the following best describes a good security plan for an organization? Set it and forget it Ad hoc Evolutionary Rigid
15.?	Which one of the following is not a part of the Cisco Security Wheel? Monitor Administer Test Secure
16.?	What is at the center of the Cisco Security Wheel? Strong network support staff Improvement Network security policy Flexibility
17.?	According to the “Site Security Handbook” (RFC 2196) a security policy is An informal set of suggestions by which people who are given access to an organization’s technology and information assets should abidB. A formal statement of the rules by which people who are given access to an organization’s technology and information assets must abidC. A formal statement of the rules by which network administrators can control access to an organization’s technology and information assets. RFC 2196 doesn’t deal with this issue.
18.?	Which of the following is not a reason to create a network security policy? It provides a blueprint for security purchases and implementations. It defines technologies that can and cannot be added to the network. It provides the procedures to follow in case of a security incident. It frees up network security personnel to work on other projects. It provides a process and targets to audit existing security.
19.?	Developing a security policy is often described as a balancing act. Which three of the following are common compromises that need to be made? Security cost versus risk of loss Security cost versus local or federal regulations Security versus ease of use Security versus services provided Local or federal regulations versus ease of use
20.?	When evaluating risk associated with a security breach, which three of the following might result from someone accessing the companies sales order entry system? Loss of reputation Loss of company data or intellectual property Loss of temper Loss of service Loss of privacy
21.?	Which of the following might be included in an acceptable use policy (AUP)? Acceptable and unacceptable Internet activities Penalties or sanctions for violating the policy Acceptable and unacceptable e-mail activities Acceptable and unacceptable telephone use Acceptable and unacceptable copier or fax use All of the above
22.?	Which of the following is likely to result in a security policy that will meet the needs of an organization? The network security staff develops the policy. The network security staff and network operations staff develop the policy. Representatives of all major groups that use and manage the networks, plus representatives of management develop the policD. The network security staff and company management develop the polic
23.?	In developing a security policy, as in any risk analysis, the first two things you must identify are the Opportunities Assets Hardships Threats
24.?	According to the RFC, which of the following is not a characteristic required of a good security policy? It must be implementable through network administration technologies, by publishing rules and acceptable use policies, or other appropriate methodB. It must clearly define the areas of responsibility for the users, administrators, and management. Maybe as important, it should clearly identify the limits of authority for each group under predictable circumstances. It must be state of the art, implementing all the latest, most advanced technologies and procedures to protect the company resources. It must be enforceable with security tools, where appropriate, and with sanctions, where actual prevention isn’t technically or financially feasible.
25.?	When a group of sales reps plug a wireless access point into a network jack so they can use wireless NICs on their laptop, they Greatly increase their mobility and freedom Increase the number of usable connections to the network Probably violate the wireless access policy of the security policy Add a hub that will reduce the bandwidth to each user
26.?	Which of the following statements best describes monitoring and auditing? They are two terms for the same process. Auditing is routine scheduled reviewing of security, while monitoring is random and unpredictable reviewing of securitC. Monitoring catches bad guys outside the network, while auditing catches bad guys inside the networD. Monitoring is routine scheduled reviewing of security, while auditing is a random and unpredictable reviewing of securit

Answers

1.?	C. Planning weakness
2.?	B. Unstructured threats; C. External threats; D. Structured threats; and E. Internal threats
3.?	B. Unstructured threats
4.?	D. Programmed attacks
5.?	B. Ping of Death
6.?	C. Giving your password to the home office technician so they can test your account. There is never a reason to give someone your password, or for a legitimate tech to ask for it.
7.?	D. An attacker and the target
8.?	E. Script kiddy
9.?	C. Data manipulation attacks
10.?	C. Filtering based on source addresses that belong on a network segment
11.?	C. Repudiation
12.?	C. AVVID
13.?	A. Filtering private IP addresses
14.?	C. Evolutionary
15.?	B. Administer
16.?	C. Network security policy
17.?	B. A formal statement of the rules by which people who are given access to an organization’s technology and information assets must abide
18.?	D. It frees up network security personnel to work on other projects.
19.?	A. Security cost versus risk of loss; C. Security versus ease of use; and D. Security versus services provided
20.?	A. Loss of reputation B. Loss of company data or intellectual property; and E. Loss of privacy; (While loss of temper might occur, this isn’t one of the risk criteria.)
21.?	F. All of the above
22.?	C. Representatives of all major groups that use and manage the networks, plus representatives of management develop the policy.
23.?	B. Assets and D. Threats
24.?	C. It must be state of the art implementing all of the latest and most advanced technologies and procedures to protect the company resources. (While a good idea, this might be far from cost-effective for many organizations.)
25.?	C. Probably violate the wireless access policy of the security policy (While all the statements are true, within the context of this course, this is the important issue.)
26.?	D. Monitoring is routine scheduled reviewing of security, while auditing is a random and unpredictable reviewing of security.