WGU D315 Study Guide Section 3

WGU D315 Study Guide Section 3 Leave the first rating Students also studied Terms in this set (56) Science Computer Science Computer Security and Reliability Save

WGU D315 - PRE-ASSESSMENT: NET...

205 terms Mira_PakPreview Network and Security - Foundations...70 terms ERIKDAYZPreview COMPTIA A+, Core 1, Common Ports...21 terms richardM72Preview

2.4.10 L

15 terms Ste Defense in DepthHaving multiple layers of defense so that even if one layer is compromised the others will still protect the system Separation of PrivilegeNo single user or process should have full control over the system as a whole to reduce the risk of unauthorized access Least PrivilegeLimits users access based on what is needed to perform their tasks Psychological AcceptabilitySecurity measures should be designed to be easily understood by users and should minimize the burden added to user operations Least Common MechanismSystem should minimize the sharing of mechanisms used to access resources between users or processes, especially when they have different security privileges, to prevent security breaches and unintended information sharing.Open DesignSecurity should not rely on secrecy and should be designed to withstand intelligent attacks What is a Firewall?A firewall is a network security device that monitors and controls incoming and outgoing network traffic to protect a private network from unauthorized access and harmful activities. They can be made of hardware or software or both and can be found in public or private clouds or as software-as-a-service Packet filtering FirewallFilters incoming and outgoing data packets based on rules, usually IP addresses, port numbers, and protocols Stateful Inspection FirewallMonitors and controls active network connections to identify and block threats

Application Layer FirewallSystem that monitors and controls traffic on the network based on application specific rules. Also known as ALFW, it is usually deployed at the application level of the OSI model Intrusion Detection System (IDS)Software application or device that monitors network or system for malicious activity or violations.Intrusion Protection System (IPS)Monitors network traffic for malicious activity and prevents potential threats.Honey POTCybersecurity defense mechanism that lures attackers into a virtual trap to gather details about their methods and operations. Looks like a legitimate cyber target and can be a stand-alone system or a virtual machine in a network that is isolated from the rest of the system to prevent attackers from doing damage.DMZ· A subnetwork that protects from threats by separating public facing and private versions the network. Acts as a buffer zone between the internal and external networks VPNTool that encrypts data and masks IP addresses to protect a user's privacy and security. This makes it difficult for hackers to trace a user's activity and is used for remote access for employees. It is also sometimes used by the public to access online content that is blocked to certain geographic locations.SQL Injection AttackUses malicious SQL code to manipulate backend data and gain access to information they are unauthorized to access.SQL Injection Attack Mitigation1. Use prepared statements to help the database tell the difference between user and code

• Use ALFW
• Validate input by manually go into the system and ensure that it doesn't contain

malicious code

• Assess vulnerabilities to see where to strengthen defense mechanisms
• Patch as needed
• Use an ORM layer to reduce the number of exposed SQL queries
• Use appropriate privileges (least privilege)
• Escape untrusted data by refusing to accept data you don't trust

Port Scanning AttackFinding open ports on a network and determining which ones are vulnerable to attack

Port Scanning Attack Mitigation1. Use a firewall

• Use an IDS
• Use an anomaly detection system which notices potential attacks and notifies

Systems Admin

• Use TCP wrappers to allow Admins to allow or block access based on IP

addresses or domain names

• Conduct internal port scans to find open ports that are unneeded and need to

be secured

• Update system
• Use encryption
• Use network segmentation to divide the network into smaller parts to limit

exposure

• Monitor traffic and port statuses to identify scanning attempts that are

unauthorized Evil Twin AttackAn attacker sets up a fake wifi access point in the hope that users will connect to the fake instead of the real one. When they do, all data shared with the network passes through the attackers' server. Can be created using any internet capable device and some easily obtained software and is more common on public, unsecured wifi networks Evil Twin Attack Mitigation1. Instead of public wifi, use a personal hotspot with a password to protect privacy.

• Don't connect with networks labeled unsecured or that don't ask for a

password.

• Use a VPN
• Disable auto-connect so that your device doesn't connect to networks before

you inspect them

• Be aware of your surroundings. Networks with similar names could be evil twins
• Verify the network
• Use multi-factor authentication to create a secondary verification factor to log

in.

• Update devices
• Limit online activity if you aren't sure you're connected to a secure network.

Avoid logging in to accounts that are sensitive in case of potential attack

• Report the attack if you a victim. You can contact the FCC, the police, your

bank, or your credit card company Arp Poisoning AttackAlso known as ARP spoofing, it lets an attacker change the routing on the network and perpetrate a man-in-the-middle attack. May allow an attacker to intercept data frames or modify/stop traffic Arp Poisoning Attack Mitigation1. Use encryption

• Use a static ARP entry so no one can spoof one device to imitate another
• Use packet-filtering
• Conduct a spoofing attack to find weak points in your system and fix them
• Specify IP and MAC address information of critical nodes such as servers and

gateways

• Use a Linux daemon to monitor mapping and limit user and application access
• Educate users about the risks of connecting to unsecured hotspots

Deauthentication AttackA type of Denial-of-Service attack that disconnects a device from its current wifi network to force the device to connect to a different wifi network designed to enable an evil twin attack Deauthentication Attack Mitigation1. Use encryption

• Use a complex pre-shared key that is long and complex enough to resist brute

attacks

• 802.11w to encrypt communication between access points and clients and

validates de-authentication frames to discard spoofed ones

• Use MAC address filtering to control access by identifying users based on their

unique MAC addresses and only allowing MAC addresses on the approved list to connect to the network

• Use hidden SSIDs with a name that can't be broadcast by a router or appear in

the list of networks on nearby devices

• Use VPN
• Use an Intrusion Detection System

BlueSnarfing AttackA hacker accesses wireless devices via their Bluetooth connection without the user's permission to access information or cause damage to the user and/or device BlueSnarfing Attack Mitigation1. Switch off device's Bluetooth Discoverability to stop other devices from pairing with it

• Use Two-Factor-Authentication
• Avoid Bluetooth pairing with unfamiliar devices
• Avoid pairing or sharing information via Bluetooth over unsecured wireless

networks

• Keep devices up to date
• Use a strong PIN on the device
• Limit the apps that have access to the Bluetooth connection

War Chalking AttackInvolves drawing symbols in public places to indicate nearby wireless networks and their security settings to make public which networks are more easily exploited War Chalking Attack Mitigation1. Implement security awareness training

• Develop cybersecurity policies
• Install SPAM filters and anti-malware software
• Employ firewalls with advanced capabilities like application-level inspection,

intrusion prevention, threat prevention, malware protection, external threat intelligence, and machine learning

• Install endpoint detection and response, also known as EDR, to monitor end

user devices and prevent or respond to cyberthreats Symmetric Encryption KeyUses the same key to encrypt and decrypt data Asymmetric Key EncryptionUses a pair of keys. Public for encryption and private for decryption Public Key Infrastructure (PKI)A set of tools, processes, and policies that help secure data transfers on the internet. Uses digital certificates and public keys for identity verification