WEBVTT 1 00:00:00.000 --> 00:00:01.180 foreign [Music] 2 00:00:22.260 --> 00:00:30.240 okay good evening everybody and welcome to this review session on network security part two 3 00:00:32.400 --> 00:00:40.020 so I'm going to start with this question on network design um 4 00:00:40.920 --> 00:00:49.020 there's the questions some answer choices and then a diagram that I'm going to leave visible 5 00:00:49.020 --> 00:00:58.620 after we've gone through this and to uh have a little discussion and figure this one out Okay so 6 00:01:00.720 --> 00:01:02.580 network security part two 7 00:01:06.360 --> 00:01:13.680 your organization needs to allow customer web clients to only access your company's front-end 8 00:01:13.680 --> 00:01:22.320 website while also allowing restricted access to the corporate land and DMZ to only authenticated 9 00:01:22.320 --> 00:01:29.340 employees Network admins and sys admins respectively what are the three technologies that 10 00:01:29.340 --> 00:01:37.800 need to be used for the three unlabeled network devices in the attached Network diagram all right 11 00:01:37.800 --> 00:01:47.820 so I'm going to roll this a little bit so we're going to be labeling based on these choices the 12 00:01:48.960 --> 00:01:55.260 blank areas in the diagram let me roll this up so we can get a good look at the diagram 13 00:01:57.360 --> 00:02:08.400 and I believe you can see that this is pretty simple we have the public untrusted Network here 14 00:02:09.840 --> 00:02:17.760 we have a device here at number three we have a firewall another device at number two 15 00:02:18.720 --> 00:02:27.180 and something that's going to be located at this number one location we have a DMZ with 16 00:02:27.180 --> 00:02:36.660 servers and the corporate land the private trusted Network and the idea here is we want to describe 17 00:02:37.500 --> 00:02:47.760 what technologies exist at location number one number two and number three okay 18 00:02:49.860 --> 00:02:50.460 all right 19 00:02:57.120 --> 00:03:05.160 okay so our choices are here and you can see there are several um in fact there are six 20 00:03:07.740 --> 00:03:13.140 without even or just taking a a minute to look these over okay 21 00:03:17.220 --> 00:03:19.500 a little bit 22 00:03:22.020 --> 00:03:22.520 okay 23 00:03:27.780 --> 00:03:32.940 all right so hopefully everybody can see the choices and part of the diagram 24 00:03:37.080 --> 00:03:44.220 and so we're looking for a technology that would be located first of all at location number one 25 00:03:44.940 --> 00:03:53.160 and you can see here there's kind of a direct connection from the untrusted network 26 00:03:56.160 --> 00:04:04.140 so of the six choices each one of those has a choice listed and separated by commas 27 00:04:04.140 --> 00:04:09.180 these would be the three choices in each of the six answer choices 28 00:04:11.760 --> 00:04:21.960 anybody want to take a stab at what is in location number one is it going to be a Bastion host 29 00:04:23.400 --> 00:04:26.100 a jump post a VPN 30 00:04:27.600 --> 00:04:33.300 VPN okay all right okay 31 00:04:34.320 --> 00:04:44.640 VPN at number one okay great and [Music] looking at the diagram can anybody tell 32 00:04:44.640 --> 00:04:52.740 me of the remaining two label devices that's number two here and number three which of those 33 00:04:52.740 --> 00:05:00.480 would be the best in host number two or number three number three okay and why do you say that 34 00:05:04.380 --> 00:05:13.080 um does the Bastion host not um have the direct correlate color correlation to the internet 35 00:05:14.220 --> 00:05:22.500 well there's a direct connection to the untrusted network yes for the public network and it really 36 00:05:23.220 --> 00:05:33.000 um does refer to um actually a military fortification of Bastion host and you know 37 00:05:33.000 --> 00:05:40.980 it's specifically designed and configured to take what gets thrown out of it let's put it that way 38 00:05:41.520 --> 00:05:49.620 so number three is a representation of the Bastion host and that leaves the jump host at number two 39 00:05:50.880 --> 00:06:01.920 so and we did mention this in um the last session um I think at least once and so 40 00:06:02.760 --> 00:06:10.320 the jump host is a single point of entry between in this case two segments the private or corporate 41 00:06:10.320 --> 00:06:16.260 land as is noted there in the DMZ now between these two different segments of the network 42 00:06:17.220 --> 00:06:25.620 and basically or often privileged resources on the network are kind of 43 00:06:25.620 --> 00:06:32.700 hidden behind the jump post such that users cannot access the resources directly 44 00:06:32.700 --> 00:06:41.700 okay from their workstations so you would need to connect to the jump post to get at these resources 45 00:06:44.040 --> 00:06:53.760 and you know sometimes this is also known as a jump server you can see the terms interchanged 46 00:06:53.760 --> 00:07:01.020 here so given this question answer Choice D would be correct at location one is where 47 00:07:01.020 --> 00:07:07.620 the VPN would be the jump post is location two and the Bastion host is location three 48 00:07:09.720 --> 00:07:10.440 all right 49 00:07:12.480 --> 00:07:21.900 okay so there's a network design question for you and let's see um hi 50 00:07:24.300 --> 00:07:34.740 okay so now we go back into the CTF here and we are going to have another question 51 00:07:35.700 --> 00:07:40.080 on network design okay so let's put this one up 52 00:07:45.540 --> 00:07:46.140 okay 53 00:07:48.300 --> 00:07:56.040 now this question also uses a diagram here which 54 00:07:57.900 --> 00:08:02.760 pretty sure is the same one we just looked at and it is okay 55 00:08:05.100 --> 00:08:11.280 all right so it's this diagram again we have the public untrusted network 56 00:08:12.300 --> 00:08:19.380 we have the corporate or private Network trusted Network and our DMZ 57 00:08:22.980 --> 00:08:31.020 okay in the attached Enterprise Network diagram general internet traffic comes 58 00:08:31.020 --> 00:08:40.200 into the DMC Network through the firewall while authenticated sysadmin access to DMZ systems 59 00:08:40.800 --> 00:08:51.480 is gained through device three Let's uh bring that back here okay that's device three 60 00:08:56.040 --> 00:09:04.200 the main web application running in the DMZ is a lamp stack mainly consisting of a headless Apache 61 00:09:04.200 --> 00:09:12.780 web server a headless Tomcat application server and headless MySQL DB server database server 62 00:09:13.680 --> 00:09:21.120 given these facts what ports should you allow through the firewall for customer use 63 00:09:22.200 --> 00:09:33.840 and what admin ports will most likely be needed to connect to DMZ systems from device three okay so 64 00:09:35.160 --> 00:09:41.040 we're going to take this just a little bit a little piece at a time here the 65 00:09:41.040 --> 00:09:49.140 answer choices do start with the firewall and the ports and then in the second part 66 00:09:49.140 --> 00:09:55.800 of each answer choice is device three and again we have some more port numbers 67 00:09:57.240 --> 00:10:03.720 okay so the first thing we're being asked is what ports should you allow through the 68 00:10:03.720 --> 00:10:12.840 firewall for customer use let's show the picture again okay all right and this is for customer use 69 00:10:16.800 --> 00:10:21.060 okay so everybody take a moment look at this diagram 70 00:10:26.580 --> 00:10:27.180 okay 71 00:10:30.120 --> 00:10:36.420 so we have front-end web servers okay 72 00:10:38.640 --> 00:10:43.140 and as you would expect these are going to be public facing servers 73 00:10:44.520 --> 00:10:49.140 so of the answer choices shown 74 00:10:51.300 --> 00:11:01.380 which of the four do you think identified ports that we would want to allow through the firewall 75 00:11:01.380 --> 00:11:11.160 for customer use I know these are kind of jammed up together but Choice a is ports 22 80 and 443 76 00:11:12.480 --> 00:11:26.580 Choice B is ports 80 and 443. Choice C is just Port 22 and choice D is Port 80 and 443. 77 00:11:29.820 --> 00:11:33.300 and we're just dealing with the first question here about ports 78 00:11:33.300 --> 00:11:40.980 that we should allow through the firewall for customer use okay and again I'm confused okay 79 00:11:44.400 --> 00:11:51.240 can you ask a question or do you need to see the diagram again would that help 80 00:12:00.060 --> 00:12:03.600 okay your response in the chat foreign 81 00:12:05.400 --> 00:12:16.800 okay all right so we're dealing only with the first part which is what ports should you allow 82 00:12:16.800 --> 00:12:26.400 through the firewall for customer use bring the diagram back our front-end servers okay 83 00:12:28.560 --> 00:12:33.840 so what is Port 22 84 00:12:38.280 --> 00:12:48.600 yeah yes that's correct so is that typical no customer access to the DMZ the answer is no 85 00:12:49.380 --> 00:12:56.460 so that means as far as that first part the first question goes we can eliminate answer Choice C 86 00:12:57.240 --> 00:13:06.780 you can also eliminate answer Choice a and that leaves ports 80 and 443 when answer choice is 87 00:13:06.780 --> 00:13:18.780 B and D so 80 as hopefully everybody knows is HTTP that's the protocol n443 https okay 88 00:13:19.740 --> 00:13:31.140 so looking now at the next question what admin ports will most likely be needed to connect to DMZ 89 00:13:31.140 --> 00:13:39.720 systems from device three and then at this point we'd have to figure out what these ports are and 90 00:13:40.380 --> 00:13:51.960 can we eliminate either a or D no or excuse me um a or c um we we already kind of looked 91 00:13:51.960 --> 00:13:58.860 at these and said Port 22 was not an acceptable answer so actually those have been eliminated so 92 00:13:58.860 --> 00:14:08.340 that is going to get us down to answer choices b or d and one of those two could be eliminated 93 00:14:09.600 --> 00:14:14.520 okay is everybody understand why why I'm saying A and C are eliminated 94 00:14:16.680 --> 00:14:20.580 yes okay good because in the first part the first question 95 00:14:21.240 --> 00:14:27.780 we had already determined and said that Port 22 was not appropriate for use right 96 00:14:27.780 --> 00:14:33.300 for customer use through DMZ so we eliminated ANC based on that first 97 00:14:34.080 --> 00:14:43.020 choice and the first question that leaves B and D and now we're interested in admin ports 98 00:14:43.800 --> 00:14:51.240 will most likely be needed to connect to the DMZ from device three here's the diagram again 99 00:14:58.020 --> 00:15:06.960 okay all right so let's see what we have under oh we have D in the response okay all right so 100 00:15:06.960 --> 00:15:14.580 if we look at the answer choices for B we see that at device three we have ports 25 101 00:15:15.540 --> 00:15:30.300 80 443 and 33.89 and an answer Choice d we have Port 22 80. 443 and 3306. 102 00:15:31.380 --> 00:15:44.340 so is there anything in these two choices that point either to b or d for any reason 103 00:15:47.280 --> 00:15:54.540 uh I believe RDP is 33.89 yeah it is so I would say 104 00:15:56.580 --> 00:16:02.340 that's another one of those Dangerous Ones and after a while you know you start to see the number 105 00:16:02.340 --> 00:16:12.480 of port 3389 and you go oh remote desktop protocol though hmm yeah you probably don't want to um 106 00:16:12.480 --> 00:16:20.760 to take advantage of that yeah so yeah by the process of elimination we get to answer Choice d 107 00:16:21.600 --> 00:16:35.460 and 3306 is the default port for the classic my sequel okay um so knowing again something 108 00:16:35.460 --> 00:16:43.560 about the port numbers and protocols associated with them really can help you narrow down the 109 00:16:43.560 --> 00:16:50.340 answer to a question and that's why I wanted to present it to you this way because you can see 110 00:16:50.340 --> 00:16:56.580 that based on the first question we were able to eliminate answer choices A and C pretty quickly 111 00:16:57.960 --> 00:17:06.480 now that doesn't mean it's always going to be like this but you know the procedure can be 112 00:17:06.480 --> 00:17:14.040 used even with five or possibly six answers um uh let's see other things that you should know 113 00:17:14.700 --> 00:17:23.940 uh lamp stack so lamb is an acronym big surprise there huh what does this stand for 114 00:17:33.120 --> 00:17:37.140 then of course there's going to be variations on it but does anybody know 115 00:17:41.400 --> 00:17:57.660 okay so Linux Apache my sequel and PHP as in the programming language okay all right 116 00:18:01.620 --> 00:18:03.240 let's move on to the next question 117 00:18:13.980 --> 00:18:21.120 okay pinging an IP address Alice and Bob are practicing the Ping command using 118 00:18:21.120 --> 00:18:29.520 both of their own PCS Alice is able to Ping Bob's computer using his actual IP address 119 00:18:30.960 --> 00:18:40.680 but Bob is not able to Ping Alice's computer using her actual IP address what is the most logical 120 00:18:40.680 --> 00:18:49.500 explanation for this scenario okay look over the answer choices and let's see what you're thinking 121 00:19:00.240 --> 00:19:03.180 okay we have a couple of responses in the chat 122 00:19:05.280 --> 00:19:09.660 okay a b and d ude okay 123 00:19:20.580 --> 00:19:29.520 okay so does anything come to mind in terms of being able to eliminate pretty quickly 124 00:19:32.880 --> 00:19:33.720 foreign 125 00:19:48.180 --> 00:19:58.320 if we are considering intrusion prevention systems okay and based upon the question the 126 00:19:58.320 --> 00:20:07.440 scenario given to us you know I would be thinking about host intrusion prevention system okay 127 00:20:08.460 --> 00:20:16.380 and so you know the hips inserts itself between software applications and the kernel 128 00:20:17.280 --> 00:20:20.940 and it focuses on Behavior okay 129 00:20:23.820 --> 00:20:34.680 so does this scenario sound like we are trying to monitor some type of behavior 130 00:20:36.060 --> 00:20:42.600 I mean intrusion prevention systems are concerned with attack Behavior foreign 131 00:20:43.680 --> 00:20:53.400 sound like that's what we're talking about okay we got some more responses here no okay now really 132 00:20:53.400 --> 00:21:02.640 we're talking about testing for connectivity we're talking about pinging now the question 133 00:21:05.460 --> 00:21:14.160 and I I think this this comes up somewhat I I will say this I will say that in my experience 134 00:21:15.000 --> 00:21:23.700 test designers have learned to become more specific over the years and have gotten really 135 00:21:23.700 --> 00:21:32.760 good about the descriptions being you know correct and not being open to Too Much interpretation and 136 00:21:32.760 --> 00:21:41.520 I I you know kind of think this is too so in this context pinging is not an attack and if I 137 00:21:41.520 --> 00:21:46.320 look at it that way that kind of eliminates choice and answer choices C and D for me 138 00:21:47.640 --> 00:21:51.960 um now I just have to read the scenario again and think about it 139 00:21:52.620 --> 00:21:56.880 and that is you know they're both practicing the use of the Ping command 140 00:21:58.320 --> 00:22:07.800 Alice can ping Bob using his actual IP but Bob can't ping Alice using her actual IP 141 00:22:08.820 --> 00:22:16.680 okay so of the choices A and B which do you think is the correct choice 142 00:22:25.080 --> 00:22:33.600 okay lots of responses that's great and B yeah Alice is going to have more than likely than 143 00:22:33.600 --> 00:22:42.780 that Gateway configured on her her network um when they talk about you know her actual IP 144 00:22:44.220 --> 00:22:52.920 um from her point of view it sounds like inside local okay 145 00:22:56.400 --> 00:23:05.460 from Bob's point of view that's outsider not his point I mean from his point of view 146 00:23:06.060 --> 00:23:14.580 to her remote Network it's an outside address and network address translation will hide 147 00:23:15.120 --> 00:23:20.340 her inside the local address which more than likely is going to be a private IP 148 00:23:20.340 --> 00:23:31.800 address okay and it's translated as you should know um to a public or routable IP address 149 00:23:32.820 --> 00:23:41.460 okay so B answer Choice B is the correct one here all right let's go on to the next one 150 00:23:56.340 --> 00:23:57.900 okay screen Sunday 151 00:24:01.620 --> 00:24:07.980 which of the following is not true regarding a screened subnet 152 00:24:08.940 --> 00:24:12.000 okay take a moment and look over your choices 153 00:24:20.880 --> 00:24:21.480 okay 154 00:24:26.700 --> 00:24:32.520 clearly this question depends on understanding the meaning of the term screen subnet 155 00:24:33.180 --> 00:24:35.100 and let's see what people are thinking 156 00:24:37.500 --> 00:24:42.960 okay so C and D okay 157 00:24:57.480 --> 00:25:08.520 okay so remember we are looking for which of the following is not true and sometimes just by 158 00:25:09.120 --> 00:25:16.500 putting this sort of the negative spin you know asking what if something is not 159 00:25:17.040 --> 00:25:26.640 can make question more difficult for reasons of what human nature I suppose um or maybe it's just 160 00:25:26.640 --> 00:25:32.460 the way we're taught we're always taught to you know figure out what the correct answer is okay 161 00:25:33.000 --> 00:25:41.580 so it looks like we have a lot of votes for answer Choice C communication between hosts in the DMZ 162 00:25:42.480 --> 00:25:51.300 and hosts on the land does not need to go through a firewall and this in fact is the correct choice 163 00:25:51.300 --> 00:26:01.620 this is not true regarding a screen subnet the other items are true and basically a screen subnet 164 00:26:01.620 --> 00:26:09.000 could also be known as a triple homed firewall it's a network architecture that uses single 165 00:26:09.000 --> 00:26:15.180 firewall with three interfaces typically the public interface you have the connection to the 166 00:26:15.180 --> 00:26:23.880 DMZ into the intranet okay so a screen subnet offers two layers of firewall restrictions 167 00:26:23.880 --> 00:26:30.720 between the Lan and the internet yeah when users connect to a corporate Network through vpns the 168 00:26:30.720 --> 00:26:37.020 VPN appliances should be placed in a screen subnet and a screen subnet divides the network into three 169 00:26:37.020 --> 00:26:47.760 networks so these are all characteristics of the screen sign in leaving answer Choice C okay 170 00:26:55.380 --> 00:26:56.040 we're ready 171 00:26:59.580 --> 00:27:02.580 next question hierarchical tracing 172 00:27:06.060 --> 00:27:11.040 the network Security administrator frequently audits certificate 173 00:27:11.040 --> 00:27:17.640 infrastructure to ensure that only valid certificates are being issued and trusted 174 00:27:18.420 --> 00:27:24.780 what method are they practicing if they trace each CA that signs the 175 00:27:24.780 --> 00:27:30.420 certificate up through the hierarchy to the root CA what do we call this 176 00:27:49.440 --> 00:27:59.940 okay response is in the check d d d okay very good so that was uh that one I guess 177 00:27:59.940 --> 00:28:05.940 was pretty easy certificate chaining is the correct answer what is credential harvesting 178 00:28:07.680 --> 00:28:10.020 in just a word or two what would you call that 179 00:28:17.400 --> 00:28:19.920 anyone 180 00:28:28.500 --> 00:28:37.140 so it sounds like we're yeah attack sure sometimes it's called password harvesting 181 00:28:38.100 --> 00:28:42.840 okay stateful inspection does not really fit this situation 182 00:28:43.860 --> 00:28:48.360 and the certificate Authority is the trusted organization that issues 183 00:28:48.360 --> 00:28:55.560 digital certificates so yeah certificate chaining is the correct answer here okay 184 00:29:04.440 --> 00:29:16.200 okay next question there we go what does the md5 sum operation provide foreign 185 00:29:22.800 --> 00:29:27.720 so clearly this depends on your knowledge of md5 what is it 186 00:29:29.100 --> 00:29:36.960 um what stands out as obviously incorrect or answers that can be easily eliminated 187 00:29:38.940 --> 00:29:50.040 A and B yes A and B okay and so that leaves us with c and d so encoding or unidirectional hashing 188 00:29:50.820 --> 00:29:55.860 well pretty sure by now it and everybody knows that md5 is a very 189 00:29:57.960 --> 00:30:08.220 you know old hashing algorithm um and is quite easily broken there are apps 190 00:30:08.220 --> 00:30:16.440 all over the place that can you know break an md5 hash pretty quickly so the correct 191 00:30:16.440 --> 00:30:24.840 answer here is D unidirectional hashing and that's pretty much what it is okay 192 00:30:26.940 --> 00:30:29.040 let's go on to the next question 193 00:30:38.280 --> 00:30:46.140 all right Port mapping SSH traffic you need to add a rule to your corporate Network firewall 194 00:30:46.140 --> 00:30:59.160 to portmap SSH traffic Court 22 from specific admin home IPS what part of the firewall will 195 00:30:59.160 --> 00:31:07.320 you be modifying okay take a few seconds and let's get your responses and see what you think 196 00:31:11.340 --> 00:31:20.220 I think this is uh fairly easy one and judging by the responses coming in I think you do too 197 00:31:22.200 --> 00:31:29.700 okay yeah so the answer is D here Access Control lists all right 198 00:31:29.700 --> 00:31:34.320 well it's nice to get an easy question now and again 199 00:31:35.580 --> 00:31:42.900 especially when there are lots of them okay all right let's go on to the next 200 00:31:46.140 --> 00:31:56.040 okay stateless firewall which of the following describes a stateless type of firewall 201 00:31:56.880 --> 00:32:00.240 okay a few moments look over your answer choices 202 00:32:10.740 --> 00:32:15.300 okay so what can be fairly quickly eliminated 203 00:32:23.280 --> 00:32:30.480 and it's got a vote for d as the answer let's go back to answers that are easily eliminated 204 00:32:31.860 --> 00:32:32.700 what do you think 205 00:32:35.040 --> 00:32:42.420 I would eliminate A and B yep sure this is stateless operation there 206 00:32:42.420 --> 00:32:49.020 is no tracking of individual sessions no monitoring leaving us with c and d 207 00:32:50.820 --> 00:32:57.780 um see a firewall that filters and can restrict what users on the network May access 208 00:32:59.040 --> 00:33:06.420 or d a firewall that tracks individual packets without preserving previous Network sessions 209 00:33:07.740 --> 00:33:12.780 and so the best answer the one that fits the best 210 00:33:13.320 --> 00:33:23.580 is the firewall that tracks individual packets without preserving previous Network sessions okay 211 00:33:28.500 --> 00:33:30.360 all right let's go on to the next one 212 00:33:34.980 --> 00:33:35.880 okay 213 00:33:38.220 --> 00:33:46.440 TCP Port 636 which statement below is true regarding TCP port 214 00:33:47.460 --> 00:33:57.600 636 okay take a second flip this over I think you can eliminate some answers pretty quickly 215 00:33:58.440 --> 00:34:03.720 foreign which of the answers do you think is the correct 216 00:34:05.940 --> 00:34:06.600 choice 217 00:34:16.920 --> 00:34:27.900 Okay so we've got two choices two uh responses and looks like d so far another one per D okay 218 00:34:27.900 --> 00:34:39.060 I think it's pretty obvious here that we can eliminate Choice a FTP um ftps 219 00:34:42.600 --> 00:34:47.220 should also be in your repertoire port numbers 220 00:34:48.540 --> 00:34:54.840 um just curious does anybody know which port number is associated typically with that TPS 221 00:35:01.920 --> 00:35:06.540 okay so it's nine nine zero nine ninety okay 222 00:35:07.860 --> 00:35:19.800 all right so that leaves us with ldap and L.S okay so again you know we're going to be sort of left 223 00:35:19.800 --> 00:35:27.840 with the the game of how well DNA report numbers uh lightweight directory access protocol ldap 224 00:35:28.380 --> 00:35:41.280 typically TCP over port 389 and secure is TCP Port 636 so answer Choice D is the correct answer 225 00:35:44.040 --> 00:35:47.280 okay and let's move on to the next one 226 00:35:53.280 --> 00:36:03.360 okay okay Wi-Fi security your it manager has asked you to verify the security profile of the 227 00:36:03.360 --> 00:36:09.360 Wi-Fi access points in your office so you plan to look at several aspects of your wireless networks 228 00:36:09.960 --> 00:36:18.060 what are some of the top common vulnerabilities you should First Look for as to choose two 229 00:36:21.360 --> 00:36:26.340 I would expect by now that this is a pretty simple one for most of us 230 00:36:31.140 --> 00:36:33.600 common vulnerabilities 231 00:36:41.760 --> 00:36:52.020 okay all right so we've got several responses B and C B and C B and C two and three okay so 232 00:36:54.480 --> 00:37:02.520 default admin passwords definitely an open Wi-Fi networks okay 233 00:37:04.140 --> 00:37:12.180 um now the question says what are some of the topic common vulnerabilities you should First 234 00:37:12.180 --> 00:37:22.080 Look for okay so you know it's not that MAC address filtering couldn't be a problem okay 235 00:37:23.520 --> 00:37:32.880 um but it's definitely going to require more work to get in and look at Mac filtering lists 236 00:37:33.960 --> 00:37:39.540 um the easiest and quickest things to see are going to be default admin passwords 237 00:37:39.540 --> 00:37:45.780 and open Networks all right let's go on to the next question foreign 238 00:37:58.860 --> 00:38:05.940 domain name a startup business thinks that they have found a way to cut some costs by 239 00:38:05.940 --> 00:38:13.320 registering a domain name for a short period and then deleting it repeatedly so that they 240 00:38:13.320 --> 00:38:19.200 can avoid paying for the domain name expenses in this example what term is being described 241 00:38:22.500 --> 00:38:27.540 so we're gonna give you the definition you give us 242 00:38:27.540 --> 00:38:33.600 the term that's the game here okay all right what are you thinking A B C or D 243 00:38:36.960 --> 00:38:44.160 okay d d I have some choices for d okay 244 00:38:46.860 --> 00:38:56.220 all right see what other choices we have here the C okay so the correct answer 245 00:38:56.940 --> 00:39:10.440 is C domain kiting okay hijacking type of attack poisoning or DNS cash poisoning you know we're 246 00:39:10.440 --> 00:39:17.100 again an attack domain squatting the practice of buying a domain name for the sole purpose of 247 00:39:17.100 --> 00:39:25.200 preventing someone else from getting it that's domain squatting so domain kiting this is where 248 00:39:25.200 --> 00:39:31.860 you're taking advantage of the grace period okay so that is the correct answer for this question 249 00:39:36.300 --> 00:39:36.900 okay 250 00:39:46.440 --> 00:39:51.300 open source firewall which of the following describes a 251 00:39:51.300 --> 00:39:55.200 characteristic of an open source Network firewall 252 00:40:06.000 --> 00:40:19.740 okay all right let's say your response is in the chat c c c c okay so inexpensive sure that's the 253 00:40:19.740 --> 00:40:29.640 correct answer ineffective that's that's wrong wired open source firewalls can function as 254 00:40:30.300 --> 00:40:40.080 lapse that can be deployed on Hardware platforms there's a software-based solution okay so yes the 255 00:40:40.080 --> 00:40:54.600 answer here is C inexpensive okay it's really good all right next question pki certificate attributes 256 00:40:55.680 --> 00:41:07.560 which of the following are included within a pki SSL TLS certificate choose all that apply okay 257 00:41:09.600 --> 00:41:15.060 take a few moments look at the choices let's see which ones you're thinking 258 00:41:24.480 --> 00:41:34.620 okay all right so we have some responses in the chat and two three four ABC all okay 259 00:41:36.600 --> 00:41:40.860 all right let's take a few more and then we'll go through these 260 00:41:51.120 --> 00:41:59.880 okay all right see we got here two three and all okay so in the certificate 261 00:42:02.160 --> 00:42:06.420 yes URL domain name or common name okay 262 00:42:09.300 --> 00:42:15.120 what do you think yes or no certificate Authority reference is that part of a certificate 263 00:42:19.320 --> 00:42:28.020 yeah it is okay great expiration date kind of another important piece of information to know 264 00:42:29.400 --> 00:42:30.240 private key 265 00:42:33.060 --> 00:42:35.160 what do you think yes or no 266 00:42:45.180 --> 00:42:55.560 okay maybe no private key is not stored in the certificate okay so it's all but 267 00:42:55.560 --> 00:43:06.600 answer Choice D here okay all right that's good okay let's move on to the next one 268 00:43:15.180 --> 00:43:19.260 okay Federated identity management control 269 00:43:20.280 --> 00:43:25.800 which of the following describes a Federated identity management control 270 00:43:49.320 --> 00:43:57.180 okay so this depends on knowing what identity Federation is or involves as I look at these 271 00:43:57.180 --> 00:44:04.620 responses and we look at the last one D an authentication Service that grants Federal access 272 00:44:05.580 --> 00:44:12.600 okay so what we're seeing here is uh somebody's sense of humor 273 00:44:12.600 --> 00:44:21.180 so I'm going to eliminate this choice right out of hand okay so of the first three choices 274 00:44:21.840 --> 00:44:26.100 which do you think we're looking at for the correct answer 275 00:44:30.240 --> 00:44:35.760 is federal Federated identity management concerned with audit specifications 276 00:44:40.920 --> 00:44:47.820 no no so that leaves us with b or c a virtual item that contains 277 00:44:47.820 --> 00:44:55.800 authorization data and is commonly used in multi-factor really Authentication 278 00:44:56.700 --> 00:45:03.360 yeah that's pretty suspicious an authentication process that 279 00:45:03.360 --> 00:45:10.320 trusts a third-party Network authenticator to Grant access to another or different Networks 280 00:45:11.820 --> 00:45:18.300 this is the answer that sounds a lot like um what what do you think 281 00:45:23.460 --> 00:45:27.420 one of the the big capabilities that Federated 282 00:45:27.420 --> 00:45:32.880 identity management provides and we we like it generally speaking 283 00:45:38.460 --> 00:45:38.960 um 284 00:45:41.880 --> 00:45:49.080 single sign-on Bravo absolutely single sign-on capability okay 285 00:45:49.980 --> 00:45:54.060 all right let's go on to the next question 286 00:45:56.100 --> 00:45:58.440 okay land Court Access 287 00:45:59.580 --> 00:46:05.220 the network administrator for your organization needs to configure a security method that allows 288 00:46:05.220 --> 00:46:12.600 only specific devices to a port on the land what method should they administer 289 00:46:20.040 --> 00:46:20.540 okay 290 00:46:22.740 --> 00:46:26.040 what method should they administer 291 00:46:46.560 --> 00:46:59.520 okay got some responses here b c and b okay so we have votes for Mac filtering and firewall 292 00:46:59.520 --> 00:47:14.520 more from Mac filtering okay so Mac filtering is the correct answer um nmap and firewalls are tools 293 00:47:15.240 --> 00:47:26.400 more than methods Mac filtering is a method Source IP affinity it's also known as simple persistence 294 00:47:27.180 --> 00:47:34.020 so the best answer for this question is Mac filtering all right 295 00:47:37.500 --> 00:47:38.580 here we have one more 296 00:47:43.500 --> 00:47:46.920 okay 297 00:47:47.640 --> 00:47:54.000 Network Edge security solution you've been tasked with setting up a secure 298 00:47:54.840 --> 00:48:02.160 fast multi-homed Network Edge security solution that controls access to various 299 00:48:02.160 --> 00:48:08.040 types of traffic into your network which type of solution should you employ 300 00:48:14.820 --> 00:48:20.940 okay without a few responses let's get a few more okay good let's see what you're thinking here 301 00:48:24.120 --> 00:48:28.200 so when everybody's thinking hey okay 302 00:48:36.900 --> 00:48:44.880 all right so it doesn't look like anybody chose C all right so that's good C is not correct 303 00:48:46.800 --> 00:48:51.720 B is not correct it is being fact between a and d 304 00:48:53.580 --> 00:48:59.100 a Bastion host provides remote access to private networks from an external network 305 00:49:04.980 --> 00:49:12.120 and I suspect that you understand what a hardware firewall is and does 306 00:49:19.740 --> 00:49:26.340 so what do you think we're talking about answer a or D 307 00:49:27.600 --> 00:49:31.380 it still looks like a okay we've got a D One D in there 308 00:49:35.160 --> 00:49:46.320 okay so the correct Choice here is D Hardware firewall okay secure fast and multi-honed 309 00:49:47.340 --> 00:49:55.080 controls access to various types of traffic into your network okay all right 310 00:49:56.460 --> 00:50:03.540 um the other thing to note about let's see everybody a lot of people said hey Bastion hosts 311 00:50:04.260 --> 00:50:13.440 old remote access technology that doesn't really work in sort of today's decentralized Networks 312 00:50:14.100 --> 00:50:26.100 okay so it basically runs as a kind of a a lockdown single purpose system if you will 313 00:50:26.880 --> 00:50:37.560 so definitely not as usable or easily fitted to the different types of situations that we 314 00:50:37.560 --> 00:50:43.620 would find in modern networks okay so the answer here again the hardware firewall 315 00:50:44.400 --> 00:50:51.540 all right so that does it for this session on network security part two