〇：The use of IM can be stopped by simply blocking certain ports on the network firewall.

Instant messaging (IM) allows people to communicate with each other via real-time and personal chat room types. These technologies will have the ability to transfer files. Users install an IM client and are assigned a unique identifier; they provide this unique identifier to anyone they wish to communicate with via IM. ineffective.

Another way to answer the question is to say that the question itself confirms our understanding of security, and then we can lay down the assumption that “should not be included in the presentation” means that we should not say anything that will later be held liable. There will be far more events that indicate that there is a possibility than events that say there is no possibility at all.

×：Sensitive data and files can be transferred from system to system via IM.

This is incorrect because in addition to text messages, instant messaging allows files to be transferred from system to system. These files could contain sensitive information, putting the company at business or legal risk. And sharing files via IM will use that much network bandwidth and impact network performance.

×：Users can be subjected to attacks posing as legitimate senders from malware containing information.

Incorrect because it is true. Due to lack of strong authentication, accounts can be falsified because there is to accept information from malicious users of the legitimate sender, not the receiver. There will also be numerous buffer overflows and malformed packet attacks that have been successful with different IM clients.

×：A security policy is needed specifying IM usage limits.

This is incorrect because his presentation should include the need for a security policy specifying IM usage restrictions. This is only one of several best practices to protect the environment from IM-related security breaches. Other best practices include upgrading IM software to a more secure version that configures the firewall to block IM traffic, implementing a corporate IM server so that only internal employees communicate within the organization’s network, and implementing an integrated Includes implementing an antivirus/firewall product.

Carrier Sense Multiple Access Collision Detection (CSMA / CD) is used for systems that can transmit and receive simultaneously, such as Ethernet. If two clients listen at the same time and make sure the line is clear, both may transmit at the same time, causing a collision. Collision Detection (CD) is added to solve this scenario. The client checks to see if the line is idle and transmits if it is idle. If in use, they wait for a random time (milliseconds). During transmission, they monitor the network and if more input is received than transmitted, another client is also transmitting and sends a jam signal instructing other nodes to stop transmitting, wait a random time and then start transmitting again.

Matrix is not a network topology. Ring, mesh, and star are network topologies.

〇：Softphones are safer than IP phones. 

IP softphones should be used with caution. A softphone is a software application that allows users to make calls via computer over the Internet. Replacing dedicated hardware, a softphone works like a traditional telephone. Skype is an example of a softphone application. Compared to hardware-based IP phones, softphones are more receptive to IP networks. However, softphones are no worse than other interactive Internet applications because they do not separate voice traffic from data, as IP phones do, and also because data-centric malware can more easily enter the network through softphones. network.

×：VoIP networks should be protected with the same security controls used on data networks.

The statement is incorrect because it correctly describes the security of an IP telephony network. an IP telephony network uses the same technology as a traditional IP network, which allows it to support voice applications. Therefore, IP telephony networks are susceptible to the same vulnerabilities as traditional IP networks and should be protected accordingly. This means that IP telephony networks should be designed to have adequate security.

×：As an endpoint, IP telephony can be a target of attack.

Incorrect because true: An IP phone on an IP telephony network is equivalent to a workstation on a data network in terms of vulnerability to attack. Thus, IP phones should be protected with many of the same security controls implemented on traditional workstations. For example, the default administrator password must be changed. Unnecessary remote access functions need to be disabled. Logging should be enabled and the firmware upgrade process should be secured.

×：The current Internet architecture in which voice is transmitted is more secure than physical phone lines.

True and therefore incorrect. In most cases, the current Internet architecture in which voice is transmitted is more secure than physical telephone lines. Physical phone lines provide a point-to-point connection, which is difficult to leverage over the software-based tunnels that make up the bulk of the Internet. This is an important factor to consider when protecting IP telephony networks because the network is now transmitting 2 valuable asset data and voice. It is not unusual for personal information, financial information, and other sensitive data to be spoken over the phone; intercepting this information over an IP telephony network is as easy as intercepting regular data. Currently voice traffic should also be encrypted.

〇：VLAN

Virtual LANs (VLANs) allow logical isolation and grouping of computers based on resource requirements, security, or business needs, despite the standard physical location of the system. Computers in the same department configured on the same VLAN network can all receive the same broadcast messages, allowing all users to access the same types of resources regardless of their physical location.

×：Open Network Architecture  

Open network architecture is wrong because it describes the technology that can configure a network; the OSI model provides a framework for developing products that operate within an open network architecture.

×：Intranet

Incorrect because an intranet is a private network used by a company when it wants to use Internet and Web-based technologies in its internal network.

×：VAN  

Incorrect because a Value Added Network (VAN) is an electronic data interchange (EDI) infrastructure developed and maintained by a service bureau.

〇：Teardrop

Teardrop is an attack to bring a system to a halt by forging the offset of IP packets when they are returned before splitting.

×：Fraggle attack

Fraggle attack is an attack that uses the CHARGEN function to generate an appropriate string.

×：CHARGEN attack

There is no attack with such a name.

×：War Driving

Wardriving is the act of driving around a city looking for vulnerable wireless LAN access points.

〇：IP Session Restriction via Media Gateway

The VoIP Media Gateway translates Internet Protocol (VoIP) voice over time division multiplexing (TDM) voice to and from. As a security measure, the number of calls through the Media Gateway should be limited. The Media Gateway is vulnerable to denial-of-service attacks, hijacking, and other types of attacks.

×：Identification of Rogue Devices  

Incorrect, as rogue devices on both IP telephony and data networks need to be identified.

×：Implementation of Authentication

Incorrect because authentication is recommended for both data and voice networks.

×：Encryption of packets containing sensitive information

Incorrect because sensitive data can be transmitted over either voice or data networks and must be encrypted in both cases. Eavesdropping is a very real threat for VoIP networks.

〇：DNS Hijacking

The DNS plays a great role in the transmission of traffic on the Internet; it directs traffic to the appropriate IP address corresponding to a given domain name DNS queries can be classified as either recursive or iterative. In a recursive query, the DNS server forwards the query to another server, which returns the appropriate response to the inquirer. In an iterative query, the DNS server responds with the address of another DNS server that may be able to answer the question and then proceeds to further ask for a new DNS server. Attackers use recursive queries to pollute the caches of DNS servers.

The attacker sends a recursive query to the victim’s DNS server asking for the IP address of the domain; the DNS server forwards the query to another DNS server. Before the other DNS server responds, the attacker inserts his IP address. The victim server receives the IP address and stores it in its cache for a specific period of time. The next time the system queries the server for resolution, the server directs the user to the attacker’s IP address.

×：Manipulating the hosts file

Manipulating the hosts file is wrong because it does not use recursive queries to pollute the DNS server cache. The client queries the hosts file before issuing a request to the first DNS server. Some viruses add the antivirus vendor’s invalid IP address to the hosts file to prevent the virus definition file from being downloaded and to prevent detection.

×：Social engineering

Social engineering is wrong because it does not require querying DNS servers. Social engineering refers to manipulation by an individual for the purpose of gaining unauthorized access or information.

×：Domain Litigation

Domain litigation is wrong because it does not involve poisoning the DNS server cache. Domain names are at trademark risk, including temporary unavailability or permanent loss of established domain names.

〇：Make the mail relay server available to everyone.

This is a question of choosing the “ineffective” one. An open mail relay server is not an effective countermeasure against spam. In fact, spammers often use spammers to distribute spam, because the attackers can hide their identities. An open mail relay server is an SMTP server configured to allow inbound SMTP connections from anyone on the Internet, and many relays are properly configured to prevent attackers from distributing spam and pornography. Thus, the correct answer is “have an email relay server available to everyone.” will be.

×：Build a properly configured mail relay server.

A properly configured mail relay server can also suppress spam mail.

×：Perform filtering at the e-mail gateway.

Filtering emails that are considered spam mail at the gateway will help to prevent spam mail.

×：Filtering at the client.

Filtering spam mail at the client, i.e., in a mailing application such as Outlook, is considered to be a countermeasure against spam mail.

〇：Socket

UDP (User Datagram Protocol) and TCP (Transmission Control Protocol) are transport protocols used by applications to retrieve data over a network. Both use ports to communicate with the upper OSI layer and keep track of the various conversations that occur simultaneously. Ports are also the mechanism used to identify how other computers access services. When a TCP or UDP message is formed, the source and destination ports are included in the header information along with the source and destination IP addresses. This IP address and port number is called a socket; the IP address serves as the gateway to the computer and the port serves as the gateway to the actual protocol or service.

×：IP address

This is incorrect because the IP address does not tell the packet how to communicate with the service or protocol. The purpose of an IP address is to identify and address the location of a host or network interface. Each node in a network has a unique IP address. This information, along with the source and destination ports, make up a socket. The IP address tells the packet where to go, and the port indicates how to communicate with the appropriate service or protocol.

×：Port

The port is incorrect because it tells the packet only how to communicate with the appropriate service or protocol. It does not tell the packet where it should go. The IP address provides this information. Ports are communication endpoints used by IP protocols such as TCP and UDP. Ports are identified by a number.

×：Frame

Frame is incorrect because the term is used to refer to a datagram after the header and trailer have been given to the data link layer.

UDP (User Datagram Protocol) floods are often used in distributed denial of service (DDOS) attacks because they are connectionless and yet allow for easy generation of UDP messages from various scripting and compilation languages. UDP is a datagram protocol.

〇：Security

Voice over Internet Protocol (VoIP) refers to a transmission technology that delivers voice communications over an IP network; IP telephony uses technology that is similar to TCP/IP and therefore similar in its vulnerabilities. Voice systems are vulnerable to application manipulation and unauthorized administrative access. It is also vulnerable to denial of service attacks against gateway and network resources. Eavesdropping is also a concern since data traffic is transmitted in clear text unless encrypted.

The term security is a difficult answer to choose from because it has a very broad meaning. However, information security scriptures such as CISSP are persistent in saying that VoIP has vulnerabilities. Although this answer is a bit over the top in practical terms, it was made to educate the public, because depending on the creator’s intentions, this issue may arise.

×：Cost

Wrong, because cost is an advantage of VoIP; with VoIP’s, a company becomes a dedicated alternative to a separate network dedicated to data transmission and voice transmission. For telephony features such as conference calling, call forwarding, and automatic redialing are freed up in VoIP, which is open source, while companies that use traditional communications charge for VoIP.

×：Convergence

Wrong because convergence is the advantage of VoIP. Convergence means the integration of traditional IP networks with traditional analog telephone networks.

×：Flexibility

Wrong, because flexibility is an advantage of VoIP. The technology is very simple, easy and supports multiple calls over a single Internet broadband connection.

Onion routing is characterized by multiple layers of encryption because encryption is applied each time it passes through a router. However, there is no security feature at the final router because all encryption is decrypted at the final point of the router and becomes plaintext.

Each IPSec VPN device will have at least one security association (SA) for each secure connection it uses; the SA, which is critical to the IPSec architecture, is the device’s need to support IPSec connections over VPN connections This is a record of the configuration that needs to be in place.

〇：IGRP

The Internal Gateway Routing Protocol (IGRP) is a distance vector routing protocol developed by and proprietary to Cisco Systems, Inc. Whereas the Routing Information Protocol (RIP) uses one criterion to find the optimal path between source and destination, IGRP uses five criteria to make an “optimal route” determination. The network administrator can set weights on these different metrics so that the protocol works optimally in its particular environment.

×：RIP  

Routing Information Protocol (RIP) is incorrect because it is not proprietary; RIP allows routers to exchange routing table data and calculate the shortest distance between source and destination. It is considered a legacy protocol due to poor performance and lack of features. It should be used in smaller networks.

×：BGP

Border Gateway Protocol (BGP) is incorrect because it is an Exterior Gateway Protocol (EGP); BGP allows routers in different ASes to share routing information to ensure effective and efficient routing between different networks. BGP is used by Internet Service Providers.

×：OSPF  

OSPF is incorrect because it is not proprietary; it uses a link-state algorithm to transmit information in the OSPF routing table. Smaller and more frequent routing table updates.

〇：How routers are centrally managed and control packets based on the controller’s instructions 

Software-defined networks (SDN) are intended to facilitate centralized management of routing decisions and to separate the router’s logical functions of passing data between the routing decision and the interface and making its mechanical functions.SDN architecture is a scalable, a programmable, and is intended to be a standard method of providing router control logic. Therefore, the correct answer is “a way for routers to be centrally managed and control packets based on the controller’s instructions.

×：Mapping between MAC and IP addresses.

ARP table.

×：Updating the routing table in a dynamic way.

Explanation of dynamic routing.

×：A method in which routers communicate with each other to update the routing table when an event occurs.

This is an explanation of routing control in case of communication failure.

A captive portal is a mechanism that restricts communication with the outside world until user authentication, user registration, and user consent are performed when a terminal connects to the network.

Application firewalls target Layer 7 of the OSI. The main advantage of an application firewall is its ability to understand specific applications and protocols. Packets are not decrypted until Layer 6, so Layer 7 can see the entire packet. Other firewalls can only inspect the packet, not the payload. It can detect if an unwanted application or service is trying to bypass the firewall by using a protocol on an allowed port, or if the protocol is being used in a malicious manner.

〇：TLS is an open community version of SSL.

Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are cryptographic protocols used to protect communications by encrypting segments of a network connection. SSL is a proprietary protocol and TLS was developed by a standards body, making it an open community protocol.

×：TLS is an open community version of SSL. SSL is a proprietary protocol and TLS was developed by a standards body, making it an open community protocol. x: The SSL protocol can be modified by developers to extend its capabilities.

This is incorrect because SSL is a proprietary protocol developed by Netscape. This means that the technical community cannot easily interoperate and extend SSL to extend to its functionality.

×：SSL is an open community protocol while TLS is a proprietary protocol.

The meaning and matching are reversed.

×：SSL is an extended version and backward compatible with TLS.

Wrong, since TLS is actually more extensible than SSL and is not backward compatible with SSL.