CND (312-38) Network Defense Simulation

Master the core concepts of the CIA Triad applied to network communications. This simulation tests your ability to identify the correct cryptographic mechanisms used to prevent unauthorized modification of data in transit.

Network Scenario

Your organization's Secure Email Gateway (SEG) is being reconfigured to defend against Business Email Compromise (BEC) and Man-in-the-Middle (MITM) attacks. Recently, an attacker intercepted a plaintext email containing an invoice, altered the bank routing numbers, and forwarded it to the finance department.

To prevent this, the network security team is implementing S/MIME and DKIM. The first phase (encryption via TLS and AES) has been deployed to prevent interception. Now, the team is configuring the second phase: applying cryptographic hashes to validate the payload.

Traffic & Logs

[SEG-01] Mail Transaction Log - Message ID: 98214-B
---------------------------------------------------
[10:04:22] Connection established from 10.0.50.12 (Internal_Exchange)
[10:04:23] TLS v1.3 Negotiation: SUCCESS
[10:04:24] Payload Encrypted: YES (AES-256-GCM) -> Confirmed: Unreadable by 3rd parties
[10:04:25] Digital Signature Check: IN PROGRESS...
[10:04:25] Signature Algorithm: RSA-SHA256
[10:04:26] Hash Match: TRUE (Calculated hash matches attached signature)
[10:04:26] Security Control Result: NO MODIFICATION DETECTED IN TRANSIT
[10:04:26] Status: DELIVERED

Question

Stephanie is currently setting up email security so all company data is secured when passed through email. Stephanie first sets up encryption to make sure that a specific user's email is protected. Next, she needs to ensure that the incoming and the outgoing mail has not been modified or altered using digital signatures.

What is Stephanie working on?

Expert Analysis

1. What is happening in the network: The Secure Email Gateway (SEG) is performing two distinct cryptographic operations. First, it encrypts the message payload (AES) so it cannot be read. Second, it calculates a cryptographic hash of the message and signs it with a private key (Digital Signature) to ensure the contents remain exactly as they were when sent.

2. Identify attack or behavior: Attackers performing Man-in-the-Middle (MITM) attacks often intercept traffic, alter critical data (such as bank routing numbers in an invoice), and forward it. This targets the modification aspect of network security.

3. Why correct answer is correct (D. Data Integrity): Data Integrity guarantees that information has not been modified, tampered with, or corrupted. Digital signatures provide integrity by attaching a unique mathematical hash to the data. If a single bit of the email changes in transit, the receiving server's hash calculation will fail, detecting the tampering.

4. Why others are wrong:

Confidentiality: This is achieved via encryption (preventing unauthorized reading). Stephanie already completed this step ("first sets up encryption"). The question asks about her next step.
Availability: Ensures systems and data are accessible when needed (e.g., redundant links, DDoS mitigation), not related to digital signatures.
Usability: Refers to user experience and ease-of-use, not a core cryptographic defense mechanism.

5. Defensive action: Enforce strict DKIM (DomainKeys Identified Mail) and S/MIME policies on the email gateway to ensure all incoming and outgoing messages possess valid digital signatures, immediately discarding or quarantining emails that fail the integrity check.

MINI LESSON: Cryptography & The CIA Triad

Confidentiality is enforced using Symmetric/Asymmetric Encryption (AES, RSA).
Integrity is enforced using Hashing Algorithms (SHA-256, MD5).
Authentication & Non-repudiation are enforced using Digital Signatures (Hash encrypted with sender's Private Key).

Explore more CND simulations