CND (312-38) Network Defense Simulation

In this simulation, you will analyze enterprise network services and their security implications. Learn to identify critical communication protocols and apply the correct defensive controls to maintain availability and confidentiality.

Network Scenario

The corporate infrastructure uses a converged network model where data and voice traffic share the same physical cabling but are logically separated via VLANs (Voice VLAN 20, Data VLAN 10). A central session controller manages external connectivity via a SIP Trunk.

Environment

• Core Switch: Layer 3 with ACLs
• IP-PBX: Hosted in the DMZ
• Endpoints: Hardware Phones & Softphones
• Perimeter: Next-Gen Firewall (NGFW)

Critical Services

• SIP (5060/5061) for signaling
• RTP (UDP High Ports) for media stream
• QoS (DSCP EF) prioritization

Traffic & Logs

Recent egress traffic captured at the NGFW:

[10:14:02] FW_ALLOW: SRC=10.0.20.15 DST=203.0.113.50 PROTO=UDP SPT=5060 DPT=5060 (SIP INVITE)
[10:14:02] FW_ALLOW: SRC=10.0.20.15 DST=203.0.113.50 PROTO=UDP SPT=16384 DPT=28412 (RTP Media)
[10:15:30] IDS_ALERT: Possible SIP Digest Auth Brute Force detected from 198.51.100.12
[10:15:45] FW_DENY: SRC=198.51.100.12 DST=10.0.20.5 PROTO=TCP SPT=44332 DPT=5060 (Threshold Exceeded)

Question

Fill in the blank with the appropriate term. The ____________ is used for routing voice conversations over the Internet. It is also known by other names such as IP Telephony, Broadband Telephony, etc.

Expert Analysis

1. Network Activity Overview

The logs show standard call setup (SIP INVITE) followed by media transmission (RTP). However, the IDS also flagged a brute force attempt targeting the SIP port (5060), which the firewall successfully mitigated through rate-limiting/threshold policies.

2. Behavior Identification

The core technology being used here is VoIP (Voice over IP). It relies on SIP for management and RTP for data delivery. The unauthorized connection attempts indicate an external actor trying to find an open PBX to perform toll fraud.

3. Why Correct Answer is Correct

VoIP is the comprehensive term for the technology that enables voice communication over packet-switched IP networks. It serves as the industry standard name for what is often called IP Telephony.

4. Why Others are Wrong

SIP: A signaling protocol used within VoIP, not the name of the service itself.
PSTN: The legacy circuit-switched telephone network (Public Switched Telephone Network)—the opposite of IP-based telephony.
QoS: A mechanism used to prioritize traffic (Quality of Service), which is essential for VoIP performance but is not the service itself.

Mini Lesson: Defensive Layering

Protocol Enforcement: Use Application-Layer Gateways (ALGs) or Session Border Controllers (SBCs) to inspect SIP headers and prevent malformed packet attacks.
Segmentation: Always place VoIP endpoints in a dedicated Voice VLAN to isolate broadcast traffic and apply stricter ACLs between voice and data networks.
Encryption: Deploy SIPS (SIP over TLS) and SRTP (Secure RTP) to prevent eavesdropping and Man-in-the-Middle (MITM) attacks.

Explore more CND simulations