Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
257 Cards in this Set
- Front
- Back
Layers of the OSI model |
Application Presentation Session Transport Network Data link Physical |
|
Application layer device/protocols |
User applications HTTP FTP Telnet DHCP SMTP etc. |
|
Presentation layer device/protocols |
JPG AFCII TIFF SSL |
|
Session layer device/protocol |
Logical ports / inter host communication AppleTalk WinSock RPC |
|
Transport layer device/protocols |
TCP UDP SPX SCTP |
|
Network layer device/protocols |
Routers IP IPSec ICMP IGMP |
|
Data link layer device/protocols |
Switch BridgeWAP PPP SLIP CSLIP L2TP |
|
Physical layer device / protocols |
Physical characteristics of the hardware - Volts Pins Bit-rate Transmission etc. |
|
Layer 1 |
The physical layer describes the networking hardware, such as electrical signals and network interfaces and cabling. |
|
Layer 2 |
The data link layer describes data transfer between machines, for instance by an Ethernet. |
|
Layer 3 |
The network layer describes data transfer between networks, for instance by the Internet Protocol IP. |
|
Layer 4 |
The transport layer describes data transfer between applications, flow control, and error detection and correction, for instance by TCP. |
|
Layer 5 |
The session layer describes the handshake between applications, for instance, authentication processes. |
|
Layer 6 |
The presentation layer describes the presentation of information, such as ASCII syntax |
|
Layer 7 |
The application layer describes the structure, interpretation, and handling of information. Insecurity terms, it is relevant because it relies on all underlying layers. |
|
The layer in which Ethernet is described in the OSI reference model |
Layer 2 data-link layer |
|
Port address translation PAT |
An extension to network address translation (NAT) that permits multiple devices on a local area network (LAN) to be map to a single public IP address. |
|
Tracert |
A utility that will attempt to trace the route to the target address over a maximum of 30 hops. As a result, it will tell the user which routes are valid, and where the packets are being dropped, allowing them to quickly diagnose connectivity problems. |
|
Ping scanning |
A basic network mapping technique that helps narrow the scope of an attack. An attacker can use one of many tools such as a Very Simple Network Scanner for Windows based platforms NMAP for Linux and Windows based platforms to ping all of the addresses in a range. If the host replies to a ping, than the attacker knows the host exist at the address. |
|
Power over Ethernet PoE |
Allows a single cable to provide both data connection and electrical power to devices such as wireless access points or IP cameras. |
|
Virtual Private Network VPN |
Extends a private network across a public network such as the Internet. It enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network and thus are benefiting from the functionality, security and management policies of the private network. |
|
Virtual local area network VLAN |
Any broadcast domain that is partitioned and isolated in a computer network at the data link layer. |
|
Optimal location for network based intrusion detection system |
On the network perimeter, to alert the network administrator of all suspicious traffic. |
|
Intrusion detection system IDS |
Monitor activity and send alerts when they detect suspicious traffic. |
|
Two types of intrusion detection systems |
Host based IDS - which monitor activity on servers and workstations Network based IDS - monitor network activity |
|
Two parts of a subnet mask |
Network ID and host ID |
|
Network ID |
Represents the network the device is connected to |
|
Subnet Mask |
Only devices in the same subnet mask are able to communicate with other devices on the same subnet |
|
Convert ip-based networks can contain the following devices |
Physical security, industrial monitoring, CCTV, voice services, data, television |
|
TCP/IP port filtering |
The practice of selectively enabling or disabling the Transmission Control Protocol (TCP) ports and user Datagram Protocol (UDP) ports on computers or network devices. |
|
Content filtering |
HTTP proxy is used as a means to implement. Logging or blocking traffic that has been defined as or is assumed to be non business related for some reason. |
|
Devices that should be part of a network's perimeter defense |
A firewall A proxy server A host-based intrusion detection system(HIDS) |
|
Security perimeter |
The first line of protection between trusted and untrusted networks. |
|
Principal security risks of wireless LANs |
Lack of physical access control - wireless networks allow users to be mobile while remaining connected to a LAN. |
|
IPv4 routing protocols |
RIPvl: (legacy) IGP, distance vector, classful protocol
IGRP: (legacy) IGP, distance vector, classful protocol developed by Cisco
RIPv2: IGP, distance vector, classless protocol EIGRP: IGP, distance vector, classless protocol developed by Cisco OSPF: IGP, link-state , classless protocol
IS-IS: IGP, link-state , classless protocol
BGP: EGP, path-vector, classless protocol
|
|
IPSec |
Provides mechanisms for authentication and encryption |
|
IP security IPSec |
A suite of protocols for communicating securely with IP by providing mechanisms for authenticating an encryption. Authenticates only to hosts with each other |
|
SEM/SEIM |
Have to understand a wide variety of different applications and network element (routers/switches) logs and formats; consolidate these logs into a single database and then correlate events looking for clues to unauthorized behaviors that would be otherwise inconclusive isf observed in a single log file. |
|
What is Security Event Management (SEM) service performs |
Aggregates logs from security devices and applications servers looking for suspicious activity. |
|
Principal weakness of DNS (Domain Name System) |
Lack of authentication of servers and thereby authenticity of records. Authentication services have been delegated upward to higher protocol layers. |
|
Open email relay |
A server that forwards email from domains other than the one it serves. Also widely considered a sign of bad system administration. |
|
Principal tool for the distribution of spam |
Open email relays |
|
Botnet |
A group of dispersed, compromised machines controlled remotely from illicit reasons. |
|
Bots and botnets |
Zombies controlled by ethereal entities from the dark places on the internet |
|
WPA2 ( Wi-Fi Protected Access 2) |
Security technology commonly used on Wi-Fi wireless networks. Replace the original WPA technology on all certified Wi-Fi hardware since 2006 and is based on the IEEE 802.11i technology standard for data encryption. |
|
Disabling the SSID will |
Further enhances the security of the solution, as it requires a user that wants to connect to the WAP to have the exact _______ as opposed to selecting it from a list. |
|
HDSL |
Requires two twisted pair so it is deployed primarily for PBX network connections, digital loop carrier systems, interchange POPs, Internet servers, and private data networks. |
|
Operating range of HDSL |
Limited to 12,000 feet so signal repeaters are installed to extend the service |
|
DSL (digital subscriber line) methods |
ADSL- Asymmetric digital subscriber line - downstream transmission rates are much greater than upstream one typically 256 or 512 kbps downstream and 64 kbps upstream RADSL- Rate adaptive DSL - the upstream transmission rate is automatically tuned based on the quality of the line SDSL - Symmetric digital subscriber line - uses the same rates for upstream and downstream transmissions what are you doing VDSL - Very high bitrate DSL- supports much higher transmission rates than other DSL technologies, such as 13 mbps downstream and 2 megabytes per second upstream |
|
Fiber cable |
Relies on light. Electromagnetic and source power based distortions do not affect it. |
|
Media types that rely on electromagnetic principles to operate and are therefore susceptible to electromagnetic interference |
Coax cable Wireless Shielded twisted pair |
|
Media types that rely on electromagnetic principles to operate and are therefore susceptible to electromagnetic interference |
Coax cable Wireless Shielded twisted pair |
|
Coaxial cable (or simply coax) |
Uses one thick conductor that is surrounded by a grounding braid of wire. A non-conducting layer is placed between the two layers to insulate them. The entire cable is placed within a protective sheath. |
|
Disadvantages of coaxial cable |
Is expensive, and is difficult to bend during installation. |
|
Thicker than the twisted pair and therefore can support greater bandwidth and longer cable length |
Coax cable |
|
Shielding |
On coax cable ____ makes it harder for an intruder to monitor the signal with antenna or install a tap. |
|
Protects coax cable from electrical interference such as EMI and RFI |
Superior insulation |
|
UTP unshielded twisted pair |
The most common cable type. Is inexpensive and can be easily bent during installation. Risks of drawbacks does not justify more expensive cables. |
|
STP - Shielded twisted pair |
Pairs of insulated twisted copper are in close in a protective jacket. Uses an electronically grounded shield to protect signal. The shield surrounds each of the twisted pairs in the cable, surround the bundle of twisted pairs, or both. Disadvantages over UTP = more expensive and is bulkier and hard to bend during installation |
|
Multi layer protocols such as Modbus |
Are often insecure by their very nature as they are not designed to natively operate over today is IP networks. Often used in industrial control systems. |
|
Packet switched technologies include |
X. 25 Link access / procedure balanced LAPB Frame Relay Switched multi megabyte data services SMDS Asynchronous transfer mode ATM Voice over IP VoIP |
|
Generation 1 firewalls |
Static packet filter Stateful Packet Inspection |
|
Second-generation firewalls |
Proxy services |
|
Firewall |
A system designed to prevent unauthorized access to or from a private network. |
|
Third-generation firewalls, firewalls evolved, next generation firewalls |
Stateful multilevel inspection, screen see entire packet, OSI layers 2 through 7, rapidly compares each packet to known bit patterns of friendly packets before deciding whether to pass the traffic. Coupled with or integrated into intrusion detection system IDS, SMLI offers the first glimpse of this new definition of firewall. |
|
If the communication mode is gateway-gateway or host-gateway |
Encapsulating security payload (ESP) authentication must be used |
|
Polling |
A LAN transmission protocol |
|
What are layer 1 endpoints for cables from wall jacks?
|
Patch panels
|
|
Which is more resistant to EMI, Coax or twisted pair?
|
Coax
|
|
UTP (Unshielded Twisted Pair) is more vulnerable to interference, crosstalk, and ______________.
|
Eavesdropping
|
|
What is the main TP (Twisted Pair) used today?
|
Cat 5e. (Next Gen is Cat 6a)
|
|
What are fire retardant cables called?
|
Plenum (cost 2x as much)
|
|
What is the Twisted Pair Cat 7 speed and how is it used?
|
10 Gbps, backbone cabling
|
|
What is the difference between broadband and baseband?
|
Baseband: Binary (single channel)
Broadband: Analog (multiple channels) |
|
What is the effective communication distance for copper communication cables?
|
100m
|
|
What is a loss of signal strength over distance?
|
Attenuation
|
|
What causes corruption in binary signals?
|
Noise
|
|
What happens when a signal spills from one cable to a nearby cable?
|
Crosstalk
|
|
Regarding fiber, what light source is used for single and multi–mode?
|
single mode – Laser (kilometers)
multi–mode – LEDs (within buildings) |
|
What is the difference between synchronous and asynchronous signals?
|
Synchronous: No start stop, continuous signal
Asynchronous: Bits sent sequentially |
|
What topology is good for several servers being linked in a high availability (HA) need situation?
|
Mesh
|
|
What is the normal topology we use?
|
Star
|
|
What are the layers of the OSI model? Bottom to top.
|
1. Physical
2. Data Link 3. Network 4. Transport 5. Session 6. Presentation 7. Application All People Seem To Need Data Processing |
|
What is it called when data is packaged to travel through the OSI model (up or down) and communicates with same layers at the the other end.
|
Encapsulation
|
|
What is Layer 1 of the OSI model for?
|
Physical – media – patch panels, fiber cable
|
|
What is Layer 2 of the OSI model for?
|
Network: Ethernet, switches
|
|
What is Layer 3 of the OSI model for?
|
Networking: Routers, IPV4, IPV6, OSPF, BGP
|
|
What is Layer 4 of the OSI model for?
|
Transport: TCP, UDP, SSL, TLS (port #s/sockets)
|
|
What is Layer 5 of the OSI model for?
|
Session: NetBIOS, NFS, SQL, RPC
|
|
What is Layer 6 of the OSI model for?
|
Presentation: ASCII, TIFF, GIF, JPEG, etc.
|
|
What is Layer 7 of the OSI model for?
|
Application: FTP, SSH, API, MIME, TELNET, HTTP
|
|
At OSI Layer 1, how does communication happen? In the form of.....
|
Bits
|
|
Where does the MAC address get resolved in the OSI model?
|
Layer 2
|
|
Where does IP addressing happen in the OSI model?
|
Network Layer (3)
|
|
Where is UDP and TCP used in the OSI model?
|
Layer 4, Transport
|
|
At what layer does segment size and sequence numbering happen?
|
Layer 4, Transport
|
|
What is the difference between TCP and UDP?
|
TCP: Reliable (3 way handshake – connection oriented, sequential series of packets)
UDP: Fast (Connectionless – best effort – used for VoIP and Streaming) |
|
What OSI Layer allows applications to organize and synchronize how they will transfer data?
|
Layer 5, Session
|
|
Which OSI Layer translates messages into standard presentations? (encryption and compression, as well as formatting – like jPEG)
|
Layer 6, Presentation
|
|
Which OSI Layer includes Application Programming Interfaces (API)
Popular protocols: SMTP, HTTP, FTP, Telnet, TFTP) |
Application Layer, 7
|
|
At which layers are the following data frame types:
Data Segment Packet Frame ( last frame element is Frame Check Sequence) |
Data: Presentation
Segment: Transport Packet: Network Frame & FCS: Data Link / Physical |
|
What are the TCP/IP Layers?
|
Application
Transport (host to host) Internet Network Interface A TIN man |
|
How does the TCP/IP map to OSI?
|
Application
Presentation. |
|
What are the common network devices on layers 1, 2, and 3? What device is multi–layer?
|
1 – Hub
2 – Switch 3 – Router Multi–layer: Gateway |
|
What is 802.3?
|
Standard for Ethernet (3 is like a backwards E)
|
|
Switches work at Layer _____ using a standard called _______.
|
2, Ethernet
|
|
What device is subject to MAC flooding and Spoofing attacks?
|
Layer 2 switch (Data Link)
|
|
Where is a NIC used?
|
Layer 2 – with switches
|
|
What routing protocol simply used hops to decide routes?
|
RIP (Routing Information Protocol) – 15 hop limit (TTL – Time to Live)
|
|
What routing protocol keeps a topology map and determines shortest path/
|
OSPF (Open Shortest Path First)
|
|
What is the exterior routing protocol and is used by ISPs?
|
BGP (Border Gateway Protocol)
|
|
What acts as a translator (between media or protocols) and works at several layers of the OSI model?
|
Gateway
|
|
What is the primary protocol suite used on the Internet today?
|
TCP/IP
(TCP – Layer 4, IP – Layer 3) |
|
What are the ports for FTP, SMTP, SNMP, HTTP, Telnet, and SSH?
|
FTP – 20, 21
SMTP – 25 SNMP – 161 HTTP – 80 Telnet – 23 SSH – 22 (Secure Telnet Replacement) |
|
Source port numbers are dynamic, or __________ and used to track communications sessions.
|
Ephemeral
|
|
What defines the network and host portions of an IP address?
|
Subnet Mask
|
|
In 192.168.0.1:23, what does the 23 represent?
|
The port number
|
|
In 192.168.0.1/24, what does the 24 represent?
|
Subnet Mask
|
|
What are the ranges for IP addresses for Classes A – E?
|
A – 0–127 (First byte defines network)
– Note: 127 is reserved for loopback testing B – 128–192 (First 2 bytes define network) C – 193–224 (First 3 bytes define network) D – 225–240 (multicast) E – Invalid Experimental |
|
What is an IPv6 address?
|
Unique 128 bit address scheme –
8 blocks of four hexadecimal units |
|
How is an IPv6 unicast network and host split up?
|
equal 64 bits of each
|
|
How can you shorten the IPv6 address?
|
By eliminating leading zeros and adjacent blocks of zeros with ::
e.g. ...2f29:0:0:0:3d... becomes: 2f29::3d... |
|
For global addressing of IPv6, what is the global routing prefix and subnet ID?
|
Global routing = first 48 bits
Subnet ID = next 16 bits |
|
In IPv6, what does Link Local Addressing always begin with?
|
fe80:: (understood as fe80:0:0:0
|
|
T/F IPv6 Tunnels may be misused by attackers.
|
True
|
|
What protocol does DHCP use?
|
UDP
|
|
What defines the DHCP sequence of actions?
DORA |
DORA:
– Discover message – Offer message – Request proper network info – Acknowledge |
|
What is a major man in the middle attack threat that redirects IP addressing?
|
Rogue DHCP Server
|
|
What is a High Availability (HA) practice for DHCP and DNS to ensure redundancy?
|
Split DNS or Split DHCP (shares the load)
|
|
Routers can be a _______________ for DHCP services, rebroadcasting across subnets.
|
Relay Agent
|
|
Split DNS (or split–Brain DNS) is a best practice, allowing....?
|
One Internal DNS server (locates domain resources)
One Exernal DNS server (locates Internet resources) |
|
T/F – DNSSEC encrypts.
|
False, it uses digital signatures for authentication
|
|
What is the directory service database (standard for storing details about the network) and in what standard does it store?
|
Lightweight Directory Access Protocol (LDAP), X.500
|
|
Difference between x.500 and x.509?
|
x.509 = Public Key (digital certificates)
x.500 = LDAP naming standards (Leafs) |
|
In LDAP, what is a subject called?
|
A leaf
|
|
What is the protocol that resolves MAC addresses from a known IP address?
|
Address Resolution Protocol (ARP)
|
|
What is it called when someone puts bad information into an ARP table to misdirect users?
|
ARP Poisoning (man in the middle)
|
|
ICMP can be misused through which utility?
|
Ping (Packet Internet Network Grope)
|
|
Which version of SNMP is most secure?
|
v3 (SNMP v4 works with IPv6)
|
|
ATM works at which layer of the OSI model?
|
Multiple layers
|
|
ATM has which 2 circuit methods?
|
Switched Virtual Circuit (SVC) – created on demand
Permanent Virtual Circuit (PVC) – programmed in advance |
|
What is an L2/L3 (or just L3) Switch?
|
It is a layer 3 switch (VLAN capable) that performs routing functions. (multilayer device)
|
|
A proxy server does NAT (Network Address Translation) and deep packet inspection at ______layers?
|
Multi–layers
|
|
What is it called when two separate standards come together to do something better, such as with protocols?
|
convergence or converged protocols
|
|
Evolving from specialized Fibre channel storage, this convergence allowed Ethernet to communicate with Fibre SANs?
|
FCoE (Fibre Channel over Ethernet)
|
|
What was the convergence of SCSI and IP?
|
iSCSI
|
|
What is MPLS?
|
Multiprotocol Label Switching – used by ISPs to create private WANs across their backbone (forwards with labels instead of IP addresses)
– Isolates traffic, as in a VLAN – More secure than normal IP routing – Good for VoIP (meaning good for QoS) |
|
What device hides internal addresses by centralizing them on one router and forwarding only the source address of that router?
|
Network Address Translation (NAT)
|
|
VoIP requires _________ to provide lag–free communication
|
Quality of Service, or Traffic Shaping
|
|
What is the initiation protocol that is used to setup and tear down VoIP sessions?
What protocol carries the actual media payload? |
SIP (Session Initiation Protocol)
RTP (Real–time Transfer Protocol) |
|
What IEEE standard defines Wi–Fi standards for security?
|
802.11i
|
|
What WPA function keeps you from eavesdropping?
|
TKIP (Temporal Key Integrity Protocol)
|
|
WPA also replaced CRC error checking in WEP with better ____________________ (MIC)
|
Message Integrity Check
|
|
WPA2 enhances security. Replaces RC4 with ____________ (AES.....?)
|
AES–CCMP
|
|
TKIP (Temporal Key Integrity Protocol) is a ___________ encryption key. It is a single use session key. Also uses strong/long keys.
|
Symmetric
|
|
What is a network protocol that provides client/server authentication and authorization, and audits remote users. It also provides enterprise authentication?
|
RADIUS (Remote Authentication Dial–In User Service)
|
|
What is the difference between bluejacking and bluesnarfing?
How can you eliminate the threat? |
Bluejacking: Send anonymous spam
Bluesnarfing: stealing info from bluetooth device – Eliminate by disabling discovery |
|
What is the best protection for "bring your own device" mobile devices?
|
MDM (mobile device management) infrastructure
|
|
What are some good MDM choices to implement?
|
Sophos and Airwatch
|
|
What is "footprinting"?
|
Discovery – gathering data about a target (security profile) before attacking.
|
|
Firewalls have moved from static postures to...
|
Dynamic Stateful firewalls. Keeps track of "state" or dialog process of a communication stream between internal and external hosts
|
|
What is an application layer firewall that inspects 100% of the packet (deep packet inspection) called?
|
Application firewall
|
|
Proxy Firewalls are better than hardware firewalls at ___________ information.
|
logging
|
|
What is a proxy that hides the real sender's info?
|
Anonymizer proxy
|
|
TOR (TOR Onion Networks) is free software that does what?
|
enables anonymous communication over the Internet.
|
|
Open ________________ are used to mask SPAM senders
|
mail relays
|
|
What is a Bastion Host?
|
Extremely hardened system. Locked down due to being Internet accessible.
|
|
What two methods hide and extend your IP address scheme for your internal network?
|
NAT and PAT (Port Address Translation)
|
|
What is our IT "network burglar alarm" system?
|
IDS
|
|
Does an IDS block intrusion?
|
No!
|
|
What does block an intrusion?
|
Network Intrusion Prevention System (NIPS)
|
|
When alerted by an IDS/IPS, what is the responding administrator called?
|
First responder
|
|
What advantage does an application–based proxy firewall have over packet–filtering firewalls?
|
Better Security
|
|
What are the two intrusion detection techniques:
Anomaly Detection and Signature Based? |
Anomaly Detection: comparing current systems to baseline activities.
Signature Based: comparing LAN traffic to a variety of attack signatures |
|
Host HIDS/HIPS can examine encrypted traffic after it is decrypted. T/F?
|
True
|
|
PPTP, L2TP/IPsec, SSL/TLS, and SSTP are modern _________ Protocols
|
VPN Tunneling
|
|
What is CHAP
|
Challenge Handshake Authentication Protocol, authentication protocol that validates user through handshake instead of sending password.
|
|
ISDN has two connection types. What are they and what are their speeds?
|
– BRI (Basic Rate Interface) 2 b channels and 1 d channel
– PRI (Primary Rate Interface) 23 b channels and 1 d channel b channels: 64 KBps (data) d channels: 64 KBps (control) |
|
What are the Internet, X.25, and Frame Relay examples of?
|
Packet switching?
|
|
What is an early fast WAN packet–switched technology that uses PVCs and SVCs?
|
Frame Relay (Early WAN)
|
|
What connection–oriented technology uses 53–byte packets in the form of fixed cells?
|
ATM
|
|
What is an encryption protocol that is a hybrid of Cisco L2F and PPTP?
|
L2TP (Layer 2 Tunneling Protocol) and IPSec.
|
|
In L2TP, what does the encryption at Layer 3?
|
ESP in IPSec.
|
|
The IPSec protocol that performs only integrity checking (doesn't encrypt) is __________
|
AH (Authentication Header) Protocol
|
|
The IPSec protocol that performs encryption (most used) is ____________
|
ESP (Encapsulating Security Payload) in tunneling mode with encapsulation
|
|
With the ESP protocol, what is the difference between transport and tunnel mode?
|
Transport mode: Only data is secured
Tunnel mode: Entire packet encapsulated |
|
Browser based VPN solutions (utilizing SSL and TLS) are harder to implement. T/F
|
False. They are easier to implement.
|
|
What is an IP address combined with a Port Number called?
|
A Socket
|
|
Regarding VLANs, what is 802.1q?
|
The header in the frame has an extra piece of information (VLAN Tag) that will allow it to forward or reject traffic.
|
|
In the TCP/IP model, where does the PPP protocol reside?
|
Network access
|
|
What is a Loki attack?
|
A backdoor ICMP attack
|
|
What does CDN (Content Distribution Network) provide?
|
Improves the delivery or performance of streaming or large file application. Stores data closer to where user needs it.
|
|
In virtualization, it doesn't require an overarching OS. What runs the functions (multiple instances of OS) instead?
|
Hypervisor
|
|
What is a Virtual Desktop Infrastructure (VDI)?
|
A client/server solution that utilizes virtualization and centralized servers to run a desktop operating system across a LAN or WAN connection to a host system (thin client)
|
|
What are the three primary categories of cloud computing?
(Hint: Hosted – I, P, S) |
– Hosted Infrastructure (Iaas): virtualized servers and disk storage
– Hosted Platforms (PaaS): Rent virtual servers with the OS installed – Hosted (applications) Software (Saas): Leasing the use of a service providers configured software (Netflix) aaS = as a Service |
|
What are these cloud models:
Public, Private, Community, Hybrid |
Public: Internet Public Clouds
Private: provisioned or single organization Community: specific community of organizations, like federal gov. Hybrid: Any combination of the above |
|
What was a solution that incorporated the physical separation (decoupling) of the network control plane of packets from the data plane (hardware)? (single large virtualization that removes hardware from the equation)
|
Software Defined Networking
|
|
What are two multi–layer protocols?
|
ATM and DNP3
|
|
What is providing conversion at the perimeter of most networks?
|
Router (normally Cisco)
|
|
Can a router be a firewall?
|
Yes
|
|
In WiFi what does the key exchange?
|
TKIP
|
|
SSL VPN uses what for access?
|
web browser
|
|
What two primary concerns with VoIP technology?
|
Lag – QoS (Quality of Service)
Sniffing |
|
What is a screenscraper?
|
Data mining....???
|
|
What is a guest operating system?
|
An operating system running under a hypervisor
|
|
What is port isolation?
|
A management VLAN. E.g. Only one port can be used to program a router or switch.
|
|
What does a stateful firewall look at that a normal one doesn't?
|
Ephemeral port. (session states)
|
|
How is a proxy firewall different from a normal one?
|
Deep packet inspection.
|
|
What is an anonymizer proxy used for?
|
Hides the sender's information. (e.g. TOR)
|
|
What device:
– Does MPLS translation – uses BGP – Stateful Firewall – ATM mode – VPN concentrator for IPSec |
Edge Router
|
|
WiFi encrypts what portion of the communication?
|
Antenna to Antenna (radiated signal)
|
|
OSI Model |
|
|
Federal Communications Commission (FCC) |
Regulate the telecommunications system includes voice and data |
|
Open Network Architecture |
No vendor owns , that is not proprietary, and that can easily integrate various technologies and vendor implementations of those technologies. Open system -> interoperability |
|
What is Datalink comprises of |
Logical Link Control (LLC) - Multiplexing protocols transmited over MAC layer - IP / IPX, Appletalk Media Access Control (MAC) |
|
Antirelaying features |
Company's mail server should only accept mail destined for its domain and should not forward messages to other mail servers and domain that may be suspicious |
|
Email Spoofing |
Modifying the fields of email headers, (from, return path and reply to), to appears from trusted source Counter measure - SMTP Authentication (SMTP-AUTH) Measures : SMTP Authentication , Sender Policy Framework (SPF) |
|
Open Mail Relay |
It allows anyone on the internet to send email through it, not just email destined to or originating from known users. |
|
Phishing |
Social engineering phishing email scam - steal details nefarious web site or email spear-phishing - phising attack to trick a specific target |
|
Pharming |
redirects victim to seemingly legitimate but fake site.
DNS Poisoning |
|
Tiered architecture |
Single-tiered : Screened-host architecture - Two-tiered : Screened-subnet architecture Three Tiered : Three firewalls create two separate DMZs |
|
Screened host |
firewall communicates directly with perimeter router |
|
Screened Subnet |
another layer of security to screened host architecture 2 firewall create DMZ |
|
DNS Splitting |
DNS Server in the DMZ handles external hostname to IP resolution request. While an internal DNS server handls only internal request Ensure layer of protection not expose by being internet facing Internal DNS only contain resource records for internal computer systems. |
|
RADIUS Server (Remote Authentication Dial-In User Service) |
Network protocol that provides client/server authentication and authorization, and audits remote users. DSL , T1 Line , ISP to authenticate user before allowed access to internet Network protocol that provides AAA |
|
Sender Policy Framework |
Email validation system by verifying sender's IP address Specify which hosts from domain are allowed to send email. Using SPF record in DNS. |
|
PPTP vs L2TP |
Both are tunneling protocol for VPN, both extend PPP connetions by providing tunnel PPTP cons: cannot support multiple connections over one VPN tunnel allows attacker easily uncover password values Restricted to only IP network not industrial standard, incompatibilities across devices L2TP Cons: Over various network type (IP,ATM, X.25), both IP based and WAN based integrate IPSec to provide confidentiality, integrity |
|
IPSec (Internet Protocol Security) |
method of setting up secure channel for protected data exchang between two devices Strong encryption and authentication methods provide security on top of IP two mode transport mode tunnel mode |
|
Bluejacking |
unsolicited messsage to device that is Bluetooth enabled non discoverable mode |
|
DNS Spoofing |
DNS cache poisoning |
|
IP Telephony issues |
VOIP telephony network faces all the flaws that traditional computer networks have faced. intercept incoming and outgoin gcalls, DoS attack, spoof phone calls, eavesdrop |
|
Autonomous System (ASs) |
AS is individual routers on the internet independently controlled by different service providers and organization. Using common Interior Gateway Protocol (IGP) |
|
Static vs Dynamic routing protocol |
dynamic routing protocol to finds out that a route has gone down or congested, and update routing table Static routing protocol admin manually configure routing table. |
|
Type of Interior Routing protocols |
Distance vector Routing protocol Distance(number of hops) vs Vector (direction) Link-state routing protocol look at variables such as link speed, network load, packet size, reliability to determine best routes Routing Information Protocol (RIP)- Distance, how to exchange routing table data, calculate shortest distance between source and destinatio Open Shortest Path First (OSPF) - link state, allows smaller more frequent routing table, more stable network Interior Gateway routing (IGRP) - distance, five criteria to find out best path Enhanced interior gateway routing protocol (EIGRP) - Cisco priopietary advaced distance virtual router redundancy protocol - link? |
|
IGP vs EGP |
IGP - Interior Routing protocol within AS EGP - routing protocol between different autonomous systems |
|
Border Gateway Protocol (BGP) |
enables routers on different ASs to share routing information to ensure effective and efficient routing between AS networks |
|
What are the Authentication Protocols |
Password Authentication Protocol (PAP) Challenge Handshake Authentication Protocol (CHAP) Extensive Authentication Protocol (EAP) |
|
Transport Adjacency |
More than one security protocol (ESP and AH) is used in the VPN tunnel can also provide iterated tuneling - IPSec in another IPSec |
|
What are the type of Authentication Protocols |
PAP (Password authenticate protocol ) - authenticate over PPP, send in clear text CHAP ( Challenge Handshake Authentication Protocol ) - challenge response to authenticate, more secure EAP ( Extensible Authentication Protocol) - extend of Authentation method to OTP , Token , biometrics |
|
Wireless authentication method |
Open system authentication (OSA) - no pwd Shared Key authentication (SKA) - WEP ( Wired Equivalent Privacy) |
|
802.1x |
Different approaches that provide more security and protection than 802.11(static IV?) Only allow access until full authentication and authorization Temporary key integrity protocol (TKIP) - solve statick key, iv value and itegrity issue Provide different EAP modules to plugged in 802.1x and EAP work together to enforce mutual authentication between wireless device and authentication server |
|
802.11 vs 802.1x |
802.11 - not mutual authentication, device can authenticate to AP but AS not require to autheticate to device |
|
Remote Connectivity |
Dial Up - Tie up with phone line so cannot call DSL (Digital Subscriber Line) - Uses phone line and wont tie up phone. must close to telephone central office to get service Cable Modem - Transmits digital data over existing cable television lines ISDN(integrated services digital network) - digital telephone line, over digital manner . must close to telephone central office to get service |
|
IPv4 vs IPv6 |
IPv6 - more address space - 128 bits vs 32 bits has host portion and network portioon support stateless auto reconfiguration so doesn't require dhcp server and NAT QoS priority values to be assign for time-sensitive transmission IPSec integrated provide end to end secure transmission and authentication |
|
What are the layer 2 security |
802.1AE - MACSec - integrates security protection into wired Ethernet network to - specifies set of protocols to meet security req for protecting data traversing ethernet LANs 802.1AR - DevID - secure DevID is crytographically bound to a device and supports authentication of the device's ID Binding device to its identifiers 802.1AF |
|
Zone Transfer |
Primary and secondary DNS servers synchronize information through zone transfer. Replicate DNS databases across set of DNS Servers - cons: attacker can map out the network properly configure to allows only specific DNS Servers |
|
DNSSEC |
DNS Security , implements PKI and digital signatures, which allows DNS servers to validate the origin of a message to ensure not spoofed and malicious |
|
Type of Virtual Firewall |
Bridge-mode firewall - act like physical world firewall , sits in a strategic part of the network infrastructure, inter-network virtual switch or bridge. Hypervisor -mode firewall - resides in hypervisor to capture VM activity |
|
Software Defined Networking (SDN) |
computer networking allows network adminstrators to manage network services centrally |
|
How VoIP works |
employs Session Initiation Protocol (SIP) breaks down the call sessions, provides phone-line features such as ring ,dialing and busy signal part of Multiservice Access technologies public switched telephone network- circuit switching - regular phone system |
|
IP Spoofing |
creation of IP packets with false source IP address, to hide the identity of the sending / impersonate |
|
Session Hijacking / cookie hijacking |
hijack using session key / session id man in the middle attack - impersonate sender ip address, DoS to the sender, TCP Hijacking - spoof sender address and use the correct sequence number value |
|
Unified Threat management |
provide all network equipments ( IDS/IPS, firewall, antispam, vpn) functionalities in a single network appliance all inclusive security product |
|
TLS vs SSL |
SSL is propietary, so cannot easily extend functionality TLS is open community protocol TLS more extensible and backward compatible with SSL |
|
Link Encryption |
Ecrypt data along specific communication path , such as satellite link, T3 link , or telephone line. All including header ,paylaod , address routing table encrypted except data link control messaging info - communciation method also called online encryption. provided by service provider and into network protocol have to decrypt at each hop to find routing information |
|
End to end encryption |
packet do not need to be decrypted and encrypted again at each hop because headers and trailers are not encrypted. initiated by user , more flexible , called end to end because message stay encrypted from one end to another end |
|
Security Association for IPSec |
Each IPSec VPN device will have at least one security association for secure connection. record the configuration of the IPSec architecture, it's a record of the configuration of the device needs to support an IPSec connection over VPN Connection |