Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
195 Cards in this Set
- Front
- Back
- 3rd side (hint)
What is the DORA cycle, and what does DORA stand for? |
It is a suqeunce that supplies and IP address to a network client. - Discover Offer Request Ack |
|
|
What is an asynchronous server/client relationship? |
The server waits for communication from clients. |
|
|
What is a socket in networking terms? |
It is the end point and start point of communication |
|
|
How do sockets communicate? |
They create a virtual curcuit on physical networking hardware |
|
|
What protocols will a file transfer client like FileZilla implement? |
FTP and SFTP |
|
|
What protocols will a mail client like Thunderbird implement? |
SMTP, MAPI or IMAP |
|
|
What did Telnet enable computers to do? |
Processes to be shared amongst users |
|
|
What port does Telnet listen to? |
Port 23 |
|
|
What are some of the main issues with Telnet? |
- No authentication system - Messages are not encrypted - Susceptable to Man In The Middle attacks |
|
|
What are the main protocols associated with Telnet? |
- HTTP - FTP - SMTP |
|
|
What does HTTP stand for? |
HyperText Transfer Protocol |
|
|
What is the main purpose of HTTP? |
Transportation of web messages |
|
|
What underlying protocol does HTTP use to send messages? |
TCP/IP |
|
|
What does stateless mean in terms of HTTP? |
A request is processed and HTTP forgets the cleint again, preventing backtracking. |
|
|
What type of data does HTTP transfer? |
HTML web page content |
|
|
What is the major difference between HTTP 1.0 and 1.1? |
1.1 Keeps the conenction to the server open via pipelining, maintaining a persistent connection until all files are downloaded |
|
|
What is the major difference between HTTP 1.1 and 2.0? |
2.0 Uses push technology: Receives page along with associated files based on the request, even if they are not required. |
|
|
What is the mian benefit of the pipelining persistent connection in HTTP 1.1? |
Takes less time and processing power to complete a request. |
|
|
What are the 2 main fields in an HTTP request header? |
- GET (Version of HTTP required) - Host: (name of site) |
|
|
What do the main fields of an HTTP response header indicate? |
- Acknowledgement of HTTP version being correct - Confirmation of host domain, server name & version |
|
|
What does the user-agent HTTP request header field specify? |
Specifices details about the client system, such as OS, Web Client etc. |
|
|
What does the MIME request header field define in HTTP request headers & what does MIME stand for? |
Defines the file types that are acceptable for attachment in an email. - Multipurpose Internet Mail Extensions |
|
|
What does the Accept-language HTTP request header field specify? |
Acceptable language, as set in the clients web client (web browser) |
|
|
What does the Accept-encoding HTTP request header field specify? |
Encryption used for the web page |
|
|
What does the Accept-charset HTTP request header field specify? |
Accepted character set |
|
|
What does the Keep-alive HTTP request header field specify? |
- Timeout in seconds for connection - How long the web server should wait for subsequent requests nefore timing out. |
|
|
What does the Connection HTTP request header field specify? |
Persistent connections |
|
|
What is the status code for the HTTP version being correct in an HTTP response header? |
200 |
|
|
What does the Set-cookie HTTP response header field set? |
The session cookie |
|
|
What does the Transfer-encoding HTTP response header field replace? |
- Replaces content-length from the request header. |
|
|
What does the Content-type HTTP response header field indicate? |
MIME type |
|
|
What are the 8 methods for an HTTP request? |
1) Options 2) Get 3) Head 4) Post 5) Put 6) Delete 7) Trace 8) Connect |
|
|
What are the safe methods of HTTP request and why are they deemed safe? |
Get & Head, as they only retrieve data |
|
|
What are the unsafe methods of HTTP request and why are they deemed unsafe? |
Post, Put & Delete: - Post updates the server database - Put - 'puts' file to server (can insert malware) - Delete - Deletes file off server (dangerous for obvious reasons) |
|
|
What is the main function of the Trace HTTP request method & why is it potentially dangerous? |
- Debugging tool - It displays information about the server to the client, (useful information for bad guys) |
|
|
What does the 100 series of Status Codes indicate? |
Information, e.g. Request recevied, continuing process, confirmations etc. |
|
|
What does the 200 series of Status Codes indiciate? |
Success, request was received, understood and processed. (an ack for web page requests) |
|
|
What does the 300 series of Status Codes indicate? |
Redirection, if a site has had a domain name change temporarily or permanently. |
|
|
What does the 400 series of Status Codes indicate? |
Client error, client has made a request that is invalid, or that they are not authorised to make (colloquially known as PEBCAK, lol) |
|
|
What does the 500 series of Status Codes indicate? |
Server error, server failed to fulfill a valid request, ussually a server crash. |
|
|
How does an X.509 certificate request work? |
- A key pair is generated, one public, one private - Private key is kept private - The public key is used to match the private key when a client requests verification of the signature of the requested certificate. |
|
|
What is SSL & what does it stand for? |
An encrypted tunnel between the client and server. - Secure Socket Layer |
|
|
Where does the SSL sit? |
Between the application and presentation/network layers. |
|
|
What is the Diffie-Helman Exchange method used for? |
- Exchanging cryptographic keys - Allows 2 parties that have no prior knowledge of each other to communicate with each other securely - Sharing of keys between 2 or more parties. |
|
|
What are the main objectives of SSL? |
- Authenticating server and clients to each other - Ensure data integrity and privacy - Paves the way for a secure communication tunnel |
|
|
Explain the first part of the SSL communication process. |
1) Client hello 2) Server hello 3) Server sends certificate, key exchange and requests clients certificate 4) Server done |
This is the server part of the process |
|
Explain the second part of the SSL communication process. |
1) Client sends certificate, verification and completes key exchange 2) Change cipher spec 3) Client done 4) Server changes cipher spec |
This is the client side of the process, the server finishes it. |
|
What happens during the change cipher spec part of SSL & why is this done? |
Server and Client stop and re-negotiate the encryption. - This is to avoid someone slowly cracking the encryption |
|
|
What are the 2 layers of SSL architecture? |
1) Data security 2) Establish connection |
|
|
What is the purpose of the SSL record protocol? |
- Encrypts messages passed thorugh it - Breaks messages into chunks - Define data transmit format |
|
|
What is the method of the SSL connection protocol? |
Server/client hash generated from clients MAC address, and then matched with the hash that the server has on record. |
|
|
What is the purpose of the SSL handshake protocol? |
Allow client and server to select cyptographics algorithms and to establish encypted SSL connection. |
|
|
What is the purpose of the SSL connection algorithm? |
Logical server/client link - P2P connection through 2 network nodes |
Maps the path accross the network |
|
What is the purpose of the SSL session protocol? |
Associate client and server and define parameters such as algorithms and session numbers |
|
|
What are the parameters of the SSL session protocol? |
- Session ID - Peer certificate - Compression method - Algorithm spec |
|
|
What are the parameters of the SSL connection protocol? |
- Server and client random - Server/client write MAC secret - Server/client write key - Sequence number |
|
|
What is the purpose of the SSL alert protocol? |
Handling of errors |
|
|
What size chunks does the SSL record protocol break up messages into? |
16Kb chunks |
|
|
What are the 2 main hash algorithms used to calculate MAC hash? |
- MD5 - SHA-1 |
|
|
What formula is used to determine MAC hash? |
MAC = Hash function [secret key, primary data, padding, seq no.] |
|
|
How does MAC creation verify data integirty when data reaches its destination? |
- MAC is calculated by client through write MAC secret - Server will perform the same calculation and a matching result certifies integrity |
|
|
What are the main issues with SSL? |
- Susceptible to Man In The Middle attacks. - Proxy servers unencrypt data which makes it readable |
|
|
What happens during a certificate exchange? |
- Server sends certificate to client - Client authenticates certificate form certification body for the server. |
|
|
What is TLS and what does it stand for? |
It is a replacement/update to SSL - Transport Layer Security |
|
|
What is the main purpose of HTTPS? |
- Browser requests a secure page form site |
|
|
What are 4 the stages of HTTPS? |
1) Browser request 2) Server sends public key and certificate 3) Browser uses public key to encyrpt some data and sends 4) Server decrypts using public and private key |
|
|
Who are certificate authorities? |
Buisinesses mostly |
|
|
Why are certificate authorities needed? |
They provide authenticated web browsing |
|
|
Are certificate authorities secure? |
Mostly, some are run by nefarious groups |
|
|
What are the alternatives to certificate authorities? |
- Having your own certificate - Groups of CA's authenticate certificates, instead of just one. |
|
|
What is the primary function of web servers? |
- Deliver web pages - Deal with uploads and downloads - Support website languages like PHP and RUBY |
|
|
What are web servers emmbedded in devices collectivley known as? |
Internet Of Things (IOT) |
E.g. Printers, Routers, Smart Fridges/lights |
|
What is virtual hosting on web servers? |
Serving many web sites using one IP address |
|
|
What does a URL do and what does it stand for? |
Requests a web server, and maps to physical path to a web server - Uniform Request Link |
|
|
What is bandwidth throttling? |
Limitation of the speed of responses to prevent network saturation. |
|
|
What is server-side scripting? |
The generation of dynamic web pages |
|
|
What are the main features of kernel mode web servers? |
- Ussually work faster - Can dierctly use all hardware resources available for its needs |
|
|
What are the main features of user-mode web servers? |
- Have to request permission to use more memory or CPU |
|
|
What is caching on a web server? |
Store most popularly accessed web pages on a faster, more reliable server. |
|
|
What do the load limits on a web server allow control over? |
- Number of concurrent client connections - HTTP request type - Static or dynamic content - Cached content - Hardware and software limits |
|
|
What techniques can be used to stop overloading of web servers? |
- Network traffic management - Different domain names for different content - Multiple web servers per host - More hardware resources |
|
|
What are the bottlenecks associated with web server HDD access? |
- Disk latency - Database requests |
|
|
What are the bottlenecks associated with web server CPU access? |
- Unoptimised code for processor - Uncompressed output |
|
|
What does a caching policy for a web server determine? |
Which resources should and shouldnt be cached, and for how long. |
|
|
What are some hardware configurations that can optimise a web servers performance? |
- Maxmise RAM capactiy - RAID HDD - Fast HDD/SSD - Multiple NIC's - Fast CPU |
|
|
What are the main web server daemons? |
- Apache - IIS - Nginx |
|
|
What 2 ports does an FTP server use, and what does it use each of these for? |
- Port 20 for data - Port 21 for commands |
|
|
What are the 4 stages of an FTP client/server hadnshake? |
1) Client tells server on port 21 the clients second port num. 2) Server acks 3) Server opens data channel to clients second port 4) Client acks |
|
|
What is active mode FTP? What is the issue when there is a firewall involved? |
A client creates a TCP control connection. - Firewall blocks connection beacuse the server uses a different port than the initial conection. |
|
|
What is passive mode FTP? How does it resolve the issue of firewall blocking? |
Client sends a PASV command to state that it will create the connection. - Server remains passive, and allows the client to initiate the second port connection |
|
|
How is different data represented in FTP? |
1) ASCII mode 2) Image mode 3) EBCDIC mode 4) Local mode |
1) Text 2) Image 3) IBM Text 4) Identical machines in proprietary format |
|
What are the 3 data transfer modes in FTP? |
1) Stream mode 2) Block mode 3) Compressed mode |
1) Data sent in continuous STREAM 2) Breaks data into several chunks 3) Data is COMPRESSED using algorithm |
|
What is FTP normal authentication? |
Username and password login |
USER & PASS commands |
|
What is FTP anonymous authentication? |
Login with valid email address - Often used for serve software software updates |
|
|
What are the main vulnerabilities of FTP? |
- Brute force attacks - Bounce attacks - Packet capturing - Port stealing - Spoofing |
|
|
What are the unique features of FTPS? |
- Secure transmission - Encrypts username and pass - Encypts actual content - Uses SSL/TLS |
|
|
What are the unique features of explicit FTPS? |
- Clients can request encyption of FTP session - Server can deny connection requests that do not ask for TLS |
|
|
What are the unique features of Implicit FTPS? |
- Uses different ports to standard FTP - Requires use of SSL or TLS |
|
|
What are the unique features of SFTP? |
- Uses SSH Shell - Encrypts both commands and data |
|
|
Can an SFTP client communicate with an FTP client? |
No |
|
|
What are the unique features of TFTP & what does it stand for? |
- Uses UDP instead of TCP conection on port 69 - Fixed block size - Stop and wait protocol - Trivial File Transfer Protocol |
|
|
What are the disadvantages of TFTP? |
- Has to supply its own transport and session support - Each file transferred is an indpendant exchange - Low throughput - No authentication |
|
|
Is the email service a guaranteed service? |
No |
|
|
What model of transport does email use? |
Store and forward model |
|
|
What are the 4 stages of SMTP email transfer? |
1) Email sent to target mailserver 2) Mail server forwards email to the destination mail server. 3) Mail is sent incoming mail server on the receiving end 4) Receiving client fethces mail from incoming mail server. |
|
|
What does the sending mail server use to determine the destination receiving server? |
Mail Exchange record or MX record |
|
|
What format are multi-media attatchments sent in? |
MIME format |
|
|
What is an MTA and what does it do? |
- Mail Transfer Agent Sends and receives messages |
|
|
What is an MUA and what does it do? |
- Mail User Agent Software used to read and process messages |
|
|
What does SMTP stand for? |
Simple Mail Transfer Protocol |
|
|
What does the header of an SMTP message typically contain? |
- From - To - CC - Subject - Date |
|
|
What does the body of an SMTP message typically contain? |
Basic content - Text - Signature blocks - HTML |
|
|
What fields must be included in an SMTP message header? |
From & Date |
|
|
What fields are optional, but are recommended for SMTP message headers? |
- Message-ID - In-reply_To |
|
|
What information does SMTP trace show? |
- Received - Return path - Authentication-Results - Received-SPF - Auto-submitted - VBR-Info |
|
|
What is the purpose of SPF (Super Policy Framework) in SMTP? |
Prevents spam |
|
|
What is the purpose of VBR (Vouch by Reference) in SMTP? |
avoid spam filtering |
|
|
What is the strucutre designed for SMTP message bodies? |
- 8-bit ASCII - Plain text |
|
|
What does POP3 do and what does it stand for? |
Downloads messages form incoming mail server and onto client device, then deletes message form receiving server. - Post Office Protocol 3 |
|
|
What does IMAP do and what does it stand for? |
Users account accesses mail folders on IMAP mail server, reading device requests message downloads, IMAP backs up mail - Internet Message Access Protocol |
|
|
What does MAPI do and what does it stand for? |
Allows complete control over messaging system on client device. Create and manange mesages on client - Messaging Application Programming Interface |
|
|
How does Web-Mail work? |
Web browser based interface Allows for creation of messages from 3rd party applications via MAPI |
|
|
What are the main vulnerabilities with email? |
- Infected emails can be opened without realisation of their malicious intent - Servers can crash - No encryption as standard |
|
|
What is the primary function of web clients and what are they more commonly known as? |
Retrieving, presenting and traversing information resources on the web - Web Browsers |
|
|
How are information resources identified to a web client? |
Uniform Resource Locator (URL) |
|
|
Name some modern web clients |
Any of: - Google chrome - Mozilla firefox - Internet Explorer - Opera - Safari |
|
|
What protocols do web clients support? |
- HTTP & HTTPS - FTP & SFTP - FILE - MAILTO as well as others |
|
|
What 2 HTTP methods do web clients implement? |
GET & POST |
|
|
What are the 7 components of a web browser/client? |
- UI - Layout engine - Rendering engine - JavaScript interpreter - UI backend - Networking component - Data persistence component |
|
|
What is DOM in web browsers? |
Cross-platform and language-independant convetion for representing and interacting with objects. |
|
|
How is DOM structured in web browsers? |
Tree structure, with the top node being the Document or Object being interacted with |
|
|
What is CSS in web browers? |
Cascading Style Sheet: Provides technical specs for layout of a page, the style setting 'cascade' to the lowest node in the DOM tree. |
Relates to DOM |
|
What is JavaScript in relation to web browsers/clients? |
Object based interpreted language. Runs client side scripts to interact with the user or control the browser in some way. |
|
|
What do the JS libraries allow in terms of other web languages? |
It facilitates easy integration with other laguages such as RUBY, PHP, CSS etc. |
|
|
What setting or steps can be taken to implement stronger security and privacy in browsers? |
- Privacy setting in browser - Add-ons to browser e.g. Ghostery - Search tools - Use of anonymous browser such as TOR.
|
|
|
What is the purpose of DHCP? |
Dynamic allocation of IP addresses to clients. |
|
|
How is DHCP implemented? |
- Central DHCP server facilitates DHCP to expanding network - DHCP server manages a 'pool' of IP addresses - Leases IP addresses to clients |
|
|
Do a client and a DHCP server need to be on the same subnet? |
Yes |
|
|
What is dynamic IP allocation? |
- DHCP server allocates IP addresses sequentially - When lease expires, IP address is leased to another machine |
|
|
What is automatic IP allocation? |
- Server keeps a list of MAC addresses - Server will allocate IP based on the MAC in the discover message - Server allocates the same IP address that the MAC address had in a previous session, if that IP address is available. |
|
|
What is automatic IP allocation also known as? |
Conservative allocation |
|
|
What is static IP allocation? |
- Pre-determined MAC addresses are given pre-determined IP addresses. |
|
|
What type of connection and port numbers does DHCP use? |
- Uses UDP connection - Port 67 for sending data to server - Port 68 for sending data to client |
TCP or UDP? |
|
Are DHCP communications stateless? |
Yes |
|
|
What are the 4 stages of DHCP DORA? |
- Discover - Offer - Request - Ack |
|
|
What happens during a DHCP discover? |
- Client broadcasts discover message to 255.255.255.255 - Client can request its last-known IP address |
|
|
What is special about the 255.255.255.255 destination? |
It is a universal broadcast address that all network cards will listen on. |
|
|
What happens during a DHCP offer? |
- Server receives a discover message on 255.255.255.255 - Server reserves an IP for the client based on its config - Offers the IP and lease to client |
|
|
What happens during a DHCP request? |
- Client receives a lease and IP address from DHCP server - Client requests IP and lease from DHCP server - Tells other DHCP serves to stop |
|
|
What happens during a DHCP ack? |
- Server recevies request from client - Server sends ack to client - Lease begins - NIC config to requested setting |
|
|
Why does DHCP use UDP instead of TCP? |
- DHCP messages are short and can fit in a single UDP packet - TCP creates tree packets to establish connection, therefore it is inefficient |
|
|
What is vendor identification and why is it used in DHCP? |
Identifies the vendor of the NIC of the client - It allows the server to check that the IP addressed is being assigend to the correct device |
|
|
Why does DHCP breach confidentiality? |
DHCP server logs every connection made - This means that someone can read the log and detect which device is connected at any given time or previous time. |
|
|
What methods are used to increase the reliability of DHCP? |
- At 50% lease time the client requests a new IP address - Client broadcasts a new discover if the DHCP server doesnt respond to IP address request before its lease runs out |
|
|
What are the main security shortcomings of DHCP? |
- Uses no authentication - Unauthorised DHCP server can provide IP addresses to clients - Vice versa with clients - Malicious DHCP clients exhaust resources of server |
|
|
What are the 6 main fields of a dhcp.conf file? |
- domain-name - domain-name-servers - option-routers - default-lease-time - subnet netmask - arrange |
|
|
What do the dest addr and src addr section of an ethernet frame contain? |
- Destination adn Source MAC addresses of the frame |
|
|
What is the size and life-span of an ethernet frame? |
- 1500 byte payload + 24 bytes preamble = 1524 bytes - Last for a single hop accross nodes. |
|
|
What does the ARP protocol do and what does it stand for? |
Reolution of network layer addresses to link layer addresses - Address Resolution Protocol |
|
|
What is the packet structure of an ARP packet? |
Contains one address resultion request or response |
|
|
What is a router? |
A device that forwards data packets between computer networks |
|
|
How does a router route packets accross a network? |
- Reads address information of incoming packets - Uses routing table or policy to determine output connection |
|
|
What are the 4 types of router? |
- Access - Distribution - Security - Core |
|
|
What does forwarding do in terms of routing? |
- Minimizes state information associated with individual packets - Makes descisions on best route |
|
|
What does a routing algorithm determine? |
Determines the best path: - Prefix-length - Metric - Administrative distance |
|
|
What are the unique features of an access router? |
- Typically one outgoing connection - Wired and wireless connnection |
|
|
What are the unique features of a distribution router? |
- Half a dozen ins and outs - Usually quite capable computers |
|
|
What are the unique features of a security router? |
- Firewall machines - Filter inputs - Preventing DDoS - Packet re-direction - Dumping excess packets in high traffic |
|
|
What are the unique features of core routers? |
- Works as a type of mesh router - Same network, multiple access points |
|
|
What is the semantic of Unicast? |
- Talks to one node, and no other |
|
|
What is the semantic of Broadcast? |
- Listens to all nodes |
|
|
What is the semantic of Multicast? |
- Willl listen to all nodes that have paid to be listened to |
|
|
What is the semantic of Anycast? |
- Has a range of servers available to it, it will communicate with just one of them |
|
|
What is the semantic of Geocast? |
- Listens and talks to nodes in a geographical area, |
|
|
What are the 2 adaptive routing algorithms? |
- RIP - OSPF |
|
|
What is the distance vector in routing? |
- Costing in time between nodes |
|
|
What is the link state in routing? |
- A map of the network, each node contains as much info about the network around it as it can |
|
|
What do route analytics determine? |
Which protocol is the best. |
|
|
What is static routing? |
Manually entering routes into the routing table |
|
|
What is dynamic routing? |
- Router learns the netwrok destinations - Can share knowledge with other routers |
|
|
What is DNS and what does it stand for? |
- Hierachical distributed naming system for internet/intranet - Maps domain names to IP addresses - Domain Name Service |
|
|
What is a name server and what does it know? |
It is a server which has knowledge of which IP addresses belong to which domain names |
|
|
What is an authoritative name server? |
It is a name server responsible for its own domains |
|
|
Do DNS servers have to respond to all queries? |
Yes |
|
|
What are the elements of DNS syntax? |
- Each domain is known as a label - Maxmimum of 127 labels - Characters are LDS (alphanumeric with -'s and .'s) |
|
|
How is the domain name space strucuted? |
- As a tree of domain names - Each node in the tree has 0 or more resource records - Tree divides into zones starting with the root zone |
|
|
How does the address resolution mechanism function in DNS servers? |
- example.org is request sent by browser to the root of the .org DNS server - Root name server then indicates which IP address the .org is at - Browser then makes request for example from .org server - the process repeats until domain name is resolved |
|
|
What is a Wildcard DNS record? |
Specifies that anything with a given domain name will go to a specific address |
|
|
What are the common security issues with DNS? |
- Access to DNS server can allow change of IP resolution - Not signed responses, plain text - Cache poisoning |
|
|
Who administers and sells domain names to people? |
Registrars |
|
|
Who accredits the domain name registrars? |
ICANN |
|
|
What does the WHOIS protocol do in DNS? |
Reverse lookup - It can show who the domain is registered to. |
|
|
What is DNS cache poisoning? |
- DNS server cache is 'poisoned' with false IP address resolutions for a specific domain name - If this is an authoritative DNS serer, all sub DNS servers copy it, thus the 'poison' spreads |
|
|
Wat port does DNS listen on? |
Port 53 |
|
|
What port does Telnet listen to? |
Port 23 |
|