Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
353 Cards in this Set
- Front
- Back
|
what is Telecommunications
|
is the electrical transmission of data among systems, whether through analog, digital, or wireless transmission types. The data can flow across copper
wires, coaxial cable, fiber, or airwaves, the telephone company’s public-switched telephone network (PSTN), or a service provider’s fiber cables, switches, and routers. Definitive lines exist between the media used for transmission, the technologies, the protocols, and whose equipment is being used. However, the definitive lines get blurry when one follows how data created on a user’s workstation flows within seconds through a complex path of Ethernet cables, to a router that divides the company’s network and the rest of the world, through the Asynchronous Transfer Mode (ATM) switch provided by the service provider, to the many switches the packets transverse throughout the ATM cloud, on to another company’s network, through its router, and to another user’s workstation. Telecommunications usually refers to telephone systems, service providers, and carrier services. Most telecommunications systems are regulated by governments and international organizations. In the United States, telecommunications systems are regulated by the Federal Communications Commission (FCC), which includes voice and data transmissions. In Canada, agreements are managed through Spectrum, Information Technologies and Telecommunications (SITT), Industry Canada. |
|
|
what is network protocol
|
is a standard set of rules that determines how systems will communicate across networks. Two different systems that use the same protocol can communicate
and understand each other despite their differences, similar to how two people can communicate and understand each other by using the same language. |
|
|
what are the layers of the OSI model
|
Application
Presentation Session Transport Network Data Link Physical |
|
|
what are the layers of the TCP/IP model
|
Application
Host-to-host Internet Network Access |
|
|
how does the TCP model map to the OSI model
|
OSI- Application,Presentation,Session ------> TCP Application
OSI transport -----> TCP host to host OSI Network -------> TCP Internet OSI DLL, Physical -------Network Acces |
|
|
define open network architecture
|
is one that no vendor owns,that is not proprietary, and that can easily integrate various technologies and vendor implementations of those technologies. Vendors have used the OSI model as a jumping- off point for developing their own networking frameworks. These vendors used the OSI model as a blueprint and developed their own protocols and interfaces to produce functionality that is different from, or overlaps, that of other vendors.
|
|
|
what happens at the Application layer
|
1.Interface between the user & the computer (applications & Gateways). Provides services that directly support user applications, such as the USER INTERFACE, E-MAIL, FILE TRANSFER, TERMINAL EMULATION, DATABASE ACCESS, etc.
2.API incorporated in this layer 3.Allows applications to use the network. 4.Handles Network access, flow control & error recovery. 5.Messages are sent between layers. |
|
|
what protocols reside at the Application layer
|
SMTP
HTTP LPD FTP WWW Telnet TFTP SNMP Gopher NNTP SIP DNS NFS NTP SMPP DHCP |
|
|
describe the Presentation layer
|
Handles data compression and encryption. Provides a common means of . Translation of data into understandable format for transmission (into a form usable by the application layer i.e. translates data between the formats the network requires and the computer expects).
2. Handles character encoding, bit order and byte order issues. Encodes and decodes data. 3. Data compression and encryption takes place at this layer. 4. Generally determines the structure of data 5. The redirector works at this layer. 6. Responsible for protocol conversion 7. Messages are sent between layers 8. Communicates through GATEWAYS and APPLICATION INTERFACES 9. SERVICES: Telnet, FTP use TCP, TFTP, NFS, SNMP, SMTP use TCP |
|
|
what protocols reside at the Presentation layer
|
· JPEG
· MIDI · MPEG · All kinds of music, pictures & movie formats · NCP |
|
|
describe the Session layer
|
. Responsible for opening, using and closing session. That is. It allows applications on connecting systems to establish a session (Establishes and maintains a connection).
2. Provides synchronization between communicating computers (nodes), messages are sent between layers (i.e. Manages upper layer errors). 3. Also places checkpoints in the data flow, so that if transmission fails, only the data after the last checkpoint needs to be retransmitted. 4. Handles remote procedure calls. 5. Communicates through Gateways & application interfaces. 6. SERVICES: Telnet, FTP use TCP, TFTP, NFS, SNMP, SMTP use TCP |
|
|
what protocols reside at the Session layer
|
· Network File System (NFS)
· SQL · RPC |
|
|
describe the transport layer
|
1. Responsible for PACKET HANDLING. Ensures error free delivery. Repackages messages, divides messages into smaller packets (Fragments and reassembles data), and handles error handling
2. Ensures proper sequencing and without loss and duplication. 3. Takes action to correct faulty transmissions 4. Controls flow of data 5. Acknowledges successful receipt of data 6. Sliding window is at this Layer -segments of message fragments are sent between layers 7. TCP/SPX - connection oriented communication for applications to ensure error free delivery. 8. UDP - connectionless communications and does not guarantee packet delivery between transfer points 9. Communicates through Gateway Services, routers & brouters. |
|
|
what protocols reside at the transport layer
|
· TCP
· UDP · SPX · NetBEUI |
|
|
describe the network layer
|
1. Logical addressing - software addresses to hardware addresses are resolved (ARP/RARP).
2. Routing of message (Packets) between hosts & networks (IP/IPX). 3. Determining the best route (Makes routing decisions & forwards packets (a.k.a. DATAGRAMS) for devices that could be farther away than a single link. 4. Moves information to the correct address. 5. Sends messages and reports errors regarding packet delivery (ICMP) 6. Reports host group membership to local multicast routers (IGMP) 7. Communicates through GATEWAY SERVICES, ROUTERS & BROUTERS |
|
|
what protocols reside at the Network layer
|
· IP
· IPX · RIP · ICMP · ARP · RARP · OSPF · EGP · IGMP · NetBEUI · DLC · DecNET . L2F . L2TP . FDDI . ISDN |
|
|
describe the data link layer
|
1.
Provides for flow of data over a single link from one device to another 2. Controls access to communication channel 3. Controls flow of data 4. Packets placed into frames at this layer (i.e. Organizes data into logical frames - logical units of information). 5. Identifies the specific computer on the network 6. CRC is added at this Layer (Error detection). 7. If CRC fails at the receiving computer, this layer will request re-transmission. 8. MAC addresses are resolved at this Layer (switches, brouters and bridges function on this layer using the MAC sub layer) 9. Sends data from network layer to physical layer. 10. Manages physical layer communications between connecting systems. 11. Data frames are sent between layers. 12. Ethernet, Token Ring & other communications occur here via frames. LLC -(802.2) manages link control & defines SAP'S (Service Access Points). MAC- (802.3, 802.4, 802.5, 802.12) communicates with adapter card. 13. Communicates through: SWITCHES, BRIDGES & INTELLIGENT HUBS NOTE: The Data Link Layer contains two SUB-LAYERS . LLC (Logical Link Control) - The upper sub-layer, which establishes and maintains links between communicating devices. Also responsible for frame error correction and hardware addresses . MAC (Media Access Control) - The lower sub-layer, which controls how devices share a media channel. Either through CONTENTION or TOKEN PASSING |
|
|
what protocols reside at the Data link layer
|
· HDLC (High-level Data Link
Control) - Supports asynchronous & synchronous transmissions. Uses LLC flow control. · SLIP · PPP |
|
|
describe the physical layer
|
1. Data (BITS) is sent across physical media like wires and hubs.
2. Responsible for encoding scheme (like Manchester encoding) 3. Defines cables, cards and physical aspects. 4. Provides electrical and mechanical interfaces for a network. 5. Specifies how signals are transmitted on network 6. Communicates through: REPEATERS, HUBS, SWITCHES, CABLES, CONNECTORS, TRANSMITTERS, RECEIVERS, MULTIPLEXERS |
|
|
what equipment operate at the Physical layer
|
· Hubs
· Repeaters · Amplifiers · Transceivers · Multiplexers · Receivers · Transmitters · Connectors · Cables · Switches |
|
|
what equipment operate at the data link layer
|
· Bridges
· Switches |
|
|
what equipment operate at the network layer
|
· Routers
· Brouters |
|
|
what equipment operate at the transport layer
|
Gateways
|
|
|
what equipment operate at the session layer
|
Gateways
|
|
|
what equipment operate at the Presentation layer
|
Gateways
|
|
|
what equipment work at the application layer
|
Gateways
|
|
|
note:
Session layer is responsible for establishing a connection between the two applications, maintaining it during the transfer of data, and controlling the release of this connection. |
note:
Transport layer When two computers are going to communicate through a connection-oriented protocol, they will first agree on how much information each computer will send at a time, how to verify the integrity of the data once received, and how to determine whether a packet was lost along the way. The two computers agree on these parameters through a handshaking process at the transport layer, layer 4.The agreement on these issues before transferring data helps provide more reliable data transfer, error detection, correction, recovery, and flow control, and it optimizes the network services needed to perform these tasks. The transport layer provides end-to-end data transport services and establishes the logical connection between two communicating computers. |
|
|
note
Data Link layer The operating system format the data frame to properly transmit over networks (Token Ring, Ethernet, ATM or FDDI). |
note
Physical layer Converts bits into voltage for transmission. Standard interfaces - HSSI, X.21, EIA/TIA-232, EIA/TIA-449 |
|
|
The session layer enables communication between two computers to happen in three different modes what are they:
|
- Simplex: Communication takes place in one direction.
- Half-duplex: Communication takes place in both directions, but only one system can send information at a time. - Full-duplex: Communication takes place in both direction and both systems can send information at the time. |
|
|
The session layer works in three phases what are they:
|
connection establishment
data transfer connection release It provides session restart and recovery if necessary and provides the overall maintenance of the session. When the conversation is over, this path is broken down and all parameters are set back to their original settings. This process is known as dialog management. |
|
|
NOTE Connection-oriented protocols, such as TCP, provide reliable data transmission when compared to connectionless protocols, such as UDP. This
distinction is covered in more detail in the “TCP/IP” section, later in the chapter. |
note
The functionality of the session and transport layers is similar insofar as they both set up some type of session or virtual connection for communication to take place. The difference is that protocols that work at the session layer set up connections between applications, whereas protocols that work at the transport layer set up connections between computer systems. |
|
|
The data link layer is divided into two functional sublayers what are they:
|
Logical Link Control (LLC)
and Media Access Control (MAC). |
|
|
note
The LLC, defined in the IEEE 802.2 specification communicates with the protocol immediately above it, the network layer. The MAC will have the appropriately loaded protocols to interface with the protocol requirements of the physical layer. |
NOTE The host-to-host layer is sometimes called the transport layer in the
TCP/IP model |
|
|
The protocols at this layer handles file transfer, virtual terminals, network
management, and fulfilling networking requests of applications. what layer is this |
Application
|
|
|
The services of this layer handle translation into standard formats, data compression and decompression, and data encryption and decryption. No protocols work at
this layer, just services like the • American Standard Code for Information Interchange (ASCII) • Extended Binary-Coded Decimal Interchange Mode (EBCDIC) what layer is this |
Presentation
|
|
|
The protocols at this layer handles end-to-end transmission and segmentation into a data stream.
|
Transport
|
|
|
The layer responsible for internetworking service, addressing, and routing
|
Network
|
|
|
set up connections between applications, maintain dialog
control, and negotiate, establish, maintain, and tear down the communication channel what layer is this |
Session
|
|
|
layer converts data into LAN or WAN frames for transmission, convert messages into bits, and define how a computer accesses a network. This
layer is divided into the Logical Link Control (LLC) and the Media Access Control (MAC) sublayers. |
Data Link
|
|
|
at this layer Network interface cards and drivers convert bits into electrical signals and control the
physical aspects of data transmission, including optical, electrical, and mechanical requirements. |
Physical
|
|
|
NOTE The security services defined in the OSI security model include data integrity (protection from modification and destruction), data confidentiality
(protection from disclosure), authentication (verification of identity of the communication source), and access control services (enable mechanisms to allow or restrict access). |
note
Transmission Control Protocol/Internet Protocol (TCP/IP) is a suite of protocols that governs the way data travel from one device to another. Besides its eponymous two main protocols, TCP/IP includes other protocols as well. IP is a network layer protocol and provides datagram routing services. IP’s main task is to support internetwork addressing and packet routing. It is a connectionless protocol that envelopes data passed to it from the transport layer. The IP protocol addresses the datagram with the source and destination IP addresses. |
|
|
is a connectionless protocol that provides the addressing and routing capabilities
|
IP
|
|
|
Two main protocols working at the transport layer:
|
TCP and UDP.
|
|
|
Is a reliable and connection-oriented protocol, that ensures that packets are delivered to the destination computer.
If a packet is lost during transmission, this protocol has the capability to resend it. Provides reliability and ensures that the packets are delivered. |
TCP:
|
|
|
Is a best-effort and connectionless oriented protocol. Does not have packet sequencing, flow and congestion control and the destination does not acknowledge every packet it receives.
|
UDP:
|
|
|
Data - Message -> Packet -> Datagram -> Frame
|
UDP packet.
|
|
|
Data - Stream-> Segment -> Datagram -> Frame
|
TCP packet
|
|
|
describe the TCP three-way Handshake:
|
1. Host sends a SYN packet
2. Receiver answers with a SYN/ACK packet 3. Host sends an ACK packet |
|
|
Uses 32 bits for its address
|
IPv4
|
|
|
Uses 128 bits for its address
|
IPv6
|
|
|
what are Well-Known Ports
|
Port numbers up to 1023 (0–1023) are called well-known ports
note: almost every computer in the world has the exact same protocol mapped to the exact same port number. That is why they are called well known—everyone follows this same standardized approach. This means that on almost every computer, port 25 ismapped to SMTP, port 21 is mapped to FTP, port 80 is mapped to HTTP, and soon. This mapping between lower-numbered ports and specific protocols is a defacto standard, which just means that we all do this and that we do not have a standards body telling us this is how it should be done. The fact that almost everyone follows this approach translates to more interoperability among systems all over the world. (Note that ports 0 to 1023 can be used only by privileged system or root processes.) |
|
|
port 23
|
Telnet
|
|
|
port 25
|
SMTP
|
|
|
port 80
|
HTTP
|
|
|
ports 161 and 162
|
SNMP
|
|
|
ports 21 and 20
|
FTP
|
|
|
Each protocol at each layer adds its own information to the message and passes it down to the next level. This concept is usually referred to as
|
encapsulation
|
|
|
describe a Class A network address
|
0.0.0.0 to 127.255.255.255
|
|
|
describe a Class B network address
|
128.0.0.0 to 191.255.255.255
|
|
|
describe a Class C network address
|
192.0.0.0 to 223.255.255.255
|
|
|
describe a Class D network address
|
224.0.0.0 to 239.255.255.255 Used for multicast addresses.
|
|
|
describe a Class E network address
|
240.0.0.0 to 255.255.255.255 Reserved for research.
|
|
|
is created from the host portion of an IP address to.
This allows us to further break the host portion of the address into two or more logical groupings. |
subnet
|
|
|
A network can be logically partitioned to
|
reduce administration headaches, traffic performance, and potentially security.
|
|
|
note
Subnetting allows large IP ranges to be divided into smaller, logical, and more tangible network segments. Subnetting is particularly beneficial in keeping down routing table sizes because external routers can directly send data to the actual network segment without having to worry about the internal architecture of that network and getting the data to individual hosts. |
note:
classless interdomain routing (CIDR) A Class B address range is usually too large for most companies, and a class C address range is too small, so CIDR provides the flexibility to increase or decrease the class sizes as necessary. CIDR is the method to specify more flexible IP address classes. |
|
|
NOTE
IP provides addressing, packet fragmentation, and packet timeouts. To ensure that packets do not continually traverse a network forever, IP provides a Time to Live (TTL) value that is decremented every time the packet passes through a router. IP can also provide a Type of Service (ToS) capability, which means it can prioritize different packets for time-sensitive functions. |
note
IPv6, also called IP next generation (IPng), not only has a larger address space than IPv4 to support more IP addresses, it has many other capabilities that IPv4 does not. IPv6 allows for scoped addresses, which enables an administrator to restrict specific addresses for file servers or file and print sharing, for example. IPv6 has IPSec integrated into the protocol stack, which provides end-to-end secure transmission and authentication. The protocol offers auto configuration, which makes administration much easier, and it does not require network address translation (NAT) to extend its address space. |
|
|
what are are continuously varying electromagnetic waves that can be carried over air, water, twisted-pair cable, coaxial cable, or fiber-optic cable. Through a process of modulation, data are combined with a carrier signal of a specific frequency. The modulation of a signal differs in amplitude (height of the signal) and frequency (number of waves in a defined period of time) Analog transmission signals - Modulation of signals, electromagnetic waves.
|
Analog transmission signals
|
|
|
represent binary digits as electrical pulses. Each individual pulse is a signal element and represents either a 1 or a 0.
|
Digital signals
|
|
|
what is bandwidth as it relates to digital transmissions
|
the number of electrical pulses that can be transmitted over
a link within a second, and these electrical pulses carry individual bits of information. |
|
|
what is Asynchronous communication
|
is used when the two devices are not synchronized
in any way.The sender can send data at any time, and the receiving end must always be ready. |
|
|
what is Synchronous communication
|
takes place between two devices that are synchronized,
usually via a clocking mechanism. |
|
|
define Baseband
|
uses the entire communication channel for its transmission. Baseband permits only one signal to be transmitted at a time, whereas broadband carries several signals over different channels. Ethernet is a baseband technology that uses the entire wire for just one channel.
|
|
|
define broadband
|
divides the communication channel into individual and independent channels so different types of data can be transmitted simultaneously. For example, a coaxial cable TV (CATV) system is a broadband technology that delivers multiple television channels over the same cable. This system can also provide home users with Internet access, but these data are transmitted at a different frequency spectrum than the TV channels.
|
|
|
four main reasons to have a network
|
• To allow communication between computers
• To share information • To share resources • To provide central administration |
|
|
describe a Ring Topology
|
Has a series of devices connected by unindirectional transmission links, that forms a ring.
Each node is dependent upon the preceding nodes and if one system failed, all other systems could fail. |
|
|
describe Bus Topology
|
A single cable runs the entire length of the network. Each node decides to accept, process or ignore the packet. The cable where all nodes are attached is a potential single point of failure. Linear bus - Has a single cable with nodes attached to it. Tree topology - Has branches from the single cable and each branch can contain many nodes.
|
|
|
describe Star Topology
|
All nodes connect to a central hub or switch. Each node has a dedicated link to the central hub.
|
|
|
describe Mesh Topology
|
All systems and resources are connected to each other in a way that does not follow the
uniformity of the previous topologies. |
|
|
NOTE When a ring or bus topology is used, all nodes between the source and destination systems have access to this data transmission. This means it
is easier for an attacker to gain access to a lot of potentially sensitive data. |
Note
What defines a LAN, as compared to a WAN, depends on the physical medium, encapsulation protocols, and functionality. For example, a LAN could use 10Base-T cabling, IPX/SPX protocols, and routing protocols, and it could enable users who are in the same local building to communicate. A WAN, on the other hand, could use fiber-optic cabling and the L2TP encapsulation protocol, and could enable users from one building to communicate with users in another building in another state (or country). A WAN connects LANs over great distances geographically. Most of the differences between these technologies are found at the data link layer. |
|
|
is a network that provides shared communication and resources in a relatively
small area. |
A LAN
|
|
|
The loss of signal strength as it travels or caused by cable breaks and cable
malfunctions. |
Attenuation
|
|
|
note
Ethernet is a LAN-sharing technology that enables several devices to communicate on the same network. Ethernet usually uses a bus or star topology. If a linear bus topology is used, all devices connect to one cable. If a star topology is used, each device is connected to a cable that is connected to a centralized device, such as a switch. Ethernet was developed in the 1970s, became commercially available in 1980, and was named the IEEE 802.3 standard. |
note
Ethernet is defined by the following characteristics: • Shares media. (All devices must take turns using the same media, and collisions can take place.) • Uses broadcast and collision domains. • Uses the carrier sense multiple access with collision detection (CSMA/CD) access method. • Supports full duplex on twisted-pair implementations. • Can use coaxial or twisted-pair media. • Is defined by standard IEEE 802.3. |
|
|
10Base2 characteristics
|
. called ThinNet
. uses coaxial cable. . max cable length of 185m . 10-Mbps transmission . requires BNC connectors |
|
|
10Base5 characteristics
|
.ThickNet
.often used as the network backbone max cable length of 500m . |
|
|
describe 10Base-T
|
10Base-T uses twisted-pair copper wiring instead of coaxial cabling. Twisted-pair wiring uses one wire to transmit data and the other to receive data. 10Base- T is usually implemented in a star topology, which provides easy network configuration. In a star topology, all systems are connected to centralized devices, which can be in a flat or hierarchical configuration.
|
|
|
describe Fast Ethernet
|
is regular Ethernet, except that it runs at 100 Mbps over twisted-pair wiring instead of at 10 Mbps. Fast Ethernet uses the traditional CSMA/CD and the original frame format of Ethernet. This is why it is used in many enterprise LAN environments today. One environment can run 10- and 100-Mbps network segments that can communicate via 10/100 hubs or switches.
|
|
|
describe Token Ring
|
is a LAN technology that enables the communication and sharing of networking resources. The Token Ring technology was originally developed by IBM and is now defined by the IEEE 802.5 standard. It uses a token-passing technology with a star-configured topology. The ring part of the name pertains to how the signals travel, which is in a logical ring. Each computer is connected to a central hub, called a Multistation Access Unit (MAU). Physically, the topology can be a star, but the signals and transmissions are passed in a logical ring.
|
|
|
is referred to as a “chatty protocol” and has collisions.
|
Ethernet
|
|
|
what is token-passing technology
|
one in which a device cannot put data on the network wire without having possession of a token, a control frame that travels in a logical circle and is “picked up” when a system needs to communicate. This is different from Ethernet, in which all the devices attempt to communicate at the same time. Token Ring does not endure collisions, since only one system can communicate at a time, but this also means communication takes place more slowly compared to Ethernet.
|
|
|
Token Ring employs a couple of mechanisms to deal with problems what are they
|
active monitor mechanism
beaconing mechanism |
|
|
define active monitor mechanism
|
removes frames that are continually circulating on the network. This can occur if a computer locks up or is taken offline for one reason or another and cannot properly receive a token destined for it.
|
|
|
explain the beaconing mechanism
|
f a computer detects a problem with the network, it sends a beacon frame. This frame generates a failure domain, which is between the computer that issued the beacon and its neighbor downstream. The computers and devices within this failure domain will attempt to reconfigure certain settings to try to work around the detected fault.
|
|
|
what is Fiber Distributed Data Interface (FDDI)
|
is a high-speed token-passing media access technology. FDDI has a data transmission speed of up to 100 Mbps and is usually used as a backbone network using fiber-optic cabling. FDDI also provides fault tolerance by offering a second counter-rotating fiber ring. The primary ring has data traveling clockwise and is used for regular data transmission. The second ring transmits data in a counterclockwise fashion and is invoked only if the primary ring goes down. Sensors watch the primary ring and, if it goes down, invoke a ring wrap so the data will be diverted to the second ring. Each node on the FDDI network has relays that are connected
to both rings, so if a break in the ring occurs, the two rings can be joined. |
|
|
what is cable bandwidth
|
indicates the highest frequency range it uses—for instance, 10Base-T uses 10 MHz and 100Base-TX uses 80 MHz. This is different from the actual amount of data that can be pushed through a cable.
|
|
|
what is data throughput rate
|
is the actual amount of data that goes through the wire after compression and encoding have been used. 10Base-T has a data
rate of 10 Mbps, and 100Base-TX has a data rate of 100 Mbps. The bandwidth can be thought of as the size of the pipe, and the data throughput rate is the actual amount of data that travels through that pipe. |
|
|
define Coaxial cable
|
has a copper core that is surrounded by a shielding layer and grounding wire. This is all encased within a protective outer jacket. Compared to twisted-pair cable, coaxial cable is more resistant to electromagnetic interference (EMI), provides a higher bandwidth, and supports the use of longer cable lengths
|
|
|
why is twisted-pair cable more popular?
|
Twisted-pair cable is cheaper and easier to work with, and the move to switched environments that provide hierarchical wiring schemes has overcome the cable-length issue of twisted-pair cable.
|
|
|
note
The two main types of coaxial cable used within LAN environments are 50-ohm cable (used for digital signaling) and 75-ohm cable (used for high-speed digital signaling and analog signaling). The coaxial cable types are 10Base2 (ThinNet) and 10Base5 (ThickNet). Coaxial cable can transmit using either a baseband method, whereby thecable carries only one channel, or a broadband method, whereby the cable carries several channels. |
note
Fiber-optic cabling Because of the use of glass, it has higher transmission speeds that can travel over longer distances and is not affected by attenuation and EMI when compared to cabling that uses copper. It does not radiate signals like UTP cabling and is very hard to tap into. Is expensive. |
|
|
If the cable has an outer foil shielding, it is referred to as
|
shielded twisted pair (STP), which adds protection from radio frequency interference and electromagnetic interference.
|
|
|
type of twisted-pair cabling does not have this extra outer shielding and is called
|
unshielded twisted pair (UTP).
|
|
|
define Category 1
|
Voice-grade telephone cable Not recommended for network use, but modems can communicate over it.
|
|
|
define Category 2
|
Data transmission up to 4 Mbps Used in mainframe and minicomputer terminal connections, but not recommended for high-speed
networking. |
|
|
define Category 3
|
10 Mbps for Ethernet and 4Mbps for Token Ring Used in 10Base-T network installations
|
|
|
define Category 4
|
16 Mbps Usually used in Token Ring networks.
|
|
|
Category 5
|
100 Mbps for 100Base-TX and CDDI networks; has high twisting and thus low crosstalk Used in 100Base-TX, CDDI, Ethernet, and ATM installations; most widely used in new network installations.
|
|
|
Define Category 6
|
10 Gbps Used in new network installations requiring high-speed transmission. Standard for Gigabit Ethernet.w network installations.
|
|
|
Define Category 7
|
10 Gbps Used in new network installations requiring higher-speed transmission.
|
|
|
define Noise
|
Noise on a line is usually caused by surrounding devices or by characteristics of the wiring’s environment. Noise can be caused by motors, computers, copy machines, fluorescent lighting, and microwave ovens, to name a few. This background noise can combine with the data being transmitted over the cable and distort the signal. The more noise there is interacting with the cable, the more likely the receiving end will not receive the data in the form originally transmitted.
|
|
|
Define Attenuation
|
Attenuation is the loss of signal strength as it travels. The longer a cable, the more attenuation is introduced, which causes the signal carrying the data to deteriorate. This is why standards include suggested cable run lengths—once data travels over a certain distance, the resistance of electron flow aggregates and destroys the integrity of the signal.
|
|
|
what is Crosstalk
|
When electrical signals of one wire spill over to another wire. UTP is much more vulnerable to this than STP or coaxial
|
|
|
what is Plenum space
|
Network cabling that is placed in an area to meet specific fire rating to ensure that it will not produce and release harmful chemicals in case of a fire.
|
|
|
what is Pressurized conduits
|
Encapsulation of wires so if there is an attempt to access a wire, the pressure of the conduit will change and sound an alarm or send a message to the administrator.
|
|
|
describe Nonplenum cables
|
usually have a polyvinyl chloride (PVC) jacket covering, whereas plenum-rated cables have jacket covers made of fluoropolymers. When setting up a network or extending an existing network, it is important you know which wire types are required in which situation.
|
|
|
define Digital signals
|
Represent binary digits as discrete electrical pulses
|
|
|
define Analog signals
|
Continuous signals that vary by amplification and frequency
|
|
|
Asynchronous communication
|
Transfers data sequentially, uses start and stop bits, and requires that communicating devices communicate at the same speed
|
|
|
define Synchronous communication
|
High-speed transmission controlled by electronic clock timing signals
|
|
|
define Baseband transmission
|
Uses the full bandwidth for only one channel and has a low data transfer rate
|
|
|
define Broadband transmission
|
Divides the bandwidth into many channels, enabling different types of data to be transmitted, and provides a high data transfer rate
|
|
|
define Unicast transmission
|
Occurs when a packet is sent from one source computer to one destination computer
|
|
|
define Multicast transmission
|
Occurs when a packet is sent from one source computer to several specific computers
|
|
|
define Broadcast transmission
|
Occurs when a packet is sent from one source computer to all computers on a certain network segment
|
|
|
NOTE An MTU is a parameter that indicates how much data a frame can carry on a specific network. Different types of network technologies may
require different MTU sizes, which is why frames are sometimes fragmented. |
note
A token is a 24-bit control frame used to control which computers communicate at what intervals. The token is passed from computer to computer, and only the computer that has the token can actually put frames onto the wire. The token grants a computer the right to communicate. |
|
|
Ethernet protocols define how nodes are to communicate, recover from errors, and access the shared network cable. Ethernet uses CSMA as an access method to the network cable. There are two distinct types of CSMA: CSMA/CD and CSMA/CA.
|
Ethernet protocols define how nodes are to communicate, recover from errors, and access the shared network cable. Ethernet uses CSMA as an access method to the network cable. There are two distinct types of CSMA: CSMA/CD and CSMA/CA.
|
|
|
what is carrier sense multiple access with collision detection (CSMA/CD) protocol,
|
they monitor the transmission activity, or carrier
activity, on the wire so they can determine when would be the best time to transmit data. Each node monitors the wire continuously and waits until the wire is free before it transmits its data. |
|
|
what is Collision
|
Happens when two or more frames collide.
|
|
|
what is Contention
|
The nodes have to compete for the same shared medium
|
|
|
define Back-off algorithm
|
All stations will execute a random collision timer to force a delay before they attempt to transmit data.
|
|
|
what is Carrier sense multiple access with collision avoidance (CSMA/CA)
|
is an access method in which each computer signals its intent to transmit data before it actually does so. This tells all other computers on the network not to transmit data right now because doing so could cause a collision. Basically, a system listens to the shared medium to determine whether it is busy or free. Once the system identifies that the “coast is clear” and it can put its data on the wire, it sends out a broadcast to all other systems, telling them it is going to transmit information. It is similar to saying, “Everyone shut up. I am going to talk now.” Each system will wait a period of time before attempting to transmit data, to ensure collisions do not take place.
|
|
|
define a collision domain
|
is a group of computers that are contending, or competing,
for the same shared communication medium. |
|
|
what is Polling
|
Some systems are configured to be primary stations and others are secondary stations. At predefined intervals, the primary station will ask the secondary station if it has anything to transmit. Polling is a method of monitoring multiple devices and controlling network access
transmission. If polling is used to monitor devices, the primary device communicates with each secondary device in an interval to check its status. |
|
|
define ARP
|
Knows the IP address and broadcasts to find the matching hardware address, the MAC address.
|
|
|
what is a Media Access Control (MAC) address.
|
A MAC address is unique because the first 24 bits represent the manufacturer code and the last 24 bits represent the unique serial number assigned by the manufacturer.
|
|
|
NOTE The physical address is also referred to as the (MAC) address
|
NOTE A frame is data that are fully encapsulated, with all of the necessary headers and trailers.
|
|
|
what is ARP table poisoning.
|
attackers alter a system’s ARP table so it contains incorrect information.The attacker’s goal is to receive packets intended for another computer. This is a type of masquerading attack
|
|
|
what are the four stages of DHCP process
|
Discover, Offer, Request and Acknowledgment(D-O-R-A)
Process |
|
|
what is RARP
|
Knows the hardware address and broadcasts to find the IP address.
|
|
|
define DHCP
|
A computer depends upon a server to assign it the right IP address.
|
|
|
define BOOTP (Bootstrap Protocol)
|
BOOTP is usually used during the bootstrap process when a computer is starting up. A BOOTP configuration server assigns an IP address to each client from a pool of addresses. BOOTP uses the User Datagram Protocol (UDP) as a transport on IPv4 networks only.
Historically, BOOTP has also been used for Unix-like diskless workstations to obtain the network location of their boot image in addition to an IP address, and also by enterprises to roll out a pre-configured client (e.g., Windows) installation to newly installed PCs. |
|
|
what is the purpose of ICMP
|
Delivers messages, reports errors, replies to certain requests, reports routing information and is used to test connectivity and troubleshoot problems on IP networks.
|
|
|
what is a Loki Attack
|
The ICMP protocol was developed to send status messages, not to hold or transmit user data. But someone figured out how to insert some data inside of an
ICMP packet, which can be used to communicate to an already compromised system. Loki is actually a client/server program used by hackers to set up backdoors on systems. The attacker targets a computer and installs the server portion of the Loki software. This server portion “listens” on a port, which is the backdoor an attacker can use to access the system. To gain access and open a remote shell to this computer, an attacker sends commands inside of ICMP packets. This is usually successful, because most routers are configured to allow ICMP traffic to come and go out of the network, based on the assumption that this is safe because ICMP was developed to not hold any data or a payload. |
|
|
what are autonomous systems (ASs)
|
Individual networks on the Internet are referred to as
|
|
|
Routing protocols can be
|
dynamic or static.
|
|
|
define dynamic routing protocols
|
can discover routes and build a routing table. Routers use these tables to make decisions on the best route for the packets they receive. A dynamic routing protocol can change the entries in the routing table based on changes that take place to the different routes. When a router that is using a dynamic routing protocol finds out that a route has gone down or is congested, it sends an update message to the other routers around it. The other routers use this information to update their routing table, with the goal of providing efficient routing functionality.
|
|
|
define static routing protocol
|
requires the administrator to manually
configure the router’s routing table. |
|
|
what is Route flapping
|
refers to the constant changes in the availability of routes. Also, if a router does not receive an update that a link has gone down, the router will continue to forward packets to that route, which is referred to as a black hole.
|
|
|
Two main types of routing protocols used
|
distance-vector and link-state routing
|
|
|
define Distance-vector routing protocols
|
make their routing decisions based on the distance (or number of hops) and a vector (a direction). The protocol takes these variables and uses
them with an algorithm to determine the best route for a packet. |
|
|
define Link-state routing protocols
|
build a more accurate routing table because they build a topology database of the
network. |
|
|
Routing Information Protocol
|
RIP is a standard that outlines how routers exchange routing table data and is considered a distance-vector protocol, which
means it calculates the shortest distance between the source and destination. It is considered a legacy protocol, because of its slow performance and lack of functionality. It should only be used in small networks. RIP version 1 has no authentication, and RIP version 2 sends passwords in clear text or hashed with MD5. |
|
|
note
Open Shortest Path First OSPF uses link-state algorithms to send out routing table information. The use of these algorithms allows for smaller, more frequent routing table updates to take place. This provides a more stable network than RIP, but requires more memory and CPU resources to support this extra processing. OSPF allows for a hierarchical routing network that has a backbone link connecting all subnets together. OSPF has replaced RIP in many networks today. Authentication can take place with cleartext passwordsor hashed passwords, or you can choose to configure no authentication on the routers using this protocol. |
note
Interior Gateway Routing Protocol IGRP is a distance-vector routing protocol that was developed by, and is proprietary to, Cisco Systems. Whereas RIP uses one criterion to find the best path between the source and destination, IGRP uses five criteria to make a “best route” decision. A network administrator can set weights on these different metrics so that the protocol works best in that specific environment. |
|
|
NOTE
Although most routing rotocols have authentication functionality, most routers do not have this functionality enabled. |
note
Border Gateway Protocol (BGP) enables routers on different ASs to share routing information to ensure effective and efficient routing between the different AS networks. BGP is commonly used by Internet service providers to route data from one location to the next on the Internet |
|
|
what is a Wormhole Attack
|
An attacker can capture a packet at one location in the network and tunnel it to another location in the network. In this type of attack, there are two attackers, one at each end of the tunnel (referred to as a wormhole). Attacker A could capture an authentication token that is being sent to an authentication server, and then send this token to the other attacker, who then uses it to gain unauthorized access to a resource. This can take place on a wired or wireless network, but it is easier to carry out on a wireless network because the attacker does not need to actually penetrate a physical wire.
|
|
|
list the functions of a bridge:
|
• Segments a large network into smaller, more controllable pieces.
• Uses filtering based on MAC addresses. • Joins different types of network links while retaining the same broadcast domain. • Isolates collision domains within the same broadcast domain. • Bridging functionality can take place locally within a LAN or remotely to connect two distant LANs. • Can translate between protocol types. |
|
|
NOTE
Do not confuse routers with bridges. Routers work at the network layer and filter packets based on IP addresses, whereas bridges work at the data link layer and filter frames based on MAC addresses. Routers usually do not pass broadcast information, but bridges do pass broadcast information. |
note
Spanning Tree Algorithm (STA), which adds more intelligence to the bridges. STA ensures that frames do not circle networks forever, provides redundant paths in case a bridge goes down, assigns unique identifiers to each bridge, assigns priority values to these bridges, and calculates path costs. This creates much more efficient frame-forwarding processes by each bridge. STA also enables an administrator to indicate whether he wants traffic to travel certain paths instead of others. |
|
|
what is Source routing
|
The packets hold the forwarding information so that they can find their way
to the destination themselves without bridges and routers dictating their paths. |
|
|
note
A router splits up a network into collision domains and broadcast domains. |
note
a bridge Reads header information, but does not alter Builds forwarding tables based on MAC addresses Uses the same network address for all ports Filters traffic based on MAC addresses Forwards broadcast packets Forwards traffic if a destination address Is unknown to the bridge |
|
|
note
A Router Creates a new header for each frame Builds routing tables based on IP addresses Assigns a different network address per port Filters traffic based on IP addresses Does not forward broadcast packets Does not forward traffic that contains a destination address unknown to the router |
note
A router is used when an administrator wants to divide a network along the lines of departments, workgroups, or other business-oriented divisions. A bridge divides segments based more on the traffic type and load. |
|
|
what is a switch
|
a multiport bridging device, and each port provides dedicated bandwidth
to the device attached to it. |
|
|
what is Multiprotocol Label Switching (MPLS), used for
|
QoS) that guarantees a minimum rate of data delivery to meet the requirements of a user or application. When MPLS is used, different priority information is placed into the tags to help ensure that time-sensitive traffic has a higher priority than less-sensitive traffic
|
|
|
note
VLAN Virtual LANs: Enable administrators to logically separate and group users based on resource requirements, security or business needs instead of the standard physical location of the users. |
note
Gateway is a general term for software running on a device that connects two different environments and which many times acts as a translator for them or somehow restricts their interactions. Usually a gateway is needed when one environment speaks a different language, meaning it uses a certain protocol that the other environment does not understand. The gateway can translate Internetwork Packet Exchange (IPX) protocol packets to IP packets, accept mail from one type of mail server and format it so another type of mail server can accept and understand it, or connect and translate different data link technologies such as FDDI to Ethernet. |
|
|
Repeaters work at which layer of the OSI
|
Physical
|
|
|
Bridges work at which layer of the OSI
|
Data Link
|
|
|
Routers work at which layer of the OSI
|
Network
|
|
|
Switches work at which layer of the OSI
|
Data Link
|
|
|
Gateways work at which layer of the OSI
|
Application
|
|
|
Repeater
|
Amplifies the signal and extends networks.
|
|
|
Bridge
|
Forwards packets and filters based on MAC addresses; forwards broadcast traffic, but not collision traffic.
|
|
|
Router
|
Separates and connects LANs creating internetworks; routers filter based on IP addresses.
|
|
|
Switch
|
Provides a private virtual link between communicating devices; allows for VLANs; reduces collisions; impedes network sniffing.
|
|
|
Gateway
|
Connects different types of networks; performs protocol and format translations.
|
|
|
what is a Private Branch Exchange (PBX)
|
is a private telephone switch that is located on a company’s property. This switch performs some of the same switching tasks that take place at the telephone company’s central office. The PBX has a dedicated connection to its local telephone company’s central office, where more intelligent switching takes place.
|
|
|
note
PBX systems have default system manager passwords that are hardly ever changed. These passwords are set by default; therefore, if 100 companies purchased and implemented 100 PBX systems from the PBX vendor ABC and they do not reset the password, a phreaker (a phone hacker) who knows this default password would now have access to 100 PBX systems. Once a phreaker breaks into a PBX system, she can cause mayhem by rerouting calls, reconfiguring switches, or configuring the system to provide her and her friends with free long-distance calls. |
note
Firewalls are used to restrict access to one network from another network. Most companies use firewalls to restrict access to their networks from the Internet. They may also use firewalls to restrict one internal network segment from accessing another internal segment. |
|
|
what is a DMZ - Demilitarized Zone:
|
A Network segment that is located between the protected and the unprotected networks.
|
|
|
describe the various types of firewalls.
|
• Packet filtering
• Stateful • Proxy • Dynamic packet filtering • Kernel proxy |
|
|
define Packet filtering
|
A method controlling what data can flow into and from a network. Take place by using ACL’s, which are developed and applied to a device. Is based on network layer information, which means that the device cannot look too far into the packet itself. Is not application dependent. Do not keep track of the state of a connection. Provides high performance. Used in first-generation firewall
|
|
|
what are the advantages to using packet-filtering firewalls
|
they are scalable, they are not application dependent, and they have high performance because they do not carry
out extensive processing on the packets. |
|
|
weaknesses of packet-filtering firewalls are
|
• They cannot prevent attacks that employ application-specific vulnerabilities or functions.
• The logging functionality present in packet-filtering firewalls is limited. • Most packet-filtering firewalls do not support advanced user authentication schemes. • Many packet-filtering firewalls cannot detect a network packet in which the OSI layer 3 addressing information has been altered (spoofed). • Due to the small number of variables used in access control decisions, packet filtering firewalls are susceptible to security breaches caused by improper configurations. |
|
|
what is Stateful Packet Filtering
|
A packet arrives at the router , and the router runs through its ACLs to see if this packet should be allowed or denied. . This requires the firewall to maintain a state table, which is like a score sheet of who said what to whom. Make decisions on what packets to allow or disallow.
note Stateful-inspection firewalls also make decisions on what packets to allow or disallow, but their functionality goes a step further. For example, a regular packet-filtering device may deny any UDP packets requesting service on port 25, and a stateful packet filtering device may have a rule to allow UDP packets through only if they are responses to outgoing requests. |
|
|
what layer does Stateful Packet Filtering occur
|
the network layer
|
|
|
Give an example of how stateful inspection work
|
if Mitchell sends a request to a computer on a different network, this request is logged in the firewall’s state table to indicate that Mitchell’s computer made a request and that packets should be coming back to Mitchell. When the computer on the Internet responds to Mitchell, these packets are compared to the data in the state table at the firewall. Because the state table has information about a previous request for these packets, the firewall allows the packets to pass through. If, on the other hand, Mitchell had not made any requests and packets were coming in from the Internet to him, the firewall would see that no previous request for this information was received and then would look at its ACLs to see if these packets should be allowed.
|
|
|
What are attacks aimed at stateful inspection firewalls
|
Stateful-inspection firewalls unfortunately have been the victims of many types of Denial-of-Service (DoS) attacks. Several types of attacks are aimed at flooding the state table with bogus information. The state table is a resource, similar to a system’s hard drive space, memory, and CPU. When the state table is stuffed full of bogus information, the device may either freeze or reboot. In addition, if this firewall must be rebooted for some reason, it will lose its information on all recent connections; thus, it may deny legitimate packets.
|
|
|
characteristics of a stateful-inspection firewall:
|
• Maintains a state table that tracks each and every communication channel
• Provides a high degree of security and does not introduce the performance hit that application proxy firewalls introduce • Is scalable and transparent to users • Provides data for tracking connectionless protocols such as UDP and ICMP • Stores and updates the state and context of the data within the packets • Is considered a third- generation firewall |
|
|
what are Proxy firewalls
|
Stands between a trusted and untrusted network and actually makes the connection, each way, on behalf of the source. Makes a copy of each accepted packet before transmitting it and repackages the packet to hide the packet’s true origin.
|
|
|
What layer of the OSI does a proxy firewall work
|
the application layer
|
|
|
Pros of Proxy Firewalls
|
• Looks at the information within a packet, possibly all the way up to the application layer.
• Provides better security than packet filtering. • Breaks the connection between trusted and untrusted systems. |
|
|
Cons of Proxy Firewalls
|
• Some proxy firewalls support only a limited number of applications.
• Degrades traffic performance. • Application-based proxy firewalls may have scalability and performance issues. • Breaks the client/server model, which is good for security but sometimes bad for functionality. |
|
|
what is a Dual-homed firewall
|
Has two interfaces; one facing the external network and the other facing the internal network. Has two NICs and has packet forwarding turned off. Are often used when a company uses proxy firewalls.
|
|
|
what are Application-level proxies
|
Inspect the entire packet and make access decisions based on the actual content of the packet. Understand different services and protocols and the commands that are used within them There must be one application-level proxy per service.
|
|
|
what are Circuit-level proxy
|
Creates a circuit between the client computer and the server It knows the source and destination addresses and makes access decisions based on this
information. Can handle a wide variety of protocols and services. |
|
|
Application-level proxies work at what layer of the OSI
|
Works at the application level.
|
|
|
Circuit-level proxy work at what layer of the OSI
|
Works at the network layer.
|
|
|
Note
If the application-level proxy firewall does not understand a certain protocol or service, it cannot protect this type of communication. In this scenario, a circuit-level proxy is useful because it does not deal with such complex issues. An advantage of a circuit-level proxy is that it can handle a wider variety of protocols and services than an application-level proxy, but the downfall is that the circuit-level proxy cannot provide the degree of granular control an application-level proxy provides. Life is just full of compromises. |
note
SOCKS Is an example of a circuit-level proxy gateway that provides a secure channel between two TCP/IP computers. Does not provide detailed protocol-specific control. |
|
|
Characteristics of application-level proxy firewalls:
|
• Have a different proxy required for each service allowed
• Provide more intricate control than circuit-level proxy firewalls • Require more processing per packet and thus are slower than a circuitlevel proxy firewall |
|
|
Characteristics of circuit-level proxy firewalls:
|
• Do not require a proxy for each and every service
• Do not provide the detailed access control an application-level proxy firewall provides • Provide security for a wider range of protocols |
|
|
benefits of using application-level proxy firewalls are:
|
• Have extensive logging capabilities due to the firewall being able to examine the entire network packet rather than just the network addresses and ports.
• User authentication is deemed appropriate for a given enterprise infrastructure. Application-layer proxy gateways are capable of authenticating users directly, as opposed to packet-filtering firewalls and stateful-inspection packet-filtering firewalls, which can only carry out system authentication. • Since application-layer proxy gateway firewalls are not simply layer 3 devices, they can address spoofing attacks and other sophisticated attacks. |
|
|
disadvantages of using application-level proxy firewalls include :
|
• Are not generally well suited to high-bandwidth or real-time applications.
• Tend to be limited in terms of support for new network applications and protocols. • Most application-layer proxy gateway firewall vendors provide generic proxy agents to support undefined network protocols or applications. • Generic agents tend to negate many of the strengths of the application layer proxy gateway architecture and thus simply allow traffic to “tunnel” through the firewall. |
|
|
SOCKS Proxy Firewall Characteristics
|
• It is a circuit-level proxy firewall.
• It requires clients to be “SOCKS-ified” with SOCKS client software. • It can be resource intensive. • It provides authentication and encryption features similar to other VPN protocols, but is not considered a traditional VPN protocol. |
|
|
Define how Dynamic Packet Filtering work
|
When an internal system needs to communicate to an entity outside its trusted network, it must choose a source port so the receiving system knows how to respond properly. The receiving system requires an IP address and a port number so its response can find its way to the sender’s computer. Ports up to 1023 are called well-known ports and are reserved for server-side services. The sender must choose a dynamic port higher than 1023 when it sets up a connection with another entity. The dynamic packet-filtering firewall then creates an ACL that allows the external entity to communicate with the
internal system via this high port. If this were not an available option for your dynamic packet-filtering firewall, you would have to allow “punch holes” in your firewalls for all ports above 1023, because the client side chooses these ports dynamically and the firewall would never know exactly on which port to allow or disallow traffic. |
|
|
The benefit of a dynamic packet-filtering firewall is
|
it gives you the option of allowing any type of traffic outbound and permitting
only response traffic inbound. |
|
|
what is a example of a fourth-generation firewall
|
dynamic packet-filtering firewall
|
|
|
is considered a fifth-generation firewall
|
kernel proxy firewall
|
|
|
describe a kernel proxy firewall
|
it creates dynamic, customized TCP/
IP stacks when a packet needs to be evaluated. When a packet arrives at a kernel proxy firewall, a new virtual network stack is created, which is made up of only the protocol proxies necessary to examine this specific packet properly. If it is an FTP packet, only the FTP proxy is loaded in the stack. The packet is scrutinized at every layer of the stack. This means the data link header will be evaluated along with the network header, transport header, session layer information, and the application layer data. If anything is deemed unsafe at any of these layers, the packet is discarded. Kernel proxy firewalls are faster than application-layer proxy firewalls because all of the inspection and processing takes place in the kernel and does not need to be passed up to a higher software layer in the operating system. It is still a proxy-based system, so the connection between the internal and external entity is broken by the proxy acting as a middleman, and it can perform NAT by changing the source address, as do the preceding proxy-based firewalls. |
|
|
a firewall that looks deep into packets and makes Granular access control decisions. It requires one proxy per service.
and work at the application layer |
Application-level proxy
|
|
|
a friewall that Faster because processing is done in the
kernel. One network stack is created for each packet. and works at the Application layer |
Kernel proxy
|
|
|
a firewall the Looks only at the header packet information. It protects a wider range of protocols and services than an application-level proxy, but does not provide the detailed level of control available to an application-level proxy and work at the Session layer is
|
Circuit-level proxy
|
|
|
a firewall that looks at Looks at destination and source addresses, ports, and services requested.
Routers using ACLs dictate acceptable access to a network and work at the network layer is a |
Packet filtering firewall
|
|
|
a firewall that looks at the state and context of packets. Keeps track of each conversation using a state table and works at the network layer is
|
Stateful inspection
|
|
|
What are some firewall best practices that should be carried out with any type firewall:
|
• Block ICMP redirect traffic.
• ACLs should be simple and direct. • Disallow source routing. • Close unnecessary ports with dangerous services. • Disable unused interfaces. • Block directed IP broadcasts. • Block incoming packets with internal address (they are spoofed). • Block multicast traffic if not needed. • Enable logging. |
|
|
what are Bastion Hosts
|
Bastion host is just another name for a locked-down (or hardened) system.
note: A bastion host is usually a highly exposed device, because it is the front line in a network’s security and its existence is known on the Internet. This means the device must be extremely secure—no unnecessary services should be running, unused subsystems must be disabled, vulnerabilities must be patched, unnecessary user accounts must be disabled, and any unneeded ports must be closed. A bastion host is not tied to firewall software and activities. It is just a system that is properly locked down. Any system that resides within the DMZ should be installed on a bastion host since it is closer to the Internet and most likely closer to those who would like to do it harm. |
|
|
what are Dual-Homed Firewalls
|
Dual-homed refers to a device that has two interfaces: one facing the external network and the other facing the internal network. If firewall software is installed on a dual-homed device, and it usually is, the underlying operating system should have packet forwarding and routing turned off, for security reasons. If they are enabled, the computer will not apply the necessary ACLs, rules, or other restrictions required of a firewall. When a packet comes to the external NIC from an untrusted network on a dual-homed firewall, and the operating system has forwarding enabled, the operating system will forward the traffic instead of passing it up to the firewall software for inspection.
|
|
|
what are Screened Host
|
A screened host is a firewall that communicates directly with a perimeter router and the internal network. Traffic received from the Internet is first filtered via packet filtering on the outer router. The traffic that makes it past this phase is sent to the screened-host firewall, which applies more rules to the traffic and drops the denied packets. Then the traffic moves to the internal destination hosts. The screened host (the firewall) is the only device that receives traffic directly from the router. No traffic goes directly from the Internet, through the router, and to the internal network. The screened host is always part of this equation.
|
|
|
what is a Screened Subnet
|
A screened-subnet architecture adds another layer of security to the screened-host architecture. The external firewall screens the data entering the DMZ network. However, instead of the firewall then redirecting the traffic to the internal network, an interior firewall also filters the traffic. The use of these two physical firewalls creates a DMZ.
|
|
|
The three main firewall architectures are
|
• Screened host
• Dual-home • Screened subnet |
|
|
note
firewall architecture characteristics : Dual-homed: • A single computer with separate NICs connected to each network. • Used to divide an internal trusted network from an external untrusted network. • Must disable a computer’s forwarding and routing functionality so the two networks are truly segregated. Screened host: • Router filters (screens) traffic before it is passed to the firewall. Screened subnet: • External router filters (screens) traffic before it enters the subnet. Traffic headed toward the internal network then goes through two firewalls. |
note
some of the disadvantages of firewalls: • Most of the time a distributed approach needs to be used to control all network access points, which cannot happen through the use of just one firewall. • Firewalls can present a potential bottleneck to the flow of traffic. • Firewalls can restrict desirable services that users may want to access. (This is a disadvantage to the users, but an advantage to the security professional.) • Most firewalls do not provide protection from viruses being downloaded or passed through e-mail, and hooks to virus-detection techniques are needed. • Border firewalls provide little protection against the inside attacker. • Firewalls do not protect against rogue modems in listening mode. • Firewalls do not protect against rogue wireless access points (APs). |
|
|
What are The “Shoulds” of Firewalls
|
The default action of any firewall should be to implicitly deny any packets not explicitly allowed. This means that if no rule states that the packet can be accepted, that packet should be denied, no questions asked. Any packets entering the network that have a source address of an internal host should be denied.
|
|
|
what happens when an attacker modifies a packet header to have the source address of a host inside the network
that she wants to attack. |
Masquerading / spoofing
|
|
|
what is a Honeypot
|
a computer that sits in the DMZ in hopes to lure attackers to it instead of actual production
computers. |
|
|
what is Domain Name Service
|
(DNS) is a method of resolving hostnames to IP addresses so names can be used instead of IP addresses when referencing unique
hosts on the Internet. note: DNS - Domain Name service: Is a method of resolving hostnames. Networks are split up into zones The DNS server that holds the files for one of these zones is said to be the authoritative name server for that particular zone. It is recommended that there be a primary and secondary DNS server for each zone. Directory Services: Has a hierarchical database of users, computers, printers, resources and attributes of each. |
|
|
describe directory service
|
has a hierarchical database of users, computers, printers, resources, and attributes of each. The directory is mainly used for lookup operations, which enable users to track down resources and other users easily to facilitate access. Most directory service databases are built on the X.500 model and use the Lightweight Directory Access Protocol (LDAP) to access the directory database.
|
|
|
provides structure to the directory repository and defines how objects and their relationships are to be represented.
|
The schema
|
|
|
data about data is called
|
Metadata.
|
|
|
holds top-level information about the directory itself, which enables a user in one directoryto quickly locate an object he is looking for in a totally different directory.
|
A meta-directory
|
|
|
what is Lightweight Directory Access Protocol (LDAP)
|
is a client/server protocol used to access network directories such as Microsoft Active Directory or NDS. These directories follow the X.500 standard. The first iteration of this protocol, Directory Access Protocol (DAP), was created to be a front-end client for X.500 directory services. The idea was that it would be the interface for every service provided by a directory that followed the X.500 standard. Well, the X.500 standard ended up being too complex to actually fully implement, and DAP also was extremely complex and resource hungry. The LDAP specification works with directories that organize their database in a hierarchical tree structure. The tree has leaves (entries) with unique distinguished names (DNs). These names are hierarchical and describe the object’s place within the tree. The entries can define network resources, computers, people, wireless devices, and more. Each entry has an attribute and a value. The attributes are like the columns in a relational database and provide descriptive information about the entry.
|
|
|
NOTE
The newest LDAP version, version 3, has an extensive security model embedded that supports Internet security standards such as transport layer security (TLS). |
note
network address translation (NAT), Is a gateway between a network and the Internet, or another network, that performs transparent routing and address translation. which enables a network that does not follow the Internet’s addressing scheme to communicate over the nternet. |
|
|
lists the Class A private IP address ranges:
|
10.0.0.0–10.255.255.255
|
|
|
lists the Class B private IP address ranges:
|
172.16.0.0–172.31.255.255
16 contiguous Class B networks |
|
|
lists the Class private IP address ranges:
|
192.168.0.0–192.168.255.255
256 contiguous Class C networks |
|
|
What are the three basic types of NAT implementations that can be used
|
Static mapping
Dynamic mapping Port address translation (PAT) |
|
|
what is Static mapping
|
The NAT software has a pool of public IP addresses configured. Each private address is statically mapped to a specific public
address. So computer A always receives the public address x, computer B always receives the public address y, and so on. This is generally used for servers that need to keep the same public address at all times. |
|
|
what is Dynamic mapping
|
The NAT software has a pool of IP addresses, but instead of statically mapping a public address to a specific private address, it works
on a first-come, first-served basis. So if Bob needs to communicate over the Internet, his system makes a request to the NAT server. The NAT server takes the first IP on the list and maps it to Bob’s private address. The balancing act is to estimate how many computers will most likely need to communicate outside the internal network at one time. This estimate is the number of public addresses the company purchases, instead of purchasing one public address for each computer. |
|
|
what is Port address translation
|
(PAT) The company owns and uses only one public IP address for all systems that need to communicate outside the
internal network. How in the world could all computers use the exact same IP address? Good question. Here’s an example: The NAT device has an IP address of 127.50.41.3. When computer A needs to communicate with a system on the Internet, the NAT device documents this computer’s private address and source port number (10.10.44.3; port 43,887). The NAT device changes the IP address in the computer’s packet header to 127.50.41.3, with the source port 40,000. When computer B also needs to communicate with a system on the Internet, the NAT device documents the private address and source port number (10.10.44.15; port 23,398) and changes the header information to 127.50.41.3 with source port 40,001. So when a system responds to computer A, the packet first goes to the NAT device, which looks up the port number 40,000 and sees that it maps to computer A’s real information. So the NAT device changes the header information to address 10.10.44.3 and port 43,887 and sends it to computer A for processing. A company can save a lot more money by using PAT, because the company needs to buy only a few public IP addresses, which are used by all systems in the network. |
|
|
Why are most NAT implementation considered stateful
|
Most NAT implementations are stateful, meaning they keep track of a communication between the internal host and an external host until that session is ended. The NAT device needs to remember the internal IP address and port to send the reply messages back. This stateful characteristic is similar to stateful-inspection firewalls, but NAT does not perform scans on the incoming packets to look for malicious characteristics. Instead, NAT is a service usually performed on routers or firewalls within a company’s screened subnet.
|
|
|
When a company uses Internet– or Web-based technologies inside their networks.
|
Intranets
|
|
|
Enable two or more companies to share common information and resources.
|
Extranets
|
|
|
Usually a backbone that connects businesses to WANs, the Internet and other businesses. A majority are SONET / Synchronous Optical Network or FDDI rings. SONET is self-healing, meaning that if a break in the line occurs, it can use a backup redundant ring to ensure transmission continues. All SONET lines and rings are fully redundant. The redundant line waits in the wings in case anything happens to the primary ring. covers a large area and enables businesses to connect to each other, to the Internet, or to other WAN connections.
|
MAN - Metropolitan Area Network
|
|
|
Are used when communication needs to travel over a larger geographical area.
Dedicated links: Also called leased line or point-to-point link. T-carriers: Dedicated lines that can carry voice and data information over trunk lines. S/WAN - Secure WAN: Based on VPNs that are created with IPSec. |
WAN - Wide Area Network
|
|
|
called a leased line or point-to-point link. It is one single link that is pre-established for the purposes of WAN communications between two destinations. It is dedicated, meaning only the destination points can communicate with each other. This link is not shared by any other entities at any time.
|
A dedicated link is
|
|
|
is a method of combining multiple channels of data over a single transmission path. The transmission is so fast and efficient that the
ends do not realize they are sharing a line with many other entities. They think they have the line all to themselves. |
Multiplexing
|
|
|
NOTE
Optical carrier lines can provide different bandwidth values: OC-1 = 51.84 Mbps, OC-3 = 155.52 Mbps, OC-12 = 622.08 Mbps, and so on. To fine what each is remember to multiple the N x 51.84 Mbps example OC 12 = 12 x 51.58 = 622.08 |
NOTE
T-carriers are dedicated lines that can carry voice and data information over trunk lines. They were developed by AT&T and were initially implemented in the early 1960s to support pulse-code modulation (PCM) voice transmission. This was first used to digitize the voice over a dedicated, two-point, high-capacity connection line. The most commonly used T-carriers are T1 lines that provide up to 1.544 Mbps and T3 lines that provide up to 45 Mbps, as mentioned earlier. Both are digital circuits that multiplex several individual channels into a higher-speed channel. These lines perform multiplex functionality through time-division multiplexing (TDM). |
|
|
what is Statistical time-division multiplexing (STDM)
|
• Transmits several types of data simultaneously across a single transmission cable or line (such as a T1 or T3 line), as illustrated next.
• STDM analyzes statistics related to the typical workload of each input device (printer, fax, computer) and determines in real time how much time each device should be allocated for data transmission. |
|
|
what is Frequency-division multiplexing
|
• An available wireless spectrum is used to move data.
• Each frequency within the spectrum is used as a channel to move data. |
|
|
Is required when digital equipment will be used to connect a LAN network to a WAN network.
|
CSU/DSU - Channel Service Unit / Data Service Unit
|
|
|
converts digital signals to be transmitted over the telephone company’s digital lines.
|
DSU
|
|
|
is the unit that connects the network directly to the telephone company’s line.
|
CSU
|
|
|
Two main types of switching can be used:
|
circuit switching and packet switching.
|
|
|
Sets up a virtual connection that acts like a dedicated link between two
systems. |
Circuit switching
An example of how a circuit-switching system works is daily telephone use. When one person calls another, the same type of dedicated virtual communication link is set up. Once the connection is made, the devices supporting that communication channel do not dynamically move the call through different devices, which is what takes place in a packet-switching environment. The channel remains configured at the original devices until the call, or connection, is done and torn down. |
|
|
Packets can travel along many different routes to arrive to the same destination. In a packet-switching network, the data are broken up into packets containing frame check sequence numbers. These packets go through different devices, and their paths can be dynamically altered by a router or switch that determines a better route for a specific packet to take. Once the packets are received at the destination computer, all the packets are reassembled, according to their frame check sequence numbers, and interpreted.
|
Packet switching
|
|
|
describe Circuit switching:
|
• Connection-oriented virtual links.
• Traffic travels in a predictable and constant manner. • Fixed delays. • Usually carries voice-oriented data. |
|
|
describe Packet switching:
|
• Packets can use many different dynamic paths to get to the same
destination. • Traffic is usually bursty in nature. • Variable delays. • Usually carries data-oriented data |
|
|
describe Frame relay
|
Is a WAN protocol that operates at the data link layer and Uses packet-switching technology.
|
|
|
what is CIR /committed information rate
|
Companies that pay more to ensure that a higher level of bandwidth will always be available to them.
|
|
|
note:
Virtual Circuits Frame relay (and X.25) forwards frames across virtual circuits. These circuits can be either permanent, meaning they are programmed in advance, or switched, meaning the circuit is quickly built when it is needed and torn down when it is no longer needed.Require steps similar to a dial-up and connection procedure. |
note:
PVC / Permanent virtual circuit - Works like a private line for a customer with an agreed upon bandwidth availability. |
|
|
define ATM - Asynchronous Transfer Mode
|
Is a switching technology. Uses a cell-switching technology. This means that data is segmented into fixed size cells, 53 bytes, instead of variable-size packets. Is a high-speed networking technology used for LAN, WAN and service provider connections Sets up virtual circuits, which act like dedicated paths between the source and destination. These virtual circuits can guarantee bandwidth and QoS.
|
|
|
define X.25:
|
Is an older WAN protocol that defines how devices and networks establish and maintain connections. Is a switching technology. Data is divided into 128 bytes and encapsulated in High-level Data Link Control (HDLC) frames. The frames are then addressed, and forwarded across the carrier switches.
|
|
|
is a capability that allows a protocol to distinguish between different classes of messages and assign priority levels. Some applications, such as video conferencing, are time sensitive, meaning delays would cause unacceptable performance of the application. A technology that provides this sevice allows an administrator to assign a priority level to time-sensitive traffic. The protocol then ensures this type of traffic has a specific or minimum rate of delivery
|
Quality of Service (QoS)
|
|
|
What are the Four different types of ATM QoS services
|
Constant Bit Rate (CBR)
Variable Bit Rate (VBR) Unspecified Bit Rate (UBR) Available Bit Rate (ABR) |
|
|
define Constant Bit Rate (CBR)
|
A connection-oriented channel that provides a consistent data throughput for time-sensitive applications, such as voice and
video applications. Customers specify the necessary bandwidth requirement at connection setup. |
|
|
define Available Bit Rate (ABR)
|
A connection-oriented channel that allows the bit rate to be adjusted. Customers are given the bandwidth that remains after a
guaranteed service rate has been met. |
|
|
define Unspecified Bit Rate (UBR)
|
A connectionless channel that does not promise a specific data throughput rate. Customers cannot, and do not need
to, control their traffic rate. |
|
|
define Variable Bit Rate (VBR)
|
A connection-oriented channel best used for delay-insensitive applications because the data throughput flow is uneven.
Customers specify their required peak and sustained rate of data throughput. |
|
|
QoS has three basic levels:
|
• Best-effort service No guarantee of throughput, delay, or delivery. Traffic that has priority classifications goes before traffic that has been assigned
this classification. Most of the traffic that travels on the Internet has this classification. • Differentiated service Compared to best-effort service, traffic that is assigned this classification has more bandwidth, shorter delays, and fewer dropped frames. • Guaranteed service Ensures specific data throughput at a guaranteed speed. Time-sensitive traffic (voice and video) is assigned this classification. |
|
|
define SMDS - Switched Mulitmegabit Data Service
|
Is a high-speed packet-switched technology used to enable customers to extend their LANs across MANs and WANs Is connectionless and can provide bandwidth on demand.
|
|
|
what is SDLC - Synchronous Data Link Control
|
Is based on networks that use dedicated, leased lines with permanent physical connections. Provides the polling media access technology, which is a mechanism that enables secondary stations to communicate on the network. SDLC was developed to enable mainframes to communicate with remote locations. The environments that use SDLC usually have primary systems that control secondary stations’ communication.
|
|
|
what is HDLC - High-level Data Link Control
|
Is a bit-oriented link layer protocol used for transmission over synchronous lines. Works with primary stations that contact secondary stations to establish data transmission. HDLC provides high throughput, because it supports full-duplex transmissions, and is used in point-to-point and multipoint connections.
|
|
|
define HSSI - High-Speed Serial Interface
|
is an interface used to connect multiplexers and routers to high-speed communications services such as ATM and frame relay. It supports
speeds up to 52 Mbps, as in T3 WAN connections, which are usually integrated with router and multiplex devices to provide serial interfaces to the WAN. These interfaces define the electrical and physical interfaces to be used by DTE/DCE devices; thus, HSSI works at the physical layer. The interface was developed by Cisco and T3plus Networking. |
|
|
what are Multiservice access technologies
|
combine several types of communication categories (data, voice, and video) over one transmission line. This provides higher performance,
reduced operational costs, and greater flexibility, integration, and control for administrators. The regular phone system is based on a circuit-switched, voice-centric network, referred to as the public-switched telephone network (PSTN). |
|
|
NOTE
Applications that are time sensitive, such as voice and video signals, need to work over an isochronous network. An isochronous network contains the necessary protocols and devices that guarantee continuous bandwidth without interruption. |
NOTE
A media gateway is the translation unit between disparate telecommunications networks. VoIP Media Gateways perform the conversion between Time Division Multiplexing (TDM) voice to Voice over Internet Protocol (VoIP). |
|
|
note
H.323 Gateways The ITU-T recommendations cover a wide variety of multimedia communication services. H.323 is part of this family of recommendations, but it is also a standard that deals with video, real-time audio, and data packet–based transmissions where multiple users can be involved with the data exchange. An H.323 environment features terminals, which can be telephones or computers with telephony software, gateways that connect this environment to the PSTN, multipoint control units, and gatekeepers that manage calls and functionality. |
note
SIP (Session Initiation Protocol) is a signaling protocol widely used for VoIP communications sessions. It is used in applications such as video conferencing, multimedia, instant messaging, and online gaming. It is analogous to the SS7 protocol used in PSTN networks and supports features present in traditional telephony systems. SIP relies on a three-way-handshake process to initiate a session. SIP consists of two major components: the User Agent Client (UAC) and User Agent Server (UAS). The UAC is the application that creates the SIP requests for initiating a communication session. UACs are generally messaging tools and soft-phone applications that are used to place VoIP calls. The UAS is the SIP server, which is responsible for handling all routing and signaling involved in VoIP calls. |
|
|
Note
Skype is a popular Internet telephony application that uses a peer-to-peer communication model rather than the traditional client/server approach of VoIP systems. The Skype network does not rely on centralized servers to maintain its user directories. Instead, user records are maintained across distributed member nodes. This is the reason the network can quickly accommodate user surges without having to rely on expensive central infrastructure and computing resources. |
NOTE
Recently, a new variant to traditional e-mail spam has emerged on VoIP networks, commonly known as SPIT (Spam over Internet Telephony). SPIT causes serious loss of VoIP bandwidth and is a time-wasting nuisance for the people on the attacked network. Because SPIT cannot be deleted like spam on first sight, the victim has to go through the entire message. SPIT is also a major cause of overloaded voicemail servers. |
|
|
what are some VoIP Security Measures
|
• Keep patches updated on each network device involved with VoIP transmissions: The call manager server, The voicemail server, The gateway server.
• Identify unidentified or rogue telephony devices. • Implement authentication so only authorized telephony devices are working on the network. • Install and maintain: • Stateful firewalls. • VPN for sensitive voice data. • Intrusion detection. • Filter unnecessary ports on routers, switches, PCs, and IP telephones. • Employ real-time monitoring that looks for attacks, tunneling, and abusive call patterns through IDS/IPS. • Employ content monitoring. • Use encryption when data (voice, fax, video) cross an untrusted network. • Use a two-factor authentication requirement. • Limit the number of calls via media gateways. • Close the media sessions after completion. |
|
|
- Dedicated, leased line that connects two locations
- Expensive compared to other WAN options - Secure because only two locations are using the same media |
Dedicated line
|
|
|
- High-performance WAN protocol that uses packet-switching technology, which works over public networks
- Shared media among companies - Uses SVCs and PVCs - Fee based on bandwidth used |
Frame relay
|
|
|
- First packet-switching technology developed to work over public networks
- Shared media among companies - Lower speed than frame relay because of its extra overhead - International standard and used more in countries other than the U.S. - Uses SVCs and PVCs |
X.25
|
|
|
- High-speed swtiching technology used over public network
|
SMDS
|
|
|
- High-speed bandwidth switching and multiplexing technology that has a low delay
- Uses 53-byte fixed-size cells - Very fast because of the low overhead |
ATM
|
|
|
- Enables mainframes to communicate with remote offices
- Provides polling mechanism to allow primary and secondary stations to communicate |
SDLC
|
|
|
- New and improved SDLC protocol
- A data encapsulation method for synchronous serial links - Point-to-point and multipoint communication |
HDLC
|
|
|
- DTE/DCE interface to enable high-speed communication over WAN links
|
HSSI
|
|
|
- Combines voice and data over the same IP network media and protocol
- Reduces the costs of implementing and maintaining two different networks |
VoIP
|
|
|
note:
Remote access covers several technologies that enable remote and home users to connect to networks that will grant them access to network resources that help them perform their tasks. Most of the time, these users must first gain access to the Internet through an ISP, which sets up a connection to the destination network. For many corporations, remote access is a necessity because it enables users to obtain up-to-date information, it reduces networking costs by using the Internet as the access media instead of expensive dedicated lines, and it extends the workplace for employees to their homes or on the road. |
Note:
Dial-up and RAS Remote access is usually gained by connecting to a remote access server (RAS), which acts as a gateway and can be an endpoint to a PPP session. Users dial into a RAS, which performs authentication by comparing the provided credentials with the database of credentials it maintains. |
|
|
Is a process used by many attackers to identify remote access modems.
|
Wardialing
|
|
|
what is Integrated Services Digital Network (ISDN
|
is a communications protocol provided by telephone companies and ISPs. ISDN is a set of telecommunications services that can be used over public and private telecommunications networks. It provides a digital point-to-point circuit-switched medium and establishes a circuit between the two communicating devices. An ISDN connection can be used for anything a modem can be used for, but it provides more functionality and higher bandwidth. ISDN uses the same wires and transmission media used by analog dial-up technologies, but it works in a digital fashion.
|
|
|
ISDN provides two basic home and business services:
|
Basic Rate Interface (BRI) and Primary Rate Interface (PRI).
|
|
|
define BRI ISDN
|
This implementation operates over existing copper lines at the local loop and provides digital voice and data channels. It uses
two B channels and one D channel with a combined bandwidth of 144 Kbps and is generally used for home subscribers. |
|
|
define PRI ISDN
|
has up to 23 B channels and 1 D channel, at 64 Kbps per channel. The total bandwidth is equivalent to
a T1, which is 1.544 Mbps. This would be more suitable for a company that requires a higher amount of bandwidth. |
|
|
what is Broadband ISDN (BISDN)
|
handle many different types of services simultaneously and is mainly used within telecommunications carrier backbones. When BISDN is used within a backbone, ATM is employed to encapsulate data at the data link layer into cells, which travel over a SONET network.
|
|
|
describe DSL - Digital Subscriber Line
|
Is a broadband technology. DSL offers several types of services. With symmetric services, traffic flows at the same speed upstream and downstream (to and from the Internet or destination). With asymmetric services, the downstream speed is much higher than the upstream speed. In most situations, an asymmetric connection is fine for residence users because they usuallydownload items from the Web much more often than they upload data. Connected all the time.
|
|
|
define Cable modems
|
provide high-speed access, up to 50 Mbps, to the Internet through existing cable coaxial and fiber lines. The cable modem provides upstream and downstream
conversions. |
|
|
define a VPN
|
A virtual private network (VPN) is a secure, private connection through a public network or an otherwise unsecure environment, It is a private connection because the encryption and tunneling protocols are used to ensure the confidentiality and integrity of the data in transit. It is important to remember that VPN technology requires a tunnel to work and it assumes encryption. The protocols that can be used for VPNs are Point-to-Point Tunneling Protocol (PPTP), IPSec, and L2TP. The sending and receiving ends must have the necessary hardware and software to set up an encrypted tunnel, which provides the private link. The tunneling encryption protocol used encrypts the data and protects that information as it travels through the untrusted public network, usually the Internet. Remote users, or road warriors, can use VPNs to connect to their company network to access their e-mail, network resources, and corporate assets. A remote user must have the necessary software loaded on his computer to use a VPN.
|
|
|
What is PPTP - Point-to-point tunnelling protocol
|
Is an encapsulation protocol based on PPP. Works at the data link layer and it enables a single point-to-point connection. Encrypts and encapsulates PPP packets
When negotiating takes place, PPTP cannot encrypt this information because encryption is in the process of being invoked. Can only work on top of IP networks |
|
|
describe IPSec
|
IPSec can be configured to provide transport adjacency, which just means that more than one security protocol (ESP and AH) is applied to a packet. IPSec can
also be configured to provide iterated tunneling, in which an IPSec tunnel is tunneled through another IPSec tunnel, as shown in the following diagram. Iterated tunneling would be used if the traffic needed different levels of protection at different junctions of its path. For example, if the IPSec tunnel started from an internal host to an internal border router, this may not require encryption, so only the AH protocol would be used. But when that data travels from that border router throughout the Internet to another network, then the data require more protection. So the first packets travel through a semi secure tunnel until they get ready to hit the Internet and then they go through a very secure second tunnel. |
|
|
what is Point-to-Point Protocol (PPP)
|
is not really a tunneling protocol, but an encapsulation protocol. It does not need to wrap up current frames with special headers and
trailers, which will be taken off at the destination. Instead, it allows TCP/IP traffic to be transmitted over a medium developed for telephone voice data. PPP is used to encapsulate messages and transmit them over a serial line. Therefore, it allows TCP/IP and other protocols to be carried across telecommunications lines. PPP is used to establish telecommunication connections between routers, from user to router, and from user to user. It is also employed to establish an Internet connection between a computer and an Internet point of presence (PoP)—usually a bank of modems and access servers at an ISP location. The user dials into this PoP over a telecommunications line and communicates using PPP. |
|
|
what is PPTP
|
The Internet does not understand my dial-up packets. Response: Wrap them up in PPTP. Why do we need tunneling protocols? Because some protocols cannot be properly
routed over specific networks. We have been talking specifically about PPP frames, which are not routable over the Internet, but the Internet does not understand some other protocols, such as IPX, NetBEUI, and AppleTalk. Alone, these frames could not find their way to the ultimate destination they are seeking when crossing the Internet, so they need a hand. That’s what the tunneling protocol does. Imagine a ferry taking cars across a body of water. The car cannot get to the other side by itself because it isn’t built to deal with water, but the ferry can move and navigate in the water, just as the tunneling protocol can move in the IP-based Internet. |
|
|
what is L2TP - Layer 2 Tunnelling Protocol
|
L2TP provides the functionality of PPTP, but it can work over networks other than just IP, and it provides a higher level of security when combined with IPSec. L2TP does
not provide any encryption or authentication services, so it needs to be combined with IPSec if those services are required. Supports TACACS+ and RADIUS |
|
|
outline the differences between PPTP and L2TP
|
• PPTP can run only within IP networks. L2TP, on the other hand, can run within and tunnel through networks that use other protocols, such as frame relay, X.25, and ATM.
• PPTP is an encryption protocol and L2TP is not; therefore, L2TP lacks the security to be called a true VPN solution. L2TP is often used in conjunction with IPSec to provide the necessary encryption. • L2TP supports TACACS+ and RADIUS, while PPTP does not. |
|
|
what is Password Authentication Protocol (PAP)
|
is used by remote users to authenticate over PPP lines. It provides identification and authentication of the user who is attempting to access a network from a remote system. This protocol requires a user to enter a password before being authenticated. The password and the username credentials are sent over the network to the authentication server after a connection has been established via PPP. The authentication server has a database of user credentials that are compared to the supplied credentials to authenticate users. PAP is one of the least secure authentication methods, because the credentials are sent in cleartext, which renders them easy to capture by network sniffers.
|
|
|
what is Challenge Handshake Authentication Protocol (CHAP)
|
addresses some of the vulnerabilities found in PAP. It uses a challenge/response mechanism to authenticate the user instead of sending a password. When a user wants to establish a PPP connection and both ends have agreed that CHAP will be used for authentication purposes, the user’s computer sends the authentication server a logon request. The server sends the user a challenge, which is a random value. This challenge is encrypted with the use of a predefined password as an encryption key, and the encrypted challenge value is returned to the server. The authentication server also uses the predefined password as an encryption key and decrypts the challenge value, comparing it to the original value sent. If the two results are the same, the authentication server deduces that the user must have entered the correct password, and authentication is granted.
|
|
|
• Designed for client/server connectivity
• Sets up a single point-to-point connection between two computers • Works at the data link layer • Transmits over IP networks only |
Point-to-Point Tunneling Protocol (PPTP)
|
|
|
• Created before L2TP by Cisco
• Merged with PPTP, which resulted in L2TP • Provides mutual authentication • No encryption |
Layer 2 Forwarding (L2F)
|
|
|
• Hybrid of L2F and PPTP
• Sets up a single point-to-point connection between two computers • Works at the data link layer • Transmits over multiple types of networks, not just IP • Combined with IPSec for security |
Layer 2 Tunneling Protocol (L2TP)
|
|
|
• Handles multiple connections at the same time
• Provides secure authentication and encryption • Supports only IP networks • Focuses on LAN-to-LAN communication rather than user-to-user • Works at the network layer, and provides security on top of IP • Can work in tunnel mode, meaning the payload and the header are protected, or transport mode, meaning only the payload is protected |
IPSec
|
|
|
what is Extensible Authentication Protocol (EAP)
|
supported by PPP. Actually, EAP is not a specific authentication mechanism as are PAP and CHAP. Instead, it provides a framework to enable many types of authentication techniques to be used during PPP connections. As the name states, it extends the authentication possibilities from the norm (PAP and CHAP) to other methods such as one-time passwords, token cards, biometrics, Kerberos, and future mechanisms. So when a user connects to an authentication server and both have EAP capabilities, they can negotiate between a longer list of possible authentication methods.
|
|
|
what are some PAP characteristics
|
• Sends credentials in cleartext during transmission.
• Use has decreased because it does not provide a high level of security. • Supported by most networks and NASs. |
|
|
what are some CHAP characteristics
|
• Used the same way PAP is used but provides a higher degree of security.
• Authenticates using a challenge/response method. • Used by remote users, routers, and NASs to provide authentication before providing connectivity. |
|
|
PAP is vulnerable to sniffing and man-in-the-middle attacks because what
|
it sends the password and data in plaintext
|
|
|
CHAP is not vulnerable to man-in-the-middle attacks because
|
it continues this challenge/response activity throughout the connection to ensure the authentication server is still communicating
|
|
|
Caller ID and callback settings, as well as two-factor authentication, can be configured on the RAS server. Define each
|
The caller ID functionality can view the source telephone number and allow or deny access based on a predefined list of approved phone numbers. For an attacker to get around this, she must call from a preauthorized telephone number or compromise the telephone company’s central office equipment.
The callback option requires the RAS to call the user requesting access in return. With callback configured, after a user authenticates to the RAS, the RAS drops the connection and calls the user back at a preconfigured telephone number. |
|
|
Caller ID and callback options are great, but they are usually not practical because
|
they require users to call in from a static phone number each time they access the network. Most users who are accessing the network remotely are doing so because they are on the road and moving from place to place.
|
|
|
Packet switching is based on statistical time-division multiplexing (STDM), which analyzes what
|
statistics on the various possible routes to make the decision on the best route for a packet.
|
|
|
what is Spread spectrum
|
means that something is distributing individual signals across the allocated frequencies in some fashion. So when a spread spectrum technology is used, the sender spreads its data across the frequencies over which it has permission to communicate. This allows for more effective use of the available bandwidth, because the sending system can use more than one frequency at a time. Think of it in terms of serial versus parallel communication.
|
|
|
what are the two types of spread spectrum:
|
frequency hopping spread spectrum (FHSS)
direct sequence spread spectrum (DSSS) |
|
|
define Frequency Hopping Spread Spectrum
|
Frequency hopping spread spectrum (FHSS) takes the total amount of bandwidth (spectrum) and splits it into smaller subchannels. The sender and receiver work at one of these channels for a specific amount of time and then move to another channel. The sender puts the first piece of data on one frequency, the second on a different frequency, and so on. The FHSS algorithm determines the individual frequencies that will be used and in what order, and this is referred to as the sender and receiver’s hop sequence.
|
|
|
define Direct Sequence Spread Spectrum
|
Direct sequence spread spectrum (DSSS) takes a different approach by applying sub-bits to a message. The sub-bits are used by the sending system to generate a different format of the data before the data are transmitted. The receiving end uses these sub-bits to reassemble the signal into the original data format. The sub-bits are called chips and the sequence of how the sub-bits are applied is referred to as the chipping code. When the sender’s data are combined with the chip, to anyone who does not know
the chipping sequence, these signals appear as random noise. This is why the sequence is sometimes called a pseudo-noise sequence. |
|
|
what is Orthogonal frequency-division multiplexing (OFDM)
|
is a digital multicarrier modulation scheme that compacts multiple modulated carriers tightly together, reducing the required bandwidth. The modulated signals are orthogonal (perpendicular) and do not interfere with each other. OFDM uses a composite of narrow channel bands to enhance its performance in high frequency bands.
|
|
|
what are ad hoc WLAN
|
An ad hoc WLAN has no APs; the wireless devices communicate with each other through their wireless NICs instead of going through a centralized device. To construct
an ad hoc network, wireless client software is installed on contributing hosts and configured for peer-to-peer operation mode. |
|
|
Any hosts that wish to participate within a particular WLAN must be configured
with the proper |
Service Set ID (SSID)
|
|
|
When APs are used to connect wireless and wired networks, this is referred to as an
|
infrastructure WLAN, which is used to extend an existing wired network
|
|
|
When there is just one AP and it is not connected to a wired network, it is considered to be
|
in standalone mode and just acts as a wireless hub.
|
|
|
what are the two main ways wireless device can authenticate to an AP
|
open system authentication
(OSA) shared key authentication (SKA |
|
|
what is open system authentication
(OSA) |
OSA just means the device does not need to prove it has a specific cryptographic key for authentication. Depending upon the product and the
configuration, a network administrator can also limit access to specific MAC addresses. This would still be considered OSA. |
|
|
what is shared key authentication (SKA)
|
When an AP is configured to use SKA, the AP sends a random value to the wireless device. The device encrypts this value with its cryptographic key and returns it. The AP
decrypts and extracts the response, and if it is the same as the original value, the device is authenticated. In this approach, the wireless device is authenticated to the network by proving it has the necessary encryption key. |
|
|
define 802.11a
|
This standard uses a different method of modulating data onto the necessary radio carrier signals. 802.11a uses OFDM and works in the 5GHz frequency
band. Because of these differences, 802.11a is not backward-compatible with 802.11b or 802.11. This technology offers advantages in two areas: speed and frequency. 802.11a provides up to 54 Mbps, and it does not work in the already very crowded 2.4GHz spectrum. One downfall of using the 5GHz frequency range is that other countries have not necessarily allocated this band for use of WLAN transmissions. So 802.11a products may work in the United States, but they may not necessarily work in other countries around the world. |
|
|
This standard was the first extension to the 802.11 WLAN standard and is the most common standard used today.
|
802.11b
note: (Although 802.11a was conceived and approved first, it was not released first because of the technical complexity involved with this proposal.) |
|
|
provides a transfer rate of up to 11 Mbps and works in the 2.4GHz frequency range.
|
802.11b
|
|
|
uses DSSS and is backward-compatible with 802.11
|
802.11b
|
|
|
what is 802.11e
|
This working group has provided QoS and proper support of multimedia traffic. Multimedia and other types of time-sensitive applications have a lower tolerance for delays
in data transmission. QoS provides the capability to prioritize traffic, and affords guaranteed delivery. This specification and its capabilities may open the door to allow many different types of data to be transmitted over wireless connections. |
|
|
what is 802.11f
|
When a user moves around in a WLAN, her wireless device often needs to communicate with different APs. An AP can cover only a certain distance, and as the user moves out of the range of the first AP, another AP needs to pick up and maintain her signal to ensure she does not lose network connectivity. This is referred to as roaming, and for
this to happen seamlessly, the APs need to communicate with each other. If the second AP must take over this user’s communication, it will need to be assured that this user has been properly authenticated and must know the necessary settings for this user’s connection. |
|
|
what is 802.11g
|
The 802.11g standard provides for higher data transfer rates—up to 54 Mbps. This is basically a speed extension for current 802.11b products. If a product
meets the specifications of 802.11b, its data transfer rates are up to 11 Mbps, and if a product is based on 802.11g, that new product can be backward-compatible with older equipment but work at a much higher transfer rate. So do we go with 802.11g or with 802.11a? They both provide higher bandwidth. 802.11g is backward-compatible with 802.11b, so that is a good thing if you already have a current infrastructure. But 802.11g still works in the 2.4GHz range, which is continually getting more crowded. 802.11a works in the 5GHz band and may be a better bet if you use other devices in the other, more crowded frequency range. But working at higher frequency means a device’s signal cannot cover as wide a range. Your decision will also come down to what standard wins out in the standards war. Most likely, one or the other standard will eventually be ignored by the market, so you will not have to worry about making this decision. Only time will tell which one will be the keeper. |
|
|
what is 802.11h
|
As stated earlier, 802.11a works in the 5GHz range, which is not necessarily available in countries other than the United States for this type of data transmission. The 802.11h standard builds upon the 802.11a specification to meet the requirements of European wireless rules so products working in this range can be properly implemented in European countries.
|
|
|
what is 802.11i
|
A wide range of security flaws have been documented in 802.11, which has reduced the possible implementations of WLANs and has caused serious security breaches for those who chose to implement them anyway. Each of the mentioned WLAN standards is based on the same security model, so they have all inherited the same deficiencies. Extensible Authentication Protocol (EAP) and 802.1X (introduced later in this section) to enforce user authentication and mutual authentication has been integrated
into the new WLAN standard, 802.11i. |
|
|
what is Temporal Key Integrity Protocol (TKIP)
|
generates random values used in the encryption process, which makes it much harder for an attacker to break. To allow for an even higher level of encryption protection, the standard also includes the new Advanced Encryption Standard (AES) algorithm to be used in new WLAN implementations.
|
|
|
what is 802.1X
|
standard is a port-based network access control that ensures a user cannot make a full network connection until he is properly authenticated. This means a user cannot access network resources and no traffic is allowed to pass, other than authentication traffic, from the wireless device to the network until the user is properly authenticated.
|
|
|
what is 802.11j
mnemonic: joint interoperability |
Many countries have been developing their own wireless standards, which inevitably causes massive interoperability issues. This can be frustrating for the customer because
he cannot use certain products, and it can be frustrating and expensive for vendors because they have a laundry list of specifications to meet if they want to sell their products in various countries. If vendors are unable to meet these specifications, whole customer bases are unavailable to them. The 802.11j task group has been working on bringing together many of the different standards and streamlining their development to allow for better interoperability across borders. |
|
|
what is 802.11n
|
The proposal for 802.11n by the World Wide Spectrum Efficiency (WWiSE) is an attempt to replace the current mix of various Wi-Fi technologies. 802.11n is designed to
be much faster, with throughput at 100 Mbps, and it works at the same frequency range of 802.11a (5GHz). The intent is to maintain some backward-compatibility with current Wi-Fi standards, while combining a mix of the current technologies. The proposals for this standard use a concept called multiple input, multiple output (MIMO) to increase the throughput. This will necessitate the use of two receive and two transmit antennas to broadcast in parallel using a 20MHz channel. |
|
|
802.16
|
All the wireless standards covered so far are WLAN-oriented standards. 802.16 is a metropolitan area network (MAN) wireless standard, which allows for wireless traffic to
cover a much wider geographical area. This technology is also referred to as broadband wireless access. |
|
|
what is 802.15 Bluetooth Wireless
|
This standard deals with a much smaller geographical network, which is referred to as a wireless personal area network (WPAN). This technology allows for connectivity to take place among local devices, such as a computer communicating with a PDA, a cellular phone communicating with a computer, or a headset communicating with another
device. The goal here—as with all wireless technologies—is to allow for data transfer without all of those pesky cables. |
|
|
In this attack, someone sends an unsolicited message to a device that is Bluetooth-enabled.
|
Bluejacking
note: Bluejackers look for a receiving device (phone, PDA, laptop) and then send a message to it. Often, the Bluejacker is trying to send someone else their business card, which will be added to the victim’s contact list in their address book. |
|
|
define Wireless Application Protocol (WAP)
|
is not a standard per se. Instead, WAP is a de facto market and industry-driven protocol stack. What’s the difference? When a governing body, such as IEEE, determines there’s a need for a new technology, it creates a working group to develop the corresponding standard. This standard works as a blueprint for all of the vendors that want to develop this type of technology. If no recognized standard is in place, organizations can come together and outline specifications
for the new technology for all to follow. |
|
|
WAP has its own session and transport protocols and a transport layer security protocol called
|
Wireless Transport Layer Security (WTLS), which is similar to TLS and SSL. The wireless device has a WAP microbrowser that displays the web pages
to the user. |
|
|
what is referred to as the gap in the WAP
|
is a security concern that the data will be decrypted at the service provider’s site and then encrypted with SSL or TLS. That means for a second or two, the data are not protected.
This is, and it has caused a lot of concern for businesses and security professionals and is still one of the issues that needs to be dealt with. |
|
|
Cell phone cloning
|
A regular cell phone can be stolen and then reprogrammed with someone
else’s access credentials. note: This is a common activity used by organized crime rings and drug dealers who do not want their information readily available to law enforcement. Global System Mobile (GSM) phones use a Subscriber Identity Module (SIM) chip, which contains authentication data, phone numbers, saved messages, and more. Before a GSM phone can gain access to the cellular network, the SIM must be present in the phone. Attackers are cloning these SIM chips so they can make fraudulent calls on the cell phone owner’s account. |
|
|
what is war driving
|
is when one or more people either walk or drive around with a wireless device equipped with the necessary
equipment and software with the intent of identifying APs and breaking into them. |
|
|
Some of the best practices pertaining to WLAN implementations are
|
• Enable an 802.11i implementation technology as in WPA.
• Change default SSID. Each AP comes with a preconfigured default SSID value. • Disable “broadcast SSID” on the AP. Most APs allow for this to be turned off. • Implement another layer of authentication (RADIUS, Kerberos). Before the user can access the network, require him to authenticate. • Physically put the AP at the center of the building. The AP has a specific zone of coverage it can provide. • Logically put the AP in a DMZ with a firewall between the DMZ and internal network. Allow the firewall to investigate the traffic before it gets to the wired network. • Implement VPN for wireless devices to use. This adds another layer of protection for data being transmitted. • Configure the AP to allow only known MAC addresses into the network. Allow only known devices to authenticate. But remember that these MAC addresses are sent in cleartext, so an attacker could capture them and masquerade himself as an authenticated device. • Assign static IP addresses to wireless devices and disable DHCP. If an attacker gains access and DHCP is enabled, you have just given the attacker a valid working IP address to use. • Carry out penetration tests on the WLAN. Use the tools described in this section to identify APs and attempt to break the current encryption scheme being used. • Move to a product that follows the 802.11i standard. |
|
|
Mobile Technology Generations First generation (1G):
|
• Analog services.
• Voice service only. |
|
|
Mobile Technology Generations Second generation (2G):
|
• Primarily voice, some low-speed data (circuit switched).
• Phones were smaller in size. • Added functionality of e-mail, paging, and caller ID. |
|
|
Mobile Technology Generations Third generation (3G):
|
• Integration of voice and data.
• Packet-switched technology, instead of circuit-switched. |
|
|
Ironically, sometimes when an attacker compromises a system and installs a rootkit, he fortifies the system against other attackers. This means
that when the attacker gets onto the system he does what |
all the things the administrator should have done, such as disabling unnecessary services and user accounts, patching the system, and so on. The attacker does this so no other attacker can use this system or the installed rootkit. The countermeasures to rootkits include properly hardening the system.
|
|
|
define Adware
|
is usually the term used when companies want to track a user’s buying and browsing habits through the use of cookies, so a merchant knows how to effectively
market to this user. Some adware is software installed on your system that causes pop-up ads to appear continuously as you are surfing the Web. The software could be part of another software package you installed, or a stealth installation could have taken place. |
|
|
define Spyware
|
is usually considered more dangerous than adware because it may be written to capture keystrokes, capture system information, or install a backdoor on a system. Through the use of keyloggers, spyware can capture passwords, credit card information, or other sensitive data. The use of spyware is increasing the frequency of identify fraud, because hackers are gathering account numbers, Social Security numbers, PIN numbers, and more. Unfortunately, not all antivirus software can detect adware and spyware. Antivirus software looks for specific virus signatures and reproduction activities, but adware and spyware do not currently attempt to reproduce and spread themselves as viruses, so they could be doing their devious work even after antivirus software has scanned your system and told you everything is happy and healthy.
|
|
|
define Instant messaging (IM)
|
allows people to communicate with one another through a type of real-time and personal chat room. It alerts individuals when someone who is on their “buddy list” has accessed the Internet so they can send text messages back and forth in real time. Because of the lack of strong authentication, accounts can be spoofed so the receiver accepts information from a malicious user instead of the legitimate sender. Also, numerous buffer overflow and malformed packet attacks have been successful with different IM clients. Many firewalls do not have the capability to scan for this type of traffic to uncover suspicious activity. Blocking specific ports on the firewalls is not usually effective because the IM traffic may be using common ports that need to be open (HTTP port 80 and FTP port 21).
|
|
|
is a type of spamming that uses instant messengers for this malicious act.
|
Instant messaging spam (SPIM)
Although this kind of spamming isn’t as common as e-mail spamming, it is certainly increasing over time. The fact that firewalls are unable to block SPIM has made it more attractive for spammers. One way to prevent SPIM, is to enable the option of receiving instant messages only from a known list of users. |
|
|
Recently, a new variant to traditional e-mail spam has emerged on VoIP networks, commonly known as .
|
SPIT (Spam over Internet Telephony)
SPIT causes serious loss of VoIP bandwidth and is a time-wasting nuisance for the people on the attacked network. Because SPIT cannot be deleted like spam on first sight, the victim has to go through the entire message. SPIT is also a major cause of overloaded voicemail servers. |
