Cissp Cybrary 04

Front 1

What is the payload called in each layer of the OSI model?

Back 1

7 Application : Data

6 Presentation : Data

5 Session : Data

4 Transport : Segment

3 Network : Packet

2 Data link : Frame

1 Physical: Bit

Front 2

Layer 1

Back 2

Physical layer: only sends the signal physically over a medium.

Front 3

Names of the layers in the OSI model

Back 3

All People Seem To Need Data Processing.

7 Application

6 Presentation

5 Session

4 Transport

3 Network

2 Data link

1 Physical

People don’t need to see P A

Front 4

The least secure cable

Back 4

Twisted pair

Front 5

Most secure cable

Back 5

Fiber optic cable

Front 6

Different ways to connect computers

Back 6

Bus, ring (connected in a ring), star (all connected to a centralized unit), mesh (a full graph).

Star is used today.

Front 7

Hub

Back 7

Sends all data out all ports

Front 8

Modem

Back 8

Converts digital to analog and back

Front 9

Wireless access point

Back 9

Provides wireless devices a point of connection to the wired network.

Front 10

Layer 2

Back 10

Data link layer

LLC logical link control - error detection

MAC media access control - Physical (uses ARP/RARP and MAC)

Front 11

ARP and RARP

Back 11

Address resolution protocol and reverse address resolution protocol. Converts IP to a MAC address. Between layer 2 and 3. (Mostly 2)

Front 12

Media access control

Back 12

CSMA/CD carrier multiple access with collision detection (IEEE standard) 802.3 Ethernet. If collision send again.

CSMA/CA carrier multiple access with collision avoidance (IEEE standard) 802.3 wireless. Signal when you want to communicate.

Token Passing: a token is passed around. Only the system with the token can transmit data hence no collisions.

Front 13

Switch

Back 13

Layer 2.

Uses Mac addresses to direct traffic

Isolated traffic into collision domain

Does not isolate broadcast traffic

Front 14

Router

Back 14

Layer 3

Expensive

Isolate traffic into broadcast domains

Uses IP addressing to direct traffic

Front 15

VLAN

Back 15

Necessary to get broadcast isolation in a switch

Not all switches support vlan

A layer 2 switch doesn’t understand layer 3 up addressing.

A layer 3 switch is necessary for inter-vlan communication

Front 16

Layer 3 protocols

Back 16

All protocols that starts with I except IMAP

IP, ICMP (IP “helpers, like ping), IGMP (internet group message protocol), IGRP, IPSEC, IKE, ISAKMP

Front 17

ICMP

Back 17

IP helper, echo utilities like ping

Frequently exploited

Loki, ping of death, ping floods, smurf.

Front 18

LOKI attack

Back 18

Sending data in ICMP header

Front 19

SMURF

Back 19

Distributed denial of service. Send ping but spoof source address s.t. It responds somewhere else.

Front 20

FRAGLE(?) attack

Back 20

Like SMURf attack but uses the UDP protocol

Front 21

Layer 4

Back 21

Transport layer.

End to end data transport

Establish connection between 2 computer systems

Front 22

Layer 4 protocols

Back 22

SSL/TLS

TCP

UDP

Front 23

TCP

Back 23

3hand handshake

Slow but guarantee delivery

Syn (can I send)

Syn/ack (yes you can send)

ack (I will send)

Front 24

UDP

Back 24

Connection less

Unreliable

No hansdshake

Desirable when real time transfer is essential

- media streaming

- FTP uses TCP

- TFTP uses UDP

Front 25

Layer 5

Back 25

Session layer. Connection between applications (same or different pc)

Create connection, transfer data, release connection.

Front 26

Layer 6

Back 26

Present data in format that all computers understands (Formatting, encryption, compression).

Does not have protocols

Front 27

Layer 7

Back 27

Application layer

Way of sending data

Non-repudiation

Certificates

Application proxies

Content inspection

Front 28

Layer 7 protocols

Back 28

Http, https, ftp, tftp, smtp, snmp, imap, pop3

Front 29

TCP/IP model

Back 29

Application layer (application and representation)

Host to host / transport layer (session and transport)

Internetwork (Network)

Network access and Network interface (Data link and Physical)

Front 30

Virus

Back 30

Malicious code. Needs a host and action from user.

Front 31

Worm

Back 31

Virus but does not need a host or action = Selfreplicating

Front 32

Logic bomb

Back 32

Malicious code that lays dormant until local event occurs

Front 33

Trojan horse

Back 33

Program masquerades as another.

Front 34

Back door program

Back 34

Allows administrative access to a system that bypass normal security controls.

Front 35

Salami

Back 35

Many small attacks that adds up to a large attack.

Front 36

Data diddling

Back 36

Altering/manipulating data usually before entry.

Front 37

Session hijacking

Back 37

Hijacker between two hosts. Monitors the exchange or disconnects one.

Front 38

Sniffing

Back 38

Capturing and viewing packets with protocol analyser

Front 39

Wardialing

Back 39

Attack on a RAS (remote access server) where the attacker tries to find the phone number that accepts calls.

Front 40

Cross site request forgery

Back 40

For example send an email with link that starts a chat where I tell you to do things in your bank.

Attacker impersonate something to trick the user

Front 41

Packet filter

Back 41

Layer 3

Uses ACL

Only looks at IP addresses, port, flags, etc.

Front 42

State full firewall

Back 42

Layer 5

Context dependent access control

Keeps track of all connections in a table.

Checks both request and response,

More complex.

Front 43

Proxy firewall

Back 43

Layer 5 or 7

Two types of proxies:

Circuit level (level 5) and application (level 7)

Front 44

DMZ

Back 44

Buffer zone between an unprotected network and a protected network that allows monitoring and regulation of traffic between the two.

Front 45

NAT/PAT

Back 45

Remaps IP addresses. Private internal maps to public up addresses.

NAT allows one-to-one mapping of IPs

PAT allows multiple private to share one public IP.

Front 46

Private IPs addresses

Back 46

10.x.x.x

172.16.x.x-172.31.x.x

192.168.x.x

Front 47

Dos

Back 47

Denial of Service: The purpose of these attacks is to overwhelm a system and disrupt its availability

Front 48

DDoS

Back 48

Distributed Denial of Service: Characterized by the use of Control Machines (Handlers) and Zombies (Bots) An attacker uploads software to the control machines, wh ich in turn commandeer unsuspecting machines to perform an attack on the victim. The idea is that if one machine initiating a denial of service attack, then having many machines perform the attack is better.

Front 49

Ping of Death:

Back 49

Sending a Ping Packet that violates the Maximum Transmission Unit (MT U) size—a very large ping packet.

Front 50

Ping Flooding:

Back 50

Overwhelming a system with a multitude of pings.

Front 51

Tear Drop:

Back 51

Sending Malformed packets which the Operating System does not know how to reassemble. Layer 3 attack

Front 52

Buffer Overflow:

Back 52

Attacks that overwhelm a specific type of memory on a system— the buffers. Is best avoided with input validation

Front 53

Bonk :

Back 53

Similar to the Teardrop attack. Manipulates how a PC reassembles a packet and allows it to accept a packet much too large.

Front 54

Land Attack:

Back 54

Creates a "circularreference" on a machine. Sends a packet where source and destination are the same.

Front 55

Syn Flood:

Back 55

Type of attack that exploits the three way handshake of TCP Layer 4 attack. Stateful firewall is needed to prevent

Front 56

Smurf:

Back 56

Uses an ICMP directed broadcast Layer 3 attack. Block distributed broadcasts on routers

Front 57

Loki:

Back 57

Information is stored in the ICMP header (covert Chanel)

Front 58

Fraggle:

Back 58

Similar to Smurf, but uses UDP instead of ICMR Layer 4 attack. Block distributed broadcasts on routers

Front 59

Layer 3 Firewalls:

Back 59

Static Packet Filters: Base decisions on Source/Destination IP Address and Port

Front 60

Layer 5 Firewalls:

Back 60

Stateful inspection. Knowledge of who inititiated the session. Can block unsolicited replies. Protocol Anomaly firewalls—can block traffic based on syntax being different than the RFC would specify

Front 61

Layer 7 Firewalls:

Back 61

Application Proxies/Kernel Proxies: Make decisions on Content, Active Directory Integration, Certificates, Time

Front 62

LAN

Back 62

Local area network

High speed

Small physical area

Front 63

WAN

Back 63

Wide area network

Used to connect LANS

Generally slow, using serial links

Front 64

MAN

Back 64

Metropolitan area network

Connect sites together within a medium range area (like a city)

Front 65

Circuit switching

Back 65

All data follows the same path to the destination

Front 66

Dial up

Back 66

-

Front 67

ISDN

Back 67

-

Front 68

ADSL

Back 68

-

Front 69

Packet switching technologies

Back 69

X.25

frame relay

ATM

VOIP

MPLD

Cable modems

Front 70

Cable modems

Back 70

Shared bandwidth

Always in

High speed via tv lines

Front 71

MPLS

Back 71

-

Front 72

VOIP

Back 72

Converts analog to digital.

At the end there is a smartphone or TA that converts it back.

Front 73

Wireless encryption protocol

Back 73

WEP and WPA

Front 74

WEP

Back 74

Shared authentication password

Weak

Easy crackable

Used RC-4

Front 75

WPA

Back 75

Stronger

Still used RC-4

Front 76

WPA2

Back 76

AES

Not backwards compatible

Front 77

WPA and WPA2 enterprise

Back 77

Individual passwords for individual users

RADIUS

Front 78

Blue jacking

Back 78

Spamming bt device

Front 79

Blue snarfing

Back 79

Copies information off or remote device

Front 80

Blue bugging

Back 80

Allows full access

Allows to make calls

Allows to eavesdrop

Front 81

SaaS

Back 81

Use software online

Front 82

PaaS

Back 82

Application hosting

Front 83

IaaS

Back 83

-

Front 84

Private vs public clouds

Back 84

-

Front 85

Community clouds and hybrid clouds

Back 85

-