Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
112 Cards in this Set
- Front
- Back
OSI Model - purpose
|
Purpose - increase interoperability between vendor products
|
|
OSI Layers
|
Application - Layer 7
Presentation - Layer 6 Session - Layer 5 Transport - Layer 4 Network - Layer 3 Data - Layer 2 Physical - Layer 1 |
|
OSI memorization phrase
|
Please Do Not Throw Sausage Pizza Away
|
|
OSI Physical Layer (1)
|
Bits into voltage
Coax, twisted pair (TP), fiber (FX), RJ45 Specifies how signals are transmitted Electrical Signaling Electrical & Mechanical interfaces Data sent over physical media Encoding scheme |
|
OSI Data Layer (2)
|
Rules of access the network media
switching breaks sending msg into frames formats frames (token ring, Ethernet, ATM, ) media access methods - collision/contention based - Token passing - FDDI ring architecture synchronization and error control |
|
Ethernet standard
|
802.3
|
|
Token ring standard
|
802.5
|
|
Wireless Standard
|
802.11
|
|
OSI Network Layer 3
|
** only one to provide confidentiality, authentication, and integrity with IPsec **
Routing and IP Fragments for dissimilar frame size Buffering Error control |
|
OSI Transport Layer 4
|
End to End ** HOST to HOST **
Protocols here are TCP, UDP, IPX Buffering Error Control Packet sequencing, segmenting, reassemble |
|
OSI Layer 5 Session
|
connection establish, maintenance, tear down
NFS, SQL, RPC Client/server Sychronization Half, Full Duplex and simplex here |
|
OSI Layer 6 Presentation
|
File level encryption, compression
translates into standard presentation Encoding (ASCII,EBCDIC) Binary negotiation Formatting - GIF, TIFF, JPEG |
|
OSI Layer 7 Application
|
File Transfer
E-mail (SMTP Gateway) telnet ,POP, Access Control Services Browsers (HTTP) Non-repudiation provide network for applications |
|
Digital Signature provides
|
Integrity, authentication, non-repudiation
|
|
Protocols
|
Rules to allow two or more computers to send/receive data
|
|
OSI and DoD TCP/IP memory tool
|
3112
|
|
DoD TCP/IP suite
|
Application (3)
Host to Host (1) Internet (1) Network Interface (2) |
|
Well known TCP/UDP ports
|
below 1024
(0-1023) |
|
TCP
|
connection oriented
reliable flow control SYN-SYN/ACK-ACK |
|
UDP
|
Connectionless
non-reliable no handshake "best effort" (Video Streaming) faster than TCP |
|
IPv4 Class A
|
0.0.0.0 - 126.0.0.0
16 million host addresses (16,777,214) |
|
IPv4 Class B
|
128.0.0.0 - 191.255.0.0
65 thousand host addresses (65,534) |
|
IPv4 Class C
|
192.0.0.0 - 223.255.255.0
254 host addresses |
|
IPv4 Class D
|
224..0.0.0 - 239.255.255.255
|
|
IPv4 Class E
|
240.0.0.0 - 255.255.255.255
|
|
2^8
|
256
|
|
2^16
|
65,536
|
|
2^24
|
16,777,216
|
|
# IP host address
|
Always 2^N - 2
one reserved for broadcast (255) one reserved for the network (0) |
|
IPv6
|
128 bit addresses (8 blocks)
64 bits network 64 bits hosts hosts component can be based on MAC |
|
Global addresses
|
1st 48 bits are global routing prefix
Next 16 are subnet ID |
|
Synchronous Signaling Transmission
|
Stream
No start and stop synchronizes before sending data - clocking mechanism Large amounts of data |
|
Asynchronous Signaling Transmission
|
Bits sent sequentially
start and stop bits small amounts of data Modems |
|
Bus Network
|
Linear
Single cable traffic received by all devices (ignored) if one computer has a problem affects all |
|
Ring Network
|
unidirectional transmission link
closed loop one computer has a problem affects all |
|
Star Network
|
connected to a central device (hub)
central device single point of failure |
|
Tree
|
bus topology but branches of cables
|
|
Mesh
|
all computers connected to each other
no single point of failure more expensive |
|
Coax Thinnet
|
10base-2
185 (200) meters RG-58 10 mbps 50 ohm |
|
Coax Thicknet
|
10base-5
500 meters RG-8 RG-11 10 mbps 50 ohm |
|
Coax cabling
|
higher performance than twisted pair
one way networks cable tv |
|
Twisted pair cabling
|
LAN media
cheap easy to work with residential telephone |
|
10base-T
|
Unshielded twisted pair
10 Mbps |
|
100base-TX fast ethernet
|
Unshielded twisted pair
100 Mbps |
|
1000base-TX fast ethernet
|
Unshielded twisted pair
1000 Mbps (gig) |
|
1000base-X
|
Fiber
1000 Mbps (gig) |
|
Fiber
|
Fast
less attenuation expense single mode 2000 meter multi mode 500 meter most secure |
|
Cable Fire issues use:
|
Plenum cable do not release toxic fumes
fluoropolymers |
|
Transmission Method (Unicast)
|
one to one relationship
"Client/Server" |
|
Transmission Method (Multicast)
|
One to many relationship
"Streaming" |
|
Transmission Method (Broadcast)
|
One to all relationship
usually just on a network (to locate) |
|
ARP (Address Resolution Protocol)
|
maps IP address (layer 3) to the media access control (MAC) address (layer 2)
ARP translates so they can talk ARP broadcast out ip gets MAC back |
|
Masquerading Attack
|
altering ARP table to a different MAC address
ARP Poisoning |
|
RARP (Reverse Address Resolution Protocol)
|
Has MAC, broadcasts to get IP
succeeded by BOOTP - provides for diskless workstations - more functionality |
|
DHCP Leasing Process (DORA) 4 steps
|
DHCP Discover
DCHP Offer DHCP Request DHCP pAck |
|
ICMP
|
message protocol for IP
PING - ICMP ECHO request/reply Can be used to trick routers into changing table Loki attack |
|
SNMP Port
|
161-162
|
|
SMTP Port
|
25
|
|
SSH port
|
22
|
|
FTP port
|
20-21
|
|
Telnet port
|
23
|
|
HTTPs port
|
443
|
|
Router
|
Layer 3
security through packet filtering and ACL's |
|
Distance vector routing (RIP)
|
does not look at bandwidth
distance = # of hops entire routing table sent to neighbors Noisy Max of 16 hops |
|
Link state routing (OSPF - open shortest path first)
|
more intelligence
topology map all routers establish topology database using DR Link State Advertisements used to check topology |
|
Layer 7 Application Gateway
|
Links networks (SMTP(
Translator |
|
If they are talking proxy then its...
|
Application Gateway
Proxy - better security |
|
Circuit level proxy
|
Looks only at the header packet information
wider range than application but not the detailed level makes decisions based on address and port Session Layer (5) |
|
SOCKS
|
circuit level proxy
clients must be SOCKs-ified with client software VPN and outbound internet VPN like but not tradition VPN protocol |
|
Kernel Proxy
|
most advanced
faster than application proxy (done in kernel) one network stack for each packet does NATing Application Layer (7) |
|
Dual-Homed Firewall
|
single system with two nics, one to trusted network, one to untrusted network
|
|
Screened Host Firewall
|
Router between the internet and the firewall screening traffic
|
|
Screened Subnet Firewall
|
External router filters traffic before DMZ, then goes thru firewall and another router
Provides more protection that Dual Homed and Screened Host |
|
Directory services ISO standard
|
X.500
|
|
Static NAT
|
Each internal system has its own external IP
|
|
Hiding NAT
|
All internal systems have same external IP
|
|
Port Address Translation (PAT)
|
uses port in url to get to specific system internally
https://www.abc.com:8080 |
|
Circuit switching
|
connection oriented link
virtual connection acts like dedicated link voice phone calls packets in order |
|
Packet switching
|
packets use dynamic paths and can arrive out of order
carries data |
|
Multiplexing
|
device that combines two or more channels
|
|
Frequency division multiplexing (FDM)
|
assigning separate portions of an available spectrum
|
|
Time- Division Multiplexing (TDM)
|
assigning discrete time intervals in sequence to individual channels
more secure - reassembles by time |
|
Asynchronous Transmission Mode (ATM)
|
CELL based
switching and multiplexing 53 byte CELLS instead of frames |
|
Session Initiation Protocol (SIP) for VOIP
|
emulates phone like features (dial tone, ringing, busy signals, etc)
uses User Agents (Client and Server) |
|
Vishing
|
Phishing over VOIP
|
|
ISDN BRI (Basic Rate Interface)
|
uses 2 B channels for data (64k each)
uses 1 D channel for signaling (16k) data 128k signaling 16k total pipe 144k |
|
ISDN PRI (Primary Rate Interface)
|
23 B Channels
1 D Channel at 64k Total bandwidth = to T1 (1.544 Mbps) |
|
Point to Point Protocol (PPP) Authentication mechanisms
|
PAP - clear text
CHAP- not credentials across the wire EAP - extensible (external) |
|
Point to Point Tunneling Protocol (PPTP)
|
Layer 2
Data layer protocol for point to point connections Data is encrypted ** negotiation information in clear text ** only IP traffic (need L2TP to do other than IP) |
|
IPSec
|
works at network layer (3)
encrypts just the payload or payload and header Tunnel mode (payload and header protected) Transport mode (payload protected) |
|
Password Authentication Protocol (PAP)
|
creds sent in clear text
vulnerable to man in the middle, sniffing and replay attacks |
|
Challenge Handshake Authentication Protocol (CHAP)
|
challenge response
user's password used to encrypt challenge value periodically challenges for pw to prevent man in the middle attack password not sent over the wire |
|
Extensible Authentication Protocol (EAP)
|
802.1x
Supports: Token cards Kerberos OTP |
|
Lightweight Extensible Authentication Protocol (LEAP)
|
Cisco proprietary
|
|
EAP-TLS
|
very secure
uses certs on both client and server (PKI) |
|
EAP-TTLS
|
Only server side certs
can have client certs doesn't have to |
|
PEAP (Protected Extensible Authentication Protocol)
|
Joint venture with Cisco, Microsoft, RSA
Protected EAP server side certs only |
|
WLAN 802.11a
|
more channels
high speed less interference |
|
WLAN 802.11b
|
de facto standard
11 mb/sec |
|
WLAN 802.11g
|
like 802.11b
54 mb/sec |
|
WLAN 802.11i
|
Adds WPA II
|
|
WLAN 802.11n
|
450 Mbps
|
|
WLAN 802.16
|
Long-distance wireless infrastructure
WIMAX |
|
What is the backward compatible wireless encryption
|
WPA
WPA II is NOT |
|
Access points modes
|
Infrastructure
Peer to Peer |
|
WEP (Wired Equivalent Privacy)
|
based on RC4 encryption
Single shared key (symmetric) |
|
WPA
|
uses TKIP
48 bit Initialization Vector different session key for each packet Pre shared key |
|
WPA2
|
802.11i
CCMP (Counter mode with Cipher Block Chaining (CBC) Message Authentication Code (MAC) protocol) AES based encryption stronger than TKIP AES uses variable strength encryption (128,192,256 bit) |
|
WAP (Wireless Application Protocol)
|
set of older protocols
low overhead allows wireless device to access internet |
|
Stateful Firewall
|
network layer
looks at the state and context of packets keeps track of each conversation in state table |
|
Packet filtering firewall
|
network layer
looks at source and dest addresses, ports and services Routers using ACL's to monitor network traffic |
|
Application level firewall
|
Application layer
looks deep into packets, makes granular decisions on access control one proxy per protocol |