108 Flashcards
108.1 Define the following devices and their uses: Host; Application Server; Hub; Switch; Router; WAP; Proxy Server; Firewall; VPN Concentrator; Back-Up; Repeater
a. Host/Client - Client/Host architecture allows for multiple clients to connect and share resources on host servers.
b. Application Server - A server that is designed for or dedicated to running specific applications for individual clients in order to keep resources available for other tasks.
c. Hub – Central connection point for network connections that contains multiple ports. When a packet arrives at one port, it is copied unmodified to all ports of the hub for transmission. HUBs operate at the physical layer (OSI layer 1).
d. Switch – Central connection point for network connections that contains multiple ports. When a packet arrives at one port, it is filtered based upon the MAC address (OSI Layer 2) and forwards the packet to its specified destination.
e. Router – A networking device that forwards packets between networks by determining the best path to the destination. Routers work at the network layer (OSI layer 3).
f. WAP - Wireless Application Protocol (WAP) is an open international standard for application-layer network communications in a wireless-communication environment.
g. Proxy Server - A server (a computer system or an application program) that acts as an intermediary for requests from clients seeking resources from other servers.
h. Firewall – A component placed between computers and networks to help eliminate undesired access. The primary focus of a firewall is to provide the first line of defense for the network.
i. VPN Concentrator - Device that provides cost savings through flexible, reliable, and high-performance connectivity via remote-access solutions over public or non-secure physical lines.
j. Back-up – Making copies of data so that these additional copies may be used to restore the original after a data loss event.
k. Repeater - A repeater is an electronic device that receives a signal, cleans it of unnecessary noise, regenerates it, and retransmits it at a higher power level. Repeaters work on the Physical Layer (OSI layer 1).
108.2 Define the following layers of routing and common devices associated with each: Access; Distribution; Core
a. Access - Access routers, including ‘small office/home office’ (SOHO) models, are located at customer sites such as branch offices that do not need hierarchical routing of their own.
b. Distribution - Distribution routers aggregate traffic from multiple access routers, either at the same site, or to collect the data streams from multiple sites to a major enterprise location. Distribution routers often are responsible for enforcing quality of service across a WAN, so they may have considerable memory, multiple WAN interfaces, and substantial processing intelligence.
c. Core - Core routers may provide a “collapsed backbone” interconnecting the distribution tier routers from multiple buildings of a campus, or large enterprise locations. They tend to be optimized for high bandwidth.
108.3 Explain the following network terminology: Bus; Star; Ring; Mesh; LAN; WAN; MAN; GAN; VLAN
a. Topology – Refers to the physical arrangement of a LANs components.
◦ Bus – uses a common backbone to connect all devices. A single cable, the backbone functions as a shared communication medium that devices attach or tap into with an interface connector.
◦ Star – Many home networks use the star topology. A star network features a central connection point called a “hub” that may be a hub, switch or router.
◦ Ring – Every device has exactly two neighbors for communication purposes. All messages through a ring in the same direction (either “clockwise” or “counterclockwise”). A failure in any cable or device breaks the loop and can take down the entire network.
◦ Mesh – A network where all the nodes are connected to each other.
b. LAN – A Local Area Network is a privately-owned network(s) within a single building or campus of up to a few kilometers.
c. WAN – A Wide Area Network is a publicly owned group of networks over a large geographical area, often a country or continent.
d. MAN – A Metropolitan Area Network is slightly larger than a LAN, expanding its coverage to a group of buildings or a city and may be publicly or privately owned.
e. GAN – A Global Area Network is a network used for supporting mobile communications across an arbitrary number of wireless LANs, satellite coverage areas, etc.
f. VLAN – A virtual local area network. It enables groups of devices from multiple networks to be combined into a single logical network. The result is a virtual LAN that can be administered like a physical local area network.
108.4 Identify the functions, by layer, of the following models: OSI; TCP/IP
a. OSI Model [ref. b, part II]
7. Application layer – Application to application communication across the network
6. Presentation Layer – Data Representation and Encryption
5. Session Layer – Interhost Communication
4. Transport Layer – End-to-End Connections and Reliability
3. Network Layer – Path determination and logical addressing (IP)
2. Data Link Layer – Physical Addressing (MAC & LLC)
1. Physical layer – Media, Signal and Binary Transmission
b. TCP/IP Model [ref. b, ch 5]
4. Application Layer – Telnet, FTP, SMTP
3. Transport Layer – TCP, UDP
2. Internet Layer – IP
1. Network Access Layer – Ethernet, Token Ring
108.5 State the difference between IPv4 and IPv6.
- IPV4 utilizes 32 bits that can be used for its address. This allows for a maximum of 4.3 billion unique addresses. IPv4 addresses are mostly expressed in what is referred to as dot-decimal notation, for example: 192.168.15.85. IPv6 addresses consist 128 bits - eight groups of four hexadecimal numbers, where each field is separated by a colon.
108.6 Define the following and how they are used: NIPRNET; SIPRNET; JWICS; CENTRIXS
a. NIPRNET – Non-classified Internet Protocol Router Network: used to exchange sensitive but unclassified information between “internal” users as well as providing users access to the internet.
b. SIPRNET – Secret Internet Protocol Router Network: A system of interconnected computer networks used by the United States Department of Defense and the U.S. Department of State to transmit classified information (up to and including information classified SECRET) via the TCP/IP protocol suite in a completely secure environment.
c. JWICS – Joint Worldwide Intelligence Communications Systems: A system of interconnected computer networks used by the U.S. Department of Defense and the U.S. Department of State to transmit classified information by packet switching over TCP/IP in a secure environment.
d. CENTRIXS Combined Enterprise Regional Information Exchange System. Used to connect US DoD with select allied countries; UK, Canada, Australia, New Zealand, to transmit classified information, up to secret, via a secure TCP/IP infrastructure. It supports joint operations.
108.7 Explain the following networks and where they are employed: CANES; DoDIN (formerly GIG); DISN; NMCI; ONENET; IT21; ISNS
a. CANES Consolidated Afloat Network Enterprise Services. The newest network architecture/system in the fleet. It consolidates 4 legacy afloat networks, combining them into a single, manageable system to be able to provide a higher level quality of service, while lowering costs. It consolidates ISNS NIPR, SIPR, SCI, and CENTRIXS-M.
b. DoDIN (formerly GIG) – The Department of Defense Information Network (Formerly Global Information Grid) is a globally interconnected, end-to-end set of information capabilities for collecting, processing, storing, disseminating, and managing information on demand to warfighters, policy makers, and support personnel.
c. DISN – The Defense Information System Network is a composite of DoD owned and leased telecommunications subsystems and networks. It is DoD’s worldwide enterprise level telecommunications infrastructure providing end-to-end information transfer in support of military operations.
d. NMCI- The Navy/Marine Corps Intranet (NMCI) was developed to procure and manage information technologies (IT) for the Navy at the enterprise level. NMCI is a partnership between the Navy and industry whereby industry provides IT services purchased by individual Navy commands. The key point is that the Navy does not own or manage the hardware, software, or communications infrastructure. Rather, a command purchases the IT services it requires from a catalog of standard services, and industry will then provide the necessary hardware and infrastructure to deliver those services.
e. ONENET – A Navy-wide initiative to install a common and secure IT infrastructure to OCONUS navy locations. It is based on the navy-Marine Corps Intranet architecture and is designed to be interoperable with IT-21, NMC, and the Global information Grid in the near future.
f. IT21 - The security posture for each IT-21 FLTNOC is independently administered but centrally governed by the Chief of Naval Operations (CNO)/NETWARCOM Unclassified Trusted Network Protect (UTN Protect) firewall policy. Use and enforcement of this policy is mandated by CNO and NETWARCOM security policies. IT-21FLTNOCs are also tasked with implementing IP block lists and DNS black hole lists as promulgated by Navy Cyber Defense Operations Center (NCDOC).
g. ISNS Integrated Shipboard Network System. This is the legacy predecessor to CANES. Older shipboard networking system.
108.8 Describe the following: Machine Language; Assembly Language; High-Level Language; Operating System; Application.
a. Machine Language - Any computer can directly understand only its own machine language. Machine language is the “natural language” of a particular computer, defined by the computer’s hardware design. Machine languages generally consist of strings of numbers (ultimately reduced to 1s and 0s) that instruct computers to perform their most elementary operations one at a time.
b. Assembly Language - Machine-language programming was simply too slow and tedious for most programmers. Instead of using the strings of numbers that computers could directly understand, programmers began using English-like abbreviations to represent elementary operations.
c. High-Level Language - From the programmer’s standpoint, obviously, high-level languages are much more desirable than either machine languages or assembly languages. C, C++ and Java are among the most powerful and most widely used high-level programming languages.
d. Operating System - An operating system (OS) is software that controls a computer. It manages hardware, runs applications, provides an interface for users, and stores, retrieves, and manipulates files.
e. Application – Applications are computer software’s designed to help the user to perform singular or multiple related specific tasks.
108.9 Describe the following to include the risks associated: Virus, Worm, Trojan, Backdoor, Phishing
a. Virus - Malicious code written with an intention to damage the user’s computer. Viruses are parasitic and attach to other files or boot sectors. They need the movement of a file to infect other computers.
b. Worm - Worms are self-replicating malware. It uses a computer network to send copies of itself to other nodes (computers on the network) and it may do so without any user intervention. Unlike a virus, it does not need to attach itself to an existing program.
c. Trojan - A Trojan horse, or Trojan, is malware that appears to perform a desirable function for the user prior to run or install but instead facilitates unauthorized access of the user’s computer system.
d. Backdoor - A gap in the security of a computer intentionally inserted and left open by a malicious program or set of user actions to permit continuous access to the computer without restrictions. Hackers may create backdoors to a system once the system is already compromised. For example: Malicious entity takes advantage of 0-day exploits to attain unrestricted access to a computer remotely. User uploads and installs a service on the computer that intentionally leaves a couple ports open for connection at all times.
e. Phishing - A form of social engineering attack where users are ‘baited’ into giving up their sensitive information through electronic communications This is a criminally fraudulent attempt to maliciously obtain information such as usernames, passwords, credit cards, and other key sensitive personal information by disguising and tricking users into thinking a malicious communication or link is a valid one
108.10 Describe the function and risk associated with the following activities. Network Enumeration; Buffer Overflow; SQL Injection; Dictionary Attack; Privilege Escalation; Brute Force Attack; Social Engineering; Rainbow Table; Denial of Service; Distributed Denial of Service
a. Network Enumeration - The discovery of hosts and devices on a network using common tools and protocols in an effort to further identify the function of the remote host, solicit information from the host (usernames, groups, shares, services), and fingerprint the host to know its likely vulnerabilities.
b. Buffer Overflow - An anomaly or attack on a system where a program writing to a memory buffer exceeds the bounds of memory control. The continued writing into memory, outside the bounds of control can lead to many negative consequences; eg. Erratic program behavior, crashes, denial of service, security exploitation granting un-authorized users access to administrative privileges.
c. SQL Injection - An attack on a system where malicious logic / code is attempted to be run by intentionally exploiting an incorrectly filtered SQL input statement. Stated another way, a hacker creates a condition where, due to the process of reading the raw data input, a malicious code is both injected and then executed against an SQL database. SQL used to be written Sequel, and stands for Structure (English) Query Language. It is now the standard means for manipulating and querying data in relational databases. It is highly used throughout the internet (www and DoD).
d. Dictionary Attack - A technique for attacking an authentication process by repeatedly and systematically feeding it keys and passphrases that are statistically likely to be valid. This is not an exhaustive or all possibilities attack, as a brute force attack would be.
e. Privilege Escalation - An attack against a bug or flaw in software and security resulting in a user gaining access to resources they would not normally be granted.
f. Brute Force Attack - A technique for attacking an authentication process by repeatedly and systematically feeding it all possible passphrases. This is a fully exhaustive attack, checking every possible combination of characters.
g. Social Engineering - An attack which manipulates / deceives people into performing actions or divulging critical information by preying upon social norms, expectations, and using other psychological tricks.
h. Rainbow Table - A precompiled table of hashes (reversible or non-reversible encryption methods). Instead of attempting to decrypt the password etc., the attacker simply ‘looks-up’ the hash in the pre-generated table to identify the password. Hash tables or ‘Rainbow Tables’ are extremely large, multi-gigabyte or even terabytes in size. It is a space-time trade-off in attacker methodology. If they attacker cannot spend the time brute forcing the password / etc. then they may just gather all the pertinent hashes lying around file space and attempt to look them up in their pre-compiled rainbow table.
i. Denial of Service (DoS) - An interruption in an authorized user’s access to a computer network, typically caused by malicious intent (as an attack).
j. Distributed Denial of Service (DDoS) - A DoS where multiple systems flood the bandwidth or resources of a targeted system. Such an attack is often the result of multiple compromised systems as with a botnet attack.
108.11 Describe the functionality of PKI.
- Public Key Infrastructure is a structure for securing the electronic transfer of information such that it can be sent via non-secure medium yet be trusted to be authentic, not tampered with. It uses a set of roles, policies, and procedures to create, manage, distribute, store, and revoke digital certificates key to PKI. It functions with A Certificate Authority – which stores, issues and signs digital certificates for users A Regional Authority – which verifies the identity of entities requesting their digital certificates be stores at the CA. A Central Directory – which is a secure location storing keys A Certificate Management System – which is an entire infrastructure dedicated to processing, distributing, and managing access to certificates issued. A Certificate Policy – which is a compliance standard setting up how users computers must behave in order to be compliant and thus use the PKI. Its purpose is to prevent outsiders and assure the PKI’s trust-worthiness.
108.12 State the purpose of a Domain Controller, Exchange Server, and DNS.
- Within the security boundary, called a ‘domain’ access to all resources are managed. A Domain Controller is the server, which responds to security authentication requests. DNS or Domain Naming Service is how the ‘domain’ is defined in IP and word naming space. DNS does this by presenting a service, which can look up the human read words such as ‘Microsoft.com’ and convert it to the networking IP address space associated to it. A DNS is authoritative for its single named / IP space. This ensures that authoritative servers are the only ones responding to resource requests within their domain; preventing attack from external entities. Exchange Server is a Microsoft email server, which is usually joined to a trusted domain such that email coming from it can be trusted to be from authentic users in the domain.
108.13 Explain the following TCP/IP protocols and their specific ports. FTP; SSH; Telnet; SMTP; DNS; DHCP; HTTP; HTTPS; POP3; IMAP;
a. FTP 20 / 21 - File Transfer Protocol, using a client and server setup.
b. SSH 22 - Secure Shell, using a secure SSH capable Telnet client to manage network devices.
c. Telnet 23 - Telecommunications Network, using a non-secure Telnet client to manage network devices.
d. SMTP 25 - Simple Mail Transfer Protocol, using it allows email to be transferred using a client / server setup.
e. DNS 53 - Domain Naming Service, used to translate domain names to IPs.
f. DHCP 67/68 - Dynamic Host Configuration Protocol, used to configure and point clients to resources on a network.
g. HTTP 80 - Hypertext Transfer Protocol, the main protocol used to transfer requested web data using a client / server setup.
h. HTTPS 443 - same as HTTP but with encryption. Supports TLS and SSL.
i. POP3 110 - b Post Office Protocol, used as an email client protocol, meant to be extremely easy to use / configure. It has been superseded by IMAP.
j. IMAP4 143 - Internet Message Access Protocol, used to replace the simple POP3, allowing a fully configurable email setup where clients can now request to leave email on the server while downloading a copy locally, and can remain connected to the server indefinitely downloading email on demand.
108.14 Explain TCP and UDP internet protocols.
- TCP – Transmission Control Protocol. It rides the Internet Protocol (IP) and provides connection oriented, reliable, ordered error-checked delivery of data streams. Data is able to be re-started and re-transmitted to ensure 100% of the data reached the distant end client. It has large overhead and thus latency.
- UDP – User Datagram Protocol. It also rides IP; however, it is not connection oriented. Instead, it is a ‘fire and forget’ data stream. It doesn’t care if the client receives any or all of the data stream sent, it just sends it into the IP realm. Its advantage over TCP is that when the network is reliable UDP has practically no overhead, which dramatically reduces latency. It is useful in real-time streaming data such as ‘voice’ and ‘live-video’ especially where end point users are actively responding to one another.
108.15 Define/Discuss the following Access Control methods.
a. Mandatory Access Controls (MAC) A system wide security policy which decrees who has access based upon regulation at a central authority; the user cannot alter this. In the military this is described as a classification and need-to-know ‘label’ associated to data; eg. (Secret, {Crypto}) Users must be granted access to all the label content, eg. Secret and Crypto, to be able to access the contents.
b. Discretionary Access Controls (DAC) An individual user can set an access control mechanism to allow / deny access to an object. Has limitations preventing access to copies of the data to un-authorized users.
c. Role Based Access Controls (RBAC) Also known as ‘Role-Based-Security’ which is defined around roles and privileges. Roles are built for every job function. Those roles acquire the permissions needed to perform particular system functions. The role is dynamically assigned to users as needed and must be assigned to the user by authorizing agent.
d. Separation of Duty Also known as ‘Segregation of Duties’ is the concept of having more than one person required to complete a sensitive task such that by sharing the task it reduces the chance of conflict of interest, fraud, error and abuse through forcing collusion to make such happen.
e. Least Privilege A concept / principle where a process / user / program must be able to access ONLY the information and resources that are necessary for its legitimate purpose. By extension, all other access is innately denied.
