108 Flashcards
108.1 Define the following devices and their uses Host/Client Application Server: Hub Switch Router WAP Proxy Server Firewall Back-up Repeater
a. Host/Client: A host provides the service to the client who is in need of a certain service or function.
b. Application Server: Provides remote application services to clients who request it in a network environment.
c. Hub: A network hub or repeater hub is a device for connecting multiple twisted pair or fiber optic Ethernet devices together and making them act as a single network segment.
d. Switch: Is a hardware device that joins multiple computers together within one local area network (LAN).
e. Router: a router is defined as a device that selects the best path for a data packet to be sent from one computer network to another.
f. WAP: A Wireless Access Point is a device that allows wireless devices to connect to a network via Wi-Fi.
g. Proxy Server: A buffer between the internet and a user to improve security by making requests to other servers for the client, and by evaluating, filtering the requests, and caching information.
h. Firewall: A security device that all traffic coming into and leaving a network traverses, and according to rules, filters and allows only approved traffic.
i. VPN Concentrator: A Virtual Private Network concentrator is a network device that allows a user to remotely access the network in a secure tunnel.
j. Back-up: Copy of settings, or software that is created in case there is an issue with the current data, and the current data needs to be restored.
k. Repeater: A network device that allows for a network cable to be lengthened further than what the cable standard would normally allow, by refreshing the signal and resending it.
108.2 Define the following layers of routing and common devices associated with each
Access
Distribution
Core
a. Access: Access routers, including are located at customer sites such as branch offices that do not need hierarchical routing of their own. Typically, they are optimized for low cost.
b. Distribution: Distribution routers direct traffic from multiple access routers at either the same site, or to collect data streams from multiple sites to a major enterprise location. Distribution routers are often responsible for enforcing quality control across a WAN.
c. Core: In enterprises, a core router may provide a “collapsed backbone” interconnecting the distribution tier routers from multiple buildings of a campus, or large enterprise locations. They tend to be optimized for high bandwidth.
108.3 Explain the following network terminology Topology Bus Star Ring Mesh WAN LAN MAN GAN
a. Topology (Bus/Star/Ring/Mesh): the architecture of a network
Bus: Has the clients all in a single line with both ends terminated. Each client is daisy chained off of the clients to either side.
Star: topology where multiple clients are connected to a single device such as a hub or a switch. If a client goes down only communication to the client is lost.
Ring: Clients are connected in a loop like a bus that has the ends connected together.
Mesh: Connects all of the clients to every other client.
c. LAN: (Local Area Network) a network that is confined to a small geographical area, such as an office or building.
d. WAN: (Wide Area Network) a network that is connected in a very large geographical area, and includes LANs and MANs.
e. MAN: (Metropolitan Area Network) a network that spans over a larger area than a LAN, but does not exceed a geographical area the equivalent to a city.
f. GAN: (Generic Access Network) a wireless network that allows a mobile device to switch seamlessly to a different LAN in a large geographical area.
108.4 Identify the functions, by layer, of the following models
OSI
TCP IP
a. OSI Model [ref. b]: Is an abstract description for layered communications and computer network protocol design. It was developed as part of the Open Systems Interconnection (OSI) initiative. In its most basic form, it divides network architecture into seven layers. Layer 7 - Application Layer 6 - Presentation Layer 5 - Session Layer Layer 4 - Transport Layer Layer 3 - Network Layer Layer 2 - Data Link Layer Layer 1 - Physical Layer b. TCP/IP Model [ref. b]: Application Layer- Telnet, FTP, SMTP Transport Layer- TCP, UDP Internet Layer- IP Network Access Layer- Ethernet, Token Ring
108.5 State the difference between IPv4 and IPv6
IPV4 utilizes 4 bytes to express an address; it has only 32 bits that can be used for its address. IPv4 addresses are mostly expressed in what is referred to as dot-decimal notation, for example: 192.168.15. 85
IPv6 addresses consist of eight groups of four hexadecimal numbers, where each field is separated by a colon. The real intent of IPv6 is to increase the efficiency of network management and routing.
108.6 Define the following and how they are used
NIPR
SIPR
JWICS
a. NIPRNET: (Non-classified Internet Protocol Router Network) Is used to exchange sensitive but unclassified information between “internal” users as well as providing users access to the outside world or internet.
b. SIPRNET: (Secret Internet Protocol Router Network) is a Private network of computers used by the United States Department of Defense and the U.S. Department of State to transmit classified information up to and including SECRET by packet switching over the TCP/IP protocols in a secure environment. SIPRNET is the classified version of NIPRNET.
c. JWICS: (Joint Worldwide Intelligence Communication System) is the top secret and SCI version of SIPRNE
108.7 Explain the following networks and where they are employed DODN GIG DISN NMCI ONENET IT-21
a. DoDN (GIG): Department of Defense Global Information Grid is a never ending network of information capabilities for collecting, processing, storing, and managing information on demand to ships, jets, personnel on the ground and at sea.
b. DISN: Defense Information System Network Video Services are part of the Defense Information Systems Agency (DISA), Global Information Grid (GIG), Combat Support (NS5), which is responsible for managing and overseeing VTC operations on the Defense Information System Network (DISN). Locations: CONUS (Continental United States), Europe, PAC (Pacific) SWA (Southwest Asia)
c. NMCI: The Navy Marine Corps Intranet (NMCI) is the first-of-its-kind approach to information services consolidation, technology standardization and enterprise-wide oversight of network operations in the Department of Defense. NMCI is far more than just a network for the Navy and the Marine Corps—it is a unified, stable and secure IT platform that supports broader strategic objectives and advances the Navy’s transition to a net-centric environment.
d. ONENET: A Navy-wide initiative to install a common and secure IT infrastructure to OCONUS Navy locations. It is based on the Navy-Marine Corps Intranet (NMCI) architecture and is designed to be interoperable with IT-21, NMCI, and the Global Information Grid in the near future.
e. IT21: The security posture for each IT-21 FLTNOC is independently administered but centrally governed by the Chief of Naval Operations (CNO)/NETWARCOM Unclassified Trusted Network Protect (UTN Protect) firewall policy. Used afloat
108.8 Describe the following
MACHINE
Assembly
High Level
OS
Application
a. Machine Language [ref. d]: a system of instructions and data executed directly by a computer’s central processing unit
b. Assembly Language [ref. d]: A low-level programming language for computers, microprocessors, microcontrollers, and other integrated circuits.
c. High-Level Language [ref. d]: A programming language with strong abstraction from the details of the computer.
d. Operating System [ref. e]: Controls your computer’s tasks and manages system resources to optimize performance. It is software, consisting of programs and data, which runs on computers and manages the computer hardware.
e. Application [ref. e]: An application is a computer program designed to help people perform an activity
108.9 Describe the following to include the risks associated Virus Worm Trojan Backdoor Phishing
a. Virus [ref. c]: A piece of software designed to infect a computer system.
b. Worm [ref. c]: Similar to a virus but it can reproduce itself, it is self-contained and doesn’t need a host application to be transported.
c. Trojan [ref. c]: Programs that enter a system or network under the guise of another program.
d. Backdoor [ref. c]: This term has two meanings. First meaning is referred to troubleshooting and developer hooks into systems. Backdoors are added by programmers to examine operations inside the coded while the code is running. The second type of backdoor refers to gaining access to a network and inserting a program or utility that creates an entrance for an attacker.
e. Phishing [ref. c]: Involves an attacker to send emails to users and claim to be well-known company.
108.10 Describe function and risk associated with following activities NET ENUM Buffer overflow SQL injection Dictionary Attack Priv ESC Brute Force SOCIAL ENG
a. Network Enumeration [ref. c]: The creation of a list or inventory of items.
b. Buffer Overflow [ref. c]: A situation where a program writes data beyond the buffer space allocated in memory. This can result in other valid memory being overwritten.
c. SQL Injection [ref. c]: The purpose of SQL injection is to convince the application to run SQL code that was not intended. SQL Server injection vulnerabilities are caused by the same issue: invalid parameters that are not verified by the application.
d. Dictionary Attack [ref. c]: A dictionary attack tries only those possibilities which are most likely to succeed, typically derived from a list of words for example a dictionary (hence the phrase dictionary attack) or a bible etc. Generally, dictionary attacks succeed because many people have a tendency to choose passwords which are short (7 characters or fewer), single words found in dictionaries or simple, easily-predicted variations on words, such as appending a digit. Can compromise a computer password.
e. Privilege Escalation [ref. c]: Privilege escalation is the act of exploiting a bug, design flaw or configuration oversight in an operating system or software application to gain elevated access to resources that are normally protected from an application or user. The result is that an application with more privileges than intended by the application developer or system administrator can perform unauthorized actions.
f. Brute Force Attack [ref. c]: Brute-force attack, or exhaustive key search, is a strategy that can, in theory, be used against any encrypted data. Such an attack might be utilized when it is not possible to take advantage of other weaknesses in an encryption system (if any exist) that would make the task easier. It involves systematically checking all possible keys until the correct key is found.
g. Social Engineering [ref. c]: Social engineering is the art of manipulating people into performing actions or divulging confidential information, rather than by breaking in or using technical cracking techniques. While similar to a confidence trick or simple fraud, the term typically applies to trickery or deception for the purpose of information gathering, fraud, or computer system access
108.11 Describe the functionality of PKI
108.11 Describe the functionality of PKI. [ref. a]
Public Key Infrastructure - a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates
108.12 State the purpose of DNS
The name resolution system that translates alphabetic domain names into numeric IP addresses
