11 - Secure Network Architecture and Components Flashcards

1
Q

What is the OSI Model?

A

7 Distinct Layers

  1. Physical Layer: Accepts the frame from the Data Link layer and converts it into bits for transmission over the physical connection medium.
    1. NICs
    2. Hubs
    3. Repeaters
    4. Amplifiers
  2. Data Link Layer: Responsible for formatting the packet from the Network layer into a properly formatted frame for transmission. A common technology in use is Ethernet (IEEE 802.3). The MAC (Media Access Control) Address is also used at this layer which is a 6-byte (48-bit) binary address written in hex. The Organizationally Unique Identifier is the first 3 bytes of a MAC address that identifies the vendor.
    1. Protocols
      1. Address Resolution Protocol (ARP): Used to resolve IP addresses into MAC addresses
      2. Layer 2 Forwarding (L2F)
      3. Layer 2 Tunneling Protocol (L2TP)
      4. Point-to-Point Tunneling Protocol (PPTP)
    2. Layers
      1. Logical Link Control (LLC)
      2. MAC
    3. Devices
      1. Switches
      2. Bridges
  3. Network Layer: Responsible for adding the routing and addressing info to the data known as a packet at this level.
    1. Protocols
      1. Internet Control Message Protocol (ICMP)
      2. Routing Information Protocol (RIP)
      3. Internet Protocol (IP)
      4. Internet Protocol Security (IPSec)
      5. Network Address Translation (NAT)
    2. Devices
      1. Routers
  4. Transport Layer: Responsible for managing the integrity and control of a session. Uses segments at this level. Establishes (end-to-end) communication and defines the rules.
    1. Protocols
      1. Transmission Control Protocol (TCP)
      2. User Datagram Protocol (UDP)
      3. Secure Sockets Layer (SSL)
      4. Transport Layer Security (TLS)
  5. Session Layer: Responsible for establishing, maintaining, and terminating communication sessions between 2 computers. Uses PDUs at this level (Protocol/Packet/Payload Data Unit).
    1. Protocols
      1. Network File System (NFS)
      2. Structured Query Language (SQL)
      3. Remote Procedure Call (RPC)
    2. Modes
      1. Simplex: One way
      2. Half-Duplex: 2-way but only one direction sends data at a time
      3. Full-Duplex: 2-way, data can flow in both directions at a time.
  6. Presentation Layer: Transforms data from the Application layer into a form that can be understood.
    1. Standards
      1. ASCII
      2. JPEG
      3. MIDI
      4. MPEG
  7. Application Layer: Responsible for interfacing user apps, services, and OS with the protocol stack. Ensures resources are available for communication.
    1. Protocols
      1. HTTP
      2. FTP
      3. SMTP
      4. SNMP
      5. RPC
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is the TCP/IP Model?

A

4 distinct layers:

  • Application (OSI: 5,6,7)
  • Transport (OSI: 4)
  • Internet (OSI: 3)
  • Link (OSI: 1 and 2)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What protocols are mainly part of the Transport Layer in the TCP/IP Model?

A
  • Transmission Control Protocol (TCP): Full-duplex connection-based protocol.
  • User Datagram Protocol (UDP): Simplex connection-less protocol.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are ports? Why are they used and how many are there generally?

A

A port is an address number that 2 systems agree to use to communicate (the IP is like the building and the port is the room #).

A port and IP address number together are called a socket.

Ports are 16-digit binary numbers that total up to 65,536. The first 1,024 ports are called well-known/service ports. Ports 1,024 to 49,151 are known as registered software ports that have software products registered with IANA. Ports 49,152 to 65,535 are known as random, dynamic, and ephemeral ports because they are often used randomly or temporarily.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is the TCP 3-way Handshake?

A
  1. Client sends a SYN flagged packet to the server
  2. Server responds with SYN/ACK flagged packet back to the client.
  3. The client responds with an ACK flagged packet back to the server.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What are 2 methods for disconnecting a TCP session?

A
  1. Each side sends a FIN flag which gets an ACK flag in return (4 flags total)
  2. An RST flag causes an immediate and abrupt tear down of the session
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is a TCP Transmission Window?

A

It controls how many packets can be sent followed by an Acknowledgment from the receiver to the sender. Then the next window begins. If no acknowledgment has been received the sender will resend everything again.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is the TCP Header composed of?

A

20 to 60 bytes long:

  • Source Port
  • Destination Port
  • Sequence Number
  • Data Offset
  • Reserved for Future Use space
  • Flags
  • Window Size
  • Checksum
  • Urgent Pointer
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What are the TCP Header Flags?

A
  • URG (Urgent)
  • ACK (Acknowledgement)
  • PSH (Push)
  • RST (Reset)
  • SYN (Synchronization)
  • FIN (Finish)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What are some characteristics of UDP?

A

User Datagram Protocol (UDP):

  • No error detection
  • No flow control mechanisms
  • Unreliable

Often employed for streaming activities

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is IP?

A

Provides route addressing for data packets. IP is connectionless and unreliable so TCP is generally employed with IP to gain reliability.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is the difference between IPv4 v. IPv6?

A

IPv4 uses a 32-bit addressing scheme while IPv6 uses 128-bits.

IPv6 also has scoped addresses, autoconfiguration (in place of DHCP), and QoS priority values.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What are the IP classes?

A
  • A: 1-126 (16M hosts)
  • B: 128-191 (65,534 hosts)
  • C: 192-223 (254 hosts)
  • D: 224-239 (Multicasting)
  • E: 240-255 (Reserved)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is CIDR?

A

Classless Inter-Domain Routing notation:

  • Uses mask bits instead of full dotted-decimal notation subnet mask.
    • A: 255.0.0.0 - /8
    • B: 255.255.0.0 - /16
    • C: 255.255.255.0 - /24
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is ICMP?

A

Internet Control Message Protocol:

Used to determine the health of a network or a specific link (includes commands such ping, traceroute, pathping)

Can be used maliciously to tie up systems so some networks really limit the use of this protocol.

IP Header protocol field value is: 1

The type field of ICMP determines the purpose of the message:

  • 0: Echo reply
  • 3: Destination unreachable
  • 5: Redirect
  • 8: Echo request
  • 9: Router advertisement
  • 10: Router solicitation
  • 11: Time exceeded
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is IGMP?

A

Internet Group Management Protocol:

Allows systems to support multicasting which is the transmission of data to multiple recipients.

IP header protocol field value is 2

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What is ARP?

A

Address Resolution Protocol:

Used to resolve IP addresses into MAC addresses. Uses caching and broadcasting to perform its operations.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What are some Application Layer Protocols (TCP/IP model)?

A
  • Telnet (Port 23): Remote connectivity for executing commands and running apps.
  • File Transfer Protocol FTP (Port 20/21): Supports the exchange of files that requires anonymous or specific authentication.
  • Trivial File Transfer Protocol TFTP (Port 69): Supports the exchange of files that does not require authentication.
  • Simple Mail Transfer Protocol SMTP (Port 25): Used to transmit email messages.
  • Post Office Protocol POP3 (Port 110): Used to pull messages from an email server to an email client.
  • Internet Message Access Protocol IMAP (Port 143): Used to pull messages from an email server to an email client. MOre secure than POP3.
  • Dynamic Host Configuration Protocol DHCP (Ports 67 and 68): Used to assign TCP/IP config settings to systems upon bootup. 67 is the destination port on the server to receive client communications and port 68 is the source port of the requesting client.
  • Hypertext Transfer Protocol HTTP (Port 80): Used to transmit web page elements from a web server to a client.
  • Secure Sockets Layer SSL [HTTPS SSL/TLS Encryption] (Port 443): Originally designed to support secured web communications (HTTPS) but is capable of securing any App layer protocol communications.
  • Line Print Daemon LPD (Port 515): Service used to spool print jobs and to send to the printer.
  • Network File System NFS (Port 2049): Used to support file sharing between dissimilar systems.
  • Simple Network Management Protocol SNMP (Port 161/162): Used to collect network health and status information by polling monitoring devices from a central station.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What is Encapsulation?

A

The process of adding headers and footers to the data received from the previous layer so it can be handed off to the next layer for additional encapsulation.

The reverse process is de-encapsulation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Multilayer protocols such as TCP/IP can layer different protocols including adding encryption to data. What could be the drawbacks of this setup?

A
  • Covert channels: Hide blocked protocols within allowed protocol tunnels.
  • Filters can be bypassed: Using techniques like covert channels
  • Logical Network Segment Boundaries Can Be Overstepped: VLAN’s can be navigated by layering protocols.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What is the Domain Name System (DNS)?

A

The DNS links IP addresses to human-friendly Fully Qualified Domain Names (FQDN’s).

At a higher level, the DNS works with ARP to resolve domain names to IP’s then IPs to MAC addresses (and vice versa).

Port 53 is used.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

What does an FQDN consist of?

A

It consists of 3 parts:

  • Top-Level Domain (TLD): www.google.com
  • Registered Domain Name: www.google.com
  • Subdomain or Hostname: www.google.com

TLD’s can also be country codes as well as: com, org, edu, mil, gov, net, etc.

FQDN can’t exceed 253 characters.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

What are the name servers called?

A

They are called Primary and Secondary Authoritative Name Servers. They host the zone files which is the collection of resource records.

Resource Records are usually:

  • A: Address Record (IPv4)
  • AAAA: Address Record (IPv6)
  • PTR: Pointer Record (Links IP to FQDN)
  • CNAME: Canonical Name (Links FQDN alias to another FQDN)
  • MX: Mail Exchange
  • NS: Name Server Record (FQDN and IP of authorized name server)
  • SOA: Start of Authority Record (Specifies authoritative info about zone file )
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

What is DNSSEC (Domain Name System Security Extensions)?

A

Each server is issued a digital certificate (public/private key pair). Any DNS data issued by that server can then be authenticated by the requester using the public key of that server.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

What is the process a client takes when it needs to resolve a DNS name into an IP address?

A
  1. It checks its local cache (including content in its HOSTS file: file that maps hostnames to IP addresses)
  2. Sends a DNS query to a known assigned DNS server
  3. Send a broadcast query to any possible local subnet DNS server
26
Q

What is DNS Poisoning?

A

The act of falsifying the DNS information used by a client to reach a desired system.

27
Q

What are some DNS Poisoning Techniques?

A
  • Deploy a Rogue DNS server (DNS spoofing/pharming): The rogue server will listen to the network traffic for DNS queries and then send a false reply back to the client before the actual response gets there. The response must have the correct Query ID (QID) to be accepted.
  • Perform DNS Poisoning: Attacking the DNS server and placing incorrect information into its zone file.
  • Alter the Hosts File: Modifying the HOSTS file on a client and placing false DNS data in it.
  • Corrupt the IP Configuration: Making the client have the incorrect DNS server info. This can be done directly on the client or by getting to the DHCP server and having it send the corrupted IP config file.
  • Use Proxy Falsification: Works against web communications by planting a false web proxy for the traffic to go through.
28
Q

How to prevent DNS Poisoning?

A
  • Limit zone transfers from internal DNS servers to external DNS servers (block inbound port 53 traffic)
  • Use a NIDS
  • Harden all DSN, server, and client systems in your network.
  • Use DNSSEC
  • Require all internal clients to resolve domain names via internal DNS servers (block outbound port 53)
29
Q

What is DNS Pharming?

A

Redirecting a valid URL or IP to a fake website that looks real. Usually associated with phishing.

30
Q

What is Domain Hijacking?

A

The malicious action of changing the registration of a domain name without the authorization of the original owner.

Usually accomplished by stealing credentials or hacking a registrar’s site.

31
Q

What are Converged Protocols?

A

Converged Protocols are when a proprietary/unique protocol is combined with a common/standard protocol. This can be beneficial because there won’t be a need for brand new infrastructure to use the proprietary protocol.

Some examples include:

  • Voice over IP (VoIP): Transports voice and data over a TCP/IP network.
  • Multiprotocol Label Switching (MPLS): Directs data across a network based on short path labels rather than long network addresses. Enables use of other networking technologies.
  • Software-Defined Networking (SDN): A network design that is vendor-neutral, programmable from a central location, and open-standards based. Essentially network virtualization.
32
Q

What are Content Distribution Networks (CDNs)?

A

A collection of resource services deployed to multiple data centers across the internet in order to provide quick hosted content on-demand.

33
Q

What is Data Emanation?

A

The transmission of data across electromagnetic signals.

When electrons move they create a magnetic field. If you can read the magnetic field, the electron stream can be duplicated and data be exposed.

34
Q

What are Wireless Cells?

A

Areas within a physical environment where a wireless device can connect to a wireless access point.

35
Q

What are the various 802.11 Wireless Networking Amendments (versions)?

A
  • 802.11 (no letter)
  • a
  • b
  • g
  • n
  • ac
36
Q

What are the different Wireless Access Point modes?

A
  • Ad-Hoc: 2 networking devices can communicate without a centralized control authority.
  • Infrastructure: A WAP is required and NICs on a system can’t interact directly.
    • Stand-Alone: WAP is connecting wireless clients to each other but not wired resources.
    • Wired Extension: Links wireless clients to the wired network.
    • Enterprise Expanded: Multiple WAP’s connect a large physical area to a wired network.
      • Extended Service Set Identifier (ESSID): Clients use this SSID to hop among WAP’s.
    • Bridge: A wireless connection is used to connect 2 wired networks together.
37
Q

What is a Beacon Frame?

A

A broadcast of the SSID by the WAP allows any wireless NIC in range to see the network and attempt a connection.

38
Q

What is a Site Survey?

A

The process of investigating the presence, strength, and reach of wireless access points deployed in an environment.

39
Q

What are the different standards used to authenticate to WAPs?

A
  • Open System Authentication (OSA): No authentication required. everything in cleartext.
  • Shared Key Authentication (SKA): Some form of authentication must take place before communication can occur.
    • Wired Equivalent Privacy (WEP): Uses a shared key that is distributed among all WAP’s. Also uses a hash to check message integrity. Uses Rivest Cipher 4 (RC4) for encryption. This protocol can be cracked in less than 60 seconds today.
    • Wi-Fi Protected Access (WPA): Negotiates a unique key set with each host. Based on LEAP and Temporal Key Integrity Protocol (TKIP) cryptosystems and often employs a secret passphrase for authentication. The passphrase is considered crackable.
    • Wi-Fi Protected Access 2 (WPA2): aka 802.11i, uses a new encryption scheme known as Counter Mode Cipher Block Chaining Message Authentication Code Protocol (CCMP) which is based on AES. The KRACK (Key Reinstallation AttaCKs) has been known to corrupt the initial 4-way handshake between client and WAP into using a previously used key (or key made of all zeros).
    • 802.1X: A port-based network access control that ensures clients can’t join the network unless authenticated. Allows a wireless network to leverage various authentication systems: RADIUS, TACACS, etc.
    • Extensible Authentication Protocol (EAP): an authentication framework.
    • Protected Extensible Authentication Protocol (PEAP): Encapsulates EAP methods within a TLS tunnel that provides authentication and potentially encryption.
    • Lightweight Extensible Authentication Protocol (LEAP): Cisco proprietary alternative to TKIP for WPA.
    • MAC Filter: ACL based off of MAC addresses that are allowed.
    • Temporal Key Integrity (TKIP): Includes key-mixing function that combines the initialization vector (IV) with the secret root key to use with RC4.
    • Counter Mode Cipher Block Chaining Message Authentication Code Protocol (CCMP): Uses AES with 128-bit key.
40
Q

What are some guidelines for Antenna Placement?

A
  • Use a central location
  • Avoid solid physical obstructions
  • Avoid reflective or other flat metal surfaces
  • Avoid electrical equipment
41
Q

What are some Antenna Types?

A
  • Omnidirectional: Can send and receive signals in all directions perpendicular to the line of the antenna itself.
  • Directional: Focus on sending and receiving capabilities in one primary direction (yagi, parabolic, etc.).
    • Yagi: Crafted with a straight bar with cross-sections to catch specific frequencies.
    • Cantenna: Tubes with one sealed end
    • Panel: Flat devices that focus from only one side of the panel.
    • Parabolic: Used to focus signals from very long distances or weak sources.
42
Q

What is WPS?

A

Wi-Fi Protected Setup (WPS) is a security standard for wireless networks. Operates by auto-connecting the first new wireless client to seek the network once the admin triggers the feature by pressing the WPS button.

Could also call for a code or PIN.

This is good for novices but not very safe.

43
Q

What is Captive Portal?

A

An authentication technique that redirects a newly connected wireless web client to a portal access control page.

44
Q

What are some steps for setting up WiFi Security?

A
  1. Change default admin PW
  2. Decide whether to disable the SSID broadcast
  3. Change SSID to something unique
  4. Enable MAC filtering if pool of clients is small and static
  5. Consider static IP addresses or setup DHCP reservations (only for small deployments)
  6. Turn on the highest form of authentication and encryption possible
  7. Treat wireless as remote access and manage this access using 802.1X
  8. Input an FW between the WAP and wired network.
  9. Utilize an IDS
  10. Require a VPN link between all wireless clients and WAP’s (encrypted traffic)
45
Q

What are some known Wireless Attacks?

A
  • War Driving: Using a detection tool to look for wireless networking signals and determine if these SSID’s are open or closed
  • War Chalking: Physically marking a location with information about the presence of a wireless network.
    • Closed Circle: secured wireless network.
    • Back-to-Back Half Circles: Open network
  • Replay: A retransmission of captured communications in the hope of gaining access to the targeted system.
  • IV (Initialization Vector): A mathematical and cryptographic term for a random number.
  • Rogue Access Points: An unauthorized WAP is deployed usually to trick users of a network to authenticate and monitor their traffic.
  • Evil Twin: A false access point that will read a client request that includes the network SSID and MAC address and will automatically clone the identity of the access point it is looking for in order to get the client to connect (via a plaintext connection). This attack works because authentication and encryption are enforced by the base station, the client will just connect.
    *
46
Q

What are different forms of network segments?

A
  • Intranet: A private network that provides services (email, DNS, etc) not available to anyone outside the network.
  • Extranet: A cross between the inter- and intra- net. A section of your org’s network that acts as an intranet but also serves information to the public internet.
47
Q

What are some benefits of network segmentation (subnetting)?

A
  • Boosting Performance: Networks that communicate often can be put together in the same segment providing better performance.
  • Reducing Communication Problems: Reduces congestion
  • Providing Security: Isolates traffic and user access to those segments where they are authorized.
48
Q

What is Network Access Control?

A

Controlling access to an environment through strict adherence to and implementation of security policy. Can be implemented with 2 different philosophies:

  • Preadmission: Requires a system to meet all current security requirements before it is allowed to communicate with the network.
  • Postadmission: Allows and denies access based on user activity, which is based on a predefined authorization matrix.
49
Q

What are firewalls and what are the different types?

A

A network device that is used to filter traffic based on a set of rules and access control lists. Usually deployed between networks and are capable of hiding the structure and addressing scheme of a private network from the public.

Types:

  • Static Packet-Filtering (Screening Routers): Inspects the headers of incoming traffic. Operates at OSI Level 3.
  • Application-Level Gateway (Proxy Firewall): Filters traffic based on the internet service (application) used to transmit or receive the data. Each app must have its own proxy server to work properly and each packet must be inspected thus it can impact network performance. Operates at level 7 of the OSI model.
    • Proxy: A mechanism that copies packets from one network into another. This process also changes the source and destination addresses to protect the identity of the private network.
  • Circuit-Level Gateway (Circuit Proxies): Used to establish communication sessions between trusted partners. Manage traffic based on the circuit (source/destination addresses and ports) not the content of the traffic. Operate at level 5 of the OSI network.
  • Stateful Inspection (Dynamic Packet Filtering Firewalls): Evaluates the state and context of the traffic: source and dest addresses, application usage, source of origin, and the relationship between packets. Operate at layers 3 and 4 of the OSI model.
  • Deep Packet Inspection: Filters on the payload contents of a packet rather than just the header. Typically operates at the application layer but can be integrated with a stateful inspection fw.
  • Next-Gen Firewalls: A multifunction device composed of several security features including IDS/IPS, TLS/SSL proxy, web filtering, QoS management, NATing, VPN anchoring, and AV.

Interfaces:

  • Multihomed: Must have at least 2 interfaces to filter traffic. IP forwarding should be disabled.
  • Bastion: An appliance that is exposed to the internet and has all unnecessary elements disabled (hardened).
  • Screened Host: A logically positioned system placed right inside a private network. All inbound traffic is routed through this device (there are also screened subnets: a network between 2 routers that separates a private network from the public internet; a DMZ).
50
Q

What are the different Firewall Architectures?

A
  • Single Tier: Private network is directly behind a FW which is connected to a router then public internet.
  • Two Tier:
    • I: A FW with 3 or more interfaces (Public, Private, DMZ)
    • II: Uses 2 FW’s in a series: Internet –> FW –> DMZ –> FW –> Private network.
  • Three Tier: Multiple subnets between Private network and internet (Internet –> FW –> DMZ –> FW –> Transaction Subnet –> FW –> Private Network)
51
Q

What is Endpoint Security?

A

Each individual device must maintain local security.

“The end device is responsible for its own security”

52
Q

Collision v. Broadcast Domains

A
  • Collision Domain: A group of systems where a collision can happen if two or more systems transmitted simultaneously.
  • Broadcast Domain: A group of networked systems in which all members receive a broadcast signal when one of the members transmits.

**Members outside a domain cannot receive a broadcast or cause a collision**

53
Q

What are some hardware components used when building a network?

A
  • Repeaters/Concentrators/Amplifiers: Used to strengthen the communication signal over a cable segment as well as connect network segments that use the same protocol. Systems on either side of the unit are on the same collision and broadcast domain. Layer 1
  • Hubs: Used to connect multiple systems and connect; a multiport repeater. Systems on either side of a hub are part of the same collision and broadcast domains. All members on a hub will receive each other’s communications. Layer 1.
  • Modems (Modulator/Demodulator): Modulates between an analog carrier signal and digital information in order to support computer communications of public switched telephone network (PSTN) lines. (most modern devices labeled as modems are routers, not modems)
  • Bridges: Used to connect 2 networks together in order to connect 2 network segments that use the same protocol. A bridge forwards traffic from one network to another. Systems on either side of a bridge are part of the same broadcast domain but are in different collision domains. Layer 2.
  • Switches: An intelligent hub. Switches know the addresses of the systems connected to each outbound port. A switch only repeats traffic of the intended port/system. Switches can create separate broadcast and collision domains. Operate on Levels 2 and 3. Systems on either side of a Layer 2 switch are on the same broadcast domain but in different collision domains. Systems on either side of a Layer 3 switch are on different broadcast domains and in different collision domains.
  • Routers: Used to connect and control traffic flow between networks. They use either static routing tables or dynamic routing. Systems on either side of a router are on different collision and broadcast domains. These devices operate at layer 3.
  • Brouters: A mix between a bridge and router that attempts to route first and if that fails bridge the traffic (forwards it). Operate on Levels 2 and 3. Systems on either side of layer 3, are on different collision and broadcast domains. Systems on either side of layer 2 are on the same broadcast domain but on different collision domains.
  • Gateways: Connects networks that use different protocols by transforming the format that works for both networks. Systems on either side are on different broadcast and collision domains. Layer 7
  • Proxies: A form of gateway that does not translate across protocols. Performs a function or service on behalf of another device and connects network segments that use the same protocol. Provides clients on a private network with internet access while protecting their identity; performs NAT.
  • LAN Extenders: A remote access, multilayer switch used to connect distant networks over WAN links.
54
Q

What are the different types of transmission media used in networks?

A
  • Coaxial Cable (Coax): Center of a copper core of wire surrounded by a layer of insulation, conductive braided shielding and encased in a final insulation sheath. The copper and braided shielding act as separate conductors so 2-way communication is possible. Resistant to EMI but longer lengths needed segment terminators whereas other technologies did not.
    • Thinnet (10Base2): Used to connect systems to backbone trunks of thicknet cabling. can span distances of 185 meters; 10Mbps.
    • Thicknet (10Base5): can span 500 meters; 10Mbps
  • Baseband Cables: Can transmit only a single signal at a time.
  • Broadband Cables: Can transmit multiple signals at a time.
  • Twisted Pair Cabling: Thin and flexible, consists of four pairs of copper wires that are twisted around each other and then sheathed in a PVC insulator. If there is a metal foil wrapper around the wires underneath the external sheath, the wire is called a Shielded Twisted-Pair (STP). Without the foil, it is an Unshielded Twisted-Pair (STP) which is most often used. The twisting of the wires provides protection from EMI and crosstalk; the more twists per inch (tighter) the more resistant it is.. Each wire pair is twisted at a different rate (twists per inch) thus signals traveling over one pair cannot cross over onto another pair.
    • Crosstalk: When data on one pair of wires is picked up by another pair.
    • Classes:
      • Cat 1 - 7: the higher the number the higher the throughput.
  • Conductors: The most used conductor-based cabling is copper due to its cost and performance. The biggest obstacle is length.
    • Attenuation: The maximum length defined for each cable type indicates the level of signal degradation interfering with the signal.
  • *
55
Q

What are some known Network Topologies?

A
  • Ring: Connects each system as points on a circle. The transmission is unidirectional and only one system can transmit at a time. Utilizes a token system where only the system with the token transmits the data and sends the token on. Each system checks the token to confirm if they are the intended recipient. If any segment of the loop breaks, the traffic comes to a stop.
  • Bus: Each system connects to a backbone or trunk cable. Systems can transmit data simultaneously but can cause collisions. Systems will listen for traffic occurring, if so, it will wait until a quiet point. If a segment fails, the traffic can continue among systems but if the main trunk fails, the system is down.
    • Linear: A single trunk line with all systems directly connected to it.
    • Tree: Single trunk line with branches that support multiple systems.
  • Star: Employs a centralized connection device (hub or switch). Each system is connected to the central device by a dedicated segment, if that segment fails the other systems can continue to function. If the central device is a single point of failure.
    • Token Ring: A physical star deployed as a logical ring.
  • Mesh: Connects systems to other systems using numerous paths. Multiple points of failure.
    • Full Mesh: Each system connects to every other system.
56
Q

What is Wireless Frequency?

A

There is a finite amount of radio frequency spectrum so it has to be managed to avoid interference.

Frequency is a measurement of the number of wave oscillations within a specific time and identified using the unit Hertz (Hz), oscillations per second. Radio waves have a frequency between 3 Hz and 300 GHz.

57
Q

What is Spread Spectrum?

A

Spread Spectrum is where communication occurs over multiple frequencies at the same time. The message is broken into pieces and sent at the same time over multiple frequencies (parallel communication).

  • Frequency Hopping Spread Spectrum (FHSS): Sends data in a series but constantly switches frequencies.
  • Direct Sequence Spread Spectrum (DSSS): Employs all available frequencies simultaneously in parallel. Has higher throughput and employs a special encoding mechanism known as chipping code that allows the receiver to reconstuct the data even when some gets lost due to interference.
  • Orthogonal Frequency-Division Multiplexing (OFDM): Employs a digital multicarrier modulation scheme that allows for a more tightly compacted transmission. The modular signals are perpendicular (orthogonal) and do not cause interference with each other. Requires smaller frequency.
58
Q

What are some different Wireless Communication Technologies?

A
  • Cell Phones: A portable device that uses radio waves to interact with a carrier’s network.
    • 1-5G Technologies
  • Bluetooth (802.15; Personal Area Networks-PAN): Uses 2.5 GHz to authenticate with a PIN and pair with a device. Uses a class system based on the distance it can go (1-4; 1 is the longest, 100m)
    • BlueJacking: Allows attacker to transmit SMS messages to your device.
    • BlueSnarfing: Allows attackers to connect with your BT devices and extract info
    • Bluebugging: Grants attackers remote control over the feature and functions of a BT device like turning on the mic or camera.
  • RFID: Tracking technology based on the ability to power a radio transmitter using current generated in an antenna when placed in a magnetic field.
  • NFC: A standard that establishes radio communications between devices in close proximity. Derived from RFID.
  • Cordless Phones: Designed to use any of the unlicensed frequencies. Not encrypted; can be eavesdropped.
59
Q

What are some LAN Technologies?

A
  • Ethernet (IEEE 802.3): Allows devices to communicate over the same medium but requires devices to take turns and perform collision detection and avoidance. Employs both collision and broadcast domains. Supports full-duplex comms and usually employs twisted-pair cabling. Data units are called frames.
  • Token Ring: Employs a token-passing mechanism in which systems can transmit data over the network medium.
    • MultStation Access Unit (MAU): This allows for cable segments to be deployed as a star while internally the device makes logical ring connections.
  • Fiber Distributed Data Interface (FDDI): A high-speed token passing technology that employs 2 rings with traffic flowing in opposite directions. The dual ring design is self-healing.
  • Subtechnologies:
    • Analog: A continuous signal that varies in freq, amplitude, voltage, etc. Produces a wave shape.
    • Digital: Discontinous electrical signal and a state of change or on-off pulses. Produces a square shape wave.
    • Synchronous: Based on a timing mechanism
    • Asynchronous: Relies on a stop/start delimiter bit to manage the transmission of data.
    • Baseband: Uses a single communication channel. High current represents a 1; low is 0. Ethernet is a baseband.
    • Broadband: Supports multiple simultaneous signals. Uses frequency modulation to support numerous channels, each supporting a distinct communication session. A form of analog, suitable for high throughputs.
    • Broadcast: Supports comms to all possible recipients
    • Multicast: Supports comms to multiple specific recipients
    • Unicast: Supports comms to only one specific recipient
60
Q

What are the LAN Media Access communication techniques?

A
  1. Carrier-Sense Multiple Access (CSMA): Host listens to LAN to determine if it’s in use; if not, the host transmits communication; host waits for acknowledgment; If no acknowledgment, hosts will start over.
  2. Carrier-Sense Multiple Access with Collision Avoidance (CSMA/CA):
    1. The host has 2 connections: inbound and outbound. The host listens on the inbound connection to determine whether the LAN media is in use.
    2. If not in use, host requests permission to transmit
    3. If permission is not granted, after a time-out period the host starts over at step 1.
    4. if permission is granted, the host transmits its communication over the outbound connection.
    5. Host waits for acknowledgment
    6. if no acknowledgment, the host starts over.
  3. Carrier-Sense Multiple Access with Collision Detection (CSMA/CA):
    1. Host listens to LAN to determine if its in use.
    2. If not in use, the host transmits its communication
    3. While transmitting, the host listens for collisions
    4. If a collision is detected, the host transmits a jam signal
    5. If the jam signal is received, all hosts stop transmitting
  4. Token Passing: Uses a digital token to perform communication. The holder of the token allows a host to transmit data then the token is released.
  5. Polling: Uses a master-slave configuration. One system is the master/primary and all over are secondary. The primary system polls/inquire secondary systems to determine if they have a need to transmit. if they do, they will transmit then the primary system moves on to the next system.