2.0 Networking - sections 14 Flashcards
A Server
Can be configured to allow the clients on the network to access the network and be able to read and write to its disk(file share).
Printer Server
Another server that could be a physical workstation or network infrastructure the provides printing functionality.
Types of Printer Servers
Windows-based file and printer server, Linus/or Unix-based, IP-based File and Print Server/Cloud Printing.
Windows-based file and print server runs which protocols.
Relies on the NetBIOS protocol or SMB.
Linus/or Unix-based file and print server use what software
Uses Samba, Samba provides the ability for Linus or Unix server to be able to host files or printers that can then be used by windows clients running the SMB protocol.
IP-based File and Printer Server / Cloud Printing
Allows for printing anywhare in the world.
A Web Server
Any server that provides access to a website. Generally uses HTTP and HTTPS.
A IIS web server
Internet Information Services(IIS): Extensible web server software, created by Microsoft(HTTP, HTTP/2, and HTTPS) commonly used for window servers.
Apache software
Apache software is the most popular way to run a web server these days.
NGINX Web server has/is
Reverse proxy, mail proxy, load balances, and HTTP cache. Developed for speed.
URL
Uniform Resource Locator(URL): Combines the fully qualified domain name with a protocol at the beginning.
Email Servers
Servers that are set up to compose a message and send it to another user.
The four types of Email Servers
Simple Mail Transfer Protocol(SMTP), Post Office Protocol version 3(POP3), Internet Mail Application Protocol(IMAP), Microsoft Exchange.
SMTP
Simple Mail Transfer Protocol(SMTP): Specifies how emails should be delivered from one mail domain to another. Think SEND mail Transfer protocol, port 25.
POP3
Post Office Protocol(POP3): Older email protocol which operates over port 110. Older protocol to GET/RECEIVE emails.
IMAP
Internet Mail Application(IMAP): Mail retrieval protocol. Operates over port 143 and can connect to a server and receive and read messages. Newer protocol to GET?RECEIVE emails.
Micosoft Exchange
Mailbox server environment designed for Windows-based domain environments. Commonly seen and used in corporate environments.
AAA Servers
Authentication, Authorization, Accounting(AAA) Servers: A server program that handles user request for access to computer resources. Provides authentication, Authorization, Accounting services for an enterprise.
802.1X Authentication framework
Standardizard framework protocol used for port-based authentication on wired and wireless networks, and is used to run the Authentication protocols.
Types of Authentication protocols
Active Directory(AD), Remote-Authentication Dial-in User Server(RADIUS), Terminal Access Controller Access-Control System Plus(TACACS+)
AD Authenticaion protocol
Active Directory(AD): Used to organize and manage the network, including clients, servers, devices, users and groups.
RADIUS Authenticaion protocol
Remote Authentication Dial-in User Service(RADIUS): Provides centralized administration of dial-up, VPN, and wireless authentication services for 802.1x and the EAP. Runs on application layer(OSI model), uses UDP for connections making it fast.
TACACS+ Authentication protocol
Terminal Access Controller Access-Control System Plus(TACACS+): Proprietary version of RADIUS that can perform the role of an authenticator in 802.1x networks.
Kerberos Authorization protocol
Kerberos: Authorization protocol used by windows to provide for two-way (mutual) authentication using a system of tickets. A domain controller can be single point of failure for Kerberos.
Non-Repudiation Accounting protocol
Non-Repudiation: Occurs when you have proof that someone has taken an action.
Remote Access Servers
A server that can run different protocols or services to remotely connect devices/users over a network.
Remote Access Server Protocols
Telnet, SSH, RDP, VNC, TTY
Telnet:
Sends text-based commands to remote devices and is very old networking protocol, port 23. Never use to connect to secure devices.
SSH
Secure Shell(SSH): Encrypts everything that is being sent and received between the client and the server, port 22.
RDP
Remote Desktop Protocol(RDP): Provides graphical interface to connect to another computer over a network connection, port 3389. Uses remote desktop gateway(RDG) to create a secure connection to tunnel into the RDP.
VNC
Virtual Network Computing(VNC): Designed for thin client architectures, port 5900.
TTY
Terminal Emulator(TTY): Any kind of software that replicates the TTY I/O functionality to remotely connect to a device.
Network monitoring Servers
Servers that run protocols for tracking various aspects of a network and it devices, and logs.
Syslog
Protocol that enables different appliances and software applications to transmit logs to a centralized server. Is the default(de facto) standard for logging events.
Types of Syslog protocols
Old Syslog(syslog), New Syslog(syslog-ng, rsyslog)
Old Syslog(syslog) uses what?
Relied on UDP, lacked security controls
What is syslog-ng, rsyslog, and what does it use.
New syslog(syslog-ng, rsyslog): Uses TCP, TLS, MD5, and SHA1
SNMP
Simple Network Management Protocol(SNMP): TCP/IP protocol that aids in monitoring network-attached devices and computers. Has three parts/components Managed devices, agent, and network management system,port 161, 162.
Managed devices component of SNMP
Computers and other network-attached devices monitored through the use of agents by a network management system.
Agent component of SNMP
Software that loaded on a managed devices to redirect informatoin to the network management system.
Network Management System(NMS) component of SNMP
Software running on one or more servers to control the monitoring of network-attached devices and computers.
The two ways SNMP sends data
In-band, Out-of-band
In-band(syslog data)
Less secure, over the network you are using
Out-of-band(syslog data)
To create/or configure a managed out-of-band network to increase security.
Proxy Servers
Devices that create a network connection between an end user’s client machine and a remote resource (web server). Can be hardware or software.
Proxy servers provide
Increased network speed and efficiency, increased security, and additional auditing capabilities.
Load balancer/Content switch
Distributes incoming requests across a number of servers inside a server farm or a cloud infrastructure. Key to defending against DoS attack or DDoS attack
DoS
Denial of Service(DoS): Involves a continual flodding of victim systems with request for services, causing the system to crash (single attacker).
DDoS
Distributed Denial of Service(DDoS): Mulitple machines simultaneously launch attacks on the server to force it offline(multiple attackers).
Load Balancer Security techniques
Blackholing/Sinkholing, Intrusion Prevention System(IPS), Elastic Cloud
Blackholing/Sinkholing
A load balancer security technique that identifies any attacking IP addresses and routes their traffic through a null interface.
Intrusion Prevention System(IPS)
A load balancer security technique that works for small-scale attacks against DoS.
Elastic Cloud
A load balancer security technique that allows to scale up the demands as needed. ISP will charge you for scaling up.
UTM
Unified Threat Management(UTM): Provides the ability to conduct security functions( antivirus, content filtering, email and web filtering, anti-spam) within a single device or network appliance. UTM devices are placed between your LAN and the connection to the internet.
Access Control List(ACL)
Rule sets placed on the firewall, routers, and other network devices that permit or allow traffic through a particular interface.
The two actions in ACL
Top is specific rules, bottom is generic. Always performed top-down.
The two interface configurations for ACL-UTM
Web-based interface, Text-based interface
Firewall(s)
Inspects and controls the traffic that is trying to enter or leave a network’s boundary.
Firewall types
Packet-filtering, Dynamic packet-filtering, Stateful, Proxy, Kernel proxy.
NGFW
Next-Generation Firewall(NGFW): Use a single more efficient engine, perferred over UTM if network speed and efficiency are your primary concern.
IT stands for
Information Technology(IT): Includes computers, servers, networks, and cloud platforms.
Two types of OT
ICS, and SCADA
What is OT
Operational technology(OT): Communications network designed to implement an ICS. Technology that interacts with the real world.
ICS opertional Technology
Industrial Control System(ICS): Provides the mechanisms for workflow and process automation by controlling machinery using embedded devices.
What is a DCS opertational technology
Distributed Control System(DCS): Multiple ICSs can create a Distributed control system.
The three technologies in ICS
Fieldbus, Programmable Logic Controller(PLC), Human-Machine Interface(HMI).
SCADA Opertional Technology
Supervisory Control and Data Acquisition systems(SCADA): Is still technically ICS, but used to manage the large scale multi-site devices and equipment in a geographic region from a host computer. Needs wide-area network to work for large scale sites with cellular, microwave, satellite, fiber, VPN-based LAN.
Embedded Systems
Embedded Systems: Computer systems that is designed to perform specific and dedicated functions. Are static enviroments, where frequent changes are not allowed. Made to do one thing/operation/action.
PLC
Programmable Logic Controller(PLC): Type of digital computer used industrial or outdoor settings. the computer inside the machine/device).
Types of Embedded systems
Real-time Operating System(RTOS), System-on-a-chip
RTOS Embedded system
Real-time Operating System(RTOS): Type of OS that prioritizes deterministic execution of operations that ensure consistent response for time-critical tasks.
System-on-a-chip
Processor integrates the platform functionality of mulitple logical controllers onto a single chip.
Componets of System-on-a-chip
An integrated circuit that contains all the components of a computer, Processor, Memory, Storage, Graphics Processor, Peripherals.
Legacy System
Computer system that is no longer supported by its vendor and no longer provided with security updates and patches. Need to identify legacy systems and put mitigations in place to keep operating systems.
Proprietary System
System that is owned by its developer or vendor.