2.4 Summarize services provided by networked hosts Flashcards
What is the current version of SMB?
SMB3
Why is SMB1 disabled by default on current Windows versions?
It has security vulnerabilities
How can SMB be implemented on Linux-based devices & NAS appliances?
Via Samba software suite
This allows a Windows client to access a Linux host as though it were a Windows file or print server
What did the eraliest Windows network use instead of TCP/IP?
NetBIOS
Meaning of NetBIOS?
Network Basic Input/Output System
What did NetBIOS allow computers to do?
Address one another by name & establish sessions over protocols
protocols like SMB
What was NetBIOS re-engineered to work over?
TCP & UDP protocols
What term is used to describe the re-engineering of NetBIOS to function over TCP and UDP protocols?
NetBT
Meaning of NetBT?
NetBIOS over TCP/IP
What port does NetBT use for name services?
UDP/137
What does NetBT use UDP/137 for?
Name services
What port does NetBT use for session services?
TCP/139
What does NetBT use TCP/139 for?
Session services
Is NetBT obselete?
Yes
Modern networks use IP, TCP/IP, & DNS for these functions
Why should NetBT be disables on most networks?
Poses a risk to security
When should NetBT be used?
When network needs to support file sharing for pre-Windows 2000 versions
This is because pre-Windows 2000 systems rely on NetBIOS for file and printer sharing
What does FTP use TCP/21 for?
Establish a connection
Between client & server
What does FTP use TCP/20 for?
Transfer data in Active or Passive mode
In FTP’s active mode, the server initiates the data connection to the client on port 20, but it can encounter firewall and NAT issues. Passive mode, where the client initiates both control and data connections to the server, is more firewall-friendly.
2 FTP options that are encrypted?
SFTP & FTPS
FTPS = File Transfer Protocol Secure
Meaning of SFTP?
FTP over Secure Shell
Which encrypted FTP version is widely used?
SFTP
What does a web server do?
Provides client access using HTTP or HTTPS
What does HTTP enable clients to do?
Clients are typically web browsers
To request resources from an HTTP server
How does a server respond to an HTTP resource request from a client?
Returning requested data or responding with an error code
What kind of webpages does HTTP serve?
HTML webpages
What are HTML webpages?
Text files with coded tags describing how to format documents
How does a web browser display HTML webpages?
Interprets the tags & other resources associated with the page
HTTP also enables hyperlinking to related documents and supports form submission (POST) for data transfer from client to server.
What is the functionality of HTTP often extended by?
Support for scripting & programmable features
(Web apps)
Meaning of URL?
Uniform Resource Locators
What are URLs used for?
Accessing resources on the Internet
They contain the necessary info. to identify & access an item
What may a URL for an HTTP resource contain?
- Protocol
- Host location
- File path
Can the URL’s Host location be an IP address instead of the FQDN?
Yes, but IPv6 addresses must be enclosed in [ ]
What does the URL’s File path specify?
The directory & file name locatoin of the resource (if required)
The file path may or may not be case sensitive, depending on how the server is configured
What do orgs. typically lease a web server or space on a server from?
ISP
Larger orgs. with Internet-connected datacenters may host websites themselves
What is the “intranet”?
Private network using web technologies for local access
It provides local access to internal resources for employees within an organization. It offers a secure environment for sharing information, collaboration, and communication exclusively among authorized internal users, helping to improve efficiency and streamline operations while maintaining data security.
What is the “extranet”?
Private network using web technologies for remote access
Enables remote access for authorized users who are external to the organization, such as business partners, suppliers, or customers. It provides a secure way to share specific resources and information with these external parties while maintaining the overall security and integrity of the internal network.
Meaning of SSL?
Secure Sockets Layer
Why was SSL developed?
To address HTTP
Since HTTP was unencrypted
Meaning of TLS?
Transport Layer Security
What was TLS developed from?
SSL
It was ratified as a standed by the IETF
When is HTTP referred to as HTTPS?
When TLS is used with the HTTP application
Encrypted traffic is sent over TCP/443 rather than unencrypted TCP/80
TLS can be used to secure other TCP app protocols, like FTP, POP3/IMPA, SMTP, LDAP
What term is used when TLS is used with UDP?
DTLS
DTLS = Datagram Transport Layer Security
Most often used in VPN solutions
How is HTTPS implemented?
Web server is installed with a digital certificate issued by a trusted CA
CA = Certificate Authority
What do certificates on web servers have?
Encrypted data to prove the identity of the server to the client
Assuming the client also trusts the CA (Certificate Authority)
How is data in digital certificates encrypted?
Using a public/private encryption key pair
Who possesses the private key in web server encryption?
Web server
The private key is kept a secret known only to the server
How is the public key in web server encryption given to clients?
via the digital certificate
How are encrypted tunnels established in web server encryption?
Using the digital certificate’s key pair & a chosen cipher suite in TLS
Even if someone knows the public key, they can’t decrypt the tunnel’s contents without the server’s private key. This ensures secure communication, preventing third-party reading or modification.
How does a browser open a secure session to an HTTPS server?
With a URL starting with https://
It displays a padlock icon in the address bar, indicating a trusted server certificate and a secure connection. Websites can enforce secure sessions, rejecting or redirecting plain HTTP requests
What scheme do email addresses follow?
URL scheme
What do email addresses compromise of?
- Username
- Domain name
Separated by an @ symbol
i.e. david.martin@comptia.org or david.martin@aol.com
What does SMTP specify?
How email is delivered from 1 mail domain to another
How does the sender’s SMTP server find the recipient’s SMTP server’s IP address?
By using the domain name of the recipient’s email address
SMTP servers for the domain are registered in DNS using Mail eXchange (MX) & host (A/AAAA) records
For user@example.com, the sender’s SMTP server queries DNS for the MX record of example.com. The DNS server returns mail.example.com, which is then resolved to an IP address for email delivery
What is SMTP TCP/25 used for?
Message relay between SMTP servers, or MTAs
MTA = Message Transfer Agents
This means the process of transferring emails from a SMTP server to another
What is SMTP TCP/587 used for?
Mail clients to submit emails to an SMTP server
STMP servers configured to support TCP/587 shoud use encryption & authentication
What do SMTP servers deliver emails to?
mailbox servers
i.e. POP3 or SMTP
A mailbox server could be a separate machine or a separate process running on the same computer
What is POP’s secure port?
TCP/995
What happens when a user logs in to a POP email client?
Mailbox contents are downloaded to the local PC for processing
This allows the user to access and manage their emails locally, even when they are not connected to the internet.
What does POP3 typically do to emails after downloading them to a device?
Deletes them from the mailbox server
Although some clients have the option to leave messages on the server
How does IMAP differ from POP?
Allows simultaneous client access to the same mailbox with persistent connections
persistent connections enable clients to interact with the server efficiently, reducing overhead associated with connection setup and teardown.
What can clients do to the mailbox with IMAP?
Manage the mailbox on the server & create multiple mailboxes
for instance, to organize messages in folders & to control when they are deleted
How can IMAP TCP/143 be secured?
(Encrypted)
Using TLS
Default port for IMAPS?
IMAPS = IMAP-Secure
TCP/993
Meaning of SSO?
Single Sign-On
What is SSO?
Centralized authentication for accessing multiple services with 1 login
How does a directory database work?
Objects represent records while their attributes function as fields
attributes = things that are known about the object
What standard are most directory databases based on?
X.500
X.500 standard is a set of protocols for directory services in a network. It defines the framework for developing and managing electronic directories that provide access to various resources such as email addresses and public keys.
What does LDAP do?
Queries & updates an X.500 directory database
LDAP is widely supported in current directory products, such as Windows Active Directory and the open-source OpenLDAP
Meaning of AAA?
Authentication, Authorization, & Accounting
What do AAA servers do?
Consolidates authentication services across multiple access devices
AAA servers centralize authentication for various network devices and services, simplifying user logins and access management across the network.
What components does AAA use?
- Supplicant
- Network Access Server (NAS) or Network Access Point (NAP)
- AAA server
NAP = Nework Access Point
What is the supplicant component in AAA?
Device requesting access
i.e. a user’s PC or laptop
What is the Network Access Server (NAS) or Network Access Point (NAP) component in AAA?
Aka AAA clients & authenticators
Network devices that control access to the network
i.e. switches, APs, & VPN gateways
They forward data between the AAA server & the supplicant
How is AAA often implemented?
Using RADIUS protocol
Meaning of RADIUS?
Remote Authentication Dial-In User Service
What does a terminal do?
Accepts input & displays output
Whereas the shell performs the actual processing
What does a shell do?
Performs the actual processing
Whereas the terminal accepts input & displays output
What is a terminal emulator?
Software that replicates the I/O function of TTY
(I/O = Input/Output) (TTY = TeleTYpe)
A TTY (Teletypewriter) is a device used for text communication over a network, often in the context of early computer systems. Terminal emulators might support connections to multiple types of shell
What does a remote terminal emulator allow you to do?
To connet to the shell of a different host over the network
What protocol is mainly used for secure remote access to UNIX, Linux servers, & various network appliances?
Network appliances like switches, routers, & firewalls)
SSH
What is one of the most widely used SSH server implementations?
OpenSSH
What is RDP?
Microsoft’s protocol for remote GUI connections to Windows
RDP clients for various OSs, including Linux, macOS, iOS, & Android, allow remote connection to Windows desktops from non-Windows devices. Additionally, there are open-source RDP server options like xrdp.
What does SNMP consists of?
Management system & agents
What do SNMP agents do?
Maintain a database called MIB
MIB = Management Information Base
What is an SNMP agent?
Process running on a SNMP-compatible network device
i.e. switch router, server, etc.
What info. do MIB databased hold?
This is the database maintained by an SNMP agent
Statistics relating to the activity of the device
i.e. the number of FPS handled by a switch
What does it mean that SNMP agents can initiate a trap operation?
It informs the management system of a notable event
i.e. port failure
The threshold for triggering traps can be set for each value
What does the SNMP management system do?
Polls agents for Management Information Base (MIB) info & displays it for review
Also displays trap operations as alerts for admin assessment & action
“Polls” in this context means that the monitoring system actively requests information from the SNMP agents at regular intervals.
What does a log collector do?
Collects event messages from multiple devices into one location
What is syslog?
Protocol & software that facilitates log collection
Syslog is the standard for logging distributed events. i.e. syslog messages can be generated by routers & switches, as well as UNIX or Linux servers & workstations
What port does a syslog collector usually listen on?
UDP/514
What does a syslog message compromise of?
PRI code
What is a syslog message’s PRI code?
Header with timestamp & host name, & a message
PRI code calculated from facility & severity. Message includes source process tag and content, format varies.
What else do proxy servers do besides translating IP addresses?
Proxy servers act as NATs, translating between LAN’s private IP and router’s WAN IP
Receive, check, & forward HTTP requests to destination server
A proxy can also be used for other types of traffic (i.e email)
What does a proxy server do upon receiving a reply from the destination server?
Checks it & then forwards it back to the LAN computer
A proxy can also be used for other types of traffic (i.e email)
2 services a proxy server can operate as?
Transparent or nontransparent service
How does a transparent proxy server differ from a nontransparent one?
By not requiring any special configuration
A non-transparent proxy requires explicit configuration on client devices, including specifying the IP address and service port of the proxy server, to route traffic through it. On the other hand, a transparent proxy does not require any such configuration on client devices as it intercepts and redirects traffic automatically.
How does a nontransparent proxy server differ from a transparent one?
By requiring the IP address & service port of the proxy server
A non-transparent proxy requires explicit configuration on client devices, including specifying the IP address and service port of the proxy server, to route traffic through it. On the other hand, a transparent proxy does not require any such configuration on client devices as it intercepts and redirects traffic automatically.
How can a proxy perform a security function?
By acting as a content filter & applying rules to access requests
i.e. it can restrict overall time limits or impose time-of-day restrictions
How can a proxy improve performance & reduce bandwidth?
By configuring it to cache content
Meaning of IDS?
Intrusion Detection System
Meaning of IPS?
Intrusion Prevention System
How does an IDS work?
Identifying malicious traffic using programmed scripts
An IDS can raise an alert when a match is made
What does an IPS do?
Takes action to block the source of malicious packets
What do antivirus/antimalware do?
Scan network-transferred files for known malware signatures in binary data
What do spam gateways do?
Uses SPF, DKIM, & DMARC to verify the authenticity of mail servers
What are spam gateways configured with?
Filters that can identify unwanted messages
i.e. spoofed, misleading, or malicious messages
How is a spam gateway installed as?
Network server
Unwanted messages are filtered out before they’re delivered to the user’s inbox
What do content filters do?
Block outgoing access to unauthorized websites & services
What do DLP systems do?
DLP = Data Leak/Loss Prevention
Scans outgoing traffic for confidential or personal data
DLP systems can verify whether the transfer is authorized & block it if it’s not
Meaning of UTM?
Unified Threat Management
What is a UTM?
Appliance that combines multiple security functions
What do load balancers do?
Distribute clients requests across servers in a pool
When should a load balancer be used?
With multiple servers providing the same function
i.e. web servers, email servers, web conferencing servers, & streaming media servers.
Where is a load balancer placed?
In front of the server network
It distributes requests from the client network or Internet to the application servers
Why is a load balancer’s address advertised as a virtual server to clients?
To provide high availability & scalable services
“A load balancer’s address is advertised as a virtual server” means that clients are given a single IP address or domain name to connect to, which represents the load balancer rather than any specific backend server.
What is a legacy system?
System that’s no longer supported by its vendor
This could be hardware/software
This coluld be due to the vendor going out of business or formally deprecated use of the product
Meaning of EOL?
End Of Life
What is an EOL?
Product that is no longer supported
Why are legacy systems often retained in networks?
To run complex or expensive-to-migrate services
A service may be too complex or expensive to migrate to a more modern platform
Why is using legacy systems a security risk?
Due to lack of vendor patches for vulnerabilities
What should you do when using legacy systems in a network?
Isolated them & protect & monitor their network connections
By “maximise isolation”, i mean to isolate them as far as possible
What is an embedded system?
Device designed for a specific function
These systems can be as small & simple as a microcontroller in an intravenous drip-rate meter or as large & complex as an industrial control system managing a water treatment plan
Where are embedded systems typically designed to operate in?
Within a private network
Meaning there is no connectivity to wider computer data networks. Embedded systems interacting with computer networks require specific network design considerations, particularly regarding security.
What is an Industrial Control System (ICS)?
A computer control system to manage & automate industrial processes
Mechanisms for workflow & process automation
What does an Industrial Control System (ICS) control?
Infrastructure machinery
i.e. power suppliers, water suppliers, health services, telecommunications, & national security services
How do Industrial Control Systems (ICS) manage infrastructure machinery?
Via embedded PLCs
(PLC = Programmable Logic Controller) (equipment like plant devices)
A PLC is a specialized computer for industrial automation. It connects to actuators for mechanical control and sensors for local monitoring.
What is an embedded system network referred to as?
Operational Technology (OT) network
To distinguish it from an IT network
What is the output & configuration of a PLC performed by?
(PLC = Programmable Logic Controller)
A PLC is a specialized computer for industrial automation. It connects to actuators for mechanical control and sensors for local monitoring.
Human-Machine Interface (HMI)
A HMI may be a local control panel or software on a PC
Meaning of SCADA?
Supervisory Control And Data Acquisition
What does SCADA serve as?
SCADA is a control system architecture used in industrial settings for monitring & controlling processes & equipment
Control server for large, multi-site ICSs
ICS = Industrial Constrol System
SCADA typically runs as software on a comptuer
Meaning of IoT?
Internet of Things
What is IoT?
i.e. wearable technology, home appliances, home control systems, vehicles, etc.
Global network of sensor-equipped items with network connectivity
IoT devices have sensors, software, & network connectivity to transmit data
What are IoT smart devices used for?
Home automation systems
2 components that IoT smart device networks generally use?
- Hub/control system
- Smart devices
Why do IoT devices usually require a communication hub?
To facilitate wireless networking
A hub could be implemented as a smart speaker operated by voice control or use an app for configuration
Why may IoT devices need a control system?
They may be headless
Meaning they can’t operate directly using I/O devices
3 functions IoT smart devices are capable of?
Smart devies like a smart lightbulb, refrigerator, thermostat/heating control, doorbell/video entry phone that you can operate & monitor remotely, etc.
Compute, storage, & network functions
These are all potentially vulnerable to malware
What kernal do most IoT smart devices use?
Linux or Android Kernel
What attacks are IoT smart devices vulnerable to?
Web app & network attacks
Integrated peripherals like cameras & mics can be compromised
This is becuase they’re effectively running mini-computers
2 wireless protocols IoT devices may use?
Z-Wave or Zigbee
IoT smart devices may use these protocols even though the hub itself is usually connected to the Wi-Fi network
What are protocols like Zigbee & Z-Wave designed for?
Operating on low-power devices with minimal CPU & storage
