325 Flashcards
Client Server network
Form of internet network that consists of a single central computer functioning as a server and directing several other computers, referred to as clients
Peer-to-peer network
a group of computers or devices that share resources and access shared resources without centralized control.
Local Area Network types
Home/Residential, Soho Network, SME Network, Enterprise, Datacenter
Wide area network
a computer network in which the computers connected may be far apart, generally having a radius of half a mile or more.
Topology
The physical or logical structure of the network in terms of nodes
Types of network topology
Star, Mesh, Full Mesh, Partial Mesh
Star Topology
Each endpoint node is connected to a central forwarding appliance, such as a switch or router.
Mesh Topology
Requires that each device has a point to point link with every other device on the network
Full Mesh Network
Commonly used in WANs especially public networks.
Partial Mesh Network
Only most important devices interconnected in the mesh, perhaps with extra links for fault tolerance
Simplex
Sender can send the data but the sender unable receive the data
Full-duplex
Data is sent and received simultaneously. It is dual way communication where both directions of communication will happen at the same time.
Half-duplex
Data is sequentially sent and received. It is a bidirectional communication that is limited to only one sender or reciever at a time.
Logical topology
How data travels between nodes on a network. This topology emphasizes the data path that a message takes from one device to another, irrespective of the physical connections between them.
Addressing
Unique identifier for a network node, such as a MAC address, IPv4 address, or IPv6 address.
Encapsulation
A method by which protocols build data packets by adding headers and trailers to existing data.
Ethernet
System for connecting a number of computer systems to form a local area network, with protocols to control the passing of information and to avoid simultaneous transmission by two or more systems.
Media access control
Layer that controls the hardware responsible for interaction with the wired (electrical or optical) or wireless transmission medium.
Collision domain
Network segment where simultaneous data transmissions collide with one another.
Carrier-sense multiple access with collision detection (CSMA/CD)
Ethernet protocol that uses carrier sensing to defer transmissions when a collision is detected.
Carrier-sense multiple access with collision avoidance (CSMA/CA)
Network multiple access method in which carrier sensing is used, but nodes attempt to avoid collisions by beginning transmission only after the channel is sensed to be idle. When they do transmit, nodes transmit their packet data in its entirety.
The Protocol field in the IPv4 header
specifies the type of data encapsulated in the payload, allowing the receiving host to know how to process it
Three tier architecture
The core Server, distribution switches, and access switches which server users
Spine and leaf architechture
Two-layer architecture. Every leaf switch is connected to a spine switch in a full mesh topology. The leaf layer contains the access switches that connects to the servers and provide a connection for end users. Overcomes the limitations of three-layer hierarchical architecture
A hop
A packet passing through a router
Hop limit
“Time to live” for ipv6
default route
A route when no other route matches. Destination: 0.0.0.0/0
OSI Model
the Seven layers defined by the open systems interconnection reference model.
OSI Layers
“All People Seem To Need Data Processing” - Application, Presentation, Session, Transport, Network, Data Link, Physical.
Protocol Data Unit
Chunk of data with protocol-specific headers added at each OSI layer. The basic unit of exchange between entities that communicate using a specified networking protocol
Physical Layer
Responsible for transmission and reciept of signals that represent bits of data. Can be cabled or wireless
Data Link layer
Responsible for transferring data between nodes on the same logical segment.
Network Layer
Responsible for logical network addressing and forwarding, move data around an internetwork.
Transport Layer
Responsible for breaking upper-layer data into segments and ensuring reliable data control, error detection, and error correction.
Session Layer
Provides services for applications that need to exchange multiple messages (dialog control)
Presentation Layer
Transforms and translates data between the formats used by the network and applications, including data compression and encryption
Application Layer
Provides support to applications requiring network services (file transfer, printing, email, databases, and so on).
Bridge
Appliance or application that connects different networks as if they were one network. Inspects destination MAC addresses to decide if a packet should jump to other network segments.
Router
Intermediate system working at the Network layer capable of forwarding packets around logical networks of different layer 1 and layer 2 types
Firewall
Software or hardware device that protects a network segment or individual host by filtering packets to an access control list.
Access Control List
Collection of ACEs that determines which subjects are allowed or denied access to the object or privileges.
Access Control Entry
A particular security identifier that is associated with Access rights.
Physical layer devices
Tranciever, Repeater, Hub, media converter.
Data Link layer devices
NIC, Bridge, Switch, Wireless Access Point, VLANs
Header fields added by the Data Link layer
Source Hardware address, Destination hardware Address, checksum for basic error checking
Network Layer Devices
Router
Functions of the Transport Layer
Data segmentation and reassembly, reliable message delivery, end to end flow control.
Transport Layer Devices
Multilayer Switches, Security Appliances, IDSs
Function of the Session Layer
The exchange of multiple messages between the client and server. This exchange is called a session or dialog.
Registered Jack
Series of jack/plug types used with twisted pair cabling, such as RJ45 and RJ11.
Shielded Twisted Pair
Copper twisted pair cabling with screening and shielding elements for individual wire pairs and/or the whole cable to reduce interference. Also referred to as a screened, shielded, or foiled twisted pair.
Digital Certificate
Identification and authentication information presented in the X.509 format and issued by a Certificate Authority
Certificate Authority
A server that guarantees subject identities by issuing signed digital certificate wrappers for their public keys.
Public Key
For Asymmetric encryption, is freely distributed and can be used to perform the reverse encryption ore decryption operation of the linked private key in the pair.
Network Time Protocol
Networking protocol for clock synchronization over packet-switched variable latency networks. Uses port 123.
Three types of Precision Time Protocols
Grandmaster is authoritative. Boundary has interfaces in PTP segments. Ordinary has a single interface.
Trunking
Connecting switches together
Port Bonding
Multiple ports are connected and perceived as a single whole by the switch
Port mirroring
Copies traffic from one interfaces
SPAN
Switch Port Analyzing Network
Ethernet frames payload
Frames support more than 1,500 bytes, up to 9216 in a jumbo frame
Jumbo Frames
Larger payload of an ethernet frame, and must be supported by the switch.
Ethernet flow control
As a non- deterministic form of communication, control is maintained by speed or IEEE.802.3x
Port Security
Prevents unauthorized use from a switch interface. Designed to restrict network access by filtering MAC addresses. It allows administrators to define which devices are permitted to connect to specific switch ports. Keeps a list of confirmed MAC sources.
Straight-through cables
Used for patch cables, and to connect workstations to network devices.
MDI
Media Dependant Interface
MDI-X
Media Dependant Crossover
10BASE-T and 100BASETX Straight Through cables
Won’t use pins 4,5,7,8. From the MDI, 1,2 are Transmitting. And 3,5 are receiving.
1000Base-T
For gigabyte cables, all four sets are transmitting and receiving data.
Ethernet crossover cables
For MDI to MDI, or MDI-X to MDI-X. Connects 1-3, 2-6, 3-1, 4-7, 5-8, 6-2, 7-4, 8-5
Auto-MDI-X
Automatically performs crossover on modern ethernet devices.
MIMO
Multiple Input Multiple Output
MU-MIMO
Multiple User MIMO
802.11A
5GHz MTT PS and total is 54 Mbit/s. No MIMO
802.11B
2.4GHz MTT PS and total is 11 Mbit/s. No MIMO
802.11G
2.4 GHz MTT PS and total is 54 MBits. No MIMO
802.11n
5GHz / 2.4 GHz and MTT PS is 150 MBits. Total is 600 MBits. 4xMIMO.
802.11ac
5GHz and MTT PS is 867 MBits, Total is 6.9 GBits. 8xDL MU-MIMO
802.11ax
5/2.4 GHz MTT PS is 1,201 MBits and total is 9.6 GBits. 8xDL and UL-MU-MIMO
Orthogonal Frequency-division multiple access
Similar to cellular communication, and improves high-density installations (OFDMA)
Channels
Groups of non overlapping frequencies numbered by the IEEE
Bandwidth
the width of a frequency defined in MHz. Defined by 802.11 standards
Extended Service Set
An ESS is a collection of multiple BSSs working together as a single network, typically managed by a controller. It allows for larger coverage areas and seamless roaming between different BSSs under the same network SSID.
Basic Service Set
BSSID is a unique identifier associated with a specific SSID within a BSS. It is formatted like a MAC address and serves to uniquely identify the network’s access point and SSID combination
Independent basic service set
IBSS is a basic service set, ad hoc connection for temporary or long term communication
Physical network map
follows the physical wire and devices to simplify troubleshooting
Distribution frames
Passive cable termination, a series of punch down blocks or patch panels that can simplify network extensions or troubleshooting.
Main Distribution Frame
central hub of a network. Located at the primary entry point for internet connection, houses key equipment like routers, switches, and patch panels that manage and route the data to and from the external world to the internal network. Termination point for WAN links
Patch Panel
Allows for easy access and cable Identification,for troubleshooting and fault isolation in a server room.
Intermediate Distribution Frame
the IDF plays a supporting role to the MDF, acting as a relay point that extends the connectivity from the MDF to specific areas, floors, or sections of a building that the main distribution frame cannot reach directly due to distance limitations.
Severity levels
defined levels of events to force priority
Runt
frames that are less than 64 bytes
Giant frame
frames that are more than 1518
CRC error
failed the Frame Check sequence resulting from failed cable or port
Netflow
Gathers traffic statistics from all traffic flows, that is exported to a collector program
continuity of operations planning
The planning, coordination and performing of essential functions during a range of emergencies.
System Life Cycle
managing asset disposal, information disposal.
Standard operating procedures
Backup procedures that are planned for event outages
Password policy
Company policies regarding password setup, age, size, and lifecycle.
Remote access policy
External communications is difficult to control
Onboarding procedures
The process of integrating employees into an organization.
Offboarding procedures
The process of separating employees out of an organization.
Data Loss Prevention
involves multiple technologies that can catch sensitive data before it leaves the organization.
Fault Tolerance
Maintain uptime in the case of failure. It adds complexity. Single device fault tolerance is built on RAID, UPS, and NICs
Redundant Array of Inexpensive Disks
Data storage virtualization technology that combines multiple physical disk drive components into one or more logical units for the purposes of data redundancy, performance improvement, or both.
Load balancer
A device with a Virtual IP, and connects users to servers as they are online. Can switch traffic to alternative nodes, reduce bottlenecks, and allow for failover services.
Port Aggregation
Multiple links to a single switch to use 2gigs from the connection.
Fire suppression
The amount of electronics used in a data center complicate fire suppression which uses and prefers modern liquids and gasses
Cold Site
no hardware, no data, no people
Hot Site
Duplicate site, architecture, and hardware meant to speed
Warm Site
Might have hardware, racks, or HVAC. Not hot or cold.
Cloud site
use an established cloud provider
Active-Passive
two devices are installed and configured, only one operating at a single time.
Active-Active devices
two devices are installed and configured, with both cooperating at the same time.
Diverse paths
multiple redundant paths across a network, from ISPS, firewalls, routers, switches, load balancers, and web servers. To maintain redundancy and fault tolerance
FHRP - First hop redundancy protocol
A computer setting to use a different gateway should the default gateway fail.
CIA Triad
Confidentiality, Availability, Integrity. The fundamentals of security.
Confidentiality
Certain information should be limited. Encryption and access controls help restrict access to resources.
Integrity
That the data is stored and transferred as intended and that any modification is authorized
Availability
That information is accessible to those authorized to view or modify it.
Vulnerability
A weakness that could be accidentally triggered or intentionally exploited to cause a security breach.
Threat
The potential for someone or something to exploit a vulnerability and breach security. A threat may be intentional or unintentional. The person or
Risk
The likelihood and impact of a threat actor exercising a vulnerability. Assessing Risk helps you decide which vulnerabilities to prioritize patching and what additional security measures to implement.
Data At rest
The state in which data is in some sort of persistent storage media.
Data in use
The state in which data is present in volatile memory such as system ram, cpu registers, and cache.
Data In Transit
The state in which data is transmitted over a network.
Encryption
Encoded messages so only proper recipients can read them.
Access controls
Programs that specify roles to limit access or controls to users.
Steganography
Conceal information within another piece of information. Associated with hiding information within an image.
Hashing
mapped data of an arbitrary length to a fixed length. If it’s modified it will be a different hash.
Digital Signature
Mathematical scheme to verify the integrity of data.
Non-Repudiation
Authentication that with high assurance can be asserted to be genuine, and that can not subsequently be refuted.
Zero day attacks
vulnerability that has never been identified or published in a new or unreleased product or application.
Threat
A vulnerability that can be exploited. Could be intentional or accidental. Most are external to the organization
Insider threat
A threat actor that has access to the internal processes or procedures. Ameliorated by Least Privilege.
Physical Controls
Keep people away from technology. Door locks, fences, rack locks, cameras
Technical controls
Hardware and software safety measures. Firewalls, AD authentication, Disk encryption.
Vulnerability assessment
an evaluation of a system’s security and ability to meet compliance requirements based on the configuration state of the system.
Honeypot
A host, network, or file set up with the purpose of luring attackers away from assets of actual value and/or discovering attack strategies and weaknesses in the security configuration. Also called a honeynet or honeyfile.
Cybersecurity audit
Ensure a security posture aligns with established standards
Data Locality
Establishing policies and tools that ensure data is stored within a specific national or state border.This is often required to comply with data sovereignty and protect data privacy.
Physical segmentation
separate devices to prevent users from accessing another customer’s resources.
Logical segmentation
VLANs to force a customer to only be able to interact with their own resources
Screened Subnet/demilitarized zone
Public access to resources, but no access to the org’s internal network. A physical or logical subnetwork that contains and exposes an organization’s external-facing (public-facing) services to an untrusted, usually larger, network such as the Internet.
Separation of Duties
Split knowledge, no individual has complete knowledge of a function or resource.
Network Access Control
Security solutions whose primary function is to authenticate and authorize devices before they gain full access to the network. Supports network visibility and access management through policy enforcement on devices and users of corporate networks.
IEE 802.1x
port based NAC. Physical interface authentication. Individual ports can be disabled. Addresses communication between a supplicant to an authenticator, and the auth server.
Supplicant
A user who is trying to log into a IEE 802.1x server
Authenticator
Passes a supplicant’s credentials against an authentication server
Local Authentication
A manual process where passwords are kept on the local device. Not impacted by server downtime.
Multi-factor authentication
Can be expensive. More than one factor, could be a token, biometric, codes, or smartphone application
Remote authentication Dial-in User Service
AAA protocol that is widely supported and offers centralized authentication for users.
Terminal Access Controller Access-Control System
Created to control dialup lines in ARPANET. TACACS+ released in 1993.
Lightweight Directory access protocol
protocol for reading and writing directories over an IP network.
Kerberos
Network authentication protocol, no need to reauth for subsystems. Manual and protected against on-path or replay attacks.
SSO with Kerberos
single auth without username or password using backend ticketing. Complicated as a result of its cryptography
Address Resolution Protocol
Communication protocol used for discovering the link layer addresses, such as MAC address, or IPv4 address. Critical function in TCP/IP.
On-path network attack
Man in the middle attack, traffic redirection, ARP poisoning.
Wireless evil twins
looks legitimate
Malware
Software of many forms that are malicious in purpose.
Types of malware
Virus, ransomware, worm, trojan horse, rootkit, keylogger.
Ransomware
Your data is unavailable until the hijackers are paid and release the files.
Hashing a password
Hashes as fixed length strings are not convertible, and will not have collisions
VLAN Hopping
An attack where the attacker is able to send traffic from one VLAN to another by either double tagging the traffic, or conducting switch spoofing.
DNS poisoning
Corrupting the DNS cache to redirect users to malicious websites.
ARP spoofing
Targets the local network to redirect traffic to malicious websites.
SSL stripping
Downgrades HTTPS connections to HTTP.
DNS spoofing
Typically involves creating fake DNS records rather than corrupting the DNS cache.
Dictionary attack
Use a dictionary to find common words within a password.
Virtual Private Network
Encrypted data traversing a private network
Concentrator
Encryption/decryption access device. Often integrated into a firewall.
Client-To-Site VPN
ON demand VPN from a remote device.
Site-to-site VPN
Always-on. Firewalls on both sides act as concentrators.
Clientless VPN
VPN tunnel within HTML5 browser.
Full Tunnel
All data is from a user is kept inside the organizations network.
Split tunnel
Users are able to access sites or resources that are not on the organizations network.
RDP
Remote Desktop Protocol.
Asset tracking tabs
Records of every asset within an organisation.
Troubleshooting
Identify, Establish Theory, Test theory, Evaluate.
Speed/bandwidth
theoretical maximum data rate. Measured in bits per second.
The threat types
Footprinting, spoofing, DoS, Botnets
Footprinting
Enumeration of resources on a network to identify potential targets for further attack, spoofing, DoS
The attack types
Data theft, insider threat, malware attack, password attack, social engineering
Identity Access Management
Framework of policies and technologies to ensure correct access to correct users.
Identification
Creating an account or ID that uniquely represents the user, device, or process on the network.
Authentication
Proving that a subject is who or what it claims to be when it attempts to access the resource. An authentication factor determines what sort of credential the subject can use.
Authorization
Determining what rights subjects should have on each resource, and enforcing those rights. An authorization model determines how these rights are granted.
Accounting
Tracking authorized usage of a resource or use of rights by a subject and alerting when unauthorized use is detected or attempted.
Six factors used in Authentication
Knowledge, Ownership, Biometric, Behavior, Location, Time.
Knowledge factor
Something you know (such as a password).
Ownership factor
Something you have (such as a smart card).
Route poisoning
Prevents a router from sending packets through a route that has become invalid within computer networks.
Human factor
Something you are (such as a fingerprint).
Behavior factor
Something you do (such as making a signature).
Location factor
Somewhere you are, such as only being able to log into an account from a specific location, known as geofencing.
Time factor
Somewhen you are (such as only being permitted to start a session during work hours or using an access token before it expires).
Multifactor
Authentication scheme that requires the user to present at least two different factors as credentials. Specifying two factors is known as 2FA.
Public Key Infrastructure
Framework of certificate authorities, digital certificates, software, services, and other cryptographic components deployed for the purpose of validating subject identities.
Five stages of a Key’s Life Cycle
Generation, Storage, Revocation, Expiration and Renewal.
Key Generation
The creation an asymmetric key pair or symmetric secret key of the required strength, using the chosen cipher.
Storage
Prevents unauthorized access to a private or secret key and protects against loss or damage.
Revocation
Prevents use of the key if it is compromised. If a key is revoked, any data that was encrypted using it should be re-encrypted using a new key.
Expiration and Renewal
Gives the certificate that validates the key a “shelf-life” to increase security. Every certificate expires after a certain period. Certificates can be renewed with the same key pair or with a new key pair.
Federated Identity
The means of linking a person’s electronic identity and attributes, stored across multiple distinct identity management systems.
Security Assertion Markup Language
An XML-based data format used to exchange authentication information between a client and a service.
Supplicant
The device requesting access in a 802.11x standard connection, such as a user’s PC or laptop.
AAA Server
The authentication server, positioned within the local network. This server either holds a database of accounts and credentials or has access to a directory server that can authenticate requests and issue SSO authorizations.
Remote Authentication Dial-In User Service
AAA protocol used to manage remote and wireless authentication infrastructures.
Terminal Access Controller Access Control System
Networking protocol that provides centralized AAA management for users, and admins who connect and use a network service.
Network Segmentation Enforcement
Enforcing a security zone by separating a segment of the network. Could be accomplished using firewalls, VPNs, VLANs. A physically separate network or host (with no cabling or wireless links to other networks) is referred to as air-gapped. Also referred to as segmentation or network segmentation enforcement.
Private Server Administrative Networks
Devices are subject to strict hardening and configuration management policies. Hosts, user accounts, and traffic with permission to operate in the zone are continually monitored to ensure compliance with security policies.
Private Client Network
Devices are subject to security policies and monitoring, but the diverse range of technologies and permissions to use public networks make the zone less than fully trusted.
Guest
Unmanaged devices are allowed to connect, subject to some restrictions and monitoring. This zone is typically untrusted and would not be allowed access to trusted networks.
Public Server Network
Devices are fully managed but accept connections from unmanaged public clients. Consequently, hosts within this zone are only partially trusted.
Public
The zone is unmanaged and therefore untrusted.
Screened Subnet
Segment isolated from the rest of a private network by one or more firewalls that accepts connections from the Internet over designated ports. Formerly referred to as a demilitarized zone (DMZ), this usage is now deprecated.
Intrusion detection system
Security appliance or software that uses passive hardware sensors to monitor traffic on a specific segment of the network. Also called a network intrusion detection system (NIDS).
Intrusion prevention system
Security appliance or software that combines detection capabilities with functions that can block attack in an active configuration.
Multicast
A TCP/IP Technology that sends out packets to devices when streaming to multiple workstations from a single media server. It only sends those to devices that specifically requested the stream rather than the entire network.
AAAA records
Maps a domain name to IPv6.
“A” Records
Maps a domain name to IPV4
TXT records
Are used to store SPF details, which defines which mail servers are authorized to send email on behalf of a domain, helping to prevent email spoofing. And textual information related to the domain, not DNS server details.
Mail Exchange Records
MX Records specify mail servers for the domain.
Name Server Records
NS records specify DNS servers for the domain. Used to specify the authoritative DNS servers for a domain or subdomain, guiding external queries to the correct servers for DNS resolution.
PTR Records
PTR records are used for reverse DNS lookups, not for specifying DNS servers for subdomains.
Canonical Name
CNAME records alias one domain name to another.
Cable Certifier
Tests the continuity of a cable and verify that a cable meets its specifications such as the bandwidth, frequency, and length.
SYN flag
Synchronization: The first packet sent from the sender to a receiver as a means of establishing a TCP connection and initiating a three-way handshake.
Simple Mail Transfer Protocol
Internet standard communication protocol for electronic mail transmission.
Simple Mail Transport Protocol Secure
a method for securing the SMTP using transport layer security.
Link Aggregation Control Protocol
allows the user to combine numerous physical Ethernet links into one logical link, which helps create load balancing in the interfaces
Digital Subscriber Line
technology for transferring data over voice-grade telephone lines, often referred to as the local loop.
Cable Internet
usually available along with Cable Access TV (CATV). These networks are sometimes described as hybrid fiber coax (HFC) because they combine a fiber optic core network with coax links to CPE, but are more simply just described as cable broadband.
Asymmetric digital subscriber line
Enables faster data transmission over coper than conventional modems.
Very high-speed digital subscriber line
Provides faster transmission over a single copper line.
Customer Edge
The router that interfaces a WAN. From a customer to the provider’s network.
At which OSI layer do WANs use simpler protocols than LANs
At the Data Link Layer Wan’s use simpler protocols due to their point-to-point connections.
Why use public networks for WAN services?
The cost is less than implementing a private solution.
Cable Modem Termination System
connects all the premises in a street via coaxial cables and routes data traffic through the fiber optic backbone to the Internet Service Provider’s (ISP’s) Point of Presence (PoP), facilitating internet access.
Filter in a DSL setup
Prevents Noise from affecting voice calls.
the primary function of a T-carrier system
To enable voice traffic digitization
primary advantage of TDM in T-carrier systems
It enables the simultaneous transmission of multiple signals over a single transmission path.
Very High-Speed DSL2
100 MBPS bi-directional
Fiber To the curb
Service providers use VDSL to achieve higher bit rates at the expense of range, to achieve FTTC.
Point to Point Protocol
Encapsulation protocol at the Data Link Layer. Encapsulates IP packets for transmission over serial digital lines. Has no security mechanisms, uses other protocols to provision a secure tunnel.
Internet Protocol Security
Used to secure IPv4 and/or IPv6 communications on local networks and as a remote access VPN protocol. IPSec operates at the Network layer.
Transport Mode
Mode of IPSec. used to secure communications between hosts on a private network.
Tunnel Mode
Mode of IPSec. used for communications between VPN gateways across an insecure network. Router configuration.
Authentification Header
IPSec protocol that provides authentication for the origin of transmitted data as well as integrity and protection against replay attacks.
Encapsulating Security Payload
IPSec sub-protocol that enables encryption and authentication of the header and payload of a data packet.
Integrity Check Value
Small piece of data from a larger set, often a packet or frame, can verify that the data has not been tampered with.
Internet Key Exchange
Framework for creating a security association (SA) used with IPSec. An SA establishes that two hosts trust one another (authenticate) and agree on secure protocols and cipher suites to use to exchange data.
Digital Certificates
Are issued to each peer by a mutually trusted certificate authority to identify one another.
Pre-shared key
when the same passphrase is configured on both peers.
Split Tunnel
VPN configuration where only traffic for the private network is routed via the VPN gateway.
Full Tunnel
VPN configuration where all traffic is routed via the VPN gateway
TCP flags
SYN, PSH, RST, FIN
Maximum Transmission Unit
Maximum IP Packet to transmit. Not a fragment
media converter
Layer 1 device that changes one type of connection to another.
Jitter
network condition that occurs when a time delay in the sending of data packets over a network connection occurs. A variation in the delay of the packets, and can cause some strange side effects, especially for voice and video calls
UDP scan
is activated with the -sU option on Nmap. Shows A list of open UDP ports on the target device.
End systems
also referred to as hosts, are the nodes that send and receive data traffic in a network.
Emergency Severity levels
range from zero to seven, with zero being the most severe and seven being the least severe.
Level 0 Emergency
is used for an emergency and is considered the most severe condition because the system has become unstable.
Level 1 Emergency
is used for an alert condition and means that there is a condition that should be corrected immediately.
Level 2 Emergency
is used for a critical condition, and it means that there is a failure in the system’s primary application and it requires immediate attention.
Level 3 Emergency
is used for an error condition, and it means that something is happening to the system that is preventing the proper function.
Level 4 Emergency
is used for warning conditions and it may indicate that an error will occur if action is not taken soon.
Level 5 Emergency
is used for notice conditions and it means that the events are unusual, but they are not error conditions.
Level 6 Emergency
is used for information conditions and it is a normal operational message that requires no action.
Level 7 Emergency
is used for debugging conditions and is just information that is useful to developers as they are debugging their networks and applications.
Data Center Interconnect (DCI)
best utilizes VXLAN technology between dispersed data centers
Ad Hoc networks
Enable devices to connect directly, promoting peer-to-peer communication without relying on a centralized access point
End systems
Also referred to as hosts, are the nodes that send and receive data traffic in a network. They consume the services provided by servers in a client-server network
Precision Time Protocol
Protocol for clock synchronization throughout a computer network with relatively high precision and therefore potentially high accuracy
Autonegotiation
Allows devices to automatically select the highest supported connection parameters, including speed, and mode, ensuring compatibility between devices with different Ethernet capabilities. This feature is crucial for maintaining compatibility with older devices that only support 10 Mbps Ethernet interfaces.
Three modes of Sessions
Simplex, Half-Duplex, or Duplex.
supervisory control and data acquisition
runs as software on ordinary computers to gather data and manage plant devices and equipment with embedded PLCs, called field devices
TTL output field
Is in the ping command and shows the value of the counter when the packet arrives at its destination.
Link State algorithm
Allows a router to store the complete network topology and assess the least-cost paths from this topology database.
reverse proxy server
provides for protocol-specific inbound traffic. This type of proxy can listen for client requests from the Internet and create the appropriate request to the internal server.
Stateful Firewall
operates at Layer 5 (Session) of the Open Systems Interconnection (OSI) model. This type of firewall performs circuit-level stateful inspection by maintaining stateful information about the session between two hosts.
storage area network
Provisions access to storage devices at the block level. A SAN is isolated from the main network. It is only accessed by servers, not by client PCs and laptops
Software-defined wide area network
An overlay network that provisions a corporate WAN across multiple locations and facilitates secure access to the cloud directly from a remote location.
Anycast
This form of addressing allows multiple servers to share the same IP address, and when a user attempts to access the service, the network routes the request to the nearest server based on routing protocols like Border Gateway Protocol (BGP). This approach is ideal for achieving high availability and low latency for a global web application, as it automatically directs users to the geographically closest server, improving response times and load distribution across multiple servers.
Unicast
This form of addressing is used for one-to-one communication between a single sender and a single receiver. While it is the most common form of IP addressing for general internet communication, it does not inherently provide the mechanism for directing users to the nearest server based on geographic location or network latency. Unicast alone would not meet the requirements for high availability and low latency on a global scale without additional routing logic.
Broadcast
Broadcast addressing is used to send data to all possible destinations within a network segment. This method is not suitable for internet-based applications, as it is limited to local network segments and does not allow for selective routing to the nearest server. Broadcasting would not achieve the goal of directing users to their nearest server for the web application.
Multicast
Multicast addressing is designed for one-to-many communication, where data is sent from a single source to multiple recipients who have expressed interest in receiving the data. While multicast is efficient for distributing data to multiple recipients simultaneously, it does not provide a solution for directing users to the nearest server based on their geographic location or network latency.
Generic Routing Encapsulation
Tunneling protocol allows the transmission of encapsulated frames or packets from different types of network protocol over an IPv4 network.
Internet Control Message Protocol
This protocol reports errors and sends messages about the delivery of a packet.
Trivial File Transfer Protocol
a connectionless protocol that runs over User Datagram Port (UDP) port 69
Secure FTP
Raddresses the privacy and integrity issues of FTP by encrypting the authentication and data transfer. Runs over Transmission Control Protocol (TCP) port 22.
FTP over Secure Sockets Layer
uses either Explicit Transport Layer Security (FTPES) or Implicit Transport Layer Security (FTPS) for secure communication.
HTTPS
a subset of Hypertext Transfer Protocol (HTTP) that allows for a secure dialog between the client and server using Secure Sockets Layer/Transport Layer Security (SSL/TLS)
Remote Desktop Protocol
Microsoft’s protocol for operating remote Graphical User Interface (GUI) connections to a Windows machine. RDP uses Network Level Authentication (NLA) which requires the client to authenticate before a full remote session is started.
SSH
Is a cryptographic network protocol for operating network services securely over an unsecured network. Operates over port 22
Telnet
Telnet commonly provides remote access to a variety of communications systems. Telnet is often used for remote maintenance of network communications devices. Telnet provides access to a command-line interface on a remote computer using TCP port 23.
Multipoint Generic Routing Encapsulation
MGRE is a protocol used for connecting multiple remote sites through a Virtual Private Network (VPN). It employs a hub and spoke topology to encapsulate and forward data packets from one remote site to another, making VPN management simpler and more scalable.
Multiprotocol Label Switching
MPLS is a networking technology that routes traffic using the shortest path based on “labels,” rather than network addresses, to handle forwarding over private wide area networks. As a scalable and protocol-independent solution, MPLS assigns labels to each data packet, controlling the path the packet follows.
Encapsulating security payload
Provides confidentiality and/or authentication and integrity. It can be used to encrypt the packet rather than simply calculating a hash.
North-South traffic
traffic going into the data center from the outside.
East-West traffic
traffic traveling within a data center but not traveling into a data center
Point-to-point protocol
encapsulation protocol that works at the Data Link layer (layer 2). PPP has no security mechanisms, so must be used with other protocols to provision a secure tunnel.
Classless Inter-Domain Routing
CIDR uses bits normally assigned to the network ID to mask the complexity of the subnet and host addressing scheme within the network. This allows CIDR to collapse the company’s three routing entries into one single entry.
Variable Length Subnet Masking
(VLSM) allows a network designer to allocate ranges of Internet Protocol (IP) addresses to subnets that match the predicted need for numbers of subnets and hosts per subnet.
localhost
Hostname that refers to the current device being used. It is associated with the loopback address, typically 127.0.0.1, which is used for internal testing and communication within the host. This allows software and services on the same device to communicate with each other using the TCP/IP protocol stack without sending packets over the network.
Routing Information Protocol
distance vector-based routing protocol. It uses a hop count metric to determine the distance to the destination network. To help prevent looping, the maximum hop count allowed is 15.
static route
manually added to the routing table and only changes if edited by the administrator. This is ideal for temporary solutions to rapidly set up a route for network testing or quick troubleshooting. Has an AD value of 1 for routing.
default route
type of static route that identifies the next hop router for a destination and cannot match another routing table entry.
Open Shortest Path First
OSPF is a link state type of routing protocol ideal for hierarchical systems and networks. OSPF is suitable for organizations with multiple redundant paths between networks. Has a default AD value of 110
Interior Gateway Protocol
IGP is the protocol that identifies routes within an Autonomous System (AS).
Neighbor Discovery (ND) protocol
Is responsible for gathering various information required for network communication, including the configuration of local connections and the domain name servers and gateways. A main function is redirection, which enables a router to inform a host of a better route to a particular destination.
Enhanced Interior Gateway Routing Protocol
EIGRP is an advanced distance-vector routing protocol that is used on a computer network for automating routing decisions and configuration. Rapid convergence, facilitated by its use of a composite metric (combining bandwidth, delay, load, and reliability) for routing decisions, making it efficient and flexible for network changes . Is proprietary to Cisco devices.
Effective Isotropic Radiated Power
The power at which an access point transmits is configurable. is calculated as the sum of transmit power, antenna cable/connector loss, and antenna gain.
Received Signal Strength Indicator
RSSI is the strength of the signal from the transmitter at the client end. Most captive portal issues arise because the redirect does not work.
Captive Portal
Web page accessed with a web browser that is displayed to newly connected users of a Wi-Fi or wired network before they are granted broader access to network resources. Uses RADIUS servers to confirm users.
independent basic service set
IBSS is an ad hoc topology where the wireless adapter allows connections to and from other wireless devices.
PTR record
found in reverse lookup zones and is used to resolve an IP address to an associated host name.
Mean time between Failures
(MTBF) represents the expected lifetime of a product. The calculation for MTBF is the total operational time divided by the number of failures.
forward lookup zone
used to translate a given a name record and return a related Internet protocol (IP) address.
Third-party domain name system
another organization is responsible for hosting records. Typically, this would be for external domains.
Audit log
records the use of authentication and authorization privileges. It will generally record success/fail type events. An audit log might also be described as an access log or security log.
forwarder
transmits a client query to find a host to another domain name system (DNS) server and routes the replies it gets back to the client.
Syslog
example of a protocol and supporting software that facilitates log collection. It has become a de-facto standard for logging events from distributed systems.
vulnerability
a weakness triggered or exploited to cause a security breach; an exploit is a means of using a vulnerability to gain control or damage a system.
Single mode cables
support data rates up to 10 Gbps or better and cable runs of many kilometers, depending on the quality of the cable and optics.
jump box
serves as a single administration server, or jump host/server, added to the secure zone to simplify and secure administrative access to servers and appliances exposed to the Internet. It centralizes administrative tasks, reducing complexity and enhancing security by limiting access points.
Multimode fiber cables
inexpensive to deploy compared to single mode fiber. As such, it does not support high signaling speeds or long distances as single mode and is more suitable for Local Area Networks (LANs) than Wide Area Networks (WANs).
Multi-fiber push on connectors
MPOs are fiber connectors incorporating multiple optical fibers. These connectors are found primarily in data center environments for consolidating multiple fibers in backbone cabling and supporting parallel optics applications that transmit and receive signals over multiple fibers to achieve higher speeds.
Session Initiation Protocol
SIP is a signaling protocol for initiating, maintaining, and terminating real-time sessions that include voice, video, and messaging applications
Spanning Tree Protocol
STP is a network protocol that builds a logical loop-free topology for Ethernet networks. Basic function is to prevent bridge loops and the broadcast radiation that results from them. If you have redundant links set up, it is important to utilize STP to prevent loops within the network. If a loop occurs, the performance of the entire network can be degraded due to broadcast storms
Collapsed Core
Two-tier hierarchical network topology where access layer switches connect directly to a full mesh core layer. This is impractical if there are large numbers of core switches, making the design less scalable.
Single mode fiber
Fiber optic cable type using LED or vertical cavity surface emitting laser optics and graded using optical multimode types for core size and bandwidth. has a larger core (62.5 or 50 microns) and shorter wavelength light (850 nm or 1,300 nm) transmitted in multiple waves of varying length.
Multi mode fiber
Fiber optic cable type that uses laser diodes and narrow core construction to support high bandwidths over distances of over 5 km. has a small core (8 to 10 microns) and a long wavelength.
Internet Key Exchange version 2
IKEv2 is a tunneling protocol within the IPSec protocol suite. It is responsible for setting up Security Association (SA) for secure communication between VPN clients and VPN servers within IPSec.
MOBIKE multihoming
Mobility and Multihoming Protocol is a feature of IKEv2 that allows a VPN client to maintain an active VPN connection while switching between different network interfaces, such as moving from a Wi-Fi connection to cellular data.
top-of-rack switch models
ToR switch models designed to provide high-speed connectivity to a rack of server appliances. Used as leaf layer access switches.
First Hop Redundancy Protocol
FHRP is a protocol used to provide redundancy for the default gateway in a LAN environment.
Fibre Channel
FC is specifically designed for high-speed data transfer in storage area networks, making it the ideal choice for connecting servers to storage devices.
Straight Tip
ST fiber connections are commonly used in fiber optic connections in LAN networking applications. Uses a bayonet plug and socket connector that was the de facto standard for most fiber optic commercial installations.
Mechanical Transfer Registered Jack
MTRJ is a small form factor fiber-optic cable connector which resembles the RJ-45. Commonly used to connect fiber optic cables to a switch or router, but it uses a single connector that houses the Tx and Rx connections.
Subscriber Connector
SC popular fiber-optic connector due to its low cost, durability, and simple installation for both point-to-point and passive optical networking.
Lucent Connector
LC is a miniaturized version of the SC connector but is still larger than an MTRJ connector.
RJ-45
Used by twisted-pair copper cables for local area network and ethernet connections.
RJ-11
Used by twisted-pair copper cables for telephone applications.
Application-aware firewall
WAF or application-aware firewall would detect both the accessing of random ports and TLS encryption and identify it as suspicious. An application-aware firewall can make decisions about what applications are allowed or blocked by a firewall, and TLS connections are created and maintained by applications.
Verbose trap
A verbose trap may contain all the information about a given alert or event as its payload. Requires more bandwidth to send over the network
Granular trap
A granular trap contains a unique object identifier (OID) number and a value for that OID.
Internet Protocol Security
IPsec is a network protocol that encrypts and authenticates data sent over a network.
Anycast
An IPv6 anycast address is an address that can be assigned to more than one interface (typically different devices). In other words, multiple devices can have the same anycast address. A packet sent to an anycast address is routed to the “nearest” interface having that address, according to the router’s routing table.
Multicast
can be used with both IPv4 and IPv6.
Broadcast
Broadcast communication has one sender, but it sends the traffic to every device on the network. Broadcast only works with IPv4.
Unicast
Unicast communication only has one sender and one receiver. Unicast works with IPv4 or IPv6.
Differentiated services
Diffserv is a computer networking architecture that specifies a mechanism for classifying and managing network traffic and providing quality of service (QoS) on modern IP networks. Can offer low-latency to VOIP, media streaming, web traffic, or file transfers.
Differentiated Services Code Point
DSCP is a 6-bit IP header for packet classification purposes. Used on layer 3 for QoS and Diffserv.
Class of Service
A parameter used in data and voice protocols to differentiate the types of payloads contained in the packet being transmitted. To assign priorities for Diffserv.
Data center interconnect
Cconnection between data centers and between the components within them. Provide high bandwidth in order to maximize the utility of the data center. Utilizes VXLAN
clientless VPN
remote users can securely access corporate resources through a web browser without installing dedicated VPN client software
WiFi analyzer
WiFi analyzer can determine the wireless network’s signal strength, the frequencies in use, and any possible radio frequency interference.
forward zone
Maps domain names to their corresponding IP addresses, which is essential for resolving internal domain names efficiently.
Data Over Cable Service Interface Specification
DOCSIS is an international telecommunications standard that permits the addition of high-bandwidth data transfer to an existing cable television (CATV) system. It is used by many cable television operators to provide cable Internet access over their existing hybrid fiber-coaxial (HFC) infrastructure.
Network Time Security
NTS is a time synchronization protocol designed to address security vulnerabilities inherent in traditional time synchronization protocols such as NTP and SNTP.
Secure Access Service Edge
network architecture that combines network security functions with wide-area networking (WAN) capabilities to provide secure access to applications and data for remote users and branch offices.