4 Network Flashcards
protocols at layer 2
FRAMES
802.2 LLC TokenRing Ethernet FDDI Fiber Distributed Data Interface l2TP PPP PPTP ARP 802.11 WLAN
protocols at layer 2
FRAMES
802.2 LLC TokenRing Ethernet FDDI Fiber Distributed Data Interface l2TP PPP PPTP ARP 802.11 WLAN Frame Relay PPP
protocols at layer 4
SEGMENT
TCP
UDP
SSL/TLS
protocols at layer 4
SEGMENT
TCP
UDP
protocols at layer 5
DATA
SSL/TLS SQL RPC DNS NFS iSCI
protocols at layer 7
USER DATA
SNMP SET S-RPC FTP TFTP SSH IMAP POP HTTP TELNET
firewall layers
GEN I stateless: Layer 3
GEN III stateful: Layer 5
GEN V: Application (Proxy): Layer 7
FCoE
Fibre Channel over Ethernet Layer 3 encapsulates FC communications over Ethernet payload of Layer 2 -> not location independent
iSCI
Layer 5, based on TCP
Location independent file storage over LAN/Internet
MPLS
not limited to IP
saves time by using short path labels instead of long addresses
802.11
wireless
802.15
bluetooth
WEP
weak IV in clear text
RC4
WPA
based on LEAP and TKIP (Key Integrity Protocol - weak). RC4
backward compatible
Radius support (Enterprise)
WPA2
802.11i
CCMP (Counter Mode CBC) based on AES-128
not backward compatible
Radius support (Enterprise)
802.1X
port pased NAC (Layer 2)
includes EAP Framework
allows use of Radius, Tacacs
types of EAP
LEAP: Cisco, weak
EAP-TLS: encapsulates EAP in TLS, uses PKI, client + server cert required, very secure but complex
EAP-TTLS: encapsulates EAP in TLS, only server cert, secure and less complex
PEAP: encapsulates EAP in TLS, like EAP-TTLS, only server cert, secure and less complex (RSA,Microsoft,Cisco)
FDDI
Fibre Distributed Data Interface
token with two rings
before Ethernet
802.3
Ethernet
Email-Sec
S/MIME - offers CIA
PKI
MOSS - offers CIA + nonrep
MD5,RSA,DES
PKI
PEM - offers CIA + nonrep
RSA,DES,X.509
PKI
PGP - offers CIA + nonrep
IDEA,RSA, Web of trust, independently
PPP authentication
CHAP - use this!
offers encryption, authentication, reauthentication
PAP -. weak!
user/pw in cleartext, no encryption
SWIPE
Software IP Encryption
Layer 3
offers CIA
SSL
Secure Socket Layer
offers CI replaced by TLS Layer 4 128Bit key SSL-VPNs easier to use than IPSEC, no privileges required, easy to firewall
SSL
Secure Socket Layer
offers CI replaced by TLS Layer 5 128Bit key SSL-VPNs easier to use than IPSEC, no privileges required, easy to firewall