6 - Windows Network Protocols Flashcards
Describe the “idea” behind RPC.
- The idea behind RPC is that a computer program can call and execute a subroutine on a remote system just like it would call a local subroutine.
- HOWEVER - the network communication details are hidden from the user.
Describe the four steps in RPC.
- A client makes a request to execute a procedure on the remote server. The client is suspended until the procedure results are back.
- The procedure’s parameters are passed over the network to the server.
- The procedure then executes on the server.
- The results are then transferred back to the client.
RPC can be used in distributed environments and local environments.
[True / False]
True
RPC is implemented in nearly all popular programming languages.
[True / False]
True
Describe the meaning of the abstraction provided by RPC.
The user doesn’t need to know the details of how the RPC interaction was handled over the network.
What are the 2 main goals of RPC?
- A program can use it to request a service from a computer on another network without having to understand the network itself.
- It can be beneficial because it hides the existence of the network from a program.
NetBIOS provides __________ on local networks.
Communication services
NetBIOS allows applications and computers on a local area network to communicate with network hardware on another network.
[TRUE / FALSE]
TRUE
In Windows, the NetBIOS name can be up to how many characters long?
16
How do software applications on a NetBIOS network locate and identify each other?
Through their NetBIOS names
What begins a NetBIOS session?
Two applications start a NetBIOS session when the client sends a command to “call” another client (the server) over TCP port 139.
In NetBIOS, what is referred to as the “session mode”?
The session mode is where both sides issue “send” and “receive” commands to deliver messages in both directions.
What terminates a NetBIOS session?
A “hang-up” command
Describe how NetBIOS supports connection-less communications.
- Through UDP.
- Applications listen on UDP port 138 to receive NetBIOS datagrams.
- The datagram service sends/receives datagrams.
- The datagram service broadcasts datagrams.
What does SMB stand for?
Server Message Block
What is SMB?
- SMB is a network file and resource sharing protocol that uses a client-server model.
- SMB clients such as PCs on a network connect to SMB servers to access resources such as files and directories or perform tasks like printing over the network.
What port do SMB clients use to connect to an SMB server?
port 445
Server Message Block is a ________ protocol, meaning it transfers multiple messages between the client and server to accomplish the request.
request-response
Name two advantages of SMB.
- SMB provides an authenticated intercommunication process mechanism to share the files or resources (files, folders, printers) within the server.
- SMB provides the clients to edit files, delete them, share the files, browse the network, print services, etc., over the network.
The SMB protocol needs _______ to make communication safe.
security measures
What does the “Network Discovery” setting in Windows determine?
Network Discovery determines whether other computers and devices connected to the network can see and communicate with each other.
What is one major disadvantage of enabling Network Discovery?
Data transmitted between the connected computers or devices can be intercepted by a third party.
Name / describe 3 commands that can be used to perform Network Discovery in the Powershell CLI
- ipconfig
- arp -a (will display IPs along with MAC addresses)
- ping (will iindicate if the connection is still active)
Within the context of Network Discovery, what could an invalid IP address be indicative of?
An invalid IP address is often a sign of malicious or rogue devices that might be carrying malware.
What CLI command can be used to turn off Network Discovery?
netsh advfirewall firewall set rule group=”Network Discovery” new enable=No
Net.exe is a file that is part of Microsoft Windows Operating System.
[TRUE / FALSE]
TRUE
Describe some of the functionalities Net.exe may be used for.
- Starting, pausing, or stopping Windows services
- Adjusting network account requirements
- Mapping shared disk resources to drive letters, on local or remote client or server computers.
What does the Net command prompt manage?
It manages almost any aspect of a network and its settings, including network shares, network print jobs, and network users.
The net command is available from within the Command Prompt in all Windows operating systems.
[TRUE / FALSE]
TRUE
What is the “NET ACCOUNTS” command used for?
Used to set the policy settings on local computers, such as Account policies, password policies and logon requirements for all accounts.
What is “net /?” used for?
Used to get general help on the net command.
When used without options, what does the “net accounts” command display?
Displays the current settings for password, logon limitations, and domain information.
What command modifies local groups on computers?
NET LOCALGROUP
When used without options, the NET LOCALGROUP command displays what?
the local groups on the computer
High level - describe the process of DNS resolution.
- The process of DNS resolution involves converting a host name (such as www.google.com) into a computer-friendly IP address (such as 192.168.1.1).
- An IP address is given to each device on the Internet.
In a typical DNS lookup, how many types of queries occur?
3
Name the Query type.
A DNS client requires that a DNS server (typically a DNS recursive resolver) will respond to the client with either the requested resource record or an error message if the resolver can’t find the record.
Recursive query
Name the Query type.
The DNS resolver knows the answer; it will either immediately return it or query the authoritative DNS Name Server which is guaranteed to have it.
Non-recursive query
Name the query.
The DNS client will allow a DNS server to return the best answer it can. If the queried DNS server does not have a match for the query name, it will return a referral to a DNS server authoritative for a lower level of the domain name space. This process continues with additional DNS servers down the query chain until it’s returned or errors out.
Iterative query
This is the fastest way for your system to find an IP address
cached DNS data
How does cached data speed up queries?
Cached data can speed up queries because the information is immediately available, thus bypassing the entire DNS lookup process.
___ is a web server software package designed for Windows Server.
IIS
(Internet Information Services)
Name two functions of IIS.
- It is used for hosting websites and other content on the Web.
- It provides a visual means of creating, configuring, and publishing sites on the web.
What website options does the IIS Manager allow Web Admins to modify?
- default pages
- error pages
- logging settings
- security settings
- performance optimizations
The traffic going into the IIS web server is sometimes referred to as a web request.
[True / False]
True
How are IIS web requests typically processed?
Requests are usually processed on a simple request-response basis.
Describe was is meant by the “request-response” model.
The client sends a request, and a response is sent.
Name the 2 layers of the IIS processing architecture.
- Kernel mode
- User mode
With this mode, executed code cannot access hardware or reference memory, giving you a more secure environment to work within. If a mistake is made, the consequences are unlikely to be as devastating.
User mode
With this mode, code can execute any command and has total access to connected equipment.
Kernel mode
Name the 4 key features of IIS.
- Application Pools
- Authentication
- Security
- Remote management
