A Protocol Layer Survey of Network Security Flashcards
_____ is the lowest layer in the TCP/IP hierarchy.
link layer
_____ is the term applied to the basic unit of data that passes through the link layer.
frames
_____ is the second lowest layer in the TCP/IP hierarchy.
network layer
(T/F) TCP is a connectionless protocol
false
(T/F) IP is a connection-oriented protocol.
true
_____ is the transport layer protocol within TCP/IP.
TCP
_____ enables the receiving TCP/IP stack to reconstruct the data stream at the destination in the correct order.
the sequence number
_____ and _____ are two transport layer protocols within TCP/IP.
hypertext transport protocol (HTTP) and (FTP)
_____ is the top layer of the TCP/IP stack.
application layer
List three physical layer protocols.
ethernet, token ring, and DSL
If a network interface is placed in _____ mode, it will receive all network traffic irrespective of source or destination.
promiscuous
_____ and _____ are the two address types that correspond to a networked computer.
Media Access Control (MAC) and Internet Protocol (IP)
_____ is the protocol that resolves IP addresses into MAC ID’s.
Address Resolution Protocol (ARP)
Explain how the following Teardrop attack works.
hacker. net 22 > target.org 33: UDP (frag 123:64@0++)
hacker. net > target.org(frag 123:20@24)
Two UDP packets are sent where the second overwrites bytes 21-45 in the original packet to camouflage the packet signatures.
_____ is the goal of a Teardrop attack.
avoid static firewalls and older intrusion detection systems
In a Smurf attack, which of the two IP addresses are spoofed?
(a) source
(b) destination
(a) source
What is the procedure used to establish a TCP/IP connection between two hosts?
Server waits for connection request from client. Client sends TCP segment specifying information. Server responds with a segment specifying information. Client sends final segment with ACK flag set.
_____ spoofing occurs when the attacker’s computer is on the same subnet as the victim.
non-blind (TCP)
_____ spoofing occurs when the attacker has to guess how the victim TCP layer generates sequence numbers.
blind (TCP)
_____ attacks employ spoofing in order to intercept network traffic and/or take over the network session.
Man in the Middle (MITM)
_____ compromise an operating systems kernel.
kernel-mode rootkits
If we describe the complexity of a password as R**L, where R is the radix of the symbol set and L is the length of the password string, in most practical situations increasing _____ adds more security than increasing _____.
L, R
The fact that HTTP is _____ requires the storage of transaction information in order to create online shopping carts.
state dependent
_____ is an HTML image tag occurring within a web page that may result in malicious activity.
A web bug
List three types of information that may be harvested by means of web bugs
date and time page was viewed, browser type and monitor resolution, and IP address of the computer the victim used to view the document
List three types of social engineering that are used to mislead or defraud computer and network users
Email spoofing, IP spoofing, and ARP spoofing
List four types of viruses that infect computer systems
Boot virus, file virus, macro virus, and script virus
_____ are two types of malware that create a mechanism by means of which an attacker can remotely access and control the victim’s computer
Trojans and backdoors
_____ is a type of encryption where the encryption and decryption keys are either the same or algorithmically related
Symmetric-key encryption
_____ is the type of encryption where the encryption and decryption keys are different: one is published and the other is secret
Public-key encryption
_____ is an information system resource whose value lies in unauthorized or illicit use of that resource
A honeypot
