Advanced Network Security Flashcards
To understand network security
What is the name of the Internet precursor and the first packet-switched network?
ARPANet or (Advanced Research Project Agency Network)
What does the term “Best effort Communications” refer to?
This makes reference to the internet that made use of packet switching as each packet was handled on the bases of best effort.
Explain the difference between packet switching and circuit switching.
packet-swtched network enable a proper use of network resources and can cater for multiple connections. circuit switching depends a two points to maintain the network connection. any new connection would need to wait.
What is the full meaning of ARPANet?
Advanced Research Project Agency Network
what is a Network Topology ?
a network’s structure.
Define are host nodes
Host Nodes are sources and destinations of messages.
Communication nodes
routers through which messages flow through.
Physical Connections
Define the channels through which messages travel.
List the three Network Topologies you know.
LAN, WAN,ASs
What is the full meaning of LAN and what is it ?
Local Area Network. This is a network composed of a group of computers in relatively close proximity.
What is the full meaning of WAN and what is it ?
Wide Area network. This network is composed of many machines and smaller networks spread out over greater distances.
What is the full meaning of ASs ?
these are controlled by a single organisation entity (business or university) which determines how packets will be routed among the nodes in the AS.
What is the meaning of an ISP ?
Internet Service provider
How many tiers of ISPs in the Internet structure
up to tier 3 or local ISP, tier 2 ISP , tier 3 ISP
What is a Network protocol?
A protocol defines the rules of communication between computers.
The are two classifications of protocols, list them
Connectionless and Connection-oriented protocols
Explain Connectionless protocols
sends data out as soon as there is enough data to be transmitted. (UDP)
Explain connection-oriented protocols
reliable connection stream between two nodes. consists of setup, transmission, and tear down phases.
creates virtual circuit switched network (TCP)
What does a packet consist of
Control information for addressing the packet: header and footer
Data: payload
What is the Network Model and describe it?
The Network Model is a stack of layers.
1. The Higher layers use the services of the lower layer via encapsulation.
2. A layer can be implemented with either Software or hardware.
3. The bottommost layer must be hardware.
How many Layers does a network device implement?
a network device can implement several layers.
What is the protocol number for HTTP?
80
What is the protocol number for UDP?
17
what is the protocol number for ICMP?
1
What is the protocol number for TCP?
6
What is the protocol number for IGMP?
2
What is the protocol number for SSH?
22
What is the protocol number for SMTP?
25
What is the protocol number for DNS?
53
What is the protocol number for DHCP?
67
Explain the Internet Packet Encapsulation
Data Link Frame -> IP packets -> TCP or UDP packets -> App Packet
List a few Network attacks you know.
DOS, DDOS, Eavesdropping, repudiation, Masquerading
List some tools related to monitoring and initiating attacks
SCAPY, NMAP, WIRESHARK, DOCKER, KALI LINUX, TCPDUMP.
List examples of protocols in each layer of the TCP/IP model.
Application layer -
What is a network interface device used for?
A network interface device is used to connect a computer to a network.
What are other names for a network interface device?
ethernet card, wifi adapter
Most Local Area Networks (including Ethernet and Wifi) _____________________________.
Broadcast frames.
Explain the difference between regular mode and promiscuous mode of network interfaces.
In regular mode, each network interface receives the frame intended for it. in promiscuous mode, traffic sniffing can be accomplished by configuring the network interface to read all frames.
What is Ethernet?
Ethernet refers to both the physical medium (cable) and the link layer protocol.
What are Frames?
Frames are transmitted on an Ethernet cable and received by other machines on the same logical connection on the same local area network.
Another name for “Logical connection”.
Network Segment.
What is a Hub?
Hubs logically connect multiple devices, allowing them to act as a single network segment. Hubs forward all frames to all devices attached.
What is a Switch?
A switch forwards the frame along the cable it knows is connected to the destination.
When does a switch act like a hub?
when a MAC flooding attack is in progress causing a DOS to which the switch defaults to fail open mode.
Most network interfaces come with a pre-defined Mac address. True or False.
True
What is the Full meaning of MAC address
Media Access Controll address.
What is A MAC ADDRESS?
A MAC Address is a 12-hex digit or 48-bit number that can be used to identify a computer in a network. They can be reset by the network interface driver.
What is ARP?
ARP stands for Address Resolution protocol. it connects the network layer with the data link layer.
It does this by broadcasting requests and caching responses for future use.
What is ARP Spoofing and how explain the types? of attack that can occur from it.
ARP Spoofing is an arp attack that preys on the vulnerability of the stateless ARP protocol. it receives ARP responses even it there is no ARP Request. The ARP protocol is susceptible to unknown ARP announcement broadcasts. Attacks that can occur include Traffic Sniffing - passive attacks and Modifying traffic information - Active attacks (MITM). Other attacks include the MAc address flooding which can in turn result in the Denial of Services.
What is DHCP?
Dynamic Host Configuration Protocol is a protocol used the automatically assign IP addresses to network devices.
What are the ARP Spoofing Countermeasures?
Using static ARP entries, Dynamic Host Configuration Protocol, and Identifying Cloned Mac addresses.
What is packet sniffing?
Packet sniffers read information that traverses a network. packet sniffer intercept packets.
What is a port?
a port is not a physical connection but a logical connection that programs and services use to exchange information.
What is the range of network ports?
0 - 65535
What is packet sniffing?
Packet sniffing is usually a passive attack. reading and sniffing information for possible future attacks (active)
What are the ways to stop packet sniffers?
Packet encryption- encrypting packets securely.
Define the several ranges of ports and explain them
What is Wireshark?
Wireshark is a packet sniffing and protocol analyzer
What does an IP packet header include
What does DHCP mean and what is it ?
Dynamic Host Configuration Protocol is used to automatically assign IP addresses.
How can a host Ip address be configured
Statically or Dynamically.
What is a DHCP Client?
A DHCP Client is a client that interacts with a DHCP server to get the IP address information.
What are the forms of a DHCP Server?
A DHCP server can be a router, home access point or firewall.
Explain the DHCP 4-way handshake
Discovery, Offer, Request, Acknowledge
IP Vulnerabilities
Unencrypted transmission, No source authentication, No integrity Checking.
