Advanced Networks Flashcards
Modulation
The encoding of data in a radio wave
Carrier Signal
The basis upon which information is superimposed allowing for transmission of data
AM
Amplitude Modulation
Varies the amplitude of a carrier signal to encode the message signal
ASK
Amplitude Shift Keying
Toggles the amplitude of the carrier signal depending on the message signal
FSK
Frequency Shift Keying
Toggles the frequency of the carrier signal between two distinct values depending on the message signal (0 or 1)
PSK
Phase Shift Keying
Toggles the phase of a carrier signal depending on the digital signal
Binary PSK
Toggles the phase between two states to encode 1 bit (2 states)
Quadrature PSK
Toggles the phase between four states to encode 2 bits (4 states)
Eight-PSK
Toggles the phase between eight states to encode 3 bits (8 states)
QAM
Quadrature Amplitude Modulation
Varies both the phase and amplitude of the to improve bandwidth efficiency
FDMA
Frequency Division Multiple Access
Divides a band into channels and assigns each user a channel
(Dynamic) TDMA
Time Division Multiple Access
Divides time into slots and allocates each user a time slot
Guard Periods may help space out time slots
Dynamic TDMA considers user requirements and allocates multiple time slots if necessary
CDMA
Code Division Multiple Access
Uses orthogonal modulation codes to allow multiple transmissions over the same frequency bands
802.11
Wi-Fi
Specifications for PHY Layer and MAC Layer for Wireless Local Area Networks (WLAN)
DSSS
Direct Sequence Spread Spectrum
Wi-Fi Modulation Technique
Spreads signal across an entire allocated frequency by modulating with a spreading code (known only to the sender and receiver) at a higher bit-rate
A higher bit-rate (spreading ratio) uses more frequency and improves interference immunity
FDM
Frequency Division Multiplexing
Wi-Fi Modulation Technique
Combines multiple signals into one signal for transmission over a single channel
Guard bands between each signal avoid overlap
OFDM
Orthogonal FDM
Wi-Fi Modulation Technique
Sub-carrier frequencies are orthogonal with the peak coinciding with the nulls of adjacent subcarriers
Saves bandwidth, allowing for higher data rate but is more susceptible to noise
OFDMA
OFDM With Multiple Access
Wi-Fi Modulation Technique
Not every packet utilises the entire bandwidth of a sub-carrier. So sub-carriers (and time allocations) are divided amongst users
Improves efficiency
Beamforming
Wi-Fi Spatial Performance Improvement
Focuses radio waves in the direction of a specific client
Improves medium range communications (Provides no benefit for long range and is not needed for short range)
MIMO
Multiple-Input Multiple-Output
Wi-Fi Spatial Performance Improvement
Uses multiple antennas at both the transmitter and receiver for simultaneous transmission and reception of multiple data streams
MU-MIMO
Multi-User MIMO
Wi-Fi Spatial Performance Improvement
Enables parallel communication with multiple clients
CSMA/CD
Carrier Sense Multiple Access/Collision Detection
Ethernet Multiple Access Technique
Detects collisions and retransmits
CSMA/CA
Carrier Sense Multiple Access/Collision Avoidance
Wi-Fi Multiple Access Technique
Avoid collisions by checking if a channel is clear before transmitting
Transmitter sends RTS (Ready to Send) message to Receiver
Receiver responds with CTS (Clear to Send) message to Transmitter
Nodes that hear CTS don’t transmit until data is sent
5GHz Wi-Fi
More bandwidth but worse penetration than 2.4GHz
Interferes with radar, requiring Dynamic Frequency Selection (DFS)
DFS
Dynamic Frequency Selection
Avoids interference with radar by checking if it is detected on a channel and avoiding it if necessary
In-use channels are monitored and channel is changed if radar detected
Adds cost and complexity and is susceptible to false triggers
802.11ax
Wi-Fi 6
Designed for efficiency in dense environments
Uses 1024-QAM
Uses 2.4GHz, 5GHz and provisionally 6GHz
TWT
Target Wake Time
Allows clients to schedule times with Wi-Fi access points for waking up and sending data
Ideal for IoT and Sensor Networks
LPWAN
A category of wireless communication that covers low-power long-range connection.
LoRaWAN
LPWAN Technology
Low Power Long Range Wide Area Network
LoRaWAN Cost
Expensive
Proprietary Physical Layer
Pricey Gateways
LoRaWAN Transmission Speeds
50 kbit/s
Slow
LoRaWAN Packet Size
256 bytes
LoRaWAN Range
10km
LoRaWAN Power
Low
LoRaWAN Layer
Data Link & Physical
LoRaWAN Topology
Star-of-Stars
LoRaWAN Advantages
Uses Chirp Modulation
- Doppler Resistant: Ideal for moving objects
- Interference Resistant
- Multipath Resistant
- Highly Scalable
Uses IP for communication between Gateways and Cloud Services
Uses sub-GHz frequencies that penetrate obstacles and don’t collide with other communication protocols
Up to 10km range in rural areas
LoRaWAN Disadvantages
Proprietary PHY Layer
Relatively Low Data Rate
Sigfox
LPWAN Technology
Uses Ultra Narrow Band modulation for very slow data transmission
NB-IoT
LPWAN Technology
Uses a low-cost sim-card within a narrowband of 4G LTE and 2G GSM for 4x faster speeds than LoRaWAN. Used in Asset Tracking
Nano Satellites
LPWAN Technology
Low Earth Orbit satellites that forward data from devices onto ground stations. Requires subscription
LTE-M
LPWAN Technology
Uses 4G LTE for 1Mbit/s speeds at relatively high-power consumption
Bluetooth
Short range, personal area network wireless communication technology
2.4GHz band is divided into 79 Bluetooth channels, communication is divided into 1600 time slots per second
Bluetooth Layer
Data Link & Physical
Bluetooth Range
1m - 100m
Bluetooth Transmission Speeds
1 Mbit/s
Bluetooth Power
Low if BLE
Bluetooth Topology
Star
Bluetooth Cost
Inexpensive
Bluetooth Piconet
One controller forms up to seven active connections with responders creating a Piconet
Up to 255 responders can be parked, maintain a connection but not communicating
Bluetooth (Adaptive) Frequency Hopping
Reduces interference by having transmission hop between channels.
Adaptive Frequency Hopping avoids channels in use such as those used by Wi-Fi
Bluetooth GATT Profile
GATT Profiles standardise exchange of data for specific device types e.g. Heart Rate Sensor
Bluetooth Advantages
Frequency hopping improves security as all channels must be sniffed
Interleaving allows communication with multiple responders
TDMA allows contention-free networking
Ubiquitous integration among devices
Bluetooth Disadvantages
Operates in unlicensed 2.4GHz ISM band, interference prone
Relatively low data rate
802.15.4
A standard covering specification of the Physical and Data Link layers for low-rate wireless PANs
802.15.4 Layer
Data Link & Physical
802.15.4 Range
<100m
802.15.4 Transmission Speeds
250 kbit/s
802.15.4 Power
Very Low
802.15.4 Topology
Star & Peer-to-Peer
802.15.4 Cost
Inexpensive
802.15.4 Packet Size
127 bytes
802.15.4 PAN Coordinator
Acts as a central network controller
802.15.4 Coordinator
Provide synchronisation services to devices
802.15.4 FFD
Full Function Device
Capable of acting as a PAN Coordinator and can associate with multiple devices simultaneously
802.15.4 RFD
Reduced Function Device
Capable of associating with only one FFD at a time
Suitable for simple sensors or actuators
802.15.4 Routing
Routing between devices not in range of each other is not handled by 802.15.4 and instead is handled by higher-layer protocols e.g. RPL
802.15.4 Addressing
Uses 64-bit MAC addresses and (sometimes) a 16-bit address valid only within the PAN
802.15.4 Advantages
Low cost, Low power: Ideal for IoT and Sensor Networks
Peer-to-Peer topology acts as a basis of mesh networking allowing for self-healing, self-organising networks
802.15.4 Disadvantages
Relatively low data rate
Operates in 2.4GHz, prone to interference
802.15.4 Duty Cycling
Alternates radio between active/idle to save power
802.15.4 ContikiMAC
An asynchronous duty cycling protocol has retransmissions until the receiver periodically wakes up and responds with an acknowledgement
802.15.4 TSCH
Time-slotted Channel Hopping
A synchronous duty cycling protocol (defined in the 802.15.4 standard ) that divides time into slots assigned for communication between two specific devices.
Devices synchronise their schedule and use different channels to avoid interference
Zigbee
A specification of the application and network layer to facilitate mesh and multi-hop networking
Builds on 802.15.4
Zigbee Layer
Application & Network
Zigbee Power
Very Low
Zigbee Advantages
Zigbee-certified devices have a battery life of at least 2 years
Enables mesh networking
Zigbee Disadvantages
Non-IP
Certification required to add Zigbee logo to device
6LoWPAN
A specification of the network layer to allow IPv6 over 802.15.4 addresses
Builds on 802.15.4
6LoWPAN Layer
Network
6LoWPAN Advantages
IPv6 Compatible allowing for Interoperability
Small headers
Thread
A standard that provides encrypted, self-healing, resilient mesh networking
Uses 6LoWPAN
RPL
IPv6 Routing Protocol for Low-Power and Lossy Networks
An IPv6 Routing Protocol suitable for routing over mesh networks, allowing for multi-hop networking
Builds on 802.15.4
RPL Layer
Network
RPL Topology
Uses network traffic to build a picture of network (traffic decreases as network stabalises)
Creates a tree-like DODAG topology and assigns a distance-dependent rank to nodes further from the root to prevent routing to closer nodes via farther nodes
MQTT
A lightweight publish-subscribe messaging protocol
MQTT Layer
Application
MQTT Broker
Brokers forward messages from publishers onto appropriate subscribers
Clients connect to the broker using Wi-Fi typically and transfer JSON
MQTT Topics
Topics are hierarchical
- # acts as a multi-level wildcard
- + acts as a single level wildcard
CoAP
A lightweight RESTful messaging protocol designed for resource-constrained devices
Follows REST principles, providing interoperability with HTTP (and the Web)
Border gateways/proxies translate between HTTP and CoAP
CoAP Layer
Application
CoAP Request Types Support
- Confirmable (requiring acknowledgement) requests
- Non-confirmable requests
- Timeouts
- Delayed payload responses with tokens
- Resource observation
- Block transfers for large payloads
CoAP Resource Discovery
Request to GET .well-known/core returns descriptions of resources available on nodes allowing for automatic configuration
CoAP Advantages
Small packet size; header is fixed-size at 4 bytes
Highly suited for use with 802.15.4, a basic packet will fit into a single radio frame
Uses UDP, ideal for prolonging battery life
CoAP proxies cache data allowing nodes to sleep
Supports multicast allowing interactions with multiple nodes at once
Matter
A unifying application layer that leverages existing communication standards. It specifies
- Device Onboarding
- Device Messaging
- Security
Sits on-top of Thread, Ethernet, Wi-Fi, Bluetooth and unifies interactions
Matter Layer
Application
Matter Advantages
Non-matter devices can be bridged into a Matter network
Big-players in home automation are onboard
Improving Wi-Fi
Modulation Techniques
Spatial Performance Improvements
Multiple Access
Wi-Fi 6
Wi-Fi Modulation Techniques
DSSS
FDM
OFDM
OFDMA
Wi-Fi Spatial Performance Improvements
Beamforming
MIMO
MU-MIMO
Wi-Fi Multiple Access
CSMA/CD (Ethernet)
CSMA/CA (Wi-Fi)
IPv4 Exhaustion Mitigitation
- Address Conservation: RIRs avoid giving out large blocks of address space
- Network Address Translation (NAT): Multiple private IPs, one public IP
- Release of Reserved Address Space: Challenging as client configurations need updating
- Address Recovery: Challenging as reputation of IP must be recovered
- CGNAT: ISP shares single IP address among multiple homes
CGNAT Issues
Breaks end-to-end connectivity
Public IP abuse causes multiple homes to be punished
Security and privacy implications
Scalability issues
Does not solve IPv4 exhaustion
Reasons for lack of IPv6 Adoption
Hardware
Infrastructure
Training
Lack of Urgency
Implementation Challenges
Money
HInT LimM
IPv6 Benefits
Resolves IPv4 Exhaustion
Direct end-to-end global addressability
Simplified networks with reduced latency
IPv6 DNS Adoption
IPv4 DNS servers can serve AAAA (IPv6) records and vice-versa
Dual Stack Deployment
Supporting of both IPv4 and IPv6 protocols with devices having addresses in both forms
Dual Stack Deployment Issues
Essentially two networks running in parallel:
- Each protocol needs its own firewall
- More issues to troubleshoot
- Double the IP config
- More hardware usage e.g. routing table
IPv6 Deployment Strategy
- Plan Ahead
- Comprehensive Planning
- Initial IPv6 Deployment During a Network Upgrade (Reduces cost)
- Aim to keep parity of service no matter the strategy (No not damage IPv4 performance)
Imperial College IPv6 Deployment
Deployed a dual-stack system
Used SLAAC as DHCPv6 was not well supported and still is not supported on Android
Has both IPv6 and IPv4 used on the same network
Switched early for to lower cost
Motivation was from CERN requiring IPv6 and they were running out of IPv4
Microsoft IPv6 Deployment Case Study
RFC1918 (Private Network) Address space is running out due to overlapping from acquired companies and their networks
Dual-stack is operationally complex and hence Microsoft’s desire to switch to IPv6 solely
IPv6 Transition Mechanisms
Tunnelling
NAT64
VPN
IPv6 Tunnelling
Encapsulates IPv6 packets in IPv4 packets between two destinations
- Reduces MTU
- Increases Latency
- Causes issues with GeoIP-restricted services
6in4 Tunnelling
Adds IPv4 header in front of IPv6 packet
- Protocol 41 is not supported by many consumer routers and so they cannot provide options to support it
NAT64
Embeds IPv4 DNS web addresses within an IPv6 address with a specific prefix
- DNS64 Servers synthesise AAAA records for a web domain that only has A records
- NAT64 Gateway translates packets with the specified prefix to IPv4
NAT64 Example
- User requests IP of URL from DNS64 server
- The DNS64 server does not know the IP and contacts a DNS server which returns an A record IPv4 address
- The DNS64 server prefixes the IPv4 address to create a AAAA record
- The user contacts the IP address via a NAT64 gateway which strips the prefix and contacts the IPv4 web server
464XLAT
Allows IPv4 Connectivity over an IPv6 Network with two translators
- Stateless Customer Translator (CLAT): Converts IPv4 to IPv6
- Stateful Provider Translator (PLAT): Converts back to IPv4. Must track connections, ports, addresses etc.
Google IPv6 Transition Case Study
Uses 464XLAT with DHCPv4 Option 108
DHCPv4 Option 108
Devices are either
- In need of IPv4
- Capable of operating IPv6 only
Devices capable of IPv6 only send DHCP requests with Option 108 which indicates IPv4 is not necessary if IPv6 is available
- DHCPv4 servers will not provide IPv4 address if Option 108 is specified and supported. Forcing a device to use IPv6
Steps of the Mandiant Cyber Attack Life Cycle
- Initial Recon
- Initial Compromise
- Establish Foothold
- Escalate Privileges
- Internal Recon
- Move Laterally
- Maintain Presence (Loop back to 4.)
- Complete Mission
Initial Recon
Scope out a target through methods such as
- Port & Network Scanning: Identify open ports
- Banner Grabbing: Extract information on system software versions and configurations
- Signature Recognition: Different versions of software respond in different ways
-
DNS Brute Forcing: Look for common subdomains i.e.
vpn.xyzorlogin.xyzand reverse DNS - Dumpster Diving: Physical rummaging through discarded documents or hardware (network switches, hard drive etc. need to be wiped)
- Social Engineering: Psychological manipulation to deceive individuals
- Man-in-the-Middle: Intercept communication
- Google & Shodan: Identify publicly available information
Defending Against Initial Recon
Difficult to defend as malicious recon blends in with normal network traffic
Security through obscurity can impede an attacker
Initial Compromise
Execute malicious code on the target’s system using
- Social Engineering
- Remote Execution: SQL Injection
- Brute Force
- Password Reuse
Defending Against Initial Compromise
User Education
Appropriate technical methods
Establish Foothold
Gain some level of control over a target system using
- Rootkits
- Backdoors
- Introduction of further vulnerabilities
Defending Against Establish Foothold
Block vulnerabilities
Update Systems
Escalate Privileges
Gain more control by increasing privileges and eventually gaining root access using
- Exploitation of privilege escalation vulnerabilities
- Dumping and cracking hashed passwords/access password managers
Defending against Escalate Privileges
Implement Least Privilege Principle, Minimum level of access to perform necessary tasks
MFA
Internal Recon
Gain a more thorough understanding of the target’s network and systems
- Where are key files stored
- What is known about key individuals (for social engineering)
- What internal systems are used?
Defending against Internal Recon
Network segmentation
Move Laterally
Gain more access to more systems
Defending against Move Laterally
Firewalls
Maintain Presence
Establish persistent access
- Additional rootkits
- Multiple backdoors
- Deploy more malware
- Gain access via existing legitimate remote access services/VPN
Defending against Maintain Presence
Network monitoring and audits
Complete Mission
Security Policies
Identify the rules and procedures for people and systems accessing networks and sets out responsibilities of those managing networks
A good security policy should
- Ensure confidentiality, integrity and availability of systems
- It should be organisation specific, practical, enforceable and regularly updated
- It should include processes for users to report security issues and detail how issues will be responded to and who is responsible
- It should define a password policy
- It should cover incident responses, who’s is responsible
A bad security policy will
- Encourage users to be less secure
- Users who dont understand the goal of the policy are less likely to apply it
- Users who feel it hinders their work are more likely to bypass it
- Users who feel security is driven from top-down are less likely to report incidents
Employee Training
Employees should be educated on
- Why you shouldn’t bypass security policies
- Phishing
- Fake websites
- Malicious Downloads
Ongoing Network Maintenance
Updated devices often have less vulnerabilities
- OS Patches
- Drivers, Firmware, BIOS updates
- Mobile device firmware
- Routers
- IoT firmware
IP Reputation
Block or alert on access from IP known for malware/botnets, or dodgy URLs
Geographic IP restricts e.g. restrict incoming Russian traffic
