Appendix B Flashcards
What are the IPv4 private network ranges for internal use
Class A : 10.0.0.0/8
10.0.0.0 - 10.255.255.255
Addresses: 16,777,216
Class B : 172.16.0.0/12
172.16.0.0 - 172.31.255.255
Addresses: 1,048,576
Class C : 192.168.0.0/16
192.168.0.0 - 192.168.255.255
Addresses: 65,536
How many bits in length is IPv4
32 - 4 octets of 8
What was introduced to help alleviate address exhaustion
NAT
What Protocol number is IPv4
4
What Protocol number is IPv6
41
What Protocol number is ICMP for IPv6
58
How long is an IPv6 address
128 bits - 8 octets of 16 bits
How can IPv6 addresses be abbreviated
One or more leading zeroes from any groups of hexadecimal digits are removed; this is usually done to either all or none of the leading zeroes. For example, the group 0042 is converted to 42.
Consecutive sections of zeroes are replaced with a double colon (::). The double colon may only be used once in an address, as multiple use would render the address indeterminate. RFC5952 recommends that a double colon must not be used to denote an omitted single section of zeroes.
An example of application of these rules:
Initial address:
2001:0db8:0000:0000:0000:ff00:0042:8329
After removing all leading zeroes: 2001:db8:0:0:0:ff00:42:8329
After omitting consecutive sections of zeroes: 2001:db8::ff00:42:8329
What is significant about the 169.254.0.0/16 range?
This is the “link local” block. As described in RFC3927, it is allocated for communication between hosts on a single link. Hosts obtain these addresses by auto-configuration, such as when a DHCP server cannot be found.
What does TCP stand for
Transmission Control Protocol
How is a TCP connection established
Three Way Handshake to establish the session (SYN - SYN/ACK - ACK) then uses acknowledgments to confirm data has been received.
What is TCP windowing?
The key to networking efficiency.
Files are broken up into packets of up to 1500 bytes and sent to the recipient. Increases the number of packets sent at once until it starts dropping packets (This is why time estimates on windows file copying change drastically when copying large files).
Uses sequence numbers to confirm file transmission. Ack numbers are always greater than syn numbers.
What does UDP stand for?
User Datagram Protocol
Why is UDP considered to be “Unreliable”
Unlike TCP there is no acknowledgement that data has been received
What is UDP typically used for
Services which do not require acknowledgement such as VOIP, DNS and TFTP
What is a Fraggle attack
A Fraggle attack is the same as a Smurf attack but rather than ICMP, the UDP protocol is used.
The prevention of these attacks is almost identical to the Smurf attack.
What is a Smurf attack
In a smurf attack, an attacker will spoof the source address of the ICMP packet and send a broadcast to all computers on that network. If networking devices do not filter this traffic, then they will be broadcasted to all computers in the network. The victim’s network gets congested by this much traffic, which brings down the productivity of the entire network.
To mitigate the risk of a smurf attack it is advised that the following actions are taken :
Put filters on routers and firewall to counteract address spoofing. An IP address should be assigned to a LAN segment, and if the IP address of the source machine is not in the range of IP address that is assigned to the segment, then the traffic should be dropped.
Put filters on L3 devices to not reply for broadcast address.
What does ICMP stand for
Internet Control Message Protocol
What is ICMP used for
Used primarily for network diagnostics.
What Protocol number is ICMP
1
What ICMP type is a ping
8
What ICMP type is a traceroute
30
What does UTP stand for
Unshielded Twisted Pair, often referred to as a CAT 5 cable
When would you use a straight through cable
When connecting hosts unlike each other
ie
Switch - Computer
When would you use a crossover cable
When connecting like devices.
ie
PC - PC
Switch - Switch
How does fibre transmit data?
Pulses of light
What types of fibre exist
Multi Mode Fibre (MMF)
Single Mode Fibre (SMF)
What colours do MMF and SMF cabling tend to be
MMF : Orange/Aqua
SMF : Yellow
What speeds and distances are typical of MMF
100 Mbit/s up to 2000m
1 GB/s up to 1000m
10 GB/s up to 550m
What is a VCSEL
Vertical-Cavity Surface-Emitting Laser. The VCSEL is a semiconductor laser diode which emits lasers used in MMF
Where is MMF typically used
Multimode fiber is used for signal transmission over short distances.
Where is SMF typically used
Singlemode fiber is used for long distance transmission.
What speeds and distances are typical of SMF
DWDM (Dense Wavelength Division Multiplexing) allows singe-mode fiber to transmit data at speeds up to 400GB/s
How does DWDM work?
DWDM works by transmitting multiple signals simultaneously at different wavelengths on the same fiber, turning one fiber into multiple virtual fibers.
What are they key differences of SMF and MMF
Multi-mode has a larger core diameter.
Multi-mode has higher “light-gathering” capacity than single-mode.
Multi-mode allows the use of cheaper electronics such as LED and VSCELs
Single-mode bandwidth-distance limit is higher
Single-Mode is used for long distance transmission, Multi-Mode is used for short distance transmission.
What are the speeds associated with 10/100/1000Base T
10 Mbps
100 Mbps
1 Gbps
What is 100 Base T otherwise known as
Fast Ethernet
What is 1000 Base T otherwise known as
Gigabit Ethernet
What are the standards associated with 10/100/1000Base T
10 Base T : 802.3i
100 Base T : 802.3u
1000 Base T : 802.3ab
What type of cabling tends to be used for 10 Base T
Cat 3 / Cat 5 UTP with 2 twisted pairs
What type of cabling tends to be used for 100 Base T
100-BASE-TX: two pairs of twisted-pair wires.
100-BASE-T4: four pairs of twisted-pair wires.
100-BASE-F4: fiber optic cables.
What type of cabling tends to be used for 1000 Base T
Cat 5 UTP with 4 twisted pairs
How does a token ring network work
3 Byte token is sent around the network, whoever holds the token can transmit.
Empty frames are constantly circulated on the ring
When a message requires sending a computer seizes the token which allows it to send the frame
The frame is examined by each successive workstation until the destination host is reached. When it reaches its target the host copies the frame and changes the token back to 0
When the frame returns to the sender, as the token has been changed to 0 it knows the message has been copied and received and deletes the message from the frame
The frame continues circulating as an empty frame, ready for the process to begin again when a host requires to send a message
What standard is a token ring network
IEEE 802.5 standard.
What are the differences between Encryption and Encoding
Encoding transforms data into another format using a scheme which is publicly available so that it can easily be reversed. Is for maintaining data usability and uses schemes that are publicly available
Encryption transforms data into another format in such a way that only specific individuals can reverse the transformation. Is for maintaining data confidentiality, the ability to reverse the transformation is limited to certain people (keys)
What are the differences between Asymmetric and Symmetric encryption
In asymmetric encryption one key is used for encrypting and the other is used for decrypting. These keys are interchangeable
i.e. if key A encrypts, key B decrypts and if key B encrypts, key A decrypts
In symmetric encryption the same key is used for both encrypting and decrypting.
What is a Stream cipher
A stream cipher encrypts single bits of data as a continuous stream of data bits.
Typically execute at a higher speed than block ciphers and are suited for hardware usage. The stream cipher then combines a plain text bit with a pseudorandom cipher bit by means of an exclusive OR (XOR) operation. The XOR process is to compare the plain text and key one bit at a time and, based on the XOR logic, create cipher text. If the plain text and secret key are the same bit the result is 0, if they are different then the resulting encrypted bit is 1.
What is a Block cipher
Block ciphers are encryption ciphers that operate by encrypting a fixed block of data, the most common of which is 64 bits. This block is encrypted as one unit of cleartext.
When a block cipher is used for encryption and decryption the message is divided into blocks of bits. Blocks are then put through one or more of the following scrambling methods :
Substitution Transposition Confusion Diffusion S-Boxes
What does DES stand for
Data Encryption Standard
What type of cipher is DES
Symmetric Block.
What are the size of keys and blocks used in DES
64bit keys encrypting 64bit block sizes
56 bit key length + 8 parity bits
What are the DES modes
ECB : Electronic Code Block
CBC : Cipher Block Chaining
CFB : Cipher Feedback
OFB : Output Feedback
What are the key points of ECB
Native mode.
Block cipher
64 bit keys encrypting 64 bit block sizes
Vulnerable to CTA (Chosen Text Attack)
What are the key points of CBC
Common DES mode.
64 bit keys encrypting 64 bit block sizes
First block is encrypted with IV (Initialisation Vector)
Each block is XOR’d with cipher text with proceeding block to add randomisation.
Errors propagate
What are the key points of CFB
Stream cipher.
Same as CBC, but acts as stream instead of block.
Ciphertext is chained together, causing errors to propagate.
What are the key points of OFB
Stream cipher.
Similar to CFB, but cipher text is not chained together and no errors.
What is 3DES
Triple Data Encryption Algorithm, a symmetric key block cipher which applies the DES cipher algorithm 3 times to each data block.
What are the key length options available to 3DES
Has three key length options 56, 112, 168 bits
with a key bundle 8, 16, 24 bytes in length
What are the keying options available to 3DES
1 ) All three keys are independent - the strongest option with 168 independent key bits.
2) Provides less security with 112 key bits. Stronger than simply DES as it protects against meet in the middle attacks
3) Equivalent to DES with only 56 key length. Provides backward compatibility with DES as the first and second DES operations cancel out.
What is AES
Advanced Encryption Standard, a symmetric key algorithm which has a block size of 128 bits and key lengths of either 128, 192 or 256 bits.
How does AES encrypt
The key size used for an AES cipher specifies the number of repetitions of transformation rounds that convert the plaintext into the ciphertext.
The number of cycles of repetition are as follows:
10 cycles of repetition for 128-bit keys.
12 cycles of repetition for 192-bit keys.
14 cycles of repetition for 256-bit keys.
What is RSA
Named after its creators Rivest, Shamir and Adleman this asymmetric algorithm is based on the practical difficulty of factoring the product of two large prime numbers.
Key sizes vary in size however they are typically between 1024 and 4096 bits in length.
Using the RSA system, the identity of the sender can be identified as genuine without revealing his private code.
What is RC4
128 bit symmetric stream cipher used in popular protocols such as TLS and WEP. Has multiple known weaknesses which can lead to revealing the plaintext.
What is SHA hashing
Secure Hash Algorithm, produces a 160 bit (20 byte) hash value. Typically rendered as a hexadecimal number 40 digits long.
Example Hash :
SHA1(“The quick brown fox jumps over the lazy dog”)
gives hexadecimal:
2fd4e1c67a2d28fced849ee1bb76e7391b93eb12
gives Base64 binary to ASCII text encoding:
L9ThxnotKPzthJ7hu3bnORuT6xI=
What is MD5 hashing
The MD5 message digest algorithm is a hash function which produces a 128 bit (16 byte) hash value, typically expressed in text format as a 32 digit hexadecimal number.
Example Hash :
MD5(“The quick brown fox jumps over the lazy dog”)
9e107d9d372bb6826bd81d3542a419d6
What is HMAC
Hash Based Message Authentication Code, a specific construction for calculating a message authentication code (MAC) involving a cryptographic hash function in combination with a secret cryptographic key. Any hash function hash function such as MD5 or SHA1 can be used in calculating the HMAC; the resulting MAC algorithm is termed HMAC-MD5 or HMAC-SHA1.
The cryptographic strength of HMAC depends on the size of the secret key that is used, HMACs are less affected by collisions than their underlying hashing algorithms alone (i.e. HMAC-MD5 doesn’t suffer the same weaknesses of MD5)
What levels of the OSI model are associated with SSL
Initialised at the Session Layer (5)
Works at the Presentation Layer (6)
What does PKI stand for
Public Key Infrastructure
What are the 4 basic components for PKI
Certificate Authority (CA)
Registration Authority (RA)
Repository
Archive
How does the SSL Handshake work
Browser accesses HTTPS site. Server indicates a secure session should be established.
Server sends a copy of its asymmetric public key in its SSL Certificate.
Browser creates a symmetric session key and encrypts it (RSA) with the server’s asymmetric public key.
Server decrypts with its own private key to get the symmetric session key.
Server and Browser now encrypt and decrypt all transmitted data with the symmetric session key
What does IPSec do
Secures communications by authenticating and encrypting each IP packet during a session, providing an end-to-end solution.
Ensures confidentiality, integrity, and authenticity by using layer 3 OSI encryption and authentication.
What are the two modes of IPSec
Tunnel Mode - Encrypts entire packet including routing and header information.
Transport Mode - Encrypts only the payload data.
What is SA
Security Association:
SA is a one-way connection
2 SAs required for two-way connection.
4 SAs required if AH and ESP are used.
What 3 parameters identify a SA session
Destination IP Address
Security Protocol ID (AH / ESP)
Security Parameter Index (SPI)
What 2 types of security protocols make up a SA
AH - provides integrity and authentication. protocol 51
ESP - provides encryption, integrity and authentication. protocol 50
What 3 methods are used for IKE authentication
Pre-Shared Key
Asymmetric Key Encryption (RSA)
Digital Signatures (RSA)
What port is used for IKE
UDP 500
What port is used by SSH
TCP 22
What layer does SSH operate at?
Application (7)
What does SSH provide
Confidentiality and Integrity
Secure data communication Remote login and command execution. SSH file transfer (SFTP) or secure copy (SCP). Port forwarding and tunnelling. Forwarding X from a remote host.
What is PGP
Pretty Good Privacy
Asymmetric encryption.
Used for signing, encrypting/decrypting files.
Also used for an email security application.
Uses IDEA and MD5.
What are the three groups of Linux file permissions
Owner - The Owner permissions apply only the owner of the file or directory, they will not impact the actions of other users.
Group - The Group permissions apply only to the group that has been assigned to the file or directory, they will not effect the actions of other users.
All users - The All Users permissions apply to all other users on the system, this is the permission group that you want to watch the most.
What are the three permission types in Linux
Read - The Read permission refers to a user’s capability to read the contents of the file.
Write - The Write permissions refer to a user’s capability to write or modify a file or directory.
Execute - The Execute permission affects a user’s capability to execute a file or view the contents of a directory.
How would you view file permissions in Linux
You can view the permissions by checking the file or directory permissions in GNOME/KDE or by reviewing the output of the “ls -l” command while in the terminal and while working in the directory which contains the file or folder.
What can be determined by the following Linux File permissions :
-rw-rw-r– 1 me me
The file is owned by user “me”
User “me” has the right to read and write this file
The file is owned by the group “me”
Members of the group “me” can also read and write this file
Everybody else can read this file
What can be determined by the following Linux File permissions :
-rwxr-xr-x 1 root root
The file is owned by user “root”
The superuser has the right to read, write, and execute this file
The file is owned by the group “root”
Members of the group “root” can also read and execute this file
Everybody else can read and execute this file
How does chmod work
rwx rwx rwx = 111 111 111
rw- rw- rw- = 110 110 110
rwx — — = 111 000 000
and so on…
rwx = 111 in binary = 7 rw- = 110 in binary = 6 r-x = 101 in binary = 5 r-- = 100 in binary = 4
What permissions are granted by chmod 600
rw- — —
The owner may read and write a file. All others have no rights.
What types of File System are used in Windows
FAT - Fat Allocation Table
Limit of number of entries in the root directory.
Cluster issues.
NTFS - New Technology File System
Data structure overhead.
Cluster issues.
ExFat - Extended File Allocation Table
Limited support outside Windows and Mac OSX.
Difficult to obtain.
ReFs - Resillient File System
New for Windows Server 2012.
What are the 6 Windows File permissions
P - Permission - user can change permission of file.
X - Execute - user can run the file.
W - Write - user can open and write to file.
O - Ownership - user can take ownership of file.
R - Read - user can open and view file.
D - Delete - user can delete file.
What are the 5 standard ACL permissions
Full Control Modify Read & Execute Read Write
What is an ACL
ACL is a table which tells OS what access rights each user to files.
ACLs provide access control to Active Directory through ADSI (Service Interfaces).
ACLs contain a list of ACEs.
What is an ACE
Access Control Entities
Each ACE has 1 Security Identifier (SID) that identifies and specifies access rights to trustee.
Contains following access control information:
Security Identifier (SID)
Access Mask - Specifies Access Rights controlled by ACE.
Flag - indicates the type of ACE.
Bit Flags - File ACE inheritance.
What are the two types of ACL
Discretionary ACL (DACL):
Allows or denies a user access to file.
Identifies group permissions and determines if access is allowed to file.
System ACL (SACL): Logs attempts to access a file.