Appendix B Flashcards

1
Q

What are the IPv4 private network ranges for internal use

A

Class A : 10.0.0.0/8

10.0.0.0 - 10.255.255.255
Addresses: 16,777,216

Class B : 172.16.0.0/12

172.16.0.0 - 172.31.255.255
Addresses: 1,048,576

Class C : 192.168.0.0/16

192.168.0.0 - 192.168.255.255
Addresses: 65,536

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

How many bits in length is IPv4

A

32 - 4 octets of 8

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What was introduced to help alleviate address exhaustion

A

NAT

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What Protocol number is IPv4

A

4

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What Protocol number is IPv6

A

41

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What Protocol number is ICMP for IPv6

A

58

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

How long is an IPv6 address

A

128 bits - 8 octets of 16 bits

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

How can IPv6 addresses be abbreviated

A

One or more leading zeroes from any groups of hexadecimal digits are removed; this is usually done to either all or none of the leading zeroes. For example, the group 0042 is converted to 42.

Consecutive sections of zeroes are replaced with a double colon (::). The double colon may only be used once in an address, as multiple use would render the address indeterminate. RFC5952 recommends that a double colon must not be used to denote an omitted single section of zeroes.

An example of application of these rules:
Initial address:
2001:0db8:0000:0000:0000:ff00:0042:8329
After removing all leading zeroes: 2001:db8:0:0:0:ff00:42:8329
After omitting consecutive sections of zeroes: 2001:db8::ff00:42:8329

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is significant about the 169.254.0.0/16 range?

A

This is the “link local” block. As described in RFC3927, it is allocated for communication between hosts on a single link. Hosts obtain these addresses by auto-configuration, such as when a DHCP server cannot be found.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What does TCP stand for

A

Transmission Control Protocol

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

How is a TCP connection established

A

Three Way Handshake to establish the session (SYN - SYN/ACK - ACK) then uses acknowledgments to confirm data has been received.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is TCP windowing?

A

The key to networking efficiency.

Files are broken up into packets of up to 1500 bytes and sent to the recipient. Increases the number of packets sent at once until it starts dropping packets (This is why time estimates on windows file copying change drastically when copying large files).

Uses sequence numbers to confirm file transmission. Ack numbers are always greater than syn numbers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What does UDP stand for?

A

User Datagram Protocol

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Why is UDP considered to be “Unreliable”

A

Unlike TCP there is no acknowledgement that data has been received

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is UDP typically used for

A

Services which do not require acknowledgement such as VOIP, DNS and TFTP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is a Fraggle attack

A

A Fraggle attack is the same as a Smurf attack but rather than ICMP, the UDP protocol is used.
The prevention of these attacks is almost identical to the Smurf attack.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What is a Smurf attack

A

In a smurf attack, an attacker will spoof the source address of the ICMP packet and send a broadcast to all computers on that network. If networking devices do not filter this traffic, then they will be broadcasted to all computers in the network. The victim’s network gets congested by this much traffic, which brings down the productivity of the entire network.

To mitigate the risk of a smurf attack it is advised that the following actions are taken :

Put filters on routers and firewall to counteract address spoofing. An IP address should be assigned to a LAN segment, and if the IP address of the source machine is not in the range of IP address that is assigned to the segment, then the traffic should be dropped.

Put filters on L3 devices to not reply for broadcast address.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What does ICMP stand for

A

Internet Control Message Protocol

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What is ICMP used for

A

Used primarily for network diagnostics.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What Protocol number is ICMP

A

1

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What ICMP type is a ping

A

8

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

What ICMP type is a traceroute

A

30

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

What does UTP stand for

A

Unshielded Twisted Pair, often referred to as a CAT 5 cable

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

When would you use a straight through cable

A

When connecting hosts unlike each other
ie
Switch - Computer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

When would you use a crossover cable

A

When connecting like devices.
ie
PC - PC
Switch - Switch

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

How does fibre transmit data?

A

Pulses of light

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

What types of fibre exist

A

Multi Mode Fibre (MMF)

Single Mode Fibre (SMF)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

What colours do MMF and SMF cabling tend to be

A

MMF : Orange/Aqua

SMF : Yellow

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

What speeds and distances are typical of MMF

A

100 Mbit/s up to 2000m
1 GB/s up to 1000m
10 GB/s up to 550m

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

What is a VCSEL

A

Vertical-Cavity Surface-Emitting Laser. The VCSEL is a semiconductor laser diode which emits lasers used in MMF

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

Where is MMF typically used

A

Multimode fiber is used for signal transmission over short distances.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

Where is SMF typically used

A

Singlemode fiber is used for long distance transmission.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

What speeds and distances are typical of SMF

A

DWDM (Dense Wavelength Division Multiplexing) allows singe-mode fiber to transmit data at speeds up to 400GB/s

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

How does DWDM work?

A

DWDM works by transmitting multiple signals simultaneously at different wavelengths on the same fiber, turning one fiber into multiple virtual fibers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

What are they key differences of SMF and MMF

A

Multi-mode has a larger core diameter.
Multi-mode has higher “light-gathering” capacity than single-mode.
Multi-mode allows the use of cheaper electronics such as LED and VSCELs
Single-mode bandwidth-distance limit is higher
Single-Mode is used for long distance transmission, Multi-Mode is used for short distance transmission.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

What are the speeds associated with 10/100/1000Base T

A

10 Mbps
100 Mbps
1 Gbps

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

What is 100 Base T otherwise known as

A

Fast Ethernet

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

What is 1000 Base T otherwise known as

A

Gigabit Ethernet

39
Q

What are the standards associated with 10/100/1000Base T

A

10 Base T : 802.3i
100 Base T : 802.3u
1000 Base T : 802.3ab

40
Q

What type of cabling tends to be used for 10 Base T

A

Cat 3 / Cat 5 UTP with 2 twisted pairs

41
Q

What type of cabling tends to be used for 100 Base T

A

100-BASE-TX: two pairs of twisted-pair wires.
100-BASE-T4: four pairs of twisted-pair wires.
100-BASE-F4: fiber optic cables.

42
Q

What type of cabling tends to be used for 1000 Base T

A

Cat 5 UTP with 4 twisted pairs

43
Q

How does a token ring network work

A

3 Byte token is sent around the network, whoever holds the token can transmit.

Empty frames are constantly circulated on the ring

When a message requires sending a computer seizes the token which allows it to send the frame

The frame is examined by each successive workstation until the destination host is reached. When it reaches its target the host copies the frame and changes the token back to 0

When the frame returns to the sender, as the token has been changed to 0 it knows the message has been copied and received and deletes the message from the frame

The frame continues circulating as an empty frame, ready for the process to begin again when a host requires to send a message

44
Q

What standard is a token ring network

A

IEEE 802.5 standard.

45
Q

What are the differences between Encryption and Encoding

A

Encoding transforms data into another format using a scheme which is publicly available so that it can easily be reversed. Is for maintaining data usability and uses schemes that are publicly available

Encryption transforms data into another format in such a way that only specific individuals can reverse the transformation. Is for maintaining data confidentiality, the ability to reverse the transformation is limited to certain people (keys)

46
Q

What are the differences between Asymmetric and Symmetric encryption

A

In asymmetric encryption one key is used for encrypting and the other is used for decrypting. These keys are interchangeable

i.e. if key A encrypts, key B decrypts and if key B encrypts, key A decrypts

In symmetric encryption the same key is used for both encrypting and decrypting.

47
Q

What is a Stream cipher

A

A stream cipher encrypts single bits of data as a continuous stream of data bits.
Typically execute at a higher speed than block ciphers and are suited for hardware usage. The stream cipher then combines a plain text bit with a pseudorandom cipher bit by means of an exclusive OR (XOR) operation. The XOR process is to compare the plain text and key one bit at a time and, based on the XOR logic, create cipher text. If the plain text and secret key are the same bit the result is 0, if they are different then the resulting encrypted bit is 1.

48
Q

What is a Block cipher

A

Block ciphers are encryption ciphers that operate by encrypting a fixed block of data, the most common of which is 64 bits. This block is encrypted as one unit of cleartext.

When a block cipher is used for encryption and decryption the message is divided into blocks of bits. Blocks are then put through one or more of the following scrambling methods :

Substitution
Transposition
Confusion
Diffusion
S-Boxes
49
Q

What does DES stand for

A

Data Encryption Standard

50
Q

What type of cipher is DES

A

Symmetric Block.

51
Q

What are the size of keys and blocks used in DES

A

64bit keys encrypting 64bit block sizes

56 bit key length + 8 parity bits

52
Q

What are the DES modes

A

ECB : Electronic Code Block
CBC : Cipher Block Chaining
CFB : Cipher Feedback
OFB : Output Feedback

53
Q

What are the key points of ECB

A

Native mode.
Block cipher
64 bit keys encrypting 64 bit block sizes
Vulnerable to CTA (Chosen Text Attack)

54
Q

What are the key points of CBC

A

Common DES mode.
64 bit keys encrypting 64 bit block sizes
First block is encrypted with IV (Initialisation Vector)
Each block is XOR’d with cipher text with proceeding block to add randomisation.
Errors propagate

55
Q

What are the key points of CFB

A

Stream cipher.
Same as CBC, but acts as stream instead of block.
Ciphertext is chained together, causing errors to propagate.

56
Q

What are the key points of OFB

A

Stream cipher.

Similar to CFB, but cipher text is not chained together and no errors.

57
Q

What is 3DES

A

Triple Data Encryption Algorithm, a symmetric key block cipher which applies the DES cipher algorithm 3 times to each data block.

58
Q

What are the key length options available to 3DES

A

Has three key length options 56, 112, 168 bits

with a key bundle 8, 16, 24 bytes in length

59
Q

What are the keying options available to 3DES

A

1 ) All three keys are independent - the strongest option with 168 independent key bits.

2) Provides less security with 112 key bits. Stronger than simply DES as it protects against meet in the middle attacks
3) Equivalent to DES with only 56 key length. Provides backward compatibility with DES as the first and second DES operations cancel out.

60
Q

What is AES

A

Advanced Encryption Standard, a symmetric key algorithm which has a block size of 128 bits and key lengths of either 128, 192 or 256 bits.

61
Q

How does AES encrypt

A

The key size used for an AES cipher specifies the number of repetitions of transformation rounds that convert the plaintext into the ciphertext.

The number of cycles of repetition are as follows:

10 cycles of repetition for 128-bit keys.
12 cycles of repetition for 192-bit keys.
14 cycles of repetition for 256-bit keys.

62
Q

What is RSA

A

Named after its creators Rivest, Shamir and Adleman this asymmetric algorithm is based on the practical difficulty of factoring the product of two large prime numbers.

Key sizes vary in size however they are typically between 1024 and 4096 bits in length.

Using the RSA system, the identity of the sender can be identified as genuine without revealing his private code.

63
Q

What is RC4

A

128 bit symmetric stream cipher used in popular protocols such as TLS and WEP. Has multiple known weaknesses which can lead to revealing the plaintext.

64
Q

What is SHA hashing

A

Secure Hash Algorithm, produces a 160 bit (20 byte) hash value. Typically rendered as a hexadecimal number 40 digits long.

Example Hash :

SHA1(“The quick brown fox jumps over the lazy dog”)
gives hexadecimal:
2fd4e1c67a2d28fced849ee1bb76e7391b93eb12
gives Base64 binary to ASCII text encoding:
L9ThxnotKPzthJ7hu3bnORuT6xI=

65
Q

What is MD5 hashing

A

The MD5 message digest algorithm is a hash function which produces a 128 bit (16 byte) hash value, typically expressed in text format as a 32 digit hexadecimal number.

Example Hash :

MD5(“The quick brown fox jumps over the lazy dog”)
9e107d9d372bb6826bd81d3542a419d6

66
Q

What is HMAC

A

Hash Based Message Authentication Code, a specific construction for calculating a message authentication code (MAC) involving a cryptographic hash function in combination with a secret cryptographic key. Any hash function hash function such as MD5 or SHA1 can be used in calculating the HMAC; the resulting MAC algorithm is termed HMAC-MD5 or HMAC-SHA1.

The cryptographic strength of HMAC depends on the size of the secret key that is used, HMACs are less affected by collisions than their underlying hashing algorithms alone (i.e. HMAC-MD5 doesn’t suffer the same weaknesses of MD5)

67
Q

What levels of the OSI model are associated with SSL

A

Initialised at the Session Layer (5)

Works at the Presentation Layer (6)

68
Q

What does PKI stand for

A

Public Key Infrastructure

69
Q

What are the 4 basic components for PKI

A

Certificate Authority (CA)
Registration Authority (RA)
Repository
Archive

70
Q

How does the SSL Handshake work

A

Browser accesses HTTPS site. Server indicates a secure session should be established.

Server sends a copy of its asymmetric public key in its SSL Certificate.

Browser creates a symmetric session key and encrypts it (RSA) with the server’s asymmetric public key.

Server decrypts with its own private key to get the symmetric session key.

Server and Browser now encrypt and decrypt all transmitted data with the symmetric session key

71
Q

What does IPSec do

A

Secures communications by authenticating and encrypting each IP packet during a session, providing an end-to-end solution.
Ensures confidentiality, integrity, and authenticity by using layer 3 OSI encryption and authentication.

72
Q

What are the two modes of IPSec

A

Tunnel Mode - Encrypts entire packet including routing and header information.

Transport Mode - Encrypts only the payload data.

73
Q

What is SA

A

Security Association:

SA is a one-way connection

2 SAs required for two-way connection.

4 SAs required if AH and ESP are used.

74
Q

What 3 parameters identify a SA session

A

Destination IP Address

Security Protocol ID (AH / ESP)

Security Parameter Index (SPI)

75
Q

What 2 types of security protocols make up a SA

A

AH - provides integrity and authentication. protocol 51

ESP - provides encryption, integrity and authentication. protocol 50

76
Q

What 3 methods are used for IKE authentication

A

Pre-Shared Key
Asymmetric Key Encryption (RSA)
Digital Signatures (RSA)

77
Q

What port is used for IKE

A

UDP 500

78
Q

What port is used by SSH

A

TCP 22

79
Q

What layer does SSH operate at?

A

Application (7)

80
Q

What does SSH provide

A

Confidentiality and Integrity

Secure data communication
Remote login and command execution.
SSH file transfer (SFTP) or secure copy (SCP).
Port forwarding and tunnelling.
Forwarding X from a remote host.
81
Q

What is PGP

A

Pretty Good Privacy

Asymmetric encryption.

Used for signing, encrypting/decrypting files.
Also used for an email security application.
Uses IDEA and MD5.

82
Q

What are the three groups of Linux file permissions

A

Owner - The Owner permissions apply only the owner of the file or directory, they will not impact the actions of other users.

Group - The Group permissions apply only to the group that has been assigned to the file or directory, they will not effect the actions of other users.

All users - The All Users permissions apply to all other users on the system, this is the permission group that you want to watch the most.

83
Q

What are the three permission types in Linux

A

Read - The Read permission refers to a user’s capability to read the contents of the file.

Write - The Write permissions refer to a user’s capability to write or modify a file or directory.

Execute - The Execute permission affects a user’s capability to execute a file or view the contents of a directory.

84
Q

How would you view file permissions in Linux

A

You can view the permissions by checking the file or directory permissions in GNOME/KDE or by reviewing the output of the “ls -l” command while in the terminal and while working in the directory which contains the file or folder.

85
Q

What can be determined by the following Linux File permissions :

-rw-rw-r– 1 me me

A

The file is owned by user “me”
User “me” has the right to read and write this file
The file is owned by the group “me”
Members of the group “me” can also read and write this file
Everybody else can read this file

86
Q

What can be determined by the following Linux File permissions :

-rwxr-xr-x 1 root root

A

The file is owned by user “root”
The superuser has the right to read, write, and execute this file
The file is owned by the group “root”
Members of the group “root” can also read and execute this file
Everybody else can read and execute this file

87
Q

How does chmod work

A

rwx rwx rwx = 111 111 111
rw- rw- rw- = 110 110 110
rwx — — = 111 000 000

and so on…

rwx = 111 in binary = 7
rw- = 110 in binary = 6
r-x = 101 in binary = 5
r-- = 100 in binary = 4
88
Q

What permissions are granted by chmod 600

A

rw- — —

The owner may read and write a file. All others have no rights.

89
Q

What types of File System are used in Windows

A

FAT - Fat Allocation Table
Limit of number of entries in the root directory.
Cluster issues.

NTFS - New Technology File System
Data structure overhead.
Cluster issues.

ExFat - Extended File Allocation Table
Limited support outside Windows and Mac OSX.
Difficult to obtain.

ReFs - Resillient File System
New for Windows Server 2012.

90
Q

What are the 6 Windows File permissions

A

P - Permission - user can change permission of file.
X - Execute - user can run the file.
W - Write - user can open and write to file.
O - Ownership - user can take ownership of file.
R - Read - user can open and view file.
D - Delete - user can delete file.

91
Q

What are the 5 standard ACL permissions

A
Full Control
Modify
Read & Execute
Read
Write
92
Q

What is an ACL

A

ACL is a table which tells OS what access rights each user to files.
ACLs provide access control to Active Directory through ADSI (Service Interfaces).
ACLs contain a list of ACEs.

93
Q

What is an ACE

A

Access Control Entities
Each ACE has 1 Security Identifier (SID) that identifies and specifies access rights to trustee.

Contains following access control information:

Security Identifier (SID)
Access Mask - Specifies Access Rights controlled by ACE.
Flag - indicates the type of ACE.
Bit Flags - File ACE inheritance.

94
Q

What are the two types of ACL

A

Discretionary ACL (DACL):
Allows or denies a user access to file.
Identifies group permissions and determines if access is allowed to file.

System ACL (SACL):
Logs attempts to access a file.