Bridging course Flashcards
exploit
takes advantage of a vulnerability
origin authentication
message is not a forgery and comes from who it is stated to come from, HMAC (hash message authentication code) is used for this
CSMA/CD
- device listens to ensure channel is idle
- device sends RTS message to AP
3a. receives CTS message from AP
3b. if no CTS received, waits random amt of time and sends again, repeats as necessary - device transmits data
- each transmission acknowledged, if not ack receiveed transmission restarts
Frequency channel saturation techniques
Direct-sequence spread spectrum (DSSS)- modulation technique to spread signal over a larger frequency band - used by 802.11b devices
Frequency hopping spread spectrum: rapidly transmites between various channels, devices must be synced in order to work. 802.11 used this, so do walkie talkies and bluetooth
orthogonal Frequency Division multiplexing this is a subset of frequency division multiplexing in which a single channel uses multiple channels on adjacent frequencies
data-integrity
guaruntees the message was not altered, MD5 is SHA hashing algorithms are used for this
name and describe the three categories of APIs
open API or public API: publicly available, some API providers require the client to get a free key. this is to help control the API request received and processed
internal or private APIs: used by and organization organizations organization
partner APIs: between a company and its business partners
wireless standards
- 11 2.4 ghz speed 2 mbs
- 11a 5 ghz speed 54 mbs
- 11b 2.4 ghz speed 11 mbs
- 11g 2.4 ghz 54mbs
- 11n 2.4/5 ghz 150-600 mbs
- 11 ac 6 ghz 1.3 gbps
- 11 ax 2.4/5 ghz knows as high efficency wireless, capable of 1/7 GHZ as well, newest standard
JSON
popular format used by web services to provide public data. can be used with most modern programming languages including python
syntax rules:
hierarchical structure
braces to hold objects and brackets for arrays
data is written as key/value pairs
keys are marked by double quotation marks, multiple key and value pairs are separated by commas
dynamic ARP inspection
requires DHCP snooping binding table to operate
can inpect source mac, dest mac, and IP address
to enable all must be entered on same command line
URI
Uniform resource identifier
makes up the entire https/https request to include the protocol, hostname, path and file name, and the fragment
wireless security methods
WEP: no longer secure
WPA: uses TKIP, more secure than WEP
WPA2: uses AES for encryption, standard for security
WPA3: introduced in 2018, mitigation against dictionary attacks, individualized encryption
client/server client operations
post - create
get -read
put/patch-update
delete - delete
name common data formats
JSON
XML
YAML
JSON-RPC
javascript object notation -remote procedure call
rpc is when one system requests and another system executes code and returns information
strengths: simplicity
assets
anything of value to the organization
intent based networking
translation: what does the business want, and how do those translate into actual polices
Activation: this is the installation of the policies created in translation onto the physical devices.
assurance: this is a constant process to ensure the intent is being met through verification and validation loop
CAPWAP
IEEE standard protocol that enables WLC to manage mult WLCs, encapsulates and fowards traffic bt ap and WLC
can use IPV4 or IPV6 but uses IPV4 by default
can use UDP port 5246 and 5347
CAPWAP tunnles use different ip protocols IPv4 uses protocol 17 and ipv6 uses protocol 136
vulnerabiltiy
weakness in a system, that could be exploited by a threat
DHCP snooping
deliniates between trusted and untrusted sources on ports, if untrusted DHCP traffic is limited
mitigation
counter-measure to reduce potential threat or risk
threat
potential danger to the company’s assets
passive and active discover mode
passive: normal function, router sends beacon with SSID sec settings and supported standards
active: client sends SSID and supported standards to AP then receives access
XML
similar to HTML
self descriptive use of tags
unlike html no predefined tags or structure
XML-RPC
extensible markup language- remote procedure call
protocol developed prior to SOAP, later evolved into what became SOAP
strengths: well established simplicity
overlay v underlay in IBN
overlay is the logical fabric
underlay is the physical topology of the network
XML-RPC
extensible markup language- remote procedure call
symmetric encryption algorithms
DES, uses stream cypher
3DES repeats DES three times
AES. more efficient that 3DES, popular symmetric alogrimth
software optimized enc algortihtm, alternative to those above, less CPU intesive
Rivest ciphers series RC, RC4 is most popular variation, used to encrypt HTTPS and TLS
RESTCONF
rest- like API for managing and configuring network devices using http. Uses Yang data modelling and netconf defined datastores
TFTP
simpler than FTP but less capable, does not offer authentication or directory visibility
message categories: RRQ- request to read WRQ- request to write DATA- contains block file of data ACK -used by peer to ack each block of data Error- used to indicate error
split MAC architecture
AP MAC functions: beacons and probe responses, packet acks and retransmissions, frame queing and packet prioritization, mac layer data enc and decr
WLC functions: authentication, association and re assocaiton of clients, frame translation to other protocols, termination of 802.11 traffic onto a wired interface.
network configuration tools
Ansible: programming lang= python or YAML
agentless, any device cab be controller, creates playbooks
Puppet: programming lang Ruby, supports both agent-based and agentless, devices are manged as puppet master, creates manifest
Chef: programming lang ruby, agent-based, devices are managed Chef Master, creates cookbook
SalstStack : uses python, supports both, devices managed using salt master, creates pillar
FTP
uses TCP
port 21 is used for the control connection
port 20 is used for the data connection
uses client server model
4 steps:
- request- intitated by client
- response- server says it is ready
- Transfer- transaction occurs
- Terminate - success terminate, unsuccessful terminate. ends
DTLS
protocol that provides security between the AP and WLC
enabled by default to secure CAPWAP control channel, but disabled on the data channel
data ecryption is enabled on a per AP basis, requires a DTLS liscence to be installed on WLC
data non-repudiation
guarantess sender cannot deny they sent the message, implemented through digital signature or certificates
YAML
like JSON, considered a superset of JSON
easiest to read and write of the formats studied
uses indentation to define structure
key value pairs are exasperated by a colon
hyphens are used to separate elements in a list
BSS ESS
Basic service set: single ap interconnecting wireless clients.
extended service set: connectes disparete BSSs, allows clients to roam
restful API applications
developer website: made by the API developer as sort of a how to guide with examples on how to use the API
postman: program for testing and using REST APIs, can be used in browser or standalone
python: APIs can be called from within an python program
network operating system: netconf protocol and restconf protocol are ways the network administrator can interact with the network using python scripts and cisco DNA
URN
Uniform resource name
identifies the name space of the resource (www. .html)
what are the menu options in cisco’s DNA center
design: model of the network
policy: uses policies to automate and simplify network management
provision: provide new services to users
assurance: proactive monitoring and insights to predict problems and solve them more quickly
platform: uses apis to integrate the preferred it systems to create end-to-end solutions and support for multi-vendor devices
802.11 frame structure
frame control: type of wireless frame
duration: remaining duration needed to receive next frame
Address 1-3: 1-MAC of receiving device, 2- MAC of trasmitting device, 3- sometimes contains MAC of destination device such as router to which AP is attached
sequence control: sequence info for fragments
address 4: only used in ad hoc mode
payload: contains data
FCS: layer 2 error control
name the types of web service APIs covered in the course
SOAP, REST, XML-RPC, JSON-RPC
data confidentiality
only authorized users can read the message, this is implemented through symetric and asymetric encription algorithms
vlan attack mitigation technieques
port security: can prevent mac address flooding attacks and DHCP starvation attacks
DHCP snooping: prevnets dhcp starvation and spoofing attacks
dynamic arp inpection: prevents arp spoofing and posioning attacks
ip source guard: prevents mac and ip address spoofing attacks
REST
representational state transfer
can use XML, JSON, or YAML
strengths: flexible formatting, most widely used, less verbose
name and describe the three different parts of the API request
API Server: the URL for the server that answers the REST request
resources :specifies the API that is being requested, the server may have more than one API, this specifies which one.
query: format-JSON, YAML, XML
Key- the authorization token if required
Parameters- details of the request, what needs to be returned
Asymmetric encryption algorithms
Diffie hellman: allows two parties on a key to send each other
Digital signature standard/algorithm DSS/DSA : DSA is a public key
RSA: public key crytopgraphy can be used for both signing an ecrytption, widely uesed in e commerce
Elgammal: based on the DH key agreement, message is 2x the size after encryption
Elliptical curve techniques: advantage is key can be much smaller
agent based v agentless
agent based is pull based, agent on the managed device periodically connects with master for its configuration information. changes are made to master and pulled down and executed by the device.
agentless is push based. a config script is run on the master, master connects to the device and executes tasks in the script
risk
likelihood of a threat to exploit the vulnerability of the asset. measured by the probability of occurrence.
Flex connect APs
connected mode- WLC is reachable, this is normal mode and WLC and remote APs function as expected
standalone mode- occurs when connection between WLC and Aps are lost. AP may assume some duties such as switching traffic locally and performing auth locally
JSON-RPC
javascript object notation -remote procedure call
rpc is when one system requests and another system executes
