CF Domain 4 Flash Cards
All of Domain 4
Address Resolution Protocol
(ARP)
Is used at the Media Access Control (MAC) Layer to provide for direct communication between two devices within the same LAN segment.
ACK
an acknowledgment of a signal being received
Active-active, active-passive clustering
a data resiliency architecture in which client workloads are distributed across two or more nodes in a cluster to keep your data safe and available in the event of an unexpected component failure; active-active can use the full throughput capability of both devices; active-passive can only handle throughput of a single device allowing the secondary device to remain ready (but not passing traffic) until needed
Advanced Persistent Threat (APT)
is an agent/org that plans, organizes, and carries out highly sophisticated attacks against a target person, org, or industry over a period of time (months or even years); usually with a strategic goal in mind
Application Programming Interface(API)
code mechanisms that provide ways for apps to share data, emthods, or functions over a network (usually implemented in XML or JavaScript Object Notation (JSON))
Bit
Most essential representation of data (zero or one) at Layer 1 of the Open Systems Interconnection (OSI) model.
Bluetooth (Wireless Personal
Area Network IEEE 802.15)
Bluetooth wireless technology is an open standard for short-range radio frequency communication used primarily to establish wireless personal area networks (WPANs), and it has been integrated into many types of business and consumer devices.
Bridges
Layer 2 devices that filter traffic between segments based on Media Access Control (MAC) addresses.
Bandwidth
mount of information transmitted over a period of time; can be applied to moving bits over a medium, or human processes like learning or education
Bound networks
AKA wired/Ethernet networks, where devices are connected by physical cables
Boundary routers
they advertise routes that external hosts can use to reach internal hosts
Cellular network
A radio network distributed over land areas called cells, each served by at least one fixed-location transceiver, known as a cell site or base station.
Code division multiple access
(CDMA)
Every call’s data is encoded with a unique key, then the calls are all transmitted at once. Developed to decrease the chances of collisions when 2 or more stations start sending their signals over the datalink layer. Requires that each station first check the state of the medium before sending.
Concentrators
Multiplex connected devices into one signal to be transmitted on a network.
provides communication capability between many low-speed, usually asynchronous channels and one or more high-speed, usually synchronous channels. Usually different speeds, codes, and protocols can be accommodated on the low-speed side; multiplexed into one signal
Content Distribution
Network (CDN)
Is a large distributed system of servers deployed in multiple data centers across the internet, often used to cache commonly accessed data, with a goal of Quality of Service (QoS) and availability requirements
Challenge-Handshake Authentication Protocol (CHAP)
used by PPP servers to authenticate remote clients; encrypts both username and password, and performs periodic session reauthentication to prevent replay attacks
CAM Table Flooding
attack where switches don’t know where to send traffic; prevented by enabling switch port security
Carrier Sense Multiple Access with Collision Avoidance (CSMA/CA)
is a method of network flow control operating on layer 2; Attempts to avoid collisions by granting only a single permission to communicate at any given time. IEEE standard 802.11 Wireless because wireless tries to avoid collision
Carrier Sense Multiple Access with Collision Detection(CSMA/CD)
is a method of network flow control, where if > 1 station accesses the network at the same time, other stations detect and re-try their transmission; reponds to collisions by having each member of the collision domain wait for a short but random period of time before starting the process over. Common in IEEE standard 802.3 ethernet protocol.
Circuit-switched network
network that uses a dedicated circuit between endpoints
Code-Division Multiple Access(CDMA)
a method of encoding several sources of data so they can all be transmitted over a single RF carrier by one transmitter, or by using a single RF carrier frequency with multiple transmitters; the data from each call is encoded with a unique key, and calls are transmitted at once
Collision Domain
set of systems that can cause a collision if they transmitted at the same time; note that broadcast domain is the set of systems that can receive a broadcast from each other
Control plane
part of a network that controls how data packets are forwarded — meaning how data is sent from one place to another; e.g. the process of creating a routing table is considered part of the control plane; control of network functionality and programmability is directly made to devices at this layer
Converged protocol
combines/converges standard protcols (such as TCP/IP) with proprietary/non-standard ones; they can complicate enterprise-wide security engineering efforts requiring specialist knowledge
Dynamic or Private Ports
Ports 49152-65535. Whenever a service is requested that associated with Well-Known or Registered Ports those services with response with a dynamic port
Domain Name Service (DNS)
is three interrelated elements. A service, a physical server, and a network protocol. Hierarchical and distributed name service that provides a naming system for computers, services, and other resources on the Internet
Dynamic Host Configuration Protocol (DHCP)
is an industry standard used to dynamically assign IP addresses to network devices.
Fibre Channel over Ethernet (FCoE)
A lightweight encapsulation protocol and lacks the reliable data transport of the TCP layer
Fiber Distributed Data Interface (FDDI)
is an ANSI X3T9.5 LAN Standard; 100Mbps, token-passing using fiber optic using fiber optic, up to 2 kilometers.
Firewalls
Devices that enforce administrative security policies by filtering incoming traffic based on set of rules
Frame
Data represented at Layer 2 of the open systems interconnection model (OSI)
Global System of Mobiles (GSM)
Each call is transformed into digital data that is given a channel and a time slot
Gateway Device
A firewall or other device that sits at the edge of the network to regulate traffic and enforce rules
Internet Control Message Protocol (ICMP)
Provides a means to send error messages and a way to probe the network to determine network availability, ping and traceroute also use ICMP. Standardized by IETF via RFC 792 to determine if a particular host is available
Internet Group Management Protocol (IGMP)
Used to manage multicasting groups that are a set of hosts anywhere on a network that are listening for a transmission
Internerworking
two different sets of servers/communication elements using network protocol stacks to communicate and coordinate activities.
Multiprotocol Lable Switching (MPLS)
Is a wide area networking protocol that operates at both Layer 2 and 3 and does label switching.
Microsegmentation
part of a zero trust strategy, that breaks LANs into very small highly localized zones using firewalls or similar, note that at the limit this places a firewall at every connection point
Northbound/Southbound interface
A northbound interface lets a specific component communicate with a higher level component in the same network. A southbound interface enables a specific component to communicate with a lower level component.
East/West Traffic
network traffice that is within a data, control, or application plane, within a data center or between geo dispersed locations
North/South Traffic
In software distributed network terms (SDN), data flowing up (northbound) and down (southbound) the stack of data/control/application planes. Data flowing from the organization to external distination (northbound) or into the org from external sources (southbound)
Network Function Virtualization (NFV)
The objective of NFV is to decouple functions such as firewall management, intrusion detection, network address translation, or name service resolution away from specific hardware implementation into software solutions. The focus is to optimize distinct network services.
Nonroutable IP address (Private Networks)
From RFC 1918; 10.0.0.0/8 (10.0.0.0 - 10.255.255.255), 172.16.0.0/12 (172.16.0.0-172.31.255.255), 192.168.0.0/16 (192.168.0.0 - 192.168.255.255)
Internet Protocol (IPv4)
Is the dominant protocol that operates at the OSI Network Layer 3. IP is responsible for addressing packets so that they can be transmitted from the source to the destination hosts.
Internet Protocol (IPv6)
Is a modernization of IPv4 that includes a much larger address field; IPv6 addresses are 128 bits that support 2^128 hosts
Open Shortest Path First (OSPF)
An interior gateway routing protocol developed for IP networks based on the shortest path first or link state algorithm.
Packet
Representation of data a Layer 3 of the OSI model
Packet Loss
A system on a chip installed on the motherboard of modern computers that is dedicated to carrying out security functions involving the storage of cryptographic keys and digital certificates, symmetric and asymmetric encryption, and hashing.
Point to Point Protocol (PPP)
Provides a standard method for transporting multiprotocol datagrams over point to point links
Port Address Translation (PAT)
An extension to NAT to translate all addresses to one routable IP address and translate the source port number in the packet to a unique value
Ping Scanning
Network mapping technique to detect if host replies to ping, then the attacker knows that a host exists at the address
Packet Switched Network
A network that doesn’t use a dedicated connection between endpoints
Packet Loss Concealment (PLC)
Used in VOIP communications to mask the effect of dropped packets
Registered Ports
Ports 1024-49151. These ports typically accompany non system applications associated with vendors and developers.
Remote Procedure Call
is a protocol that enables one system to execute instructions on other hosts across a network infrastructure.
Root of Trust
A source that can always be trusted within a cryptographic system. Because cryptographic security is dependent on keys to encrypt and decrypt data and perform functions such as generating digital signatures and verifying signatures. RoT schemes generally include a hardened hardware module. RoT guarantees the integrity of the hardware prior to loading the OS of a computer
Segment
Data representation at Layer 4 of the OSI model
Session Initiation Protocol (SIP)
Is designed to manage multimedia connections.
Smurf
ICMP Echo Request sent to the network broadcast address of a spoofed victim causing all nodes to respond to the victim with an echo reply
Software Defined Networks (SDNs)
Separates network systems into 3 components: raw data, how the data is sent, and what purpose the data serves. This involves a focus on data, control, and application (management) functions or “planes”
Switches
Operates at Layer 2. Establishes a collision domain per port
Session Initialization Protocol Secure (SIPS)
Secure version of the Session Initialization Protocol for VoIP, adds TLS encryption to keep the session initialization process secure
S/MIME
provides the following cryptographic security services for electronic messaging applications: Authentication, Message Integrity, Non repudiation of origin (using digital signatures), Privacy, Data Security (using encryption)
Simple Network Management Protocol (SNMP)
Is a protocol for collecting and organizing info about managed devices on IP networks. It can be used to determine the health of devices such as routers, switches, servers, workstations, etc
Service Provisioning Markup Language (SPML)
XML based and designed to allow platforms to generate and respond to provisioning request. Uses the concept of requesting authorities issue SPML requests to provision service point. Provisioning service targets are often user accounts and are required to be allowed unique identification of the data in its implementation
Secure Real Time Transport Protocol (STRP)
is an extension of Real Time Transport Protocol that features encryption, confidentiality, message authentication, and replay protection to audio and video traffic
Transmission Control Protocol (TCP)
Provides connection oriented data management and reliable data transfer
Teardrop Attack
Exploits the reassembly of fragmented IP packet in the fragment offset field that indicates the starting position or offset of the data contained in a fragmented packet relative to the data of the original unfragmented packet
Transport Control Protocol/Internet Protocol Model (TCP/IP)
Layering mode structured into 4 layers (network interface layer, internet layer, transport layer, host to host transport layer, application layer)
Multi tiered firewall
tiers are not the number of firewalls but the number of zones protected by the firewall; 2-tier protects 2 zones
Terminal Emulation Protocol
AKA Telnet, is command line protocol designed to provide access between host
User Datagram Protocol (UDP)
provides connectionless data transfer without error detection and correction.
Unbound (Wireless) Network
network where the physical layer interconnections are done using radio, light, or some other means; may or may not be mobile
Virtual Local Area Networks (VLANs)
Allow network administrators to use switches to create software based LAN segments that can be defined based on factors other than physical location
Voice over Internet Protocol (VoIP)
A technology that allows you to make voice calls using a broadband Internet connection instead of a regular ( or analog) phone line
VLAN hopping
A method of attacking the network resources of a VLAN by sending packets to a port not usually accessible from an end system. The goal of this form of attack is to gain access to other VLANs on the same network
Well Known Ports
Ports 0-1023 ports are related to the common protocols that are utilized in the underlying management of TCP/IP system, DNS, SMTP etc
Whitelisting/Blacklisting
A whitelist is a list of email addresses and/or internet addresses that someone knows as “good senders”. A blacklist is a corresponding list of known “bad” senders.
Wi-Fi (Wireless LAN IEEE 802.11x)
Primary associated with computer networking, Wi-Fi uses the IEEE 802.11x specification to create a wireless local area network either public or private
WiMAX (Broadband Wireless Access IEEE 802.16)
One well known example of wireless broadband is WiMAX. WiMAX can potentially deliver data rates of more than 30 megabits per second.
Web Application Firewall (WAF)
is a software based app monitors and filters exchanges between applications and a host; usually inspect and filter conversions like HTTP/S
