Ch 3. Network Tech and Tools Flashcards
TCP
Transmission Control Protocol; uses a three way handshake to provide connection-oriented traffic
UDP
User Datagram Protocol; non-guaranteed delivery, does not use three way handshake
IP
Internet Protocol; identifies hosts in a TCP/IP network and delivers traffic from one host to another using IP addresses
ICMP
Internet Control Message Protocol; used for testing basic connectivity and includes tools such as ping, pathping, and tracert
ARP
Address Resolution Protocol; resolves IPv4 addresses to media access control (MAC) addresses (physical/hardware)
NDP
Neighbor Discovery Protocol; performs several functions on IPv6
RTP
Real-time Transport Protocol; delivers audio and video over IP networks
SRTP
Secure Real-time Transport Protocol; provides encryption, message authentication, and integrity for RTP
FTP
File Transfer Protocol; uploads and downloads large files to and from an FTP server. By default data is transmitted in cleartext
TFTP
Trivial File Transfer Protocol; used to transfer smaller amounts of data, commonly disabled because it’s a non-essential protocol on most networks
SSH
Secure Shell; encrypts traffic in transit and be used to encrypt other protocols such as FTP
SSL
Secure Sockets Layer; primary method used to secure HTTP traffic as HTTPS
TLS
Transport Layer Security; the designated replacement for SSL (STARTTLS)
IPsec
encapsulates and encrypts IP packet payloads and uses Tunnel mode to protect VPN traffic
SFTP
Secure File Transfer Protocol; an extension of SSH that secures FTP
FTPS
File Transfer Protocol Secure; uses TLS to encrypt FTP traffic
SMTP
Simple Mail Transfer Protocol; transfers email between clients and SMTP servers. Uses TCP port 25
POP3/Secure POP
Post Office Protocol; transfers emails from servers down to clients. Uses TCP port 110/995
IMAP4/Secure IMAP
Internet Message Access Protocol; used to store email on an email server. Uses TCP port 143/993
HTTP
Hypertext Transfer Protocol; transmits web traffic on the Internet and in intranets. Uses TCP port 80
HTTPS
Hypertext Transfer Protocol Secure; encrypts web traffic to ensure it is secure while in transit. Uses TCP port 443
RDP
Remote Desktop Protocol; used to connect to other systems from a remote location
NTP
Network Time Protocol; most commonly used protocol for time synchronization
DHCP
Dynamic Host Configuration Protocol; dynamically assigns IP addresses to hosts
DNS
Domain Name System; resolves host names to IP addresses, zone/client queries are TCP port 53/UDP port 53
DNS Poisoning
attackers modify the DNS cache with a bogus IP address
DNSSEC
Domain Name Security Extension; a suite of extensions to DNS that provides validation for DNS responses, and adds a digital signature to each record
nslookup/dig
used to troubleshoot problems related to DNS; dig is used for Linux
Unicast
one-to-one traffic; one host sends traffic to another host, using a destination IP address
Broadcast
one-to-all traffic; one host sends traffic to call other hosts on the subnet using a broadcast address. Every host that receives it will process it.
Switch
a network device used to connect devices. Layer 2 switches send traffic to ports based on their MAC addresses. Layer 3 sends traffic to ports based on IP addresses and support VLANs
Loop Prevention
a method of preventing switching loop or bridge loop problems through use of STP/RSTP
Flood Attack
an attacker send a large amount of traffic with spoofed MAC addresses to the same port on a switch; when the switch runs out of memory it enters a fail-open state and starts acting like a hub
Router
connects multiple network segments together into a single network and routes traffic between segments
ACL
Access Control List; rules implemented on a router/firewall to identify what traffic is allowed/denied.
Implicit Deny
all traffic that isn’t explicitly allowed is implicitly denied
Spoofing
to impersonate or masquerade as someone or something else, such as by replacing an IP address
Bridge
connects multiple networks together and can be used instead of a router in some situations; directs traffic based on destination MAC addressses
Aggregate Switch
connects multiple switches together in a network
Firewall
filters incoming and outgoing traffic for a single host or between networks using an ACL
Stateless Firewall Rules
Uses an ACL to statically inspect packets, does not keep track of the state of network connections
Stateful Firewall
blocks traffic based n the state of the packet within a session
DMZ
demilitarized zone; a buffered zone between a private network and the Internet
NAT
Network Address Translation; a protocol that translates public IP addresses to private IP addresses back to public
Airgap
a metaphor for physical isolation, indicating that there is a gap of air between an isolated system and other systems
VLAN
virtual local area network; uses a switch to group several different computers into a virtual network
proxy
a server used to forward requests for services such as HTTP/HTTPS
Load Balancer
hardware or software that balances the load between two or more servers. Scheduling methods include source address IP affinity and round-robin
UTM
Unified Threat Management; combines multiple security controls into a single appliance. They can inspect data streams and often include URL filtering, malware inspection, and contention inspection components.
Mail Gateway
a server that examines all incoming and outgoing email and attempts to reduce risks associated with email
