Ch.14 - Networking Technology Basics Flashcards
3 Basic components in every computer
- Central Processing Unit: Math calculations with assistance of ALU and RAM
- Input/Output: Used to transmit data from CPU for processing (peripheral devices used)
- Data Storage: May be fixed in semi-permanent location or removable (ex: hard disk)
- Multiprocessor computers and computers based on multicore CPUs are designed to deal with
the demands of process-intensive applications
o Multiprocessor systems can perform high-security processing with a separation of duties
Shell
UI – command-line or graphical interface
Determining best computer class
Variety of size/prices/processing power/throughput/data storage
Supercomputers
Designed for intense scientific calculations - Nuclear
Mainframe computers
Large/scalable, general-purpose systems to supp big volumes of data
o Multithreading: Execute in parallel to minimize idle time in processor
Midrange computers
To be operated by individual deps or smaller orgs
Microcomputers
PC, notebook, PDA, designed for individual users
RAID
Redundant Array of Inexpensive Disks or Redundant Array of Independent Disks (view RAID table for different levels)
Protocol
Standard procedures/rules to organize comm process (AKA computer port)
Open Systems Interconnect (OSI) Model
▪ Application Layer: Interacts with end users through programs interacting within a network
▪ Presentation Layer: Coding of data (file formats and character representations – encryptions)
▪ Session Layer: Maintains comm sessions between computers ((dis)connect)
▪ Transport Layer: Breaks data into packets and properly transmit it over the network
▪ Network Layer: Logical implementation of network (logical addressing takes form of IP address)
▪ Data Link Layer: Transmit/receive info on computers connected to LAN (uses MAC addresses)
▪ Physical Layer: Physical operation of network - Translates binary 1/0 of computer language for T
View OSI Figures
Network routing
Process of directing traffic
to the intended destination.
Data will travel on the network on predetermined routes to reach their destinations. Same as driving on the highway. Can only change it manually by network admins.
OSI communication between systems
Users make a request in their app software on layer 7. It passes through each layer and transform the request into a series of electrical signals.
The packet is routed to its intended destination computer.
Layer 1 of the other computer receives the signal and passes through each of the layers again.
Routers
Forward data traffic when necessary and insulate users on other subnets
- Router ignores traffic on same subnet (LAN1 to LAN 1)
Border routers
Subject to direct attack from an outside source.
- When you configure router, determine whether it’s lone point of defense or part of a multilayered defense (multi is better as lone is subject to attack itself)
Internal routers
Provide enhanced features to your internal networks
- Can keep traffic out of a subnet and keep traffic in a subnet (more confidential/ no crossover)
Ethernet Networks
Defines the way that computers communicate on the network
- Governs both the Physical (Layer 1) and Data Link layers (Layer 2)
- Defines how computers use MAC addresses to communicate on network
o Ethernet has become the most common LAN technology in use
Bus Topology
Daisy-chained connection, meaning single coaxial cable passing through connector on back of each computer on network (ties all systems together - if it breaks, everything breaks).
Star Topology
Each computer has a dedicated cable connection running to network hub/switch. Offers cable redundancy ensuring computers’ network are not interconnected.
Ring Topology
Each LAN computer is connected to a media access unit (MAU). Each MAU is connected to an upstream MAU and downstream MAU to form a backbone loop. Network traffic is bidirectional.
Meshed Network
Series of point-to-point connections between critical backbone connections. Routers determine which link to use based on predefined routing criteria (admin does this).
- Full Mesh: Has alternate connections for every major backbone point on network
- Partial Mesh: Only has for most critical links
Coaxial Cable
Have mesh shielding to prevent electrical interference (old)
Unshielded Twisted-Pair (UTP) Cable*
Wire doesn’t have protection from electrical interference. Pairs are twisted to reduce electromagnetic interference (EMI)
Fiber Optic Cable
LED used to flash signals through glass strands. Commonly used for backbone connections and long-haul installations (dense wave multiplexing)
Hubs
Electrical connection box amplifying and retiming electrical signals for transmission
• Contain number of plugs (or ports) to connect Ethernet cables for different network systems
• Receive packets and automatically retransmit those packets to all the other ports (shared)
Switches
Separate traffic between ports to create appearance of private comms line
• Perform intelligent filtering – capable of running logic programs
• “Know” the MAC address of the system connected to each port
• When they receive a packet on the network, they look at the destination MAC address and send the packet only to the port where the destination system resides
Virtual LANs (VLANS)
To divide users by simulating one subnet for all target computers
- Any broadcast domain that is isolated from other domains
- Collection of logically related network devices that are viewed as a partitioned network segment
- Used to isolate logical groups of devices to reduce network traffic and increase security
Domain Name System (DNS)
The how you end up reaching a website without knowing its IP address
- DNS servers are layer of 7 software app containing list of alias names and their IP addresses
Lack of security
Network productivity shut down if DNS server is lost/attacked
Risk of fake DNS updates
Dynamic Host Configuration Protocol (DHCP)
Automatically configure IP address, subnet mask and DNS settings on computer
- Used within network to simplify configuration of each user’s computer
- DHCP server needs to be located on same subnet to hear computer making DHCP requests
LAN (Local Area Network)
▪ Systems on the same LAN do not protect themselves from each other
▪ Good security is important
WAN (Wide Area Network)
▪ The Internet is an open network
▪ Can’t guarantee privacy
▪ Consider the security issues surrounding the use of an open network
▪ Develop your own private WAN
WAN connectivity options
- Cable modem
- Digital subscriber line (DSL) – Integrated Services Digital Network/Dense Wave Multiplexing
- Fiber optics
- Satellite
- Dial-up
- Cellular 3G and 4G networks
Transmission Control Protocol (TCP)/Internet Protocol (IP)
▪ Suite of protocols operating both Network and Transport layers of OSI Reference Model
▪ Governs all activity across Internet and through most corporate and home networks
▪ Developed by the DoD to provide a highly reliable and fault-tolerant network infrastructure
(security was not a focus)
TCP results in higher latency. UDP is designed for faster data transmission.
TCP guarantees data delivery by prioritizing data integrity, completeness, and reliability.
IPv4 addresses
o Four-byte (32-bit) addresses that uniquely identify every device on the network
o Still the most common
IPv6 addresses
o Are 128 bits long
o Provide more unique device addresses
o Are more secure
Network port
Number that tells a receiving device where to send messages it receives
Dial-in access to the network
- Individual Modems: Can be connected to computer on network
a. Bypass majority of network security controls (hackers love these) - Network Access Server (NAS): Have special monitoring and security protocols
a. Remote connection attached to one of routers which allows Separation of Duties
(see Table: Networking Equipment)
Telephone Circuits
Telephone companies provide what client can afford
Dedicated Telephone Circuits
Billed by locations wit actual usage billed by distance
Examples: POTS/ISDN/DSL/T1/T3
Wireless Access Solutions: Requires antenna systems – transmitting/receiving capabilities
- Wi-Fi Radio: Uses layer 1 transmitter/receiver to support signal range up to 1,500 feet
- Station (STA): Wireless device on end of network (PDA, laptop/ mobile phone)
- Access Point (AP): Wireless transmitter/receiver providing network services (300 feet)
- Cell: Individual AP broadcast range/ Multiple cells are linked together to increase range
- Satellite Radio: Signal bounced off a low-orbit satellite in space (huge service area)
- Microwave: Used in short-distances runes across cities/mountain range (old)
- Laser: Alternative to microwaves (need to have unobstructed aerial space)
Wireless RFID System
Radio Frequency Identification
- Tiny tag containing silicon chips and antennas enabling tag to be detected by scanners
o To protect inventory at first
Wireless Networks - Wireless Access Points (WAPs)
Connection between wired and wireless network
- Fences don’t stop wireless signals
- Anyone within range of wireless network can capture data sent on network if not encrypted
Network Access Control
- Enable you to add more security requirements before allowing a device to connect to network
- Perform authentication and posture checking
- IEEE 802.1x standard
Wireless Network Security Controls
VPN over Wireless - Wireless encryption o WEP (insecure and flawed) o Counter Mode Cipher Block Chaining Message Authentication Code Protocol o Wi-Fi Protected Access (WPA) - SSID broadcast - MAC address filtering
Point-to-Point Tunneling Protocol (PPTP)
Easy to set up on client computers because most operating systems include PPTP support
Secure Sockets Layer (SSL)
Encrypts web communications, and many VPNs use SSL to provide encrypted communication. Users connect to an SSL-protected webpage and log on.
Internet Protocol Security (IPSec)
Suite of protocols designed to connect sites securely. Many organizations use IPSec to connect one site to another securely over the Internet (easy configuration)
Additional wireless security techniques
Antenna types: Wireless device antennas can have large impact on the device’s area of coverage. Antennas can transmit/receive in different ways: omnidirectional semi-directional, highly directional.
Antenna placement: place the antennas to provide coverage that you want, and not for anyone else.
Power-level controls: Able to change power a wireless from the configuration settings. Lowering power
settings from default will reduce area the device covers (limit visibility on network)
Captive portals: Webpage that is displayed for all new connections. Wireless device can redirect all
traffic to the captive portal until the connection is authenticated.
Site surveys: Examine physical area you want to serve with wireless network.
SaaS
Users rely on someone else’s server to process their data (third-party)
Advantages of SaaS
o Lower initial cost: Vendor provides infrastructure
o Instant Scalability: Expand/upgrade for more money
o Security: Expand/upgrade for more money
o Cheaper Support: Use portion of service as needed
Disadvantages of SaaS
o Expenses: Costly as processing volume increases (pay-as-you-go)
o Control of Data: Vendor has control over subscriber data
o Liability: Vendor usually not liable for consequential losses
Cloud Computing
Processing data across Internet on remote server operated by vendor
Private Cloud Services
Org leases exclusive use of servers and communication equipment. Subs select authorized users and specifies operating rules (confidentiality, protection)
Public Cloud Services
Subs pay fee or get free starter usage (Google docs, LinkedIn, Twitter, FB). Subs don’t know how data is stored/accessed/used (no confidentiality, save money)
Cooperative Cloud Services
Professional associations and community group have own private label
Hybrid Cloud Services
Popular with subs believing they are circumventing cost of using own IT dep
Syslog
Sends audit log msg to centralized server for aggregation of event logs/alerts
- Excellent tool to aid monitoring efforts of sys admins
- Good: Audit logs automatically transmitted to another server for safe storage
- Bad: Doesn’t contain message authentication – no integrity
Automated Cable Tester
Check variety of conditions – recommended length, signal strength, transmission cross talk, electrical noise interference, electrical pin connections
Protocol Analyzer
Packet sniffer – record/analyze network transmissions
Simple Network Management Protocol (SNMP)
Monitor network devices – servers, routers, gateways,
hubs, workstations (weak mechanism and relies on simple passwords)
- Read: Monitor a device with notification of possible error conditions
- Write: Reconfigure limited system parameters
- Use SNMP to reboot or shut down the network device
Remote Monitoring Protocol Version 2 (RMON2)
Offers data beyond basic network health. Ability to monitor all seven layers of OSI model
Internet control message Protocol (ICMP)
Management and control protocol for IP
• Delivers messages between hosts about health of network
o Ping sends a single packet to a target IP address (ICMP echo request)
o Traceroute uses ICMP echo request packets to identify path of packets on network
Network Security Risks
▪ Reconnaissance
o Act of gathering information about network for use in future attack
▪ Eavesdropping
o When attacker taps data cable to see all data passing through it
▪ Denial of service (DoS)
o Flooding network with traffic and shutting down a single point of failure
▪ Distributed DoS (DDoS)
o Uses multiple compromised systems to flood network from many different directions
▪ Telephony denial of service (TDoS)
o Attempts to prevent telephone calls from being successfully initiated or received
Firewalls
Controls flow of traffic by preventing unauthorized network traffic from entering or leaving a particular portion of the network
Firewall Security Features
▪ Flood guard: Rules can limit traffic bandwidth from hosts, reducing ability to flood network
▪ Loop protection: Firewalls can look at message addresses to determine whether a message is being sent around an unending loop (for example, from another form of flooding)
▪ Network separation: Filtering rules enforce divisions between networks, keeping traffic from moving from one network to another
Firewall Types
Packet filtering
Stateful inspection
Application proxy
Packet filtering
Compares received traffic with set of rules defining which traffic it will permit to pass
- Makes decision for each packet and has no memory of packets it has encountered in the past
Stateful inspection
Remembers information about status of a network communication until closed
Application proxy
Opens separate connections with each of the two communicating systems and then acts as a broker (or proxy) between the two (can analyze info – more protection)
Firewall-Deployment techniques
- Border firewalls
- Separates the protected network from the Internet
- Screened subnet (or DMZ) firewalls
- Multilayered firewalls
Unified threat management (UTM)
• URL filter: Filters web traffic by examining the URL as opposed to the IP address
• Content inspection: Device looks at some or all network packet content to determine if the packet should be allowed to pass
• Malware inspection: Specialized form of content inspection, the device looks at packet content
for signs of malware
URL filter
Filters web traffic by examining the URL as opposed to the IP address
Content inspection
Device looks at some or all network packet content to determine if the packet should be allowed to pass
Malware inspection
Specialized form of content inspection, the device looks at packet content for signs of malware