Ch3: Exploring Network Technologies and Tools Flashcards
SSH
(Secure shell) Encrypts traffic over TCP port 22
Replacement for SSL
TLS (Transport Layer Security)
SFTP
Secure FTP uses SSH to encrypt traffic
FTPS
FTP Secure uses TLS to encrypt traffic
Vulnerability compromising SSL
POODLE (padding oracle on downgraded legacy encryption)
SMTP
Simple mail transfer protocol transfers email between clients and SMTP servers (TCP port 25)
POP3
Post Office Protocol v3 tranfers email from servers down to clients (TCP port 110)
Secure POP3
Secure POP3 encrypts POP3 with SSL or TLS
IMAP4
Internet Message Access Protocol v4 stores email on an email server, allowing a user to organize and manage email in folders on the server (TCP port 143)
HTTP
Hypertext Transfer Protocol transmits web traffic on the Internet (TCP port 80)
HTTPS
Encrypted web traffic via SSL or TLS (TCP port 443)
STARTTLS
allows an encrypted version of the protocol to use the same port as the unencrypted version
Admins connect to servers remotely using…
Protocols such as SSH and RDP, or VPNs in some cases
Private/unroutable IP addresses are specified in
RFC 1918
Private/unrouteable IP addresses
10.x.x.x, 172.16.x.x - 172.31.x.x, 192.168.x.x
IPv4 and IPv6 address widths (in bits)
32-bit addresses (4 groups of decimal digits 0-255) and 128-bit addresses (8 groups of 4 hex digits)
DNS A record
Host record, which holds the host name and IPv4 address. (most commonly used record in a DNS server)
DNS AAAA record
Host record for IPv6, which holds the host name and IPv6 address
DNS zones
Zones are like databases that contain the DNS data in multiple records, like A and AAAA records.
DNS ports
TCP 53 for zone transfers, UDP 53 for client queries
DNS Zone Transfer
The process of DNS servers sharing information with each other
Most DNS servers run…
BIND software on Unix/Linux
Most DNS servers are configured to…
only use secure zone transfers
DNS (cache) poisoning is
when attackers modify the DNS cache with a bogus IP address
To prevent DNS poisoning, use…
DNSSEC (DNS Security Extensions), which uses digital signatures to validate responses
Cmd-line tools to test DNS
Nslookup (Microsoft) and dig (Linux)
IANA
Internet Assigned Numbers Authority maintains a list of official port assignments
IANA 3 Port Ranges
0-1023: well-known ports
1024-49,151: registered ports (companies, i.e. SQL server)
49,152-65,535: dynamic and private
Port vs. protocol number
Port is the logical OS-defined connection endpoint associated with a service. Protocol number identifies the specific protocol as defined by IP (e.g. IPv4 header)
Switch vs. router
Switch connects hosts together within a network. Router connects networks together to create a larger network
(Switch) Port security includes
disabling unused ports, limiting the number of MAC addresses per port. Advanced implementations restrict each physical port to a single specific MAC
Loop protection protects against…
switching loop problems, like when 2 ports of a switch are connected together
STP, RSTP are
loop protection protocols (spanning tree protocol, rapid STP)
Routers and stateless firewalls perform basic filtering with…
ACLs to identify what traffic is allowed and what is blocked
An ACL can control traffic based on…
networks, subnets, IP addresses, ports, and some protocols
Implicit deny
Blocks all accesses that have not been explicitly granted
Antispoofing methods…
Block traffic based on ACL rules
xtables
Tables for firewalls (like ACLs) including iptables, ipv6tables, arptables, etc.
Host-based firewall
Provides protection for individual hosts, like servers or workstations
Network-based firewall
Dedicated servers or appliances that provide protection for the network
To enforce an implicit deny strategy, firewalls use a…
Deny any any, deny any, or drop all statement at the end of the ACL
WAF
Web application firewall provides strong protection for a web server
Stateless firewall
Blocks traffic using an ACL
Stateful firewall
Blocks traffic based on the state of the packet within a session
DMZ
Demilitarized zone is a buffer zone between the Internet and an internal network (e.g. between two firewalls…one protecting DMZ from Internet and the other protecting intranet from DMZ)
NAT
Network Address Translation translates public IP addresses to private IP addresses, and vice versa
Common form of NAT
Port address translation (PAT)
Static NAT
Uses a single public IP address in a one-to-one mapping
Dynamic NAT
Uses multiple public IPs in a one-to-many mapping, based on load
VLANs
Virtual LANs separate or segment traffic on physical networks. You can create multiple VLANs with a single Layer 3 switch. VLANs can logically group several different computers together
Proxy server
Forwards requests for services from a client, providing caching to improve performance and reduce Internet bandwidth usage (outgoing, for clients)
Transparent proxy servers
Use URL filters to restrict access to certain sites and can log user activity
Reverse proxy
Accepts requests from the Internet on behalf of a web server (incoming, for web servers). Can sit in a DMZ for increased security and load balancing
UTM appliance
A Unified Threat Management appliance combines multiple security controls into a single appliance. They can inspect data streams, filter URLs, inspect malware, and content. Many include DDoS mitigators
SNMPv3
Simple Network Management Protocol v3 manages and monitors network devices using UDP ports 161 and 162. Includes strong authentication mechanisms, and more secure than previous versions
