Chapter 10 Flashcards
Layer 7 Layer 6 Layer 5 Layer 4 Layer 3 Layer 2 Layer 1
7 Application-user interface
6 Presentation-Data format; encryption
5 Session-Process to process communication
4 Transport-End to end communication
3 Network-Routing data; logical addressing; WAN delivery
2 Data link-Physical Addressing, LAN delivery
1 Physical-Signaling
Wide area networks
Connect systems over a large geographic area
Local Area Networks
Provide network connectivity for computers located in the same geographic area
WAN connectivity options
Cable modem, DSL, fiber optics, satellite, dial up, cellular 3G and 4G networks
The Ethernet standard:
Defines the way that computers communicate on the network
Governs both the Physical and Data Link layers
Defines how computers use MAC addresses to communicate with each other on the network
Ethernet has become the most common LAN technology in use
Hubs
a network hardware device for connecting multiple Ethernet devices together and making them act as a single network segment.
Switches
Perform intelligent filtering
“Know” the MAC address of the system connected to each port
When they receive a packet on the network, they look at the destination MAC address and send the packet only to the port where the destination system resides
Virtual LANs (VLANs)
is a group of devices on one or more LANs that are configured to communicate as if they were attached to the same wire, when in fact they are located on a number of different LAN segments
IPv4 addresses
Four-byte (32-bit) addresses that uniquely identify every device on the network
Still the most common
IPv6 addresses
Are 128 bits long
Provide more unique device addresses
Are more secure
Dynamic Host Configuration Protocol (DHCP)
is a network protocol that enables a server to automatically assign an IP address to a computer from a defined range of numbers (i.e., a scope) configured for a given network
Network port
a number that tells a receiving device where to send messages it receives
Internet Control Message Protocol (ICMP)
A management and control protocol for IP
Delivers messages between hosts about the health of the network
ICMP tools:
Ping sends a single packet to a target IP address (ICMP echo request)
Traceroute uses ICMP echo request packets to identify the path that packets travel through a network
Network Security Risks
Reconnaissance-
The act of gathering information about a network for use in a future attack
Eavesdropping-
When an attacker an attacker taps the data cable to see all data passing through it
Denial of service (DoS)-
Flooding a network with traffic and shutting down a single point of failure
Distributed DoS (DDoS) Uses multiple compromised systems to flood the network from many different directions
Telephony denial of service (TDoS)
Attempts to prevent telephone calls from being successfully initiated or received by some person or organization
Basic Network Security Defense Tools
Firewalls
Virtual private networks and remote access
Network access control (NAC)
firewall
controls the flow of traffic by preventing unauthorized network traffic from entering or leaving a particular portion of the network
Firewall Security Features:
Flood Guard-
Loop protection-
Network separation-
Flood guard-Rules can limit traffic bandwidth from hosts, reducing the ability for any one host to flood a network
Loop protection-Firewalls can look at message addresses to determine whether a message is being sent around an unending loop (for example, from another form of flooding)
Network Separation-Filtering rules enforce divisions between networks, keeping traffic from moving from one network to another
Firewall types (3)
Packet filtering, application proxy, stateful inspection
packet filtering
A packet-filtering firewall is very basic. It compares received traffic with a set of rules that define which traffic it will permit to pass through the firewall. It makes this decision for each packet that reaches the firewall and has no memory of packets it has encountered in the past.
stateful inspection
• Stateful inspection: A stateful inspection firewall remembers information about the status of a network communication. Once the firewall receives the first packet in a communication, the firewall remembers that communication session until it is closed. This type of firewall does not have to check its rules each time it receives a packet. It only needs to check rules when a new communication session starts.
application proxy
Application proxy: An application proxy firewall goes further than a stateful inspection firewall. It doesn’t actually allow packets to travel directly between systems on opposite sides of the firewall. The firewall opens separate connections with each of the two communicating systems and then acts as a broker (or proxy) between the two. This allows for an added degree of protection, because the firewall can analyze information about the application in use when making the decision to allow or deny traffic.
Border Firewall
Separates the protected network from the Internet
URL filter
Filters web traffic by examining the URL as opposed to the IP address
Content inspection
The device looks at some or all network packet content to determine if the packet should be allowed to pass
Malware inspection
A specialized form of content inspection, the device looks at packet content for signs of malware
The three major VPN technologies in use today
Point-to-Point Tunneling Protocol (PPTP)
Secure Sockets Layer (SSL)
and Transport Layer Security (TLS)
Internet Protocol Security (IPSec)
Point-to-Point Tunneling Protocol (PPTP):
PPTP was once the predominant VPN protocol. For many years, almost all VPNs used PPTP. It is easy to set up on client computers because most operating systems include PPTP support.
Secure Sockets Layer (SSL):
SSL encrypts web communications, and many VPNs use SSL to provide encrypted communication. Users connect to an SSL-protected webpage and log on. Their web browser then downloads software that connects them to the VPN. Due to recent security issues, use TLS whenever possible.
Internet Protocol Security (IPSec):
IPSec is a suite of protocols designed to connect sites securely. Although some IPSec VPNs are available for end users, they often require the installation of third-party software on the user’s system and are not popular. Many organizations use IPSec to connect one site to another securely over the Internet. The required IPSec VPN functionality is built into many routers and firewalls, allowing for easy configuration.
