Chapter 10

Question 1

Layer 7
Layer 6
Layer 5
Layer 4
Layer 3
Layer 2
Layer 1

Answer 1

7 Application-user interface
6 Presentation-Data format; encryption
5 Session-Process to process communication
4 Transport-End to end communication
3 Network-Routing data; logical addressing; WAN delivery
2 Data link-Physical Addressing, LAN delivery
1 Physical-Signaling

Question 2

Wide area networks

Answer 2

Connect systems over a large geographic area

Question 3

Local Area Networks

Answer 3

Provide network connectivity for computers located in the same geographic area

Question 4

WAN connectivity options

Answer 4

Cable modem, DSL, fiber optics, satellite, dial up, cellular 3G and 4G networks

Question 5

The Ethernet standard:

Answer 5

Defines the way that computers communicate on the network

Governs both the Physical and Data Link layers
Defines how computers use MAC addresses to communicate with each other on the network

Ethernet has become the most common LAN technology in use

Question 6

Hubs

Answer 6

a network hardware device for connecting multiple Ethernet devices together and making them act as a single network segment.

Question 7

Switches

Answer 7

Perform intelligent filtering
“Know” the MAC address of the system connected to each port

When they receive a packet on the network, they look at the destination MAC address and send the packet only to the port where the destination system resides

Question 8

Virtual LANs (VLANs)

Answer 8

is a group of devices on one or more LANs that are configured to communicate as if they were attached to the same wire, when in fact they are located on a number of different LAN segments

Question 9

IPv4 addresses

Answer 9

Four-byte (32-bit) addresses that uniquely identify every device on the network
Still the most common

Question 10

IPv6 addresses

Answer 10

Are 128 bits long
Provide more unique device addresses
Are more secure

Question 11

Dynamic Host Configuration Protocol (DHCP)

Answer 11

is a network protocol that enables a server to automatically assign an IP address to a computer from a defined range of numbers (i.e., a scope) configured for a given network

Question 12

Network port

Answer 12

a number that tells a receiving device where to send messages it receives

Question 13

Internet Control Message Protocol (ICMP)

Answer 13

A management and control protocol for IP

Delivers messages between hosts about the health of the network

ICMP tools:
Ping sends a single packet to a target IP address (ICMP echo request)

Traceroute uses ICMP echo request packets to identify the path that packets travel through a network

Question 14

Network Security Risks

Answer 14

Reconnaissance-
The act of gathering information about a network for use in a future attack

Eavesdropping-
When an attacker an attacker taps the data cable to see all data passing through it

Denial of service (DoS)-
Flooding a network with traffic and shutting down a single point of failure

Distributed DoS (DDoS)
Uses multiple compromised systems to flood the network from many different directions

Telephony denial of service (TDoS)
Attempts to prevent telephone calls from being successfully initiated or received by some person or organization

Question 15

Basic Network Security Defense Tools

Answer 15

Firewalls

Virtual private networks and remote access

Network access control (NAC)

Question 16

firewall

Answer 16

controls the flow of traffic by preventing unauthorized network traffic from entering or leaving a particular portion of the network

Question 17

Firewall Security Features:
Flood Guard-
Loop protection-
Network separation-

Answer 17

Flood guard-Rules can limit traffic bandwidth from hosts, reducing the ability for any one host to flood a network

Loop protection-Firewalls can look at message addresses to determine whether a message is being sent around an unending loop (for example, from another form of flooding)

Network Separation-Filtering rules enforce divisions between networks, keeping traffic from moving from one network to another

Question 18

Firewall types (3)

Answer 18

Packet filtering, application proxy, stateful inspection

Question 19

packet filtering

Answer 19

A packet-filtering firewall is very basic. It compares received traffic with a set of rules that define which traffic it will permit to pass through the firewall. It makes this decision for each packet that reaches the firewall and has no memory of packets it has encountered in the past.

Question 20

stateful inspection

Answer 20

• Stateful inspection: A stateful inspection firewall remembers information about the status of a network communication. Once the firewall receives the first packet in a communication, the firewall remembers that communication session until it is closed. This type of firewall does not have to check its rules each time it receives a packet. It only needs to check rules when a new communication session starts.

Question 21

application proxy

Answer 21

Application proxy: An application proxy firewall goes further than a stateful inspection firewall. It doesn’t actually allow packets to travel directly between systems on opposite sides of the firewall. The firewall opens separate connections with each of the two communicating systems and then acts as a broker (or proxy) between the two. This allows for an added degree of protection, because the firewall can analyze information about the application in use when making the decision to allow or deny traffic.

Question 22

Border Firewall

Answer 22

Separates the protected network from the Internet

Question 23

URL filter

Answer 23

Filters web traffic by examining the URL as opposed to the IP address

Question 24

Content inspection

Answer 24

The device looks at some or all network packet content to determine if the packet should be allowed to pass

Question 25

Malware inspection

Answer 25

A specialized form of content inspection, the device looks at packet content for signs of malware

Question 26

The three major VPN technologies in use today

Answer 26

Point-to-Point Tunneling Protocol (PPTP)

Secure Sockets Layer (SSL)

and Transport Layer Security (TLS)
Internet Protocol Security (IPSec)

Question 27

Point-to-Point Tunneling Protocol (PPTP):

Answer 27

PPTP was once the predominant VPN protocol. For many years, almost all VPNs used PPTP. It is easy to set up on client computers because most operating systems include PPTP support.

Question 28

Secure Sockets Layer (SSL):

Answer 28

SSL encrypts web communications, and many VPNs use SSL to provide encrypted communication. Users connect to an SSL-protected webpage and log on. Their web browser then downloads software that connects them to the VPN. Due to recent security issues, use TLS whenever possible.

Question 29

Internet Protocol Security (IPSec):

Answer 29

IPSec is a suite of protocols designed to connect sites securely. Although some IPSec VPNs are available for end users, they often require the installation of third-party software on the user’s system and are not popular. Many organizations use IPSec to connect one site to another securely over the Internet. The required IPSec VPN functionality is built into many routers and firewalls, allowing for easy configuration.