Chapter 11 Flashcards
This category of routing protocols maintain a list of destination networks along with metrics of direction and distance as measured in hops
Distance vector routing protocols
this category of routing protocols gather routing characteristics, such as speed, latency, etc to make a next hop routing decision
Link State Routing protocols
Examples of vector routing protocols
RIP, IGRP
Examples of link state routing protocols
OSPF, IS-IS, EIGRP
this category of routing protocols make next hop decisions based on the entire remaining path to the destination, and is a kind of exterior routing protocol
path vector
what is an example of a path vector routing protocol?
BGP
This is an insecure terminal emulation network application that supports remote connectivity for executing commands and running applications but does not support transfer of files.
Telnet, TCP/23
This is an insecure network application that supports an exchange of files that requires anonymous or specific authentication.
FTP, TCP/20&21
This is an insecure network application that supports an exchange of files that does not require authentication. Used to host network device configuration files and can support multicasting.
TFTP, UDP/69
This is a protocol used to transmit email messages from a client to an email server and from one email server to another.
SMTP, TCP/25
This is a protocol used to pull email messages from an inbox on an email server down to an email client (aka client archiving).
POP3, TCP/110
This is a protocol used to pull email messages from an inbox on an email server down to an email client.
IMAP4, TCP/110
This protocol provides for centralized control of TCP/IP configuration settings assigned to systems upon bootup.
DHCP, UDP/67,68
This is the protocol used to transmit web page elements from a web server to web browsers in cleartext.
HTTP, TCP/80
This is the TLS-encrypted version of HTTP.
HTTPS, TCP/443
This is a network service that is used to spool print jobs and send print jobs to printers. Consider enclosing in a VPN for use.
LPD, TCP/515
This is a GUI API for command-line operating systems. Consider enclosing in a VPN for use.
X Window, TCP/6000-6063
This is a network service used to support file sharing between dissimilar systems. Consider enclosing in a VPN for use.
NFS, TCP/2049
This is a network service used to collect network health and status information from a central monitoring station.
SNMP, UDP 161, 162
combination of IP and port
socket
ports that have one or more networking software products specifically registered with IANA
registered software ports
1024-49151
ports used randomly and temporarily by clients as a source port
random, dynamic, ephemeral ports (49152-65535)
3 steps of a TCP handshake
SYN
SYN/ACK
ACK
this name server hosts the original editable zone file for the domain
primary authoritative name server
these name servers host read-only copies of the zone file
secondary authoritative name server
a security improvement to DNS; provides mutual certificate authentication and encrypted sessions between devices
DNSSEC
this system protects clients during DNS transactions by creating an encrypted session with a DNS server using HTTPS
DNS over HTTPS (DoH)
this system protects clients during DNS transactions by adding a DNS proxy between the client and the DNS resolver thus providing anonymity and privacy to DNS queries
Oblivious DoH (ODoH)
a malicious device that responds to DNS queries with false IP information
rogue DNS server
putting incorrect information into a DNS server’s zone file or cache
DNS Cache Poisoning
malicious redirection of a valid website’s URL to a fake website by modifying the local hosts file on a system
DNS Pharming
when a client has a false DNS server definition
corrupting the IP configuration through DHCP or a script
when an attacker sends back a DNS response with false information
DNS query spoofing
protecting against DNS poisoning methods
block inbound TCP 53
block outbound UDP 53
NIDS
use DNSSEC
use DoH or ODoH
regularly audit DNS and DHCP servers
use split DNS
deploying separate DNS servers for public and private use
split DNS
defensive use of DNS spoofing to prevent users from visiting malicious sites
DNS Sinkhole
malicious action of changing the registration of a domain name without the authorization of the valid owner
domain hijacking
displaying a link that looks like a well-known product that redirects the user to an alternate location
URL Hijacking
IPv6 new features
scoped addresses, autoconfiguration, QoS
since IPv6 does not support NAT, will this reduce security or privacy?
Privacy, because a systems local IP address will not be masked
having systems operate both IPv4 and IPv6
dual stack
systems operate a single stack of either IPv4 or IPv6 and use an encapsulation tunnel to access systems of the other protocol
tunneling
used to convert between IPv6 and IPv4 network segments similarly to how NAT converts between internal and external adresses
NAT-PT
this router protocol allows systems to support multicasting
IGMP - Internet Group Management Protocol
this protocol resolves IP addresses into MAC addresses
ARP
when an attacker sends false ARP replies to a switch
ARP cache poisoning
best defense against ARP attacks
port security on switches
this security measure can prohibit communications with unknown, unauthorized, rogue devices
switch port security
this secure protocol uses public key cryptography to provide encryption, access control, nonrepudiation and message authentication using IP protocols. Primarily used for VPNs
IPsec
this secure protocol offers a SSO solution and provides protection for logon credentials
Kerberos
this secure protocol is an end-to-end encryption technique that can encrypt plaintext utilities, often used to remotely access the CLI of a device
SSH
this is a cryptographic protocol that provides end-to-end encryption for voice communications, videoconferencing, and text messages
signal protocol
this is an authentication service for cross-network service communications and prevents unauthorized execution of code on remote systems
Secure Remote Procedure Call (S-RPC)
this is an encryption protocol that operates at OSI layer 4 by encrypting the payload of TCP communications
TLS
this protocol is primarily used in the electric and water utility management industries to support communications between data aquisition systems and the system control equipment. It is similar to TCP/IP for ICS
DNP3 (Distributed Network Protocol 3)
merging of specialty or proprietary protocols with standard protocols
converged protocols
a secondary network used to consolidate and manage various storage devices into a single consolidated network-accessible storage container
Storage Area Network (SAN)
used to encapsulate Fibre Channel communications over ethernet networks
Fiber Channel over Ethernet (FCoE)
high-throughput high-performance network technology that directs data across a network based on short path labels to save time over traditional IP based routing; designed to handle a wide range of protocols through encapsulation rather than just TCP/IP
MPLS (Multiprotocol label switching)
a networking storage standard based on IP used to enable location-independent file storage, transmission, and retrieval over LAN, WAN, or public internet
Internet Small Computer System Interface (iSCSI)
a tunnelling mechanism that encapsulates audio, video, and other data into IP packets
VoIP
a new network design that is directly programmable from a central location, is flexible, vendor neutral, and open standards based.
software defined networking SDN
3 benefits of segmentation
boosting performance
reducing communication problems
increasing security
creates a separate and distinct network structure for traffic that would otherwise interfere with the production network by creating secondary network paths to support data storage traffic
an out-of-band pathway
diving an internal network into numerous subzones with filtering mechanisms between all of them
microsegmentation
an encapsulation protocol that enables VLANs to be stretched across subnets and geographic distances
Virtual eXtensible LAN (VXLAN)
IEEE standard for wireless network communications
802.11
Wi-Fi deployment model where any two wireless networking devices can communicate without a centralized control authority
ad hoc mode
Wi-Fi deployment model where a WAP is required and restrictions for wireless network access are enforced
Infrastructure
a wireless deployment where there is a WAP connecting wireless clients to one another but not to any wired resources
standalone mode
a wireless deployment where the WAP acts as a connection point to link the wireless clients to the wired network
wired extension
a wireless deployment where multiple WAPs are used to connect a large physical area to the same network
enterprise extended mode
a wireless deployment where a wireless connection links two different wired networks
bridge mode
the SSID used by WiFi direct or ad hoc mode
ISSID - Independent service set identifier
a formal assessment of wireless signal strength, quality, and interference using an RF signal detector
site survey
a mapping of signal strength measurements over a building’s blueprint
heat map
wireless authentication method that does not require authentication and sends data in the clear
OSA - open system authentication
wireless authentication method that requires authentication before communications can occur
shared key authentication (SKA)
a SKA protocol that uses a predefined shared RC4 secret key; extremely weak
WEP
a SKA protocol that replaced WEP and negotiates a unique key set with each host. Uses RC4 nd TKIP or LEAP
WPA
a SKA protocol that implements AES-CCMP encryption
WPA2
a SKA protocol that uses 192-bit AES CCMP encryption and replaces preshared key authentication with Simultaneous Authentication of Equals (SAE)
WPA3
a standard port-based network access control that ensures clients cannot communicate with a resource until proper authentication has taken place
802.1X/EAP
encapsulates EAP methods within a TLS tunnel that provides authentication
Protected Extensible Authentication Protocol (PEAP)
security standard that operates by auto-connecting and automatically authenticating the first new wireless client to initiate a connection to the network at the push of a button or remote PIN
WPS
is WPS secure?
No, an attacker could brute force the PIN that could allow access to the network
a list of authorized wireless client interface MAC addresses that is used by a WAP to block access to unauthorized devices
Wireless MAC filter
an authentication technique that redirects a newly connected client to a web-based portal access control page
captive portal
4 radio frequency spectrum-use techniques
spread spectrum
FHSS - Frequency Hopping Spread Spectrum
DSSS - Direct Sequence Spread Spectrum
OFDM - Orthogonal Frequency-Division Multiplexing
blue-tooth focused network packet capture
Bluesniffing
a DoS attack against a Bluetooth device
Bluesmacking
sending unsolicited messages to Bluetooth-capable devices
Bluejacking
the unauthorized access of data via a Bluetooth connection
Bluesnarfing
an attacker gains remote control over the hardware and software over a Bluetooth connection
Bluebugging
wireless used by SCADA systems
Narrow-band wireless
IoT wireless
Zibgee
a collection of resource services deployed in numerous data centers to provide low latency, high performance, and high availability of hosted content.
content delivery network CDN
a section of the organization’s network that has been sectioned off so that it acts as an intranet for the private network but also serves information to outsiders
extranet
a special-purpose extranet that is designed specifically for low-trust and unknown users to access public facing services
DMZ, screened subnet
network devices that operate at OSI layer 1 to strengthen the communication signal over a cable segment
RCAs - Repeaters, Concentrators, and Amplifiers
network devices that operate at OSI layer 1 to connect multiple systems - create a single collision and broadcast domain
Hub
a device that covers or modulates between an analog carrier signal and a ditial information
modem
most modern modems are actually routers
a network device that connects two networks together; operate at OSI layer 2
bridge
network devices that operate at OSI layer to to manage the transmission of frames via MAC addresses and can separate broadcast domains with the creation of VLANs
Switch
network devices that operate at OSI layer 3 to control traffic flow based on IP addressing; connect networks together
Routers
a network device that is a remote access, multilayer switch used to connect distant networks over WAN links
LAN extenders, WAN switch, WAN router
a network device that is a remote access system deployed to make accessing other devices more secure
jumpbox
a network device that collects information and transits it back to a central system for storage and analysis
Sensor
a network device that gathers data into a log or record file; waits for specific activity, event, or traffic and then records it into a record file
Collector
a device that takes numerous inputs and integrates them into a single data stream and can multiplex
aggregator
the concept of controlling access to the environment through strict adherence to and enforcement of security policy
NAC Network Access Control
what level of the OSI model do circuit-level firewalls operate on?
Layer 5
a firewall deployed between internal network segments to prevent the further spread of malicious code
Internal Segmentation Firewall (ISFW)
