Chapter 11 Flashcards
OSI
Application - PDU (Protocol Data Unit)
Presentation - PDU; encryption, compression
Session - PDU; session mgmt
Transport - TCP segment or UDP datagram
Network - packet
Data Link - frame; arp
Physical - bits
TCP/IP Layers
Application (L5, L6, L7)
Transport (L4)
Internet (L3)
Link (L1, L2)
TCP Port numbers
Well known, service ports: 0 - 1023
Registered: 1024 - 49,151
FTP - 20/21
SSH - 22
Telnet - 23
SMTP - 25
TACACS+ - 49
DNS - 53
HTTP - 80
POP3 - 110
IMAP4 - 143
HTTPS (TLS) - 443
UDP Port Numbers
DNS - 53
DHCP - 67, 68
TFTP - 69
SNMP - 161, 162
RADIUS - 1812, 1813
Domain name
3 parts:
Top Level Domain
Registered
Sub-domain or Hostname
DNS pharming
Redirect valid URL or IP to fake site
Split-DNS
(split-horizon, split-view, split-brain)
- Internal DNS for internal users
- Public DNS for external public
- Use firewall to block requests accordingly from in to out or out to in
Wi-fi standard - 802.11
Infra mode SSID types:
- ESSID (extended SSID) - name
- BSSID (base SSID) - MAC of base station
Ad-hoc mode - ISSID
Beacon frame - broadcasts SSID
WPA2
128 bit AES-CCMP
WPA2-PER - Preshared key
WPA2-ENT - 802.1X/EAP (use AAA such as RADIUS, TACACS+)
WPA3
AES-CCMP
WPA3-PER - SAE (dragonfly for key exchange), 128 bit AES CCMP
WPA3-ENT - 802.1X/EAP, 192 bit AES CCMP
Wireless communication
Frequency hopping spread spectrum (FHSS) - diff freq but freq at a time
Direct Sequence spread spectrum (DSSS) - diff freq in parallel; use chipping code
Orthogonal Freq Div Multiplexing (OFDM)
Bluetooth
100 meters
Bluetooth LE (low energy) variant
iBeacon - Apple developled location tracking (BLE)
Attacks:
- Blue sniffing
- Blue smacking - DoS
- Blue jacking - Sending unsolicited messages
- Blue snarfing - unauth access to data over connection
- Blue bugging - remote control over hw and sw
Wireless attacks
- War driving
- Rogue AP - can be internal or attacker
- Evil twin - making use of client reconnect request to retrieve SSID, etc. to make fake AP (evil twin)
- Disassociation - send disassociation or deauthentication message to force reconnect request
- Jamming
- IV abuse
- replay attack
Network Access Control
Pre-admission philosophy - must meet required level of security first
Post-admission philosophy - control based on user activity
Comm Media Access
CSMA
CSMA/CD - collision detect; Ethernet
CSMA/CA - collision avoidance; 802.11 (wireless)
Token - FDDI and token ring
Polling