Chapter 11 Flashcards

1
Q

OSI

A

Application - PDU (Protocol Data Unit)
Presentation - PDU; encryption, compression
Session - PDU; session mgmt
Transport - TCP segment or UDP datagram
Network - packet
Data Link - frame; arp
Physical - bits

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

TCP/IP Layers

A

Application (L5, L6, L7)
Transport (L4)
Internet (L3)
Link (L1, L2)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

TCP Port numbers

A

Well known, service ports: 0 - 1023
Registered: 1024 - 49,151

FTP - 20/21
SSH - 22
Telnet - 23
SMTP - 25
TACACS+ - 49
DNS - 53
HTTP - 80
POP3 - 110
IMAP4 - 143
HTTPS (TLS) - 443

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

UDP Port Numbers

A

DNS - 53
DHCP - 67, 68
TFTP - 69
SNMP - 161, 162
RADIUS - 1812, 1813

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Domain name

A

3 parts:
Top Level Domain
Registered
Sub-domain or Hostname

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

DNS pharming

A

Redirect valid URL or IP to fake site

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Split-DNS
(split-horizon, split-view, split-brain)

A
  • Internal DNS for internal users
  • Public DNS for external public
  • Use firewall to block requests accordingly from in to out or out to in
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Wi-fi standard - 802.11

A

Infra mode SSID types:
- ESSID (extended SSID) - name
- BSSID (base SSID) - MAC of base station

Ad-hoc mode - ISSID

Beacon frame - broadcasts SSID

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

WPA2

A

128 bit AES-CCMP
WPA2-PER - Preshared key
WPA2-ENT - 802.1X/EAP (use AAA such as RADIUS, TACACS+)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

WPA3

A

AES-CCMP
WPA3-PER - SAE (dragonfly for key exchange), 128 bit AES CCMP
WPA3-ENT - 802.1X/EAP, 192 bit AES CCMP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Wireless communication

A

Frequency hopping spread spectrum (FHSS) - diff freq but freq at a time
Direct Sequence spread spectrum (DSSS) - diff freq in parallel; use chipping code
Orthogonal Freq Div Multiplexing (OFDM)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Bluetooth

A

100 meters
Bluetooth LE (low energy) variant
iBeacon - Apple developled location tracking (BLE)

Attacks:
- Blue sniffing
- Blue smacking - DoS
- Blue jacking - Sending unsolicited messages
- Blue snarfing - unauth access to data over connection
- Blue bugging - remote control over hw and sw

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Wireless attacks

A
  • War driving
  • Rogue AP - can be internal or attacker
  • Evil twin - making use of client reconnect request to retrieve SSID, etc. to make fake AP (evil twin)
  • Disassociation - send disassociation or deauthentication message to force reconnect request
  • Jamming
  • IV abuse
  • replay attack
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Network Access Control

A

Pre-admission philosophy - must meet required level of security first
Post-admission philosophy - control based on user activity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Comm Media Access

A

CSMA
CSMA/CD - collision detect; Ethernet
CSMA/CA - collision avoidance; 802.11 (wireless)
Token - FDDI and token ring
Polling

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Stateful firewall - dynamic packet filtering fw; aware of previous and current packets; per session
Stateless firewall - static packet filtering;

A
17
Q

EDR - detect and respond, endpoint
MDR - detect and respond, more than just endpoints and includes network
EP(rotection) P(latform) - endpoint, but also predict and prevent
XDR - EDR, EPP, MDR
MSSP - managed centralized XDR

A