Chapter 11- Secure Network Architecture and Securing Network Components Flashcards
- What is protocol
Protocol is a set of rules and restrictions that determine how data is transmitted over a network medium
- OSI Model divides networking into 7 distinct layers, name them:
Please do Not Throw Sausage Pizza Away
Application 7
Presentation 6
Session 5
Transport 4
Network 3
Data 2
Physical 1
- What is encapsulation
encapsulation occurs as data moves down through OSI Model Layers from Application to Physical. It is the addition of a header and possibly a footer to the data received by each layer from the layer above before it is handed to the layer below
- What is de-encapsulation
De-encapsulation occurs when data moves up through OSI model layers from Physical to Application
- What happens at the presentation layer during encapsulation
The presentation layer encapsulates the message by adding information to it, information is added at the beginning of the message i.e. a header.
- How do ISO Layers change data
D3SPFB
Application Data Stream
Presentation Data Stream
Session Data Stream
Transport Segment (TCP)/Datagram (UDP)
Network Packet
Data Frame (Link)
Physical Bits
- What is physical layer:
accepts frame from the data link layer and converts frame into bits for transmission over the physical connection medium. It also receives bits from the physical connection medium and converts them into frame to be used by the data link layer.
- Through device drivers and standards list the things that physical layer controls:
Throughput rates
It handles synchronisation
Manages line noise and medium access
Determines whether to use analogue or digital signals
- List network hardware devices that function at layer 1:
(NHRCA) Network Interface Cards (NICs), hubs, repeaters, concentrators and amplifiers.
- What is data layer
Data Layer is responsible for formatting the packet from the Network layer into the proper format for transmission. data link layer includes adding the hardware source and destination addresses to the frame. The hardware address is the Media Access Control Address (MAC)
- List protocols found in the data link layer:
SPALLPI
Serial Line Internet Protocol (SLIP)
Point to Point Protocol (PPP)
Address Resolution Protocol (ARP)
Layer 2 Forwarding (L2F)
Layer 2 Tunnelling Protocol (L2TP)
Point to Point Tunnelling Protocol (PPTP)
Integrated Services Digital Network (ISDN)
- What is ARP?
Address Resolution Protocol (ARP) is a protocol the datalink Layer. It can be viewed as operating in layer 2 or 3 of the OSI model. It depends on the ethernet’s source and destination MAC addresses. ARP is used to resolve IP addresses into MAC addresses.
- ARP is carried as a _____ of the ______:
Payload, the Ethernet Frame
- ARP operates in what layer?
Tricky question! some think it operates on Layer 2,anyway choose 2. Layer 2
Layer 3 – Network layer but it does not operate as a true layer 3 protocol as it does not use a source destination addressing scheme to direct communications. It depends on the Ethernet source and the destination MAC addresses.
- Hardware technology used in data layer
Ethernet (IEEE802.3), Token Ring (IEEE 802.5), Asynchronous Transfer Mode (ATM), Fibre Distributed Data Interface (FDDI), Copper Distributed Data Interface (CDDI)
- Data link layer contains 2 sublayers they are
Logical Link Control and Media Access Control (MAC) Sublayer
- List Network Hardware that function at layer 2
at datalink layer… switches and bridges
- Explain Network Layer
Network layer is responsible for adding routing and addressing information to data. Packet includes source and destination addresses. The Network layer is responsible for providing routing or delivery information, but it is not responsible for verifying guaranteed delivery
- List routing protocols under network layer:
BORI5NS
Internet Control Message Protocol (ICMP)
Routing Information Protocol (RIP)
Open Shortest Path First (OSPF)
Border Gateway Protocol (BGP)
Internet Group Management Protocol (IGMP)
Internet Protocol (IP)
Internet Protocol Security (IPSec)
Internetwork Packet Exchange (IPX)
Network Address Translation (NAT)
Simple Key Management for Internet Protocols (SKIP)
- What are routers
routers determine the best logical paths for the transmission of packets based on speed, hops, preference and so on.
routers use destination IP addresses to guide the transmission of packets.
- List some network hardware devices that function at layer 3:
Routers and bridge routers (brouters)
a
a
- What are brouters:
Bridge routers (brouters) works primarily in layer 3 but in layer 2 when necessary.
- What is the transport layer
. Transport layer is responsible for managing the integrity of a connection and controlling the session. A PDU Payload Data Unit from the session layer is converted into segment. This layer includes mechanisms for segmentation, sequencing, error checking, controlling the flow of data, error correction, multiplexing and network service optimisation.
- PDU acronym means
Payload Data Unit, Protocol Data Unit, Packet Data Unit.
- List Protocols that operate on the transport layer:
the following operate on the transport layer, Transport Control Protocol (TCP),
User Datagram Protocol (UDP),
Sequenced Packet Exchange (SPX),
Secure Socket Layer (SSL),
Transport Layer Security (TLS).
- What is PDU
means Payload Data Unit, Protocol Data Unit, Packet Data Unit. PDU is a container of information or data passed btw network layers.
- Explain Session Layer:
Session Layer (Layer 5) is responsible for establishing, maintaining and terminating communication sessions between 2 computers. It manages dialogue discipline or dialogue control (simplex, half duplex, full duplex).
- List Protocols that operate within the session Layer:
Network File System (NFS), Structured Query Language (SQL), Remote Procedure Call (RPC).
- Communication sessions can operate in one of three diff control modes in the session layer, list them:
Simplex- one way communication, half-duplex- 2 way communications; but only one direction can send data at a time, full-duplex- 2 way communication, in which data can be sent in both directions simultaneously.
- What is presentation layer
presentation layer is responsible for transforming data received from application layer into a format that any system following the OSI model can understand.
- Which layer is responsible for encryption and compression:
Presentation Layer (Layer 6).
- What is application layer:
it is responsible for interfacing user applications, network services, or operating system with protocol stack. The application is not located in this layer rather protocols and services required to transmit files, exchange messages, connect to remote terminals are found here
- Protocols found in the presentation layer are?
American Standard for Code Information Interchange (ASCII)
Extended Binary Coded Decimal Interchange Mode (EBCDICM)
Tagged Image File Format (TIFF)
Joint Photographic Experts Group (JPEG)
Moving Picture Experts Group (MPEG)
Musical Instrument Digital Interface (MIDI)
- Protocols found in the application layer are:
- Protocols found in the application layer are: Hypertext Transfer Protocol (HTTP)
File Transfer Protocol (FTP), Line Print Daemon (LPD), Simple Mail Transfer Protocol (SMTP), Telnet, Trivial File Transfer Protocol (TFTP),Electronic Data Interchange (EDI), Post Office Protocol version 3 (POP3),Internet Message Access Protocol (IMAP), Simple Network Management Protocol (SNMP), Network News Transport Protocol (NNTP), Secure Remote Procedure Call (S-RPC),Secure Electronic Transaction (SET
- Name the network device that works at the application layer:
Gateway.
- TCP/IP Acronym
Transmission Control Protocol/ Internet Protocol
- List the layers of TCP/IP:
Application, Transport, Internet and Link
- Compare the OSI model to TCP/IP Model
Application Application
Presentation Application
Session Application
Transport Transport
Network Internet
Data Link Link
Physical Link
- Compare the Application mode of the TCP/IP model to OSI:
Application Mode is also known as the process. The application mode of the TCP/IP Model is synonymous to the Application, Presentation and Session modes of the OSI.
- Compare the transport mode of the TCP/IP to OSI model:
The transport mode is also known as host to host and it is likened to the transport mode of the OSI model
- Compare the Network mode of the OSI model to TCP/IP:
this model is known as the internet or internetworking.
- Compare Data Link and Physical Mode of the OSI model to the TCP/IP Model:
the data link and physical layers of the OSI model are likened to the link model of the TCP/IP
- TCP/IP can be secured using……:
Virtual Private Networks
- Advantages of VPN:
VPN links are encrypted to add privacy, confidentiality and authentication.
- List Protocols used to establish VPNs:
Point to Point Tunneling Protocol (PPTP), Layer 2 Tunneling Protocol (L2TP), Secure Shell (SSH), Open VPN (SSL/TLS VPNs) and Internet Protocol Security (IPSec).
- List Protocol in Application state of TCP/IP:
: File Transfer Protocol FTP, Telnet, Simple Network Management Protocol SNMP, Line Print Daemon LPD, Trivial File Transfer Protocol TFTP, Simple Mail Transfer Protocol SMTP, NFS, X Window
- What are TCP wrappers?
TCP wrappers is an application that can serve as a basic firewall by restricting access to ports and resources based on user IDs or system IDs.
- List 2 TCP/IP Transport Layer Protocols:
Transmission Control Protocol (TCP) and User Datagram Protocol (UDP).
- Explain TCP (TCP/IP) Protocol:
Transmission Control Protocol (TCP) Internet Protocol is a full duplex connection oriented protocol. Operates at transport layer of the OSI model.
- Explain UDP (TCP/IP) Protocol:
User Datagram Protocol (UDP) is a simplex connectionless protocol. It operates at transport layer of the OSI model, it offers no error detection or correction, does not use sequencing, does not use flow control mechanism, does not use preestablished session and is considered unreliable.
- What is a port?
Port is a little more than an address number that both ends of the communication link agree to use when transferring data within the transport layer. Ports allow a single IP address to be able to support multiple simultaneous communications each using a different port no
- What is socket?
A combination of IP address and port number is known as socket
- Ports 0 -1023 are known as:
Well known ports or service ports
- Ports 1024 to 19151 are known as:
registered software ports
These are ports that have one or more networking software products specifically registered with International Assigned Numbers Authority (IANA).
- Ports 49152 to 65535 are known as
Random, Dynamic Ephemeral Ports as they are randomly and temporarily used by clients as a source port. The IANA recommends that ports 49152 to 65535 be used as dynamic and/or private ports.
- Explain the TCP three-way handshake:
1 the client sends a SYN (synchronise) flagged packet to the client. 2. The server responds with a SYN/ACK (synchronise and acknowledge) flagged packet back to the client. 3. The client responds with an ACK (acknowledge) flagged packet back to the server
- List TCP headers flag field:
Unskilled Attackers Pester Real Security Folk. CWR, ECE, URG, ACK, PSH,RST,SYN,FIN) i.e. Congestion Window Reduced, Explicit Congestion Notification-Echo, Urgent, Acknowledgement, Push, Reset, Synchronize, Finish.
- What is UDP used for:
UDP is often employed by real time or streaming communications for audio and video.
- Describe UDP Header
: UDP header is 8bytes (64 bits) long. The header is divided into 4 sections or fields (each 16 bits long). Source Port, Destination Port, message length and checksum.
- Describe TCP/IP Internet Protocol:
it operates at the Network Layer of the OSI model and is known as the Internet Protocol (IP). IP provides route address for data packets.it provides means of identity and prescribes transmission paths. It is similar to UDP, IP is connectionless and unreliable.
- Compare IPv4 to IPv6:
IPv4 IPV6
32bits addressing 128bits addressing
- List some IPv6 features that are not present in \IPv4:
Scoped Addresses, autoconfiguration and Quality of Service
- Describe advantage of IPv6 scoped addressing:
IPv6 scoped addresses give the administrators the ability to group and then block or allow access to network services such as file servers or printing.
- What is IPv6 autoconfiguration?
IPv6 Autoconfiguration removes the need for both Dynamic Host Configuration Protocol (DHCP) and Network Address Translation (NAT).
- List the layers of TCP/IP
Application, Transport, Internet and Link
- Compare the OSI model to TCP/IP Model
Application Application
Presentation Application
Session Application
Transport Transport
Network Internet
Data Link Link
Physical Link
- Compare the Application mode of the TCP/IP model to OSI:
Application Mode is also known as the process. The application mode of the TCP/IP Model is synonymous to the Application, Presentation and Session modes of the OSI.
- Compare the transport mode of the TCP/IP to OSI model:
The transport mode is also known as host to host and it is likened to the transport mode of the OSI model
- Compare the Network mode of the OSI model to TCP/IP:
: this model is known as the internet or internetworking.
- Compare Data Link and Physical Mode of the OSI model to the TCP/IP Model:
the data link and physical layers of the OSI model are likened to the link model of the TCP/IP.
- TCP/IP can be secured using……:
Virtual Private Networks
- Advantages of VPN:
VPN links are encrypted to add privacy, confidentiality and authentication.
- List Protocols used to establish VPNs:
Point to Point Tunneling Protocol (PPTP), Layer 2 Tunneling Protocol (L2TP), Secure Shell (SSH), Open VPN (SSL/TLS VPNs) and Internet Protocol Security (IPSec).
- List Protocol in Application state of TCP/IP
: File Transfer Protocol FTP, Telnet, Simple Network Management Protocol SNMP, Line Print Daemon LPD, Trivial File Transfer Protocol TFTP, Simple Mail Transfer Protocol SMTP, NFS, X Window
- What are TCP wrappers?
TCP wrappers is an application that can serve as a basic firewall by restricting access to ports and resources based on user IDs or system IDs.
- List 2 TCP/IP Transport Layer Protocols:
Transmission Control Protocol (TCP) and User Datagram Protocol (UDP).
- Explain TCP (TCP/IP) Protocol:
Transmission Control Protocol (TCP) Internet Protocol is a full duplex connection oriented protocol. Operates at transport layer of the OSI model
- Explain UDP (TCP/IP) Protocol:
User Datagram Protocol (UDP) is a simplex connectionless protocol. It operates at transport layer of the OSI model, it offers no error detection or correction, does not use sequencing, does not use flow control mechanism, does not use preestablished session and is considered unreliable
- What is a port?
Port is a little more than an address number that both ends of the communication link agree to use when transferring data within the transport layer. Ports allow a single IP address to be able to support multiple simultaneous communications each using a different port no.
- What is socket?
A combination of IP address and port number is known as socket
- Ports 0 -1023 are known as:
registered software ports
These are ports that have one or more networking software products specifically registered with International Assigned Numbers Authority (IANA).
- Ports 1024 to 19151 are known as: registered software ports
These are ports that have one or more networking software products specifically registered with International Assigned Numbers Authority (IANA).
- Ports 49152 to 65535 are known as
Random, Dynamic Ephemeral Ports as they are randomly and temporarily used by clients as a source port. The IANA recommends that ports 49152 to 65535 be used as dynamic and/or private ports.
- Explain the TCP three-way handshake
1 the client sends a SYN (synchronise) flagged packet to the client. 2. The server responds with a SYN/ACK (synchronise and acknowledge) flagged packet back to the client. 3. The client responds with an ACK (acknowledge) flagged packet back to the server
- List TCP headers flag field
Unskilled Attackers Pester Real Security Folk. CWR, ECE, URG, ACK, PSH,RST,SYN,FIN) i.e. Congestion Window Reduced, Explicit Congestion Notification-Echo, Urgent Acknowledgement, Push, Rest, Synchronize, Finish.
- What is UDP used for
UDP is often employed by real time or streaming communications for audio and video.
- Describe UDP Header
UDP header is 8bytes (64 bits) long. The header is divided into 4 sections or fields (each 16 bits long). Source Port, Destination Port, message length and checksum.
- Describe TCP/IP Internet Protocol
: it operates at the Network Layer of the OSI model and is known as the Internet Protocol (IP). IP provides route address for data packets.it provides means of identity and prescribes transmission paths. It is similar to UDP, IP is connectionless and unreliable.
- Compare IPv4 to IPv6:
IPv4 IPV6
32bits addressing 128bits addressing
- List some IPv6 features that are not present in IPv4:
Scoped Addresses, autoconfiguration and Quality of Service
- Describe advantage of IPv6 scoped addressing
IPv6 scoped addresses give the administrators the ability to group and then block or allow access to network services such as file servers or printing.
- What is IPv6 autoconfiguration?
IPv6 Autoconfiguration removes the need for both Dynamic Host Configuration Protocol (DHCP) and Network Address Translation (NAT).
66. What is IPv6 Quality of Service? IPv6 Quality of Service (QoS) priority values allow for traffic management based on prioritized content.
- What is IPv6 Quality of Service
IPv6 Quality of Service (QoS) priority values allow for traffic management based on prioritized content
- Describe Internet Control Message Protocol (ICMP):
Internet Control Message Protocol is used to determine the health of a network or a specific link
- ICMP Acronym means:
Internet Control Message Protocol
- Internet Control Message Protocol (ICMP) is utilised by:
Ping, traceroute, pathping and any other network management tools.
- Describe ping in Internet Control Message Protocol (ICMP):
ping utility employs ICMP echo packets and bounces them off remote systems. Ping can be used to check is a remote system is online.
- Internet Control Message Protocol (ICMP) are exploited by
Denial of Service (DoS), ping of death, smurf attacks and ping floods.
- Explain Ping of Death
Ping of Death sends a malfunctioned ping larger than 65,535 bytes to a computer in order to crash it.
Note: Malfunctioned ping is an IP packet that lacks order or contains a code that is expected to confuse or disrupt computers, firewalls, routers or any service present on a network.
- Explain Smurf Attacks
Smurf attacks generate enormous amounts of traffic on a target network by spoofing broadcast pings. It is a Distributed Denial of Service attack (DDoS)
Wiki: It is a distributed denial of service attack in which large numbers of internet control message protocol (ICMP) packets with the intended victim’s spoofed source IP are broadcast to a computer network using an IP broadcast address.
Spoofing involves creating of an IP packet with false IP address for the purpose of impersonating another computer system.
- Describe Internet Group Management Protocol
Internet Group Management Protocol (IGMP) allows systems to support multicasting. it is used by hosts to register their dynamic multicast group membership. Multicasting is the transmission of data to multiple specific recipients. It is also used by connected routers to discover these groups
- What is multicasting
multicasting is the transmission of data to multiple specific recipients.
- What is Address Resolution Protocol (ARP):
Address Resolution Protocol is essential to the interoperability of logical and physical addressing schemes. ARP uses caching and broadcasting to perform its operations. The basis of ARP is Media Access control.
ARP should:
Accept Request: A new device asks to join the LAN, providing and IP address
Translate: Devices on the LAN don’t communicate via IP address
Send Requests:
- Term for Address Resolution Protocol abuse is
Address Resolution Protocol cache (ARP) Poisoning.
- Define ARP cache poisoning:
ARP cache poisoning is where an attacker inserts bogus information into the ARP cache. It is also known as ARP Spoofing
- Describe Telnet
this is a terminal emulation network application that supports remote connectivity for executing commands and running applications but not support transfer of files.
- What is port for Telnet:
TCP Port 23
- Describe File Transfer Protocol (FTP
File Transfer Protocol: This is a network application that supports an exchange of files that requires anonymous or specific authentication
- Acronym for FTP means:
File Transfer Protocol
- File Transfer Protocol Port:
TCP Port 20 for passive data or active (ephemeral) data and data transfer and Port 21 for control connection
- Acronym for TFTP means:
Trivial File Transfer Protocol
- Describe Trivial File Transfer Protocol (TFTP):
Trivial File Transfer Protocol is a network application that supports the exchange of files that does not require authentication
- Trivial File Transfer Protocol (TFTP) Port
UDP Port 69
- Describe Simple Mail Transfer Protocol (SMTP)
this is a protocol used to transmit email messages from a client to an email server and from one email server to another.
88. SMTP acronym means- Simple Mail Transfer Protocol
- SMTP acronym means
Simple Mail Transfer Protocol
- SMTP_ Simple Mail Transfer Protocol operates from which port
TCP Port 25
- ICMP and IGMP operate in which layer of the OSI model?
Network Layer- Layer 3.
- POP3 Means
Post Office Protocol
- POP3 Port- TCP Port 110
- Describe POP3:
This is a protocol used to pull email messages from inbox on an email server down to an email client. TCP Port 110
- IMAP Means
Internet Message Access Protocol
POP3 Port
TCP Port 110
- IMAP (Internet Message Access Protocol) Port-
TCP Port 143
- Describe Internet Message Access Protocol
This is a protocol used to pull messages from an inbox on an email server down to an email client. IMAP is more secure than POP3
- DHCP means
Dynamic Host Configuration Protocol (DHCP
- Dynamic Host Configuration Protocol (DHCP) uses ports
UDP ports 67 and 68. Port 67- as destination port on server to receive client communications and port 68 as source for client requests. It is used to assign TCP/IP configuration settings to systems upon bootup.
- HTTP means
Hypertext Transfer Protocol
- HTTP uses port-
TCP Port 80
- SSL means
Secure Socket Layer
- SSL Port
TCP Port 443 (for HHP encryption)
- Describe SSL
Secure Socket Layer (SSL) is a VPN like security protocol that operates in the transport layer. It was originally designed to support web communications (HTTPS) but is capable of securing any Application later protocol communications
- LPD means
Line Print Daemon (LPD)
- Line Print Daemon (LPD) Port-
TCP Port 515
- Define Line Print Daemon (LPD)-
Line Print Daemon (LPD)This is a network service that is used to spool print jobs to and send print jobs to printers.
X window uses port
TCP Ports 6000-6063
- Describe X Window-
This a GUI API for command line operating systems
- Network File System (NFS) uses Port-
TCP Port 2049
- NFS- means
Network File System
- Describe NFS
This is a network service used to support file sharing between dissimilar systems.
- Simple Network Management Protocol (SNMP) Port is? Also Explain
- Simple Network Management Protocol (SNMP) UDP Port 161 (UDP Port 162 for trap messages) this is a network used to collect network health and status information by polling monitoring devices from the polling station.
- Uses Of SNMP
SNMP Means Simple Network Management Protocol
SNMP is a standard network supported by most network devices and TCP/IP compliant hosts.
- SNMP port-
UDP Ports 161 and 162
- Uses of SNMP Ports are:
UDP 161 is used by SNMP agent to receive requests and UDP Port 162 is used by the management console to receive responses and notifications
- What are trap messages:
Simple Network Management Protocol (SNMP) trap messages inform the management console when an event or threshold violation occurs on a monitored system. UDP Port 162 is used for this.
- Explain Multilayer Protocol with an example:
TCP/IP is a protocol suite that comprises of individual protocols spread across various protocol stack layers
- Benefits of Multilayer Protocol
TCP/IP benefits from its mechanism of encapsulation e.g.
• A wide range of protocol can be used at higher layers
• Encryption can be incorporated at various layers
• Flexibility and resilience in complex network structures is supported
- Disadvantage of Multilayer Protocol:
covert channels are allowed, filters can be bypassed
- DNP means
Distributed Network Protocol
- Explain DNP
Distributed Network Protocol is used in electric and water utility management industries. It is used to support communications between data acquisition systems and system control equipment.
- List some TCP/IP Vulnerabilities:
to buffer overflows,
SYN flood attacks, various
denial-of-service (DoS) attacks,
fragment attacks, o
versized packet attacks,
spoofing attacks,
man-in-the-middle attacks,
hijack attacks,
and coding error attacks
- DNS means
Domain Name System
- Explain DNS:
DNS is made up of 3 layer:
• Third layer or bottom layer is the MAC address. MAC address or hardware address is a permanent physical address
• Middle layer is the IP address. IP address is a temporary logical address
• The top layer is the domain name: domain name is the computer name and it is a temporary human friendly convention assigned over or onto the IP address.
DNS links IP address and human friend Fully qualified Domain Names (FQDN): FQDN contains 3 parts i.e.
• Top Level Domain (TLD) the .com, org, edu, mil, gov
• Registered Domain name the google
• Subdomains or host name the www
- DNS operates in which ports:
Domain Name System operates over TCP and UDP Port 53
- DNSSEC means
Domain Name System Security Extensions
- What is the primary function of DNSSEC
Domain Name System Security Extensions primary function is to provide reliable authentication between devices during DNS operations.
- Explain DNS Poisoning:
Domain Name System (DNS) Poisoning is the act of falsifying the DNS information used by a client to reach a desired system.
- The act of deploying a rogue DNS server is known
as DNS Spoofing or DNS Pharming
- Explain DNS Spoofing or DNS Pharming
DNS Spoofing or DNS Pharming occurs when A rogue DNS server can listen in on network traffic for any DNS query or specific DNS queries related to a target site. Then the rogue DNS server sends a DNS response to the client with false IP information. This attack requires that the rogue DNS server get its response back to the client before the real DNS server responds. Once the client receives the response from the rogue DNS server, the client closes the DNS query session, which causes the response from the real DNS server to be dropped and ignored as an out-of-session packet.
- Explain DNS Poisoning:
DNS Poisoning involves attacking the real DNS server and placing incorrect information into its file zone
- List some ways to attack or exploit DNS
DNS Poisoning, DNS Pharming or Spoofing, Alter host files, corrupt IP configuration.
- How can DNS threats be reduced:
Limit zone transfers from internal DNS servers to external DNS Severs.
• Deploy Network intrusion Detection Systems (NIDS) to watch for abnormal DNS traffic
• Harden all DNS Servers
• Use DNSSEC to secure your DNS infrastructure
• Require internal clients to resolve all domain names through internal DNS.
- What is pharming?
Pharming is the malicious redirection of a valid website’s URL or IP address to a fake website that holds a false version of the original valid site.
- Explain Domain Hijacking:
Domain Hijacking or Domain Theft is the malicious action of changing the registration of a domain name without the authorization of the valid user. Sometimes when another person registers a domain name immediately after the original owner’s registration expires, it is called domain hijacking.
- What is converged protocols:
converged protocols is the merging of specialty or proprietary protocols with standard protocols e.g. those from TCP/IP suite.
- List some converged protocols:
• Fibre Channel over Ethernet (FCoE)
• Multiprotocol Label Switching (MPLS)
• Internet Small Computer System Interface (iSCSI)
• Voice over IP (VoIP)
- Advantages of Multiprotocol Labelling Switches (MPLS
Saves time
• Designed to handle a wide range of protocols through encapsulation
- What is Multiprotocol Labelling Switches (MPSL):
Multiprotocol Labelling Switches (MPSL) is a high throughput high performance network technology that directs data across a network based on short path labels rather than longer network addresses.
- What is internet Small Computer System Interface (iSCSI)?
Internet Small Computer System Interface (iSCSI) is a networking storage standard based on IP.
- Advantage of internet Small Computer Systems Interface:
it can be used to enable location independent storage, transmission and retrieval over LAN etc.
• It is viewed as a low cost alternative to Fibre Channel
- Explain VoIP:
Voice over IP is a tunnelling mechanism used to transmit voice and or data over TCP/IP.
- Advantages of VoIP:
: it is cheap
• Can be used as phone replacement
• Supports video and data transmission
• Available in commercial and open source options e.g. skype
- What is Software Defined Networking (SDN):
): Software Defined Networking (SDN) is a unique approach to network operation, design and management. It is based on the theory that complexities in the traditional network device configuration often force an organisation to stick with a single device.
- Advantages of Software Defined Networking (SDN):
Software Defined Networking (SDN) is network Neutral.
• Cost effective as it is vendor neutral.
• It is effectively Network Virtualization.
- What is Content Distribution Network:
Content Distribution Network or Content Delivery Network is a collection of resource services deployed in numerous data centers across the internet in order to provide low latency, high performance and high availability of hosted content example of CDN Service providers are Akamai, Amazon etc.
- What are Wireless Networks:
: this is a popular method of connecting corporate and home systems because of the ease of deployment and relatively low costs
- List wireless vulnerabilities
distance eavesdropping, packet sniffing, DoS, Intrusion
- What is data emanation?
Data emanation is a form of electronic eavesdropping. When data travels within a computer or through the network wires, an electromagnetic field is generated. By reading the magnetic field, unauthorized users can get the confidential data. This act is known as data emanation.
- What are wireless cells?
Wireless cells are areas within a physical environment where a wireless device can connect to a wireless access point
- Wireless Access Points should be deplored to use_______ rather than _____________.
Infrastructure MODE, Ad hoc mode
- Wireless systems configured in ad hoc mode means:
Ad hoc mode means that any 2 networking devices including 2 NICs can communicate without a central control authority.
- List the variations of Infrastructure mode:
stand alone mode, wired extension, enterprise extended, bridge.
- Explain stand alone infrastructure mode
Stand alone infrastructure mode is when a wireless access point connecting wireless clients to each other but not to any wired resources
- Explain wired extension mode infrastructure
Wired extension mode occurs when the wireless access points act as a connection point to link the wireless clients to a wired network.
- Explain Enterprise Extended mode infrastructure:
Enterprise Extended mode infrastructure occurs when multiple wireless access point (WAPs) are used to connect a large physical area to the same wired network.
- ESSID means
Extended Service Set Identifiers
- What is Bridge Mode Infrastructure
Bridge Mode Infrastructure occurs when a wireless connection is used to link 2 wired networks.
- SSID means
Service Set Identifier
- List the 2 types of Service Set Identifiers (SSID):
Extended Service Set Identifiers (ESSID) and Basic Service Set Identifier (BSSID)
- What is Extended Service Set Identifier (ESSID):
Extended Service Set ID is the name of the wireless network when a wireless base station or WAP is used (Infrastructure Mode).
- What is ISSID:
Independent Service Set Identifier is the name of the wireless network when in ad hoc peer to peer mode (i.e., when Wireless Access Point WAP is not used)
- Securing Service Set Identifiers (SSIDs):
SSIDs should be changed to something unique before deployment.
• SSID broadcast by WAP via a special transmission called beacon frame should be disabled. (not effective though! WPA2 should be used)
- What is site survey?
Site Survey is the process of investigating the presence, strength and reach of wireless access point deployed in an area.
- List 2 IEEE 802.11 ways of authenticating wireless clients to WAPs:
Open System Authentication (OSA) and Shared Key Authentication (SKA)
- Explain Open System Authentication (OSA):
Open Systems Authentication (OSA) means no real authentication is needed. As long as radio system is transmitted from the client and WAP, communications is allowed.
- Wireless Equivalent Privacy is defined by ________:
IEEE 802.11 standard
- Advantages of WEP are:
Wireless Equivalent Privacy (WEP) provides protection from packet sniffing and eavesdropping
• Can be configured to prevent unauthorised access.
• A hash value is used to verify that received packets weren’t modified or corrupted while in transit; thus WEP also provides integrity protection.
- WEP means
Wireless Equivalent Privacy (WEP)
- WEP encryption uses _________ Cipher:
Rivest Cipher 4 (RC4 cipher)
- Describe Wi-Fi Protected Access (WPA
Wi-Fi Protected Access was designed as the replacement for WEP.
- LEAP means
Lightweight Extensible Authentication Protocol (LEAP).
- Wi-Fi Protected Access (WPA) is based on _____ and _______:
Lightweight Extensible Authentication Protocol (LEAP) and Temporal Key Integrity Protocol (TKIP)
- _____ often requires a single passphrase for authentication.
Wifi Protected Access (WPA
- Name 1 Wi-Fi Protected Access (WPA) vulnerability:
Brute Force Attack
- WPA means
Wi-Fi Protected Access
- Another name for Wifi Protected Access 2 (WPA2)
802.11i
- What is Wifi Protected Access 2:
WPA2 is a new encryption scheme known as the Counter Mode Cipher Block Chaining Message Authentication Code Protocol (CCMP), which is based on the AES encryption scheme.
- EAP means
Extensible Authentication Protocol
- PEAP means
Protected Extensible Authentication Protocol
- Explain 802.1X/EAP
WPA and WPA2 support the enterprise authentication known as 802.1X/EAP, a standard port- based network access control that ensures that the clients cannot communicate with a resource until proper authentication has taken place.
- Advantage of Extensible Authentication Protocol (EAP):
Extensible Authentication Protocol (EAP) allows for new authentication technologies to be compatible with existing wireless point to point connection.
- Explain Protected Extensible Authentication Protocols (PEAP):
PEAP encapsulates EAP methods within a TLS tunnel that provides authentication and potentially encryption.
• Used for securing communications over 802.11
• Can be emploted by WPA or WPA2
- What is Lightweight Extensible Authentication Protocol (LEAP)?
Lightweight Extensible Authentication Protocol (LEAP) is a Cisco proprietary alternative to Temporary Key Integrity Protocol (TKIP) for WPA. It was developed to address deficiencies in TKIP before 802.11i/WPA2 was ratified as a standard.
What is MAC filter
MAC filtering on a network permits and denies network access to specific devices through the use of blacklists and whitelists
- What is Temporal Key Integrity Protocol (TKIP)?
Temporal Key Integrity Protocol (TKIP) improvements include key mixing function that combines Initialization Vector (IV) with the secret root key before using that key with RC4 to perform encryption
- What is Counter Mode with Cipher Block Chaining Message Authentication Code Protocol CCMP?
Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP) uses AES (Advanced Encryption Standard) with 128-bit key. It is a preferred standard security protocol and no attacks have been successful yet against CCMP/AES.
- What is Captive Portal?
Captive Portal is an authentication technique that redirects a newly connected wireless web client to a portal access control page. E.g. redirection to acceptable use policy, privacy policy etc.
- List some wireless attacks that you know
• War driving
• War chalking
• Replay Attack
• Initialization Vector (IV)
• Rogue Access Points
• Evil Twin
- What is War Driving?
War Driving is the act of using a detection tool to look for wireless networking signals by someone who does not have authorized access to such networks.
- What is war chalking?
War chalking is the act of physically marking an area with information about the presence of a wireless network. closed circle indicated a closed or secured wireless network, and two back-to-back half circles indicated an open network.
- What is Replay Attack?
A Replay Attack is the act of retransmission of captured communications in the hope of gaining access to the targeted system.
- How to mitigate replay attack:
Use Network Intrusion Detection Systems
- What is Initialization Vector?
Initialization Vector is a term for a random number.
- What is Initialization Vector Attack?
Initialization Vector attack is an exploitation of how Initialization Vector is handled.
- What are rogue access points?
A rogue access point is a wireless access point that has been installed on a secure network without explicit authorization from network owner, whether added by a well-meaning employee or by a malicious attacker.
- What is Evil Twin?
An evil twin is a fraudulent Wi-Fi access point that appears to be legitimate but is set up to eavesdrop on wireless communications
- Vulnerability attack of evil twin are:
spoofing attack, man in the middle. Man in The Middle (MITM) attacks can lead to session hijacking, data manipulation and credential theft and identity theft.
- What is Intranet
Intranet is a private network that is designed to host the same information services found on the internet.
- What is extranet?
An extranet is a cross between the internet an intranet. An extranet is a section of an organisation’s network that has been sectioned off so that it acts as an intranet for the private network but also serves information to the public internet. An extranet for public consumption is typically labelled a demilitarized zone (DMZ) or perimeter network
- To boost performance on a network use………….:
Network Segmentation
- List some advantages of network segmentation
boost performance.
• Reduce communication problems
• Providing security
- What is Network Access Control:
Network Access Control is a concept of controlling access to an environment through strict adherence to implementation of security policy
- Goals of NAC are:
• Prevent zero day attacks
• Enforce security policy throughout the network
• Use identities to perform access control
- What are firewalls?
Firewalls are essential tools for controlling and managing network traffic. It is typically deployed between a private network and link to the internet.
- List some types of firewalls:
SACS
Static Packet Filtering Firewalls,
• Application- Level Gateway Firewalls,
• Circuit Level Gateway Firewalls
• Stateful Inspection Firewalls
• Deep Packet Inspection Firewalls
- What is Static Packet Filtering Firewalls
Static Packet filtering firewalls filters traffic by examining data from the message header.
• Unable to provide user authentication
• Known as fist generation firewalls
• Operate at Network Layer (Layer 3)
- What is Application Level Gateway Firewall?
An Application level gateway firewall is called proxy firewall. A Proxy is a mechanism that copies packets from one network into another.
• Copy process also changes the source and destination addresses to protect the identity of internal or private network.
• They are known as second generation firewalls
• They operate at Application layer (Layer 7)
- What are Circuit-Level Gateway Firewalls?
Circuit-level Gateway Firewalls are used to establish communication sessions between trusted partners.
• They operate in Session Layer (Layer 5)
• They manage communications based on the circuit
- What are stateful Inspection Firewalls?
Stateful Inspection firewalls evaluate the state and the context of network traffic. They are also known as dynamic state firewalls.
• stateful inspection firewalls are able to grant a broader range of access for authorized users and activities and actively watch for and block unauthorized users and activities.
• They are known as third generation firewalls
• Operate in Network and transport layers (Layer 3 and 4)
- What are deep packet inspection firewalls?
Deep Packet Inspection Firewalls is a filtering mechanism that operates typically at the application layer in order to filter payload contents of a communication rather than only on the header values.
• DPI is often integrated with application layer firewalls or stateful inspection firewalls
- What are Next Gen Firewalls?
Next Gen Firewalls are multifunction device (MFD) composed of several security features in addition to firewall e.g. IDS, IPS, TLS/SSL proxy, VPN anchoring.
- What are Multihomed firewalls?
Multihomed firewalls (aka dual homed firewalls) must have 2 interfaces to filter traffic.
- What are bastion hosts
Bastion Hosts is a computer or appliance that is exposed on the internet and has been hardened by removing all the unnecessary elements.
- What is screened host?
Screened host is a firewall protected system logically positioned just inside a private network.
- What is a screened subnet?
A screened subnet is a firewall protected system logically positioned inside a private network with a subnet placed between the 2 routers or firewalls and the bastion hosts is located within the subnet. This is the concept of a DMZ.
- List Firewall Deployment Architectures:
single tier, two tier, and three tier (multiplier)
- What is endpoint security?
End Point Security is the concept that each individual device
- Collision occurs when:
2 systems transmit data at the same time onto a connection medium that supports only a single transmission path.
- What is broadcast:
Broadcast occurs when a single system transmits data to all possible recipients.
Describe a collision domain:
Collision domain is a group of networked systems that could cause a collision if any 2 (or more) of the systems in that group transmitted simultaneously.
- Describe a broadcast domain:
broadcast domain is a group of networked system in which all other members receive a broadcast signal when one of the members of the group transmits it.
- List some network devices:
hubs, modems, repeaters, amplifiers and concentrators
- What do repeaters, amplifiers and concentrators do?
Repeaters, concentrators, and amplifiers are used to strengthen the communication signal over a cable segment as well as connect network segments that use the same protocol. They operate at the physical layer (layer 1)
- What do hubs do?
Hubs are used to connect multiple systems and connect network segments that use the same protocol. They operate at the physical layer (layer 1)
- What are bridges?
A Bridge is used 2 connect 2 networks together, even network of different topologies, cabling types, speeds, in order to connect network segments that use the same protocol. They operate at Data Layer (layer 2).
- What are switches?
Switches know the addresses of the systems connected on each out bound port. Switches operate on Data Layer (Layer 2). Switches with additional features like routing operate in layer 3.
- What are routers?
Routers are used to control traffic flow on networks and are often used to connect similar networks and control traffic flow between the two. They operate in the network layer (Layer 3)
- What are brouters?
Brouters are combination devices comprising a router and a bridge. A brouter attempts to route first, but if that fails, it defaults to bridging. Thus, a brouter operates primarily at layer 3 but can operate at layer 2 when necessary.
- What is a gateway?
A gateway connects networks that are using different network protocols. It is also known as translators. They operate on the Application layer (Layer 7)
- What are proxies?
A proxy is a form of gateway that does not translate across protocols.
What are LAN extenders?
A LAN extender is a remote access, multilayer switch used to connect distant networks over WAN link
- Name the 2 basic types of networks:
LAN & WAN
- What is LAN?
Local Area Network (LAN) is a network spanning a single floor or building
- What is WAN?
Wide Area Network (WAN) is assigned to long distance connections between geographically remote networks.
- Types of coaxial cables
thinnet and thicknet
what is network topology?
Network topology refers to the physical layout and organisation of computers and networking devices
- What is logical topology
logical topology refers to the grouping of networked systems into trusted collectives.
- List 4 typical network topologies:
ring, bus, star, mesh
- Ring topology means:
Ring topology connects each system points in a circle. The connection acts as a unidirectional transmission loop.
• Only one system can transmit at a time
• Traffic management is performed by a token
- Explain bus topology:
bus topology connects each system to a trunk or backbone cable.
• All systems on the bus can transmit data at a time
• It is collision prone
• To avoid collision, buses listen for other currently occurring traffic
- There are 2 types of bus topologies:
linear and tree
- What is linear (bus) topology:
Linear topology employs a single trunk line with all systems directly connected to it.
- What is tree (bus) topology
tree topology employs a single trunk line with all branches that can support multiple systems
- What is star topology:
Star topology employs a centralized connection device. This can be a hub or switch.
• The central point is a single point of failure
- What is mesh topology?
Mesh topology connects systems to other systems using numerous paths.
• It adds redundancy to the systems.
- What is Frequency Hopping Spread Spectrum (FHSS)?
Frequency Hopping Spread Spectrum (FHSS) transmits data in a series while constantly changing the frequency in use.
- What is Direct Sequence Spread Spectrum
Direct Sequence Spread Spectrum employs all the available frequencies simultaneously in parallel.
- What is Orthogonal Frequency-Division Multiplexing?
Orthogonal Frequency-Division Multiplexing (OFDM) employs a digital multicarrier modulation scheme that allows for a more tightly compacted transmission.
- What is IEEE 802.15?
IEEE 802.15 refers to Bluetooth.
- What are Personal Area Networks (PAN)?
Personal Area Networks (PAN) connects electronic devices within the user’s immediate area e.g. Bluetooth
- List some Bluetooth vulnerabilities:
Bluejacking, Bluesnarfing, Bluebugging
- What is bluejacking:
Bluejacking allows the attacker to transmit Short Message Service (SMS) like messages to your device using Bluetooth.
What is bluesnarfing?
Bluesnarfing allows hackers to connect to your Bluetooth devices without your knowledge and extract information.
• This attack offer hackers access to your contact list, data and conversations
- What is bluebugging?
Bluebugging offer attackers remote control over features and function of a Bluetooth device.
- What is the range of Bluetooth?
30feet but some devices can function more than 100 meters away.
- RFID means
Radio Frequency Identification (RFID)
- What is Radio Frequency Identification?
Radio Frequency Identification (RFID) is a tracking technology based on the ability to power a radio transmitter using current generated in an antenna when placed in a magnetic field.
• RFID can be attached to devices or integrated into their structure
• There is some concern that RFID can be a privacy-violating technology
- What is Near Field Communications (NFC)?
Near Field Communications (NFC) is a standard that establishes radio communications between devices in close proximity.
- List some Near Field Communications (NFC) Vulnerabilities
Man in the middle, eavesdropping, data manipulation and replay attacks.
POD means
Personal Owned Device
- PED means
Personal Electronic Device
- PMD means
Personal Mobile Device
- 2 Points about coaxial cables:
Coaxial cables have a centre core of copper wire surrounded by a layer of insulation, which is surrounded by a conducive braided shielding and encased in final shielding.
• The design makes it fairly resistant to electromagnetic interference (EMI)
- List the 2 types of coaxial cables:
thinnet and thicknet
- Use of thinnet coaxial cable:
Thinnet coaxial cable (aka base 5) is used to connect systems to backbone trunks of thicknet cabling and can span 185meters.
- Use of thicknet cable:
span 500meters
- Problems of coaxial cables:
bending can break the centre conductor
• Deploying cable in length greater than the recommended length.
• Not properly terminating the ends of the coaxial cable
• Not grounding at least one end of a terminated coaxial cable.
- What is twisted pair cable:
twisted pair cable is thinner than the coaxial cable and more flexible. It consists of four pairs of wires that are twisted around each other and then sheathed in a PVC insulator.
- List the 3 main LAN technologies:
Ethernet, token and Federated Distributed Data Interfaces (FDDI)
- Describe Ethernet:
Ethernet is a shared LAN technology. It allows numerous devices to communicate over the same medium but requires that the device take turns communicating and performing collision detection and avoidance.
• Ethernet can support full duplex communications i.e. (full 2 way).
• It is employed in star and bus topologies
- Describe Token Ring:
Token Ring employs a token passing mechanism to control which system can pass over a network medium.
• Token travels in a logical loop among all members
• Can be employed in star or ring topology
• Higher cost than ethernet
• Difficult to manage and deploy.
- Difference between analogue and digital communications:
analogue communications occur with a continuous signal that varies in voltage etc
• Digital communications occur through the use of discontinuous electrical signal.
- What is baseband?
Baseband support a single communication channel. It uses a direct current applied to the cable
- What is broadband?
Broadband support multiple simultaneous signals.
• Broadband uses multiple simultaneous signals
- Describe multicast, unicast and broadcast:
• Broadcast technology supports communications to all possible recipients.
• Multicast technology supports communications to multiple specific recipients.
• Unicast technology supports only a single communication to a specific recipient.
A
A
A
A
A
A
A
A
