Chapter 2 System Fundamentals

Question 1

Physical Layout (List 5 types)

Answer 1

Bus, ring, star, mesh, & hybrid topologies

Question 2

Bus Topology

Answer 2

• lays out all connecting nodes in a single run that acts as the common backbone connection for all connected devices
• Analogy: such as a person on a bus, signals get on, travel to their destination, and get off
• Downside to its simplicity is its vulnerability. All connectivity is lost if the bus backbone is damaged
• Imagine Christmas lights, if one turns off, they all turn off

Question 3

Token

Answer 3

A token is used to be passed around for permission to transmit

This token-based method is only used by the Bus Topology

Question 4

Ring Topology

Answer 4

the common backbone is looped in a ring; some ring layouts use a concentric circle design to provide redundancy if one ring fails (not required).

each client or node attaches to the ring & delivers packets according to its designated turn or availability of the token

Question 5

Star Topology

Answer 5

one of the most common bc of its ease of setup & isolation of connectivity problems, meaning a single node of a star can go offline without affecting other nodes;

A star topology attaches multiple nodes to a centralized NW device, a hub or a switch, that ties the NW together

Question 6

Mesh Topology

Answer 6

essentially a web of cabling that attaches a group of clients or nodes to each other;

can look a little messy and convoluted, but this setup is often used for mission critical services bc of its high level of redundancy & resistance to outages.

The internet was designed to survive a nuclear attack and is built as one large mesh NW

Question 7

Hybrid Topology

Answer 7

By far most common in use today;

A hybrid layout combines different topoologies into one mixed topology; it takes the best of other layotus and uses them to its advantage

Question 8

OSI

Answer 8

Open Systems Interconnection Model is an industry standard for data communication; data travels from one end to another, & each layer communicates with the next

The OSI model has 7 layers

1. Application Layer (App Layer)
2. Presentation Layter (App Layer)
3. Session Layer (App Layer)
4. Transport Layer (Host 2 Host Transport)
5. NW Layer (Internet Layer, strictly deals with IP addresses)
6. Data Link Layer (NW Interface Layer, strictly deals with MAC addresses)
7. Physical (NW Interface Layer)

Question 9

Layer 1: Physical Layer

Answer 9

consists of the physical media & devices that make up the infrastructure of our NWs;

• Attack considerations are aligned with the physical security of site resources*
• Examples: cabling, connections, fiber optics, microwave transmission equipment*
• Stuxnet - a worm named Stuxnet shows up on the scene - wreaking havac & destroying industrial equipment; it replicated itself via removable drives (physical layer)*

Question 10

Layer 2: Data Link Layer

Answer 10

works to ensure that the data it transfers is free of errors;

Functions such as media access control (MAC) & link establishment occur at this layer; as well as basic protocols such as 802.3 for Ethernet & 802.11 for WiFi

Question 11

MAC

Answer 11

Media Access Control - unique identifier assigned to network interfaces for communications on the physical network segment

Question 12

Layer 3: NW Layer

Answer 12

determines the path of data packets based on protocol used;

At this layer, we see IP addressing for routers

Question 13

Routing Information Protocol

Answer 13

prevents routing loops by limiting the # of hops allowed in a path from source to destination

Question 14

Layer 4: Transport Layer

Answer 14

ensures the transport or sending of data is successful;

Question 15

Layer 5: Session Layer

Answer 15

identifies established system sessions between different NW entities

When accessing a system remotely, you are creating a session between your computer & the remote system;

NetBIOS & RPC is found here

Question 16

NetBIOS

Answer 16

Network Basic Input/Output System - a program that allows applications on different computers to communicate within a LAN

Question 17

Most attacks reside within layers

Answer 17

3,4,5 which is NW, Transport, Session

Question 18

Layer 6: Presentation Layer

Answer 18

provides translation of data that is understandable by the next receiving layer

& can optionally be encrypted with protocols such as SSL (Secure Sockets Layer)

Question 19

SSL

Answer 19

Secure Sockets Layer - standard security technology for establishing an encrypted link between web server & browser

Question 20

Layer 7: Application Layer

Answer 20

functions as a user platform in which the user & SW processes within the system can operate & access NW resources

Apps & SW suites that we use on a daily basis are under this layer; includes protocols such as FTP and HTTP

Question 21

TCP

3 way handshake

Answer 21

connection-oriented protocol that establishes connection & verifies the packets sent across that connection make it to their destination

3 way handshake - Process starts with a SYN packet that tells the receiving system that another system wants to connect; (random seq #1000)

The receiving system responds with a SYN-ACK (random seq #2585)

Then an ACK is sent back verifying and connection is initiated (#1001)

Question 22

IP Address 150.215.017.009

If this NW is divided into 14 subnets, identify the subnet mask and subnet address

Answer 22

For the Subnet Mask, the first 16 bits (network address) are all set to 1.

The host address is determined by how much space is needed for the 14 subnets. 16 is the closest bit to turn on to accomodate the 14 subnet addresses, so 256-16 = 240 making the subnet mask 255.255.240.0

As for the subnet address, it becomes the inverse, 255.255.16.0

Question 23

What are bits, nibbles, & a byte

Answer 23

Bits are 1s and 0s

Nibbles are 4 bits

A byte is 2 nibbles

Question 24

Registered Ports

Answer 24

These ports are the ones that have been identified as usable by other applications running outside of the user’s present purview.

Registered ports range form 1025-49151.

1. WINS 1512
   
   • Windows Internet Naming Service - maps NetBIOS names to IP addresses; solves problem of NetBIOS name resolution in routed environments
2. Socks5 1080
   
   • routes NW packets between client & server through an application proxy which is different from a normal proxy; An example would be when using HTTP proxy, you are actually fowarding an HTTP request, and the HTTP proxy server then performs the request on your behalf
3. Nessus Server 1241
4. SQL Server 1433, 1434
5. Citrix Applications 1494, 2598
6. Oracle Listener 1521
7. Citrix Mgmt 2512, 2513
8. RDP 3389
9. IRC 6662-6667
   
   • Internet Relay Chat - Application layer protocol that facilitates transfer of messages in the form of text

Question 25

Proxy Server

Answer 25

a server that sits between client applications, such as between a web browser and server

Question 26

Dynamic Ports

Answer 26

free ports available for use by TCP, UDP requests made by an application

These ports range from 49152 - 65535

Question 27

DNS

DNS Hacking

AD

Answer 27

database that contains the translated names to IP addresses that can be queried by any DNS-aware applications

The internet root servers, or top level servers, contain addresses of the DNS servers for all top-level domains, .com, .org, etc. Each top-level server contains a DNS database of all names & addresses in that domain

Local NWs isolated from the Internet may use their own domain name systems through use of DNS mgmt SW. These names are typically same as those used by internet implementation

Hacking - if an attacker manipulates DNS, in modern day environments, applications may not work without DNS present & functioning; Ex. Microsoft AD wouldn’t work without DNS present or accessible

Active Directory - special purpose database for windows that handles a large # of read & search operations

Question 28

broadcast domain

Answer 28

A broadcast domain allow traffic to be broadcast to all connected nodes

Question 29

Identify OSI Layers for Equipment:

Hub, Switch, Router, Proxy

Answer 29

Hub: Layer 1 - Physical

Switch: Layer 2 - Data Link

Router: Layer 3 - Network

Proxy: Layer 7 - Application

Question 30

IPS & IDS

Answer 30

both used to cover your tracks, keep a low profile

IDS - intrusion detection system - detect any suspicious NW activity & notifies admin, passive in nature; similar to a burglar alarm that alerts you, but doesn’t stop the burglar

IPS - intrusion prevention system - proactive & preventive, senses potential malicious activity on NW & takes steps to prevent further damage and thwart further attacks

Question 31

Full backup

Answer 31

1. - full back up resets the archive bit of all files & backs them up accordingly

Question 32

Differential backup

Answer 32

• backs up all changed files since last successful full backup. Does not reset archive bit; creates one large file and fully restores off of latest differential backup (full is not needed)

Question 33

Incremental Backup

Answer 33

• backs up all changed files since last full back up OR since the last incremental; does not reset archive bit; creates several small backup jobs; last full back up + incrementals are needed to restore

Question 34

Collosion domains

Answer 34

Collosion domains are NW segments in which traffic sent will potentially collide w/ other traffic; In a collion domain, traffic will not be sent to a broadcast, it will collide w/ other traffic on the wire

Question 35

ARP

Answer 35

ARP requests (Address Resolution Protocol), which are sent to the NW to resolve HW addresses, are an example of broadcast domain

Question 36

RPC

Answer 36

Remote Procedure Call - inter-process communication that allows a computer program to execute in another address space