Chapter 2 System Fundamentals Flashcards
Physical Layout (List 5 types)
Bus, ring, star, mesh, & hybrid topologies
Bus Topology
- lays out all connecting nodes in a single run that acts as the common backbone connection for all connected devices
- Analogy: such as a person on a bus, signals get on, travel to their destination, and get off
- Downside to its simplicity is its vulnerability. All connectivity is lost if the bus backbone is damaged
- Imagine Christmas lights, if one turns off, they all turn off
Token
A token is used to be passed around for permission to transmit
This token-based method is only used by the Bus Topology
Ring Topology
the common backbone is looped in a ring; some ring layouts use a concentric circle design to provide redundancy if one ring fails (not required).
each client or node attaches to the ring & delivers packets according to its designated turn or availability of the token
Star Topology
one of the most common bc of its ease of setup & isolation of connectivity problems, meaning a single node of a star can go offline without affecting other nodes;
A star topology attaches multiple nodes to a centralized NW device, a hub or a switch, that ties the NW together
Mesh Topology
essentially a web of cabling that attaches a group of clients or nodes to each other;
can look a little messy and convoluted, but this setup is often used for mission critical services bc of its high level of redundancy & resistance to outages.
The internet was designed to survive a nuclear attack and is built as one large mesh NW
Hybrid Topology
By far most common in use today;
A hybrid layout combines different topoologies into one mixed topology; it takes the best of other layotus and uses them to its advantage
OSI
Open Systems Interconnection Model is an industry standard for data communication; data travels from one end to another, & each layer communicates with the next
The OSI model has 7 layers
- Application Layer (App Layer)
- Presentation Layter (App Layer)
- Session Layer (App Layer)
- Transport Layer (Host 2 Host Transport)
- NW Layer (Internet Layer, strictly deals with IP addresses)
- Data Link Layer (NW Interface Layer, strictly deals with MAC addresses)
- Physical (NW Interface Layer)
Layer 1: Physical Layer
consists of the physical media & devices that make up the infrastructure of our NWs;
- Attack considerations are aligned with the physical security of site resources*
- Examples: cabling, connections, fiber optics, microwave transmission equipment*
- Stuxnet - a worm named Stuxnet shows up on the scene - wreaking havac & destroying industrial equipment; it replicated itself via removable drives (physical layer)*
Layer 2: Data Link Layer
works to ensure that the data it transfers is free of errors;
Functions such as media access control (MAC) & link establishment occur at this layer; as well as basic protocols such as 802.3 for Ethernet & 802.11 for WiFi
MAC
Media Access Control - unique identifier assigned to network interfaces for communications on the physical network segment
Layer 3: NW Layer
determines the path of data packets based on protocol used;
At this layer, we see IP addressing for routers
Routing Information Protocol
prevents routing loops by limiting the # of hops allowed in a path from source to destination
Layer 4: Transport Layer
ensures the transport or sending of data is successful;
Layer 5: Session Layer
identifies established system sessions between different NW entities
When accessing a system remotely, you are creating a session between your computer & the remote system;
NetBIOS & RPC is found here
NetBIOS
Network Basic Input/Output System - a program that allows applications on different computers to communicate within a LAN
Most attacks reside within layers
3,4,5 which is NW, Transport, Session
Layer 6: Presentation Layer
provides translation of data that is understandable by the next receiving layer
& can optionally be encrypted with protocols such as SSL (Secure Sockets Layer)
SSL
Secure Sockets Layer - standard security technology for establishing an encrypted link between web server & browser
Layer 7: Application Layer
functions as a user platform in which the user & SW processes within the system can operate & access NW resources
Apps & SW suites that we use on a daily basis are under this layer; includes protocols such as FTP and HTTP
TCP
3 way handshake
connection-oriented protocol that establishes connection & verifies the packets sent across that connection make it to their destination
3 way handshake - Process starts with a SYN packet that tells the receiving system that another system wants to connect; (random seq #1000)
The receiving system responds with a SYN-ACK (random seq #2585)
Then an ACK is sent back verifying and connection is initiated (#1001)
IP Address 150.215.017.009
If this NW is divided into 14 subnets, identify the subnet mask and subnet address
For the Subnet Mask, the first 16 bits (network address) are all set to 1.
The host address is determined by how much space is needed for the 14 subnets. 16 is the closest bit to turn on to accomodate the 14 subnet addresses, so 256-16 = 240 making the subnet mask 255.255.240.0
As for the subnet address, it becomes the inverse, 255.255.16.0
What are bits, nibbles, & a byte
Bits are 1s and 0s
Nibbles are 4 bits
A byte is 2 nibbles
Registered Ports
These ports are the ones that have been identified as usable by other applications running outside of the user’s present purview.
Registered ports range form 1025-49151.
- WINS 1512
- Windows Internet Naming Service - maps NetBIOS names to IP addresses; solves problem of NetBIOS name resolution in routed environments
- Socks5 1080
- routes NW packets between client & server through an application proxy which is different from a normal proxy; An example would be when using HTTP proxy, you are actually fowarding an HTTP request, and the HTTP proxy server then performs the request on your behalf
- Nessus Server 1241
- SQL Server 1433, 1434
- Citrix Applications 1494, 2598
- Oracle Listener 1521
- Citrix Mgmt 2512, 2513
- RDP 3389
- IRC 6662-6667
- Internet Relay Chat - Application layer protocol that facilitates transfer of messages in the form of text
Proxy Server
a server that sits between client applications, such as between a web browser and server
Dynamic Ports
free ports available for use by TCP, UDP requests made by an application
These ports range from 49152 - 65535
DNS
DNS Hacking
AD
database that contains the translated names to IP addresses that can be queried by any DNS-aware applications
The internet root servers, or top level servers, contain addresses of the DNS servers for all top-level domains, .com, .org, etc. Each top-level server contains a DNS database of all names & addresses in that domain
Local NWs isolated from the Internet may use their own domain name systems through use of DNS mgmt SW. These names are typically same as those used by internet implementation
Hacking - if an attacker manipulates DNS, in modern day environments, applications may not work without DNS present & functioning; Ex. Microsoft AD wouldn’t work without DNS present or accessible
Active Directory - special purpose database for windows that handles a large # of read & search operations
broadcast domain
A broadcast domain allow traffic to be broadcast to all connected nodes
Identify OSI Layers for Equipment:
Hub, Switch, Router, Proxy
Hub: Layer 1 - Physical
Switch: Layer 2 - Data Link
Router: Layer 3 - Network
Proxy: Layer 7 - Application
IPS & IDS
both used to cover your tracks, keep a low profile
IDS - intrusion detection system - detect any suspicious NW activity & notifies admin, passive in nature; similar to a burglar alarm that alerts you, but doesn’t stop the burglar
IPS - intrusion prevention system - proactive & preventive, senses potential malicious activity on NW & takes steps to prevent further damage and thwart further attacks
Full backup
- - full back up resets the archive bit of all files & backs them up accordingly
Differential backup
- backs up all changed files since last successful full backup. Does not reset archive bit; creates one large file and fully restores off of latest differential backup (full is not needed)
Incremental Backup
- backs up all changed files since last full back up OR since the last incremental; does not reset archive bit; creates several small backup jobs; last full back up + incrementals are needed to restore
Collosion domains
Collosion domains are NW segments in which traffic sent will potentially collide w/ other traffic; In a collion domain, traffic will not be sent to a broadcast, it will collide w/ other traffic on the wire
ARP
ARP requests (Address Resolution Protocol), which are sent to the NW to resolve HW addresses, are an example of broadcast domain
RPC
Remote Procedure Call - inter-process communication that allows a computer program to execute in another address space