Chapter 2 - Telecommunications and Network Security

Question 1

Network layering models

Answer 1

OSI - reference model - structured into 7 layers and TCP/IP or Department of Defense model - structured into 4 layers. Encapsulation is common to both - layers isolated on a technical level and operate independently

Question 2

OSI - defined in 1984 Open System Interconnect ISO/IEC 7498-1. Latest revision 1994

Answer 2

Application Layer Presentation Layer Session Layer Transport Layer Network Layer Data Link Layer Physical Layer

Question 3

OSI - Physical Layer - Layer 1

Answer 3

describes the networking hardware - such as electrical signals and bits and bytes such as network interfaces and cabling. Repeaters for communication trnsfer devices at this layer.

Question 4

OSI - The Data-Link Layer - Layer 2

Answer 4

describes data transfer between machines, for instance by an Ethernet - prepares the packet it receives form the network layer to be transmitted as frames on the network, detects errorrs in frames, converts higher layers into bits. Has two sub layers - logical link control (LLC) - manages connections between peers; - Medai Access Control (MAC) - transmits and recieves frames between peers. Moves data to the next physically connected device. SLIP, CSLIP, PPP at this layer.

Question 5

OSI - Network Layer - Layer 3

Answer 5

describes data transfer between machines for instance by the Internet Protocol (IP) - moves information between two hosts that are not physically connected. Uses logical addressing - Internet Protocol (IP) is the most important network layer protocol. IP uses the destination IP address to transmit packets thorugh networks - Addressing. Fragmentation - IP will subdivide a packet if its size is greater than the maximum size allowed. routers used as this layer, does not guarantee error free delivery. ICMP and IGMP at this layer. Single unit of IP data is a datagram.

Question 6

OSI - Transport Lyer - Layer 4

Answer 6

describes data transfer between applications, flow control, and error detectection and correction for instance by TCP - end to end transport between hosts. User Datagram Protocol (UDP) and Transmission Control Protocol (TCP) are important transport layer protocols. TCP provides error free transmission. Does not provide confidentiality. Unit of TCP data is a segment. Controls rate of packet transfers. End to End.

Question 7

OSI- Session Layer - Layer 5

Answer 7

describes the handshake between applications, for instance authentication process - logical persistent connection between peer hosts - responsible for creating, maintaining, and tearing down the session. Full duplex - both host can exchange info simulateneously and independent; Half Duplex - hosts can exchange information but only one host at a time; Simplex only one host can send information to its peer. Information travels in one direction only. With Presentation layer can provide end to end security

Question 8

OSI - Presentation Layer - Layer 6

Answer 8

describes the presentation of information, such as ASCII syntax - assures peer applications use a common format to represent data. Services: data conversion, character code translation, compresion, encryption and decryption. Two sublayer components: CASE - provides and request services; SASE - application specific services. With Session layer can provide end to end security

Question 9

OSI - Application Layer - Layer 7

Answer 9

describes the structure, interpretation, and handling of information. In security terms it is relevant because it relies on all underlying layers. From the point of view of the (ISC)2 Common Body of Knowledge, the application layer is covered in the Operations section. Portal to Network based Services - determining the identity and availability of remote applications. HTTP, FTP, SMTP. Provides non-repudiation services - integrity of data

Question 10

RIP in Layer 3

Answer 10

Routing information Protocol - uses only hop counts to determine routing metric

Question 11

OSPF in layer 3

Answer 11

Open shortest path first - require large amounts of CPU power and memory

Question 12

Border Gateway Protocol in Layer 3 (BGP)

Answer 12

allow fully decentralized routing - exchanges routing information between gateway hosts

Question 13

ICMP in layer 3

Answer 13

Internet Control Message Protocol - means to send error messages and to probe network at Network layer.

Question 14

TCP

Answer 14

client sends a SYN segment, server sends an ACL and a SYN, client sends an ACK. Stateful packet filter.

Question 15

TCP/IP Reference Model

Answer 15

Link Layer, network layer, transport layer, application layer

Question 16

Link layer

Answer 16

physical communication and routing - covers OSI 1&2

Question 17

Network Layer

Answer 17

Covers OSI layer 3

Question 18

Transport layer

Answer 18

covers OSI layer 4

Question 19

Application Layer

Answer 19

Covers OSI layers 5,6,7

Question 20

IP addresses

Answer 20

four octets; two parts network number and the host. Network number assigned by ICANN. Host represents the network interface within the network. Range of 0 -255

Question 21

Class of IP Addresses for Network number

Answer 21

Class A - 1-127 (1 octet) Class B - 128-191 (2 octets) Class C- 192-223 (3 octets) Class D - 224-239 (multicast) Class E - 240-155 (Reserved)

Question 22

Class A - Computer’s loop back address

Answer 22

127.0.0.0 - troubleshooting at machine level

Question 23

IPV6

Answer 23

Modernization of IPV4 (32 bits). IPV6 is 128 bits and supports two hosts

Question 24

TCP and UDP

Answer 24

map data connections through the association of port numbers managed by Internet Assigned Numbers Authority (IANA). 65,536 (216) ports exist. Port number length of 16. TCP connection oriented. UDP is not.

Question 25

Well known ports

Answer 25

0 through 1023 - used by privileged processes and users

Question 26

Registered ports

Answer 26

1024-49151 - can be registered with IANA by application developers but are not assigned by them - users may not have privileges to run an application on a well-known port

Question 27

Dynamic or Private Ports

Answer 27

49152 -65535 can be freely used by applications; one typical use for these ports is initiation of return connections for requested data or services.

Question 28

User Datagram Protocol

Answer 28

UDP - lightweight service for connectionless data transfer without error detection and correction - easy prey to spoofing techniques.

Question 29

RFC 3550

Answer 29

Real-time protocol (RTP) and real-time control protocol (RTCP)

Question 30

MBone - RFC 2960

Answer 30

Multicasting protocol, reliable UDP and Stream control transmission protocol (SCTP)

Question 31

Extranet

Answer 31

differs from a DMZ - it is made available to authenticated connections - where DMZ hosts publicly available resources that support unauthenticated connections.

Question 32

DHCP

Answer 32

Dynamic Host Configuration Protocol - automatically assigns IP addresses to workstations

Question 33

RFC 3118

Answer 33

replaces normal DHCP messages with authenticated ones.

Question 34

ICMP

Answer 34

Internet Control Message Protocol - exchange of control messages between hosts and gateways and is used for diagnostic tools such as ping and traceroute - can be leveraged for man-in-the-middle and denial-of-service attacks.

Question 35

ping of death

Answer 35

An enormous number of operating systems would crash or become unstable upon receiving an ICMP eco greater than the legal packet limit of 65,536.

Question 36

IGMP

Answer 36

Internet Group Management Protocol - manages multicasting groups. Version 1 - periodically sends queries to hosts, Version 2 - two types of queries: general and group-specific. Version 3 - specifies sources

Question 37

RIP

Answer 37

Routing Information Protocol - dynamic routing designed for small networks - uses number of hops for best route less than or equal to 15 hops. cannot be used in a network with different subnet masks, exchange entire route table every 30 seconds, can't verify trustworthiness. Version 2 - allowed different subnet masks and RFC 2082 MD5 authentication.

Question 38

VRRP

Answer 38

Virtual Router Redundancy Protocol - supports automatic failover - appears as a physical router.

Question 39

DNS

Answer 39

Domain named services - supports use and resolution of e-mail and WWW addresses. Prominent target of attacks. Port 53. RFC 882,1034, 1035

Question 40

LDAP

Answer 40

Lightweight Directory Access Protocol - manages user information loosely based on X.500, front end. Uses backends like NIS, Active Directory, Java System directory. Weak authentication based on host name resolution. Port 389, RFC 1777. Clear text - easily intercepted. Deployment over SSL provides authentication, integrity, confidentiality.

Question 41

NetBIOS

Answer 41

Network Basic Input Output System. Ports 137 and 138 (TCP) and 139 (UDP). 135 for remote procedure calls.

Question 42

NIS and NIS +

Answer 42

network information service- manages user credentials

Question 43

CIFS/SMB

Answer 43

common internet file system/ server message block - user level and tree level security - Windows

Question 44

NFS

Answer 44

Network file system - file sharing UNIX

Question 45

SMTP/ESMTP

Answer 45

Simple Mail Transfer Protocol & Enhanced Simple Mail Transfer Protocol - used to route email, Port 25/TCP managed thru DNS using mail exchange records - robust, nonexistent authentication and lock of encryption. Enhanced version offers authentication mechanisms

Question 46

FTP

Answer 46

File Transfer Protocol - publishing data over the Internet, Port 20 - data, Port 21 - control, RFC 959. Original clear text simple authentication. Secure FTP with TLS encrypts session RFC 4217; SFTP - not FTP but uses secure shell to transfer files - encrypts both commands and data

Question 47

HTTP

Answer 47

Hypertext Transfer Protocol - Port 80 RFC 1945, 2109, 2616 - supports exchange of information in HTML - does not support encryption and fairly simple authentication.

Question 48

SCADA

Answer 48

Supervisory Control Data Acquisition - systems designed to operate with several different communication methods including modems, WANS and various networking equipment.

Question 49

Dual Homed Host

Answer 49

has two network interface cards - each on a separate network

Question 50

Bastion Host

Answer 50

serves as a gateway between a trusted and untrusted network - central host to resist attack

Question 51

Hubs

Answer 51

all connected devices will receive each other's broadcasts; single point of failure

Question 52

Bridges

Answer 52

Layer 2 devices filter traffic based on MAC addresses. IEEE 802.11

Question 53

Routers

Answer 53

read destination Layer 3 addresses

Question 54

Twisted Pair

Answer 54

Cat 1 less than 1Mbps Cat 2 less than 4 Mbps Cat 3 16 Mbps Cat 4 20Mbps Cat 5 100 Mbps Cat 5e 1000 Mbps Cat 6 1000 Mbps Shielded and Unshielded - copper wires twisted together UTP does not require fixed spacing

Question 55

Coaxial Cable

Answer 55

one thick conductor surrounded by a grounding braid of wire in a protective sheath - greater bandwidth and longer cable lengths, expensive and difficult to bend. Requires fixed spacing

Question 56

Patch Panel

Answer 56

devices are connected to a patch panel instead of directly connecting to other devices

Question 57

DSSS

Answer 57

Direct-Sequence Spread Spectrum - wireless technology spreads signal over a wider band

Question 58

FHSS

Answer 58

Frequency-Hopping Spread Spectrum spreads signal over rapidly changing frequencies

Question 59

CDMA

Answer 59

Code Division Multiple Access - wireless mostly used for cellular technology. CDMA 200 - Rate of 153.6 Mbps.

Question 60

GSM

Answer 60

Global Service for Mobile Communications most popular cellular technology

Question 61

Open System Authentication

Answer 61

most basic form of wireless authentication

Question 62

Shared Key Authentication

Answer 62

encrypt a shared secret between the access point and the wireless client - WEP can be decrypted by an attacker in a very short time.

Question 63

WiFi Protected Access

Answer 63

WPA - RC$ 128 bit uses temporal key integrity protocol - uses different key for each packet - mutual authentication. WPA2 certified IEEE 802.11i

Question 64

EAP-TLS

Answer 64

Extensible Authentication Protocol, Transport Layer Security - mutual authentication with digital certificate - too much overhead

Question 65

EAP\_TTLS

Answer 65

tunneled TLS - digital certificates are used but no client-side certificate but less secure

Question 66

EAP-PEAP

Answer 66

protected EAP - similar to EAP-TLS but non digital certificate

Question 67

IEEE 802.11

Answer 67

802.11b legacy - first ratified version of WiFi 802.11a - not compatible with b 802.11g-frequency band of b and speed of a - 52Mbps. compatible with b

Question 68

Bluetooth

Answer 68

short range low-power wireless specification

Question 69

ARP

Answer 69

Address resolution protocol - given layer 3 IP address determines layer 2 MAC address - does not require authentication - maps 32 bit IPv4 to 48 bit hardware addresses. RARP - finds IP address

Question 70

PPP

Answer 70

Point to Point protocol - used to connect a device to a network over a serial line to a network. ISPs use PPP to allow dial up users access to the Internet - supports authentication, Password Authentication Protocol, CHallenge handshake protocol, and Extensible Authentication protocol

Question 71

Broadband wireless

Answer 71

IEEE 802.16 WiMax - 2Mbps to 10 Mbps - allows users to connect to wireless base stations miles from where they are located and obtain MAN access. Uses AES to protect confidentialilty with authentication options including EAP

Question 72

Fiber Optics

Answer 72

uses glass or plastic to transmit light - light source, optical cable and light detector. 40gig/second, not easily intercepted

Question 73

Firewalls

Answer 73

filters traffic based on a set of rules that enforce administrative security policies. Placed between entitites with different trust domains.complex to admister and manage. Filter by address or service. Should not mount file systems via NFS. 3rd generation firewalls - statefull inspection

Question 74

NAT

Answer 74

Network Address Translation - change source address of outgoing packet to a different address. PAT - translate all source port number in the packet to a unique value

Question 75

Static packet filetering

Answer 75

examine's static criteria - blocking all packets with Port number 79(finger) is an example

Question 76

Stateful Inspection or Dynamic Packet FIltering

Answer 76

examines each packet in the context of the session allowing dynamic adjustments

Question 77

Proxies

Answer 77

mediates communications between untrusted end-points and trusted end points - creates illusion that the traffic orginated from the proxy firewall hiding the trusted internal client from potential attackers

Question 78

IPSec

Answer 78

IP security is a suite of protocols for communicating securely with IP by providing mechanisms for authenticating and encrypting. Transport mode - client to server, tunnel mode - firewall to firewall. HAIPE is an extension of IPSec. Does not allow system to select security protocols.

Question 79

AH

Answer 79

Authentication Header is used to prove the identity of the sender and ensure that the transmitted data has not been tampered with using hash - ensures integrity not confidentiality - Encapsulating Security Payload - provides intergirty and confidentiality.

Question 80

ESP

Answer 80

Encapsalating security payload encrypts IP packets and ensures their integirty

Question 81

Security Association

Answer 81

SAs work in one direction and defines mechanisms that an endpoint will use to communicate

Question 82

IKE

Answer 82

Internet key exchange - proves identity to each other - shared secret, public key encryption or revised mode of Public Key encryption is Phase 1. Phase 2 - security associations established. Like IPSEC - authentication with pre-shared key, public key, certificate based

Question 83

PPTP

Answer 83

Point to Point Tunneling Protocol relies on generic routing encapsulation (GRE) to build the tunnel between end points - drives encryption key from the user's password

Question 84

L2TP

Answer 84

Layer 2 Tunneling Protocol allows caller over a serial line using PPP to connect over the internet to a remote network - does not provide encryption

Question 85

SSH

Answer 85

Secure Shell allows users to securely access resources on remote computers over an encrypted tunnel - supports authentication

Question 86

SOCKS

Answer 86

popular circuit proxy used to access a remote server - application gateway acts as a connection proxy

Question 87

SSL/TLS

Answer 87

SSL 3.0 and TLS 1.1 are compatible with SSL being a session encryption tool - creates a tunnel back to home office. At Application layer - 40 bit and 128 bit. Client side authentication. SSLv2 uses signed certificates

Question 88

XMPP

Answer 88

Extensible Messaging and Presence Protocol. Jabber is an open instance messaging protocol and formalized XMPP

Question 89

IRC

Answer 89

Internet Relay Chat - Port 194, RFC 1459 - unecrypted

Question 90

RADIUS

Answer 90

Remote AUthentication Dial-in User Service - authentication protocol used mainly in network environments , or for similar services requiring single signon for layer 3, Port 1812, 1813 RFC 2865

Question 91

SNMP

Answer 91

Simple Network Management Protocol - Port 161, 162 and RFC 1157. designed to manage network infrastructure

Question 92

Telnet

Answer 92

Port 23 RFC 854, 855

Question 93

Virtual Network Terminal Services

Answer 93

used for remote access to server resources. Port 80 (TCP), 443 (UDP) - eg Citrix

Question 94

BUS

Answer 94

is a lan with a central cable to which all nodes connect

Question 95

Tree Topology

Answer 95

similar to BUS

Question 96

Ring

Answer 96

CLosed loop technology

Question 97

Mesh

Answer 97

all nodes are connected to every node

Question 98

Star

Answer 98

all nodes connected to a central device

Question 99

Ethernet

Answer 99

IEEE 802.3

Question 100

Token RIng

Answer 100

IEEE 802.5

Question 101

FDDI

Answer 101

Fiber Distribute Data Interface - uses two rings, one used other back up 100 Mbps - counter rotating - has been supplanted

Question 102

MPLS

Answer 102

Multiprotocol Label Switching - refered to a IP VPN - but does not incude encryption services

Question 103

ISDN

Answer 103

Integrated Services Digital Network - remote access with higher bandwidth (before DSL and cable modems) - at end of life

Question 104

Point-toPoint Lines

Answer 104

expensive options - connects two end points - high bandwidth fiber cable

Question 105

T1

Answer 105

multiplexes 24 channels over copper cable - 1.544 Mbps - T2 4xT1, T3 7xT2, T4 6xT3

Question 106

X.25

Answer 106

allows users and hosts to connect through a model to remote hosts via a packet-switched network - replaced by DSL and ATM

Question 107

Frame Relay

Answer 107

Economical alternative to circuit-switched networks - uses packet switching technology for WAN Connectivity.

Question 108

ATM

Answer 108

Asynchronous Transfer Mode - 155Mbps - uses virtual circuits, fixed size frames

Question 109

SLIP

Answer 109

serial line IP cannot be used for full duplex WAN

Question 110

MNP

Answer 110

Microsoft Networking Protocol - Echoplex

Question 111

XDSL

Answer 111

1.544 - HDSL - two copper twisted pairs.

Question 112

Ethernet

Answer 112

A unit is a frame. Fast Ethernet 802.3u 100Mbps. Ethernet access method is CSMA/CD 100 BAse TX Fast Ethernet - 2 pair Cat 5 UTP or Cat1 STP

Question 113

Unicast

Answer 113

LAN Trasmission Protocol

Question 114

POP#

Answer 114

Runs on Port 110

Question 115

IP Header Protocol Field

Answer 115

ICMP - 1, IGMP - 2, TCP - 6, UDP 17

Question 116

X.400

Answer 116

OSI for message handling

Question 117

Diverse routing

Answer 117

thru split cable or duplicate cable facilities

Question 118

Telenet & Rlogin

Answer 118

Use TCP protocol

Question 119

Screening Router

Answer 119

packet filter based on source & destination filter

Question 120

CHAP

Answer 120

Challenge Hand Authentication Protocol

Question 121

Syn Attack

Answer 121

high number of half open connections

Question 122

Macro Virus

Answer 122

Not depending on size of packet

Question 123

Distributed Denial of Service

Answer 123

First Phase - compromise as many machines as possible. Components - client, handler, agent, target

Question 124

VPN Software

Answer 124

Does not encrypt

Question 125

Bots and Botnets

Answer 125

Bots are zombies controlled by shadowy figures - largest shource of spam e-mail

Question 126

Teardrop

Answer 126

ip fragments are constructed so that the target host calculates a negative fragment length

Question 127

Overlapping fragment attack

Answer 127

subvert packet filters that only inspect the first fragment of a fragmented packet.

Question 128

Source Routing Exploitation

Answer 128

sender specifies path

Question 129

Smurg and Fraggle attacks

Answer 129

use broadcasts to create DoS attacks. Smurf misuses ICMP. Fraggel uses UDP

Question 130

NFS Attacks

Answer 130

basic authentication method easy to exploit

Question 131

Network Nws Transport Protocol Secuirty

Answer 131

NNTP - main shortcoming authentication

Question 132

Finger Use Information Protocol

Answer 132

last log in time of a user and whether currently logged in

Question 133

Network Time Protocol

Answer 133

NTP sychronizes computer clocks

Question 134

DoS

Answer 134

overload with excessive traffic

Question 135

Syn Flood Attack

Answer 135

DoS against the inital handshake - overloads the target's connection table

Question 136

Spoofing

Answer 136

bogus source address

Question 137

Session Highjack

Answer 137

unatuhorized insertion of packets into a data stream

Question 138

Layer Ethernet 802.3 is placed on

Answer 138

Data Link Layer

Question 139

Best Proactive Network Defense

Answer 139

Perimeter Surveillance and intelligence gathering

Question 140

Network is not the target of attack in

Answer 140

man in the middle attack

Question 141

Most effective against a distribute DoS attack

Answer 141

Traffic Filtering

Question 142

Optimal placement for network based intrusion detection systems

Answer 142

On the network perimeter to alert the network administrator of all suspicious activity

Question 143

End-point devices most likely be considered part of a converged IP network

Answer 143

fileserver, ip phone, security camera

Question 144

an advantage of fiber-optic over copper cables from a security perspective

Answer 144

more difficult to wiretap

Question 145

Part of a network's perimeter defense

Answer 145

firewall, proxy server, host based intrusion detection system

Question 146

Principal Security Risk of wireless LANs

Answer 146

Lack of physical access controls

Question 147

WLAN's SSID configured with adequate security protection

Answer 147

SSIDs are not for authentication

Question 148

IPSec

Answer 148

provides mechanisms for authentication and encryption

Question 149

Security Event Manager

Answer 149

aggreagates logs from security devices and application servers looking for suspiious activity

Question 150

DNS weakness

Answer 150

lack of authenticationof servers and therby the authenticity of records

Question 151

Open email relays

Answer 151

using a blacklist of open email relays does not provide a secure way for an email administrator to identify open mail relays and filter spam

Question 152

botnet can be characterized by

Answer 152

a group of dispersed compromised machines controlled remotely for illicit reasons

Question 153

mesh network is rarely implemented in modern networks due to

Answer 153

cost

Question 154

Strongest wireless encryption an 801.11N

Answer 154

WPA2

Question 155

Media best suited for an area with a lot of electromagnetic raidation

Answer 155

Fiber

Question 156

Multi layer Protocols such as Modbus

Answer 156

are often insecure by their very nature as they were not designed to natively operate over today's IP networks.

Question 157

Best approach for admistering a server remotely

Answer 157

SSHv2