Chapter 3 Flashcards
1
Q
Acronym and Definition
OSI model
A
- Open Systems Interconnection model
- Describes network communications using seven layers
2
Q
What are the layers of the OSI model in order?
A
- Physical
- Data Link
- Network
- Transport
- Session
- Presentation
- Application
The lower the layer number, the closer you are to the actual wires and cabling of the network
“Please Do Not Throw Sausage Pizza Away “
3
Q
Physical layer of the OSI model
A
basic equipment of networking: copper wires, fibre optic cables, radio waves
4
Q
Data Link layer of OSI
A
- This is where network switches reside.
- Formats data into data frames and routes it between systems on the local network using their MAC addresses
5
Q
Network layer of the OSI model
A
Routers use IP addresses to send information between systems that are not on the same local network
6
Q
Transport layer of the OSI model
A
Provides end-to-end communication services for applications. TCP and UDP exist at this layer
7
Q
Session layer of the OSI model
A
establishes, manages, and terminates sessions between applications running on different devices, alowing them to commmunicate and exchange data
8
Q
Presentation layer of the OSI model
A
- Translates data into a standard format that can be understood by the application layer.
- Provides encryption, compression, and other data transformation services
9
Q
Application layer of the OSI model
A
Provides network services to application, allowing them to communicate with other applications over the network
10
Q
Acronym
MAC
A
Media Access Control
11
Q
Acronym
IP
A
Internet Protocol
12
Q
Acronym and definition
TCP
A
- Transmission Control Protocol
- A connection oriented protocol that provides guaranteed delivery
Uses three-way handshake process
13
Q
Acronym and definition
UDP
A
- User Datagram Protocol
- A connectionless protocol that provides “best effort” delivery, to deliver data without using extra traffic
Many DoS attacks use UDP
14
Q
Walkthrough the three way TCP handshake process
A
- To start the TCP session, the client sends a SYN (synchronize) packet
- The server responds with a SYN/ACK (synchronize/acknowledge) packet.
- The client completes the handshake with an ACK packet to establish the connection
15
Q
Acronym
DoS
A
Denial of Service
A type of network based attack
16
Q
Acronym and Definition
ICMP
A
- Internet Control Message Protocol
- Tests basic connectivity and includes ping and tracert
17
Q
Acronym and Definition
IP
A
- Internet Protocol
- Identifies hosts in a TCP/IP network and delivers traffic from one host to another using IP addresses
- IPv4 uses 32 bit addresses
- IPv6 uses 128 bit addresses using hexadecimal code
18
Q
Acronym and Definition
ARP
A
- Address Resolution Protocol
- Resolves IPv4 addresses to MAC addresses
19
Q
What are use cases that may be associated with different protocols
A
- Data in transit
- Email and web
- Directory
- Voice and Video
- Remote Access
- Time Synchronization
- Network Address Allocation
- Domain Name Resolution
20
Q
Acronym and Definition
FTP
A
- File Transfer Protocol
- Used to transfer files over networks in cleartext. Does NOT encrypt the transmission
This is an insecure protocol that should no longer be used to transfer data over a network
21
Q
Acronym
TFTP
A
Trivial File Transfer Protocol
Not an essential protocol so is usually disabled by administrators. Used to transfer small amounts of data.
22
Q
Acronym
SSL
A
- Secure Sockets Layer
- Used to be the primary method to secure and encrypt HTTP traffic as HTTPS and other types of traffic
- Has been compromised and is not recommended for use
23
Q
Which protocols should not be used on modern networks
A
- FTP
- TFTP
- SSL
24
Q
What are the secure alternatives for protecting data in transit?
A
- TLS
- IPsec
- SSH
- HTTPS
- FTPS
25
# Acronym
TLS
* Transport Layer Security
* Replacement for SSL
* Encrypts FTPS
## Footnote
Should be used in place of SSL for browsers using HTTPS
26
# Acronym
IPsec
* Internet Protocol Security
* Used to encrypt IP traffic
27
# Acronym
SSH
* Secure Shell
* Encrypts SCP and SFTP
* Uses TCP port 22
28
# Acronym
SFTP
* Secure File Transfer Protocol
* Uses SSH to transmit files in an encrypted format.
## Footnote
Transmits data using TCP port 22
29
# Acronym
FTPS
* File Transfer Protocol Secure
* Uses TLS to encrypt FTP traffic
30
# Acronym and definition
SMTP
* Simple Mail Transfer Protocol
* Transfers email between clients and SMTP servers
## Footnote
* TCP port 25 for unencrypted email
* SMTPS uses TCP port 587 for encrypted
31
# Acronym
POP3
* Post Office Protocol
* Transfers emails from servers to end users
## Footnote
* TCP Port 110 for unencrypted connections
* TCP Port 995 for encrypted connections
32
# Acronym
IMAP
* Internet Message Access Protocol
* Used to store email on a mail server and allows users to organize and manage email in folders on the server
## Footnote
* TCP Port 143 for unencrypted connections
* TCP Port 993 for encrypted connection
33
# Acronym
HTTP
* Hypertext Transfer Protocol
* Transmits unencrypted web traffic between web servers and browsers
## Footnote
* TCP Port 80
34
# Acronym
HTTPS
* Hypertext Transfer Protocol Secure
* Adds TLS encryption
## Footnote
* Port 443
35
# Acronym and Definition
SPF
* Sender Policy Framework
* Uses DNS records to define which IP addresses are authorized to send emails on behalf of a domain
36
# Acronym and Definition
DKIM
* DomainKeys Identified Mail
* Uses Public key cryptography to sign and verify an email's domain and content
37
# Acronym
DMARC
Domain-based Message Authentication, Reporting, and Conformance
38
What protocols protect users from spam, phising and other types of email based attacks?
SPF, DKIM, and DMARC
39
What are email gateways
Network devices or software applications that filter incoming and outgoing emails for spam malware and other types of threats
40
What port does LDAP use?
Port 389
41
What port does LDAPS use?
Port 636
42
# Acronym and Definition
(AD DS)
* Microsoft Active Directory Domain Services
* Provide authentication and authorization services for a network
43
What does AD DS use when querying the directory?
LDAPS
(LDAP encrypted with TLS)
44
What protocol is commonly used as the underlying protocol with live and video streaming?
UDP
45
# Acronym and Definition
RTP
* Real-time Transport Protocol
* Delivers audio and video over IP networks
46
# Acronym
VoIP
Voice over Internet Protocol
47
# Acronym and Definition
SRTP
* Secure Real-time Transport Protocol
* Provides encryption, message authentication, and integrity for RTP
48
# Acronym and Definition
SIP
* Session Initiation Protocol
* Used to initiate, maintain, and terminate voice, video and messaging sessions
49
What do VoIP logs show?
* Timestamps
* Caller phone numbers
* Recipient phone numbers
* extensions (if used)
* missed calls
50
What do SIP log files show?
* Timestamps
* Sender IP addresses
* Recipient IP addresses
51
# Acronym
GPO
Group Policy Object
52
# Acronym
RDP
Remote Desktop Protocol
53
What TCP port does RDP use?
Port 3389
54
Why do administrators use SSH instead of Telnet
Telnet sends data including usernames and passwords over the network in cleartext while SSH encrypts the data
55
What is OpenSSH
* A suite of tools that simplifies the use of SSH to connect to remote servers securely
* Supports authentication using a passwordless SSH login
56
# Acronym and Definition
DHCP
* Dynamic Host Configuration Protocol
* Dynamically assigns IP addresses to hosts
57
# Acronym
ISP
Internet Service Provider
58
# Acronym
IANA
Internet Assigned Numbers Authority
59
# Acronym
IETF
Internet Engineering Task Force
60
# Acronym
DNS
* Domain Name System
* Resolves hostnames to IP addresses
61
What are the DNS Zones and what data is kept in each zone?
* A : hostname and IPv4 addresses
* AAAA : hostname and IPv6 addresses
* PTR
* MX : identify mail servers
* CNAME
*
62
What port doest DNS use for zone transfers
TCP Port 53
63
What port does DNS use for client queries
UDP port 53
64
# Acronym and Definition
DNSSEC
* Domain Name System Security Extensions
* Provides validation for DNS responses by adding a RRSIG
65
# Acronym and Definition
RRSIG
* Resource Record Signature
* Provides data integrity and authentication and helps prevent DNS poisoning attacks
66
What is DNS poisoning?
An attacker modifies a DNS cache with a bogus IP address, sending users to a malicious website
67
What is a host?
Any device with an IP address.
## Footnote
Also referred to as a client or a node
68
What is Unicast?
* A method IPv4 uses to address TCP/IP traffic
* One hosts sends traffic to another host using a destination IP address
## Footnote
One to one traffic
69
What happens to a unicast packet on a network when it is sent to a specific host?
Other hosts on the same network may see the packet, but they will not process it because it isn't addressed to them.
70
What is broadcast?
* One-to-all traffic
* Every host that receives a broadcast will process it
71
What is one difference in broadcasting between switches and routers?
Switches pass broadcast traffic between their ports but routers do not pass broadcast traffic
72
What does a switch do?
* Connects computers and other devices to each of its physical ports
* Map MAC addresses to physical ports
73
What is port security and how does it enhance network security on switch ports?
Port security limits access to switch ports by:
* Limiting the number of MAC addresses allowed per port. (mac filtering)
* Disabling unused ports to prevent unauthorized access
74
How does a switching loop affect a network
Floods a network with traffic and can disable a switch
75
# Acronym
STP and RSTP
* Spanning Tree Protocol
* Rapid Spanning Tree Protocol
## Footnote
They provide both broadcast storm prevention and loop prevention for switches
76
# Acronym
BPDU
* Bridge Protocol Data Unit
* STP sends BPDU messages in a network to detect loops
77
What is a BPDU guard
A feature that monitors the ports for any unwanted BPDU messages. If it receives any it disables the port
## Footnote
Blocks BPDU attacks
78
What is a router
Connects multiple network segments into a single network and routes traffic between the segments
79
Router ACLs
Provide basic packet filtering. They filter packets based on IP addresses, ports, and protocols
80
What is implicit deny
The last rule in an ACL. Indicates that unless something is explicitly allowed, it's denied
81
What is the **route** command?
a command used to view and manipulate a systems routing table
82
# Acronym and Definition
SNMP
* Simple Network Management Protocol
* Monitors and manages network devices such as routers or switches
83
What ports do SNMP use?
UDP ports 161 and 162
84
What is the purpose of a host based firewall?
To filter incoming and outgoing traffic for a single host or between networks
85
What is a stateless firewall?
A firewall that uses rules implemented in ACLs to identify allowed and blocked traffic
86
# Acronym
WAF
Web Application Firewall
87
# Acronym
NGFW
Next Generation Firewall
88
# Acronym
DMZ
* Demilitarized Zone also known as a screened subnet
* A security zone between a private network and the Internet
89
# Acronym and Definition
NAT
* Network Address Translation
* A protocol that translates pubilc and private IP address either way and hides IP addresses on the internal network from users on the Internet
90
Dynamic NAT
uses multiple public IP addresses
91
Static NAT
Uses a single public IP address in a one to one mapping
92
# Acronym
SCADA
Supervisory Control and Data Acquisition
93
What is an air gap
An air gap isolates one network from another by ensuring there is physical space between all systems and cables
94
# Acronym
VLAN
Virtual Local Area Network
95
What do proxy servers/ forward proxy servers do
They forward requests for services from a client
96
What do reverse proxy servers do?
Accept traffic from the Internet and forward it to one or more internal web servers
97
What is a cache?
Temporary storage
98
# Acronym
UTM
Unified Threat Management
99
What is a jump server
A hardened server used to access and manage devices in a different security zone
100
# Acronym
ZTNA
* Zero Trust Network Access
* We don't make trust decisions based on network location
