Chapter 3 Flashcards
Acronym and Definition
OSI model
- Open Systems Interconnection model
- Describes network communications using seven layers
What are the layers of the OSI model in order?
- Physical
- Data Link
- Network
- Transport
- Session
- Presentation
- Application
The lower the layer number, the closer you are to the actual wires and cabling of the network
“Please Do Not Throw Sausage Pizza Away “
Physical layer of the OSI model
basic equipment of networking: copper wires, fibre optic cables, radio waves
Data Link layer of OSI
- This is where network switches reside.
- Formats data into data frames and routes it between systems on the local network using their MAC addresses
Network layer of the OSI model
Routers use IP addresses to send information between systems that are not on the same local network
Transport layer of the OSI model
Provides end-to-end communication services for applications. TCP and UDP exist at this layer
Session layer of the OSI model
establishes, manages, and terminates sessions between applications running on different devices, alowing them to commmunicate and exchange data
Presentation layer of the OSI model
- Translates data into a standard format that can be understood by the application layer.
- Provides encryption, compression, and other data transformation services
Application layer of the OSI model
Provides network services to application, allowing them to communicate with other applications over the network
Acronym
MAC
Media Access Control
Acronym
IP
Internet Protocol
Acronym and definition
TCP
- Transmission Control Protocol
- A connection oriented protocol that provides guaranteed delivery
Uses three-way handshake process
Acronym and definition
UDP
- User Datagram Protocol
- A connectionless protocol that provides “best effort” delivery, to deliver data without using extra traffic
Many DoS attacks use UDP
Walkthrough the three way TCP handshake process
- To start the TCP session, the client sends a SYN (synchronize) packet
- The server responds with a SYN/ACK (synchronize/acknowledge) packet.
- The client completes the handshake with an ACK packet to establish the connection
Acronym
DoS
Denial of Service
A type of network based attack
Acronym and Definition
ICMP
- Internet Control Message Protocol
- Tests basic connectivity and includes ping and tracert
Acronym and Definition
IP
- Internet Protocol
- Identifies hosts in a TCP/IP network and delivers traffic from one host to another using IP addresses
- IPv4 uses 32 bit addresses
- IPv6 uses 128 bit addresses using hexadecimal code
Acronym and Definition
ARP
- Address Resolution Protocol
- Resolves IPv4 addresses to MAC addresses
What are use cases that may be associated with different protocols
- Data in transit
- Email and web
- Directory
- Voice and Video
- Remote Access
- Time Synchronization
- Network Address Allocation
- Domain Name Resolution
Acronym and Definition
FTP
- File Transfer Protocol
- Used to transfer files over networks in cleartext. Does NOT encrypt the transmission
This is an insecure protocol that should no longer be used to transfer data over a network
Acronym
TFTP
Trivial File Transfer Protocol
Not an essential protocol so is usually disabled by administrators. Used to transfer small amounts of data.
Acronym
SSL
- Secure Sockets Layer
- Used to be the primary method to secure and encrypt HTTP traffic as HTTPS and other types of traffic
- Has been compromised and is not recommended for use
Which protocols should not be used on modern networks
- FTP
- TFTP
- SSL
What are the secure alternatives for protecting data in transit?
- TLS
- IPsec
- SSH
- HTTPS
- FTPS
Acronym
TLS
- Transport Layer Security
- Replacement for SSL
- Encrypts FTPS
Should be used in place of SSL for browsers using HTTPS
Acronym
IPsec
- Internet Protocol Security
- Used to encrypt IP traffic
Acronym
SSH
- Secure Shell
- Encrypts SCP and SFTP
- Uses TCP port 22
Acronym
SFTP
- Secure File Transfer Protocol
- Uses SSH to transmit files in an encrypted format.
Transmits data using TCP port 22
Acronym
FTPS
- File Transfer Protocol Secure
- Uses TLS to encrypt FTP traffic
Acronym and definition
SMTP
- Simple Mail Transfer Protocol
- Transfers email between clients and SMTP servers
- TCP port 25 for unencrypted email
- SMTPS uses TCP port 587 for encrypted
Acronym
POP3
- Post Office Protocol
- Transfers emails from servers to end users
- TCP Port 110 for unencrypted connections
- TCP Port 995 for encrypted connections
Acronym
IMAP
- Internet Message Access Protocol
- Used to store email on a mail server and allows users to organize and manage email in folders on the server
- TCP Port 143 for unencrypted connections
- TCP Port 993 for encrypted connection
Acronym
HTTP
- Hypertext Transfer Protocol
- Transmits unencrypted web traffic between web servers and browsers
- TCP Port 80
Acronym
HTTPS
- Hypertext Transfer Protocol Secure
- Adds TLS encryption
- Port 443
Acronym and Definition
SPF
- Sender Policy Framework
- Uses DNS records to define which IP addresses are authorized to send emails on behalf of a domain
Acronym and Definition
DKIM
- DomainKeys Identified Mail
- Uses Public key cryptography to sign and verify an email’s domain and content
Acronym
DMARC
Domain-based Message Authentication, Reporting, and Conformance
What protocols protect users from spam, phising and other types of email based attacks?
SPF, DKIM, and DMARC
What are email gateways
Network devices or software applications that filter incoming and outgoing emails for spam malware and other types of threats
What port does LDAP use?
Port 389
What port does LDAPS use?
Port 636
Acronym and Definition
(AD DS)
- Microsoft Active Directory Domain Services
- Provide authentication and authorization services for a network
What does AD DS use when querying the directory?
LDAPS
(LDAP encrypted with TLS)
What protocol is commonly used as the underlying protocol with live and video streaming?
UDP
Acronym and Definition
RTP
- Real-time Transport Protocol
- Delivers audio and video over IP networks
Acronym
VoIP
Voice over Internet Protocol
Acronym and Definition
SRTP
- Secure Real-time Transport Protocol
- Provides encryption, message authentication, and integrity for RTP
Acronym and Definition
SIP
- Session Initiation Protocol
- Used to initiate, maintain, and terminate voice, video and messaging sessions
What do VoIP logs show?
- Timestamps
- Caller phone numbers
- Recipient phone numbers
- extensions (if used)
- missed calls
What do SIP log files show?
- Timestamps
- Sender IP addresses
- Recipient IP addresses
Acronym
GPO
Group Policy Object
Acronym
RDP
Remote Desktop Protocol
What TCP port does RDP use?
Port 3389
Why do administrators use SSH instead of Telnet
Telnet sends data including usernames and passwords over the network in cleartext while SSH encrypts the data
What is OpenSSH
- A suite of tools that simplifies the use of SSH to connect to remote servers securely
- Supports authentication using a passwordless SSH login
Acronym and Definition
DHCP
- Dynamic Host Configuration Protocol
- Dynamically assigns IP addresses to hosts
Acronym
ISP
Internet Service Provider
Acronym
IANA
Internet Assigned Numbers Authority
Acronym
IETF
Internet Engineering Task Force
Acronym
DNS
- Domain Name System
- Resolves hostnames to IP addresses
What are the DNS Zones and what data is kept in each zone?
- A : hostname and IPv4 addresses
- AAAA : hostname and IPv6 addresses
- PTR
- MX : identify mail servers
- CNAME
*
What port doest DNS use for zone transfers
TCP Port 53
What port does DNS use for client queries
UDP port 53
Acronym and Definition
DNSSEC
- Domain Name System Security Extensions
- Provides validation for DNS responses by adding a RRSIG
Acronym and Definition
RRSIG
- Resource Record Signature
- Provides data integrity and authentication and helps prevent DNS poisoning attacks
What is DNS poisoning?
An attacker modifies a DNS cache with a bogus IP address, sending users to a malicious website
What is a host?
Any device with an IP address.
Also referred to as a client or a node
What is Unicast?
- A method IPv4 uses to address TCP/IP traffic
- One hosts sends traffic to another host using a destination IP address
One to one traffic
What happens to a unicast packet on a network when it is sent to a specific host?
Other hosts on the same network may see the packet, but they will not process it because it isn’t addressed to them.
What is broadcast?
- One-to-all traffic
- Every host that receives a broadcast will process it
What is one difference in broadcasting between switches and routers?
Switches pass broadcast traffic between their ports but routers do not pass broadcast traffic
What does a switch do?
- Connects computers and other devices to each of its physical ports
- Map MAC addresses to physical ports
What is port security and how does it enhance network security on switch ports?
Port security limits access to switch ports by:
* Limiting the number of MAC addresses allowed per port. (mac filtering)
* Disabling unused ports to prevent unauthorized access
How does a switching loop affect a network
Floods a network with traffic and can disable a switch
Acronym
STP and RSTP
- Spanning Tree Protocol
- Rapid Spanning Tree Protocol
They provide both broadcast storm prevention and loop prevention for switches
Acronym
BPDU
- Bridge Protocol Data Unit
- STP sends BPDU messages in a network to detect loops
What is a BPDU guard
A feature that monitors the ports for any unwanted BPDU messages. If it receives any it disables the port
Blocks BPDU attacks
What is a router
Connects multiple network segments into a single network and routes traffic between the segments
Router ACLs
Provide basic packet filtering. They filter packets based on IP addresses, ports, and protocols
What is implicit deny
The last rule in an ACL. Indicates that unless something is explicitly allowed, it’s denied
What is the route command?
a command used to view and manipulate a systems routing table
Acronym and Definition
SNMP
- Simple Network Management Protocol
- Monitors and manages network devices such as routers or switches
What ports do SNMP use?
UDP ports 161 and 162
What is the purpose of a host based firewall?
To filter incoming and outgoing traffic for a single host or between networks
What is a stateless firewall?
A firewall that uses rules implemented in ACLs to identify allowed and blocked traffic
Acronym
WAF
Web Application Firewall
Acronym
NGFW
Next Generation Firewall
Acronym
DMZ
- Demilitarized Zone also known as a screened subnet
- A security zone between a private network and the Internet
Acronym and Definition
NAT
- Network Address Translation
- A protocol that translates pubilc and private IP address either way and hides IP addresses on the internal network from users on the Internet
Dynamic NAT
uses multiple public IP addresses
Static NAT
Uses a single public IP address in a one to one mapping
Acronym
SCADA
Supervisory Control and Data Acquisition
What is an air gap
An air gap isolates one network from another by ensuring there is physical space between all systems and cables
Acronym
VLAN
Virtual Local Area Network
What do proxy servers/ forward proxy servers do
They forward requests for services from a client
What do reverse proxy servers do?
Accept traffic from the Internet and forward it to one or more internal web servers
What is a cache?
Temporary storage
Acronym
UTM
Unified Threat Management
What is a jump server
A hardened server used to access and manage devices in a different security zone
Acronym
ZTNA
- Zero Trust Network Access
- We don’t make trust decisions based on network location
