Chapter 3 Flashcards
Four Layers of TCP/IP
Application
Host-to-Host
Internet Layer
Network Access Layer
Network Access Layer
Responsible for placing and removing packets on the physical network through communications with the network adapters
Encapsulation
allows a transport protocol to be sent across the network and utilized by the equivalent service or protocol at the receiving host
IANA
Internet Assigned Numbers Authority
Defines the list of well known ports
port 25 is SMTP etc
How does TCP establish a session?
The threeway handshake.
A client originates this connection with an ISN (Initial Sequence Number)
The server responds with a TCP segment that includes the ISN and a value buffer
The client then sends back an acknowledgment of the server’s sequence number
iSCSI and it’s ports!
Internet Small Computer Systems Interface
Allows data storage and transfers across an existing network
Ports 860 and 3260
Fibre Channel
Like an iSCSI but meant for fiber optic. Not routable at the network level
Factors of a security topology
DMZ Subnetting VLANs Remote Access NAT Telephony NACs
VLAN
Virtual Local Area Network
Allows you to create groups of users and systems and segment them on the network
PPTP
Point-to-Point Tunneling Protocol
Supports encapsulation in a single point-to-point environment. Encrypts PPP packets
Weakness of packet-capture devices
Capturing the negotiation process can potentially uses that information to determine the connection type and information about how the tunnel works
L2F
Layer 2 Forwarding
Created by Cisco as a method of creating tunnels primarily for dial-up connections. Similar in capability to PPP and it shouldn’t carry over to WANs
L2TP
Layer 2 Tunneling Protocol
MS and Cisco agreed to combine their respective tunneling protocols into one protocol. Can be used with many different network protocols
Problem with L2TP
It doesn’t provide data security: the information isn’t encrypted
SSH
Secure Shell
A tunneling protocol originally designed for Unix systems. It uses encryption to establish a secure connection between two systems
IPSec
Internet Protocol Security
Not a tunneling Protocol, but used in conjunction with tunneling protocols. Usually for LAN-to-LAN connections
RRAS
Routing and Remote Access
previously known as Remote Access Services
Connection accomplished via dial-up POTS
Telephony
telephone technology + Info Technology
VoIP is taking over!!!!
NAC
Network Access Control
Used for daily operations of the network, connections to other networks, and backup plans
Proxy Firewall
Intermediary between you network and any other network. Decides whether a packet should be accepted or refused
Dual-homed firewall
Proxy Firewall with 2 NICs. One for outside the network. One for inside the network
Application Level Proxies
Reads individual commands of protocols being served. Must know the difference between GET and PUT commands
Circuit-level proxy
creates a circuit between the client and the server and doesn’t deal with contents of the packets that are being processed
Stateful vs Stateless inspection in firewalls
Stateful inspections (aka SPI filtering) Keeps track of how information is routed or used
Stateless firewalls make decisions based on the data that comes in. More simple
Load Balancing
Shifting a load from one device to another
IDS
Intrusion Detection Service
software that runs either on individual workstations or on network devices to monitor and track network activity.
Types of IDS
Behavior Based: looks for variations in behavior such as unusually high traffic, policy violations, etc
Signature Based Detection: AKA misuse detection IDS. Evaluates attacks based on attack signatures and audit trails
Anomaly Detection IDS: Looks for anything outside the ordinary
Heuristic IDS: uses an algorithm to analyze the traffic passing through the network
