Chapter 3 Flashcards
In a sniffing attack the attackers often use a:
protocol analyzer to capture data sent over a network. After capturing the data, attackers can easily read the data within the protocol analyzer when it has been sent in cleartext
A denial-of-service (DoS) attack is a:
service attack from a single source that attempts to disrupt the services provided by another system.
A distributed denial-of-server (DDoS) attack includes:
multiple computers attacking a single targer
A poisoning attack attempts to:
corrupt the data stored in cache for temporary access to with different data
Transmission Control Protocol (TCP) provides:
connection-oriented traffic (guaranteed delivery)
Transmission Control Protocol (TCP) uses:
a three-way handshake process
The TCP three-way handshake process is:
the client sends a SYN (synchronize) packet
the server responds with a SYN/ACK (synchronize/acknowledge) packet
the client completes the third part of the handshake with an ACK packet to establish the connection
User Datagram Protocol (UDP) provides:
connectionless sessions (W/O a three-way handshake)
The Internet Protocol (IP) identifies:
hosts in a TCP/IP network and delivers traffic from one host to another using IP addresses
Internet Control Message Protocol (ICMP) is used for:
testing basic connectivity and includes tools such as ping, pathping, and tracert
Many DoS attacks use:
ICMP
Because of how often ICMP is used in attacks:
it has become common to block ICMP at firewalls and routers, which disables a ping response
Blocking ICMP prevents:
attackers from discovering devices in a network
Address Resolution Protocol (ARP) resolves:
IPv4 addresses to media access control (MAC) addresses.
Media Access Controls (MACs) are also called:
physical addresses, or hardware addresses
Once a packet gets to a destination network it uses:
the MAC address to get it to the correct host
TCP/IP uses the:
IP address to get a packet to a destination network
Address Resolution Protocol (ARP) poisoning attacks use:
ARP packets to give clients false hardware address updates and attackers use it to redirect or interrupt network traffic
Neighbor Discovery Protocol (NDP) performs:
autoconfiguration of device IPv6 addresses and discovers other IPv6 devices on the network such as the address of the default gateway
UDP is commonly used instead of TCP as the underlying protocol with:
voice and video streaming
The Real-time Transport Protocol (RTP) delivers:
audio and video over IP networks. This includes VoIP, communications, streaming media, video teleconferencing applications, and devices using web-based push-to-talk features
The Secure Real-time Transport Protocol (SRTP) provides:
encryption, message authentication, and integrity for RTP
Secure Real-time Transport Protocol (SRTP) helps:
protect the confidentiality of data from these attacks while also ensuring the integrity of the data transmissions.
Secure Real-time Transport Protocol (SRTP) protects against:
replay attacks
Secure Real-time Transport Protocol (SRTP) can be used for both:
unicast transmissions (such as one person calling another)
multicast transmissions where one person sends traffic to multiple recipients
In a replay attack:
an attacker captures data sent between two entities, modifies it, and then attempts to impersonate one of the parties by replaying the data
Data-in-transit is:
any traffic sent over a network
File Transfer Protocol (FTP):
uploads and downloads large files to and from an FTP server
By default, File Transfer Protocol (FTP):
transmits data in cleartext, making it easy for an attacker to capture and read FTP data with a protocol analyzer
File Transfer Protocol (FTP) active mode uses:
TCP port 21 for control signals
TCP 20 for data
File Transfer Protocol (FTP) passive mode (also known as PASV) uses:
TCP port 21 for control signals
a random TCP port for data
If File Transfer Protocol (FTP) traffic is going through a firewall:
the random port is often blocked, so it is best to disable PASV in FTP clients
Trivial File Transfer Protocol (TFTP) uses:
UDP port 69 and is used to transfer smaller amounts of data, such as when communicating with network devices
Most administrators commonly disable Trivial File Transfer Protocol (TFTP) because:
TFTP is not an essential protocol on most networks
Secure Shell (SSH) encrypts:
traffic in transit and can be used to encrypt other protocols such as FTP
Telnet sends:
traffic over the network in cleartext
Administrators commonly use:
Secure Shell (SSH) to remotely administer systems
Secure Copy (SCP) is based:
on SSH and is used to copy encrypted files over a network
The Secure Sockets Layer (SSL) protocol was:
the primary method used to secure HTTP traffic as HTTPS
Secure Sockets Layer (SSL) can also encrypt:
other types of traffic, such as SMTP and Lightweight Directory Access Protocol (LDAP)
Secure Sockets Layer (SSL) is not recommended for use because:
it has been compromised
The Transport Layer Security (TLS) protocol is:
the designated replacement for SSL and should be used instead of SSL
Many protocols that support Transport Layer Security use:
STARTTLS
STARTTLS is:
a command used to upgrade an unencrypted connection on the same port as TLS
Internet Protocol security (IPsec) is used to:
encrypt IP traffic.
Internet Protocol security (IPsec) uses:
Tunnel mode to protect virtual private network (VPN) traffic and it also encapsulates and encrypts IP packet payloads
the Internet Key Exchange (IKE) over UDP port 500 to create a security association for the VPN
IPsec includes two main components:
Authentication Header (AH), identified by protocol ID number 51
Encapsulating Security Payload (ESP), identified by protocol ID number 50
Secure File Transfer Protocol (SFTP) is:
a secure implementation of FTP
an extension of Secure Shell (SSH) using SSH to transmit the files in an encrypted format
SFTP transmit:
data using TCP port 22
File Transfer Protocol Secure (FTPS) is:
an extension of FTP and uses TLS to encrypt FTP traffic
What ports does FTPS use?
some implementations of FTPS use TCP ports 989 and 990
However, TLS can also encrypt the traffic over the ports used by FTP (20 and 21)
A team at Google discovered a serious vulnerability with SSL that they nicknamed:
the POODLE attack (Padding Oracle on Downgraded Legacy Encryption)
Some common use cases related to email are:
send and receive email
send and receive secure email
manage email folders
Some common use cases for internal employees related to the web are:
to provide access to the Internet
provide secure access to the Internet
For organizations who host web servers the common use case is:
to provide access to web servers by external clients
Some common protocols used for email and web include:
Simple Mail Transfer Protocol (SMTP)
Post Office Protocol v3 (POP3) and Secure POP
Internet Message Access Protocol version 4 (IMAP4) and Secure IMAP
Hypertext Transfer Protocol (HTTP)
Hypertext Transfer Protocol Secure (HTTPS)
Simple Mail Transfer Protocol (SMTP) transfers:
emails between clients and SMTP servers
What ports do SMTP use?
TCP port 25
unofficially port 465 with SSL and port 587 with TLS
It is recommended the SMTP use:
STARTTLS to initialize a secure connection
Post Office Protocol v3 (POP3) transfers:
emails from servers down to clients
What port does POP3 use?
TCP port 110
Secure POP3 encrypts:
the transmission with SSL or TLS
What port does Secure POP3 use?
TCP port 995
STARTTLS recommends you create a secure connection for POP3 on port:
110
Internet Message Access Protocol version 4 (IMAP4) is used:
to store email on an email server
Internet Message Access Protocol version 4 (IMAP4) allows:
a user to organize and manage email in folders on the server
Hypertext Transfer Protocol (HTTP) transmits:
web traffic on the Internet and in intranets
Web servers use HTTP to:
transmit web pages to clients’ web browsers
HTTP uses which port?
TCP port 80
Hypertext Markup Language (HTML) is:
the common language used to display the web pages
Hypertext Transfer Protocol Secure (HTTPS):
encrypts web traffic to ensure it is secure while in transmit
HTTPS is encrypted with either:
SSL or TLS
What port does HTTPS use?
TCP port 443
Network operating systems commonly use a:
directory service to streamline management and implement security
Microsoft Active Directory Domain Services (AD DS) provides:
the means for administrators to create user objects for each authorized user and computer objects for each authorized computer
Many Linux administrators use Netcat when:
connecting to remote systems for administration, and secure the Netcat transmissions with SSH
Administrators and clients often use Remote Desktop Protocol (RDP) to:
connect to other systems from remote location.
Remote Desktop Protocol (RDP) uses which ports?
TCP 3389 (most common)
UDP 3389
A common reason why users are unable to connect to systems with RDP is that:
port 3389 is blocked on a host-based or network firewall
Kerberos requires all systems to be:
synchronized and be within five minutes of each other
Network Time Protocol (NTP) is:
the most commonly used protocol for time synchronization, allowing systems to synchronize their time to within tens of milliseconds
What is the difference between NTP and SNTP?
NTP uses complex algorithms and queries multiple time servers to identify the most accurate time.
SNTP does not
Network address allocation refers to:
allocating IP addresses to hosts within your network
Most networks use Dynamic Host Configuration Protocol (DHCP) to:
dynamically assign IP addresses to hosts
assign other TCP/IP information, such as subnet masks, default gateways, DNS server addresses, and much more
IPv4 uses:
32-bit IP addresses expressed in dotted decimal format
All Internet IP addresses are:
public IP addresses
All internal IP addresses are:
private IP addresses
Public IP addresses are:
tightly controlled
You can’t just use any public IP address you must either:
purchase or rent it
Internet Service Providers (ISPs) purchase:
entire ranges of IP addresses and issue them to customers
Routers on the Internet include:
rules to drop any traffic that is coming from or going to a private IP address, so you cannot allocate private IP addresses on the Internet
RFC 1918 specifies the following private address ranges:
(10. x.y.z.) 10.0.0.0 through 10.255.255.255
(172. 16.y.z-172.31.y.z.) 172.16.0.0 through 172.31.255.255
(192. 168.y.z.) 192.168.0.0 through 192.168.255.255
The Internet Assigned Numbers Authority (IANA) assigned:
the last block of IPv4 addresses in February 2011
The Internet Engineering Task Force (IETF) created:
IPv6, which provides a significantly larger address space than IPv4
IPv6 uses:
128-bit IP addresses expressed in hexadecimal format
Each hexadecimal character is composed of:
4 bits
IPv6 are only allocated:
within private networks and not assigned to systems on the Internet
Unique local addresses start with the prefix of:
fc00
The primary purpose of Domain Name System (DNS) is:
for domain name resolution
Domain Name System (DNS) resolves:
host names to IP addresses
When the DNS server queries other DNS servers, it:
puts the answer in its cache so that it doesn’t have to do the same query again
When clients receive answers from DNS servers, they:
store the answer in their cache so that they don’t have to repeat the query
DNS servers host data in zones, which you can think of as:
databases
DNS zones include:
A
AAAA
PTR
MX
CNAME
SOA