Chapter 3: Exploring Network Technologies & Tools Flashcards
What is the Open Systems Interconnection (OSI) model?
A conceptual framework that divides network communication into seven layers, each responsible for specific tasks in data transmission.
What are the seven layers?
Physical, Data, Network, Transport, Session, Presentation, and Application (Please Do Not Throw Sausage Pizza Away).
What is the first layer of the OSI model?
It’s the physical layer, and it’s all about the basic equipment of networking such as copper wires, fiber optic cables, and radio waves.
What is the second layer of the OSI model?
It’s the data link layer where network switches reside. It formats data into data frames and routes it between systems on the local network using their media access control (MAC) addresses.
What is the third layer of the OSI model?
It’s the network layer which introduces IP addresses. At this layer, routers use IP addresses to send info between systems that are not located on the same local network. The Internet Protocol (IP) is the primary protocol used at this layer.
What is the fourth layer of the OSI model?
It’s the transport layer which provides end-to-end communication services for applications. The Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) exist at this layer.
What is the fifth layer of the OSI model?
It’s the session layer which establishes, manages, and terminates sessions between applications running on different devices, allowing them to communicate and exchange data.
What is the sixth layer of the OSI model?
It’s the presentation layer which translates data into a standard format that can be understood by the application layer. It also provides encryption, compression, and other data transformation services.
What is the seventh layer of the OSI model?
It’s the application layer which provides network services to applications, allowing them to communication with other applications over the network.
What is the Transmission Control Protocol (TCP)?
Provides connection-oriented traffic with guaranteed delivery. Uses a three-way handshake.
What is the User Datagram Protcol (UDP)?
Provides connection-less sessions without a three way handshake and no guarantee of delivery.
What is the Internet Protocol (IP)?
A set of rules that defines how data is addressed, routed, and delivered across networks, ensuring devices can communicate with each other.
What is the Internet Control Message Protocol (ICMP)?
A network protocol used for sending error messages and diagnostic information about network operations, such as unreadable destinations or packet loss.
What is the Address Resolution Protocol (ARP)?
A data link layer protocol used to map an IP address to a corresponding MAC address within a local network, enabling devices to communicate directly.
What is Data In Transit?
Any traffic sent over a network.
What is Personally Identifiable Information (PII)?
Any info that can be used to identify an individual (e.g. full legal name, SSN, date of birth).
What is the File Transfer Protocol (FTP)?
A standard protocol used for transferring files between a client and server over a network, allowing users to upload, download, and manage files remotely. It is not secure.
What is the Trivial File Transfer Protocol (TFTP)?
A simple, lightweight protocol for transferring files over a network, using UDP for faster but less reliable communication lacking authentication. It is not secure.
What is the Secure Socket Layer (SSL)?
A cryptographic protocol that provides secure communication over a network by encrypting data, authenticating parties, and ensuring integrity, though it is largely replaced by TLS since it has been compromised.
What is the Transport Layer Security (TLS)?
A cryptographic protocol that provides secure communication over a network by encrypting data, authenticating parties, and ensuring data integrity, replacing SSL as the modern security standard.
What is the Internet Protocol Security (IPSec)?
A suite of protocols used to secure IP communications by encrypting and authenticating each packet of data, providing confidentiality, integrity, and authentication. Commonly used in VPNs.
What is the Secure Shell (SSH)?
A cryptographic network protocol that provides secure remote access to devices, allowing users to execute commands and transfer files securely over an insecure network.
What is the Secure Copy Protocol (SCP)?
A network protocol for securely transferring files between a local and a remote machine, or between two remote machines, using SSH encryption for protection.
What is the Secure File Transfer Protocol (SFTP)?
A secure file transfer protocol that operates over SSH to encrypt data, provide authentication, and ensure data integrity during file transfers.
What is the File Transfer Protocol Secure (FTPS)?
A secure extension of FTP that uses SSL/TLS encryption to protect file transfers, ensuring data confidentiality, authentication, and integrity.
What is the Simple Mail Transfer Protocol (SMTP)?
A protocol used for sending and relaying email messages across the Internet, responsible for routing emails from the sender to the recipient’s mail server.
What is the Simple Mail transfer Protocol Secure (SMTPS)?
An extension of SMTP that adds SSL/TLS encryption to ensure secure, encrypted email transmission, protecting the privacy and integrity of email content during transit.
What is the Post Office Protocol (POP3)?
A protocol used by email clients to download emails from a remote mail server to a local device, allowing offline access, with email typically removed from the server after the download.
What is the Secure Post Office Protocol (Secure POP3)?
A secure version of POP3 that encrypt email retrieval and communication between the client and server using SSL/TLS, ensuring privacy and protection during email transfers.
What is the Internet Message Access Protocol (IMAP)?
A protocol that allows email clients to retrieve, manage, and synchronize emails stored on a remote server, enabling access from multiple devices without downloading the emails to the local device.
What is the Secure Internet Message Access Protocol (Secure IMAP)?
A secure version of IMAP that uses SSL/TLS encryption to protect email retrieval and management, ensuring confidentiality and data integrity during communication between the client and server.
What is the Hypertext Transfer Protocol (HTTP)?
A protocol used for transferring hypertext (webpages) over the Internet using a client-server model, where clients send requests and servers respond with the requested data.
What is the Hypertext Transfer Protocol Secure (HTTPS)?
A secure version of HTTP that uses SSL/TLS encryption to protect data during transmission, ensuring privacy, authentication, and data integrity between the client and server.
What is the Sender Policy Framework (SPF)?
An email authentication protocol that uses DNS records to specify authorized mail servers for a domain, helping prevent email spoofing.
What is DomainKeys Identified Mail (DKIM)?
An email authentication method that uses cryptographic signatures to verify a message’s integirty and the sender’s domain.
What is the Domain-based Message Authentication, Reporting, and Conformance (DMARC)?
An email policy and reporting protocol that instructs receivers how to handle messages failing SPF or DKIM and provides visibility into domain abuse.
What is an Email Gateway?
A security tool that filters and protects inbound and outbound email traffic from threats like spam, malware, and phishing.
What is the Lightweight Directory Access Protocol (LDAP)?
A protocol for accessing and managing directory services, often used for centralized authentication and user information lookup.
What is the Real-time Transport Protocol (RTP)?
A protocol for delivering audio and video over IP networks in real time, ensuring proper timing and sequencing of media streams.
What is the Lightweight Directory Access Protocol Secure (LDAPS)?
A secure version of LDAP that uses SSL/TLS encryption to protect directory data during transmission.
What is the Voice over Internet Protocol (VoIP)?
A technology that enables voice communication over IP networks y converting voice into digital data packets.
What is the Secure Real-time Transport Protocol (SRTP)?
An extension of RTP that adds encryption and authentication to protect real-time voice and video communication.
What is the Session Initiation Protocol (SIP)?
A signaling protocol that initiates, manages, and terminates real-time communication sessions like voice and video calls over IP networks.
What is the Remote Desktop Protocol (RDP)?
A protocol developed by Microsoft that allows users to remotely connect to and interact with a computer’s graphical interface over a network.
What is Open Secure Shell (OpenSSH)?
An open-source implementation of the SSH protocol that provides secure remote access, file transfers, and tunneling over an insecure network.
What is the Network Time Protocol (NTP)?
A protocol used to synchronize the clocks of computers over a network, ensuring accurate and consistent time across devices.
What is the Dynamic Host Configuration Protocol (DHCP)?
A network protocol that automatically assigns IP addresses and other configuration details to devices on a network.
What is IPv4?
The fourth version of the Internet Protocol, using 32-bit addresses to uniquely identify devices on a network, providing approximately 4.3 billion unique addresses.
In IPv4, what is Class A?
The IP range 0.0.0.0 to 127.255.255.255, used for large networks (over 16 million addresses).
In IPv4, what is Class B?
The IP range 128.0.0.0 to 191.255.255.255, used for medium-sized networks (up to 65k devices).
In IPv4, what is Class C?
The IP range 192.0.0.0 to 223.255.255.255, used for small networks (up to 254 devices).
What is IPv6?
The latest version of the Internet Protocol, using 128-bit addresses to provide a virtually unlimited number of unique IP addresses.
What is the Domain Name System (DNS)?
A system that translates human-readable domain names into IP addresses, allowing computers to communicate over the Internet.
What is a DNS-A Record?
It maps a domain to an IPv4 address.
What is a DNA-AAAA Record?
It maps a domain name to an IPv6 address.
What is a DNS-PTR Record?
Maps an IP address to a domain for reverse DNS lookups. AKA pointer record.
What is a DNS-MX Record?
Specifies mail servers for receiving email for the domain. AKA mail exchange/exchanger.
What is a DNS-CNAME Record?
Points a domain to another domain, creating an alias.
What is a DNS-SOA Record?
Contains domain DNS zone information, including the primary DNS server and admin email.
What is DNS Poisoning (Spoofing)?
A cyberattack where malicious data is inserted into a DNS cache, causing incorrect IP addresses to be returned and redirecting users to malicious sites.
What is the Domain Name System Security Extensions (DNSsec)?
A set of security extensions to DNS that uses digital signatures and public-key cryptography to protect against DNS spoofing and ensure the integrity of DNS data.
What is Unicast?
A communication method where data is sent from one source to one specific destination device on a network.
What is Broadcast?
A communication method where data is sent from one source to all devices within a network.
Do switches pass broadcast traffic?
Yes.
Do routers pass broadcast traffic?
No.
What is a Switch?
A networking device (2nd layer) that connects devices in a LAN and forwards data based on MAC addresses, improving network efficiency compared to hubs.
What are Hubs?
A basic networking device (1st layer) that broadcasts data to all connected devices in a network, causing inefficient traffic and potential collisions.
In the context of networking, what is Hardening?
The process of configuring switches and other devices in a secure manner.
What is Port Security?
A security feature on network switches that restricts access to switch ports based on specific MAC addresses, helping to prevent unauthorized devices from accessing the network.
What is MAC Filtering?
A security method that controls network access by allowing or denying devices based on their unique MAC addresses.
What is a Switching Loop?
A network issue where multiple active paths between switches cause frames to circulate indefinitely, leading to broadcast storms and performance issues.
What is the Spanning Tree Protocol (SPT)?
A protocol that prevents switching loops by creating a loop-free network topology and dynamically blocking redundant paths, ensuring network stability.
What is the Rapid Spanning Tree Protocol (RSPT)?
An enhanced version of STP that provides faster network convergence by quickly detecting topology changes and reconfiguring paths in a network.
What is Broadcast Storm Prevention?
Techniques to mitigate broadcast storms, such as STP to eliminate loops and rate limiting to control excessive broadcast traffic.
What is Loop Prevention?
Techniques, such as STP, used to eliminate network loops by blocking redundant paths and ensuring a loop-free topology.
What is the Bridge Protocol Data Unit (BPDU)?
A message exchanged between switches that contains topology information used by STP to prevent loops and maintain a loop-free network topology.
What are Edge Ports?
A switch port connected to an end device that is treated as always forwarding in STP, reducing convergence time and avoiding STP processing.
What is BPDU Guard?
A security feature that disables a port if it receives a BPDU, preventing misconfigurations and ensuring edge ports do not participate in STP.
What is a Router?
A network device that forwards data packets between different IP networks or subnets, using IP addresses to determine the best path for data.
What are Access Control Lists (ACLs)?
A set of rules used in networking devices to control traffic by allowing or denying packets based on IP addresses, protocols, or ports.
What is a Port?
A logical endpoint used to identify network services, associated with a port number (e.g. 80 for HTTP) and a physical interface on devices for data transmission.
What is Implicit Deny?
A security principle where any network traffic that doesn’t match an explicit allow rule is automatically denied access by default.
What is the Simple Network Management Protocol (SNMP)?
A protocol used to monitor and manage network devices, allowing admins to collect data, configure devices, and monitor network performance.
What is an SNMP Trap?
Unsolicited notifications sent by network devices to an SNMP manager to alert it of significant events or issues, enabling real-time network monitoring.
What is a Firewall?
A security tool that filters network traffic based on defined rules, protecting networks from unauthorized access and threats.
What is a Stateful Firewall?
A firewall that monitor active connections and makes filtering decisions based on the full context of network traffic.
What is a Stateless Firewall?
A firewall that filters network traffic based solely on predefined rules, inspecting each packet individually without connection context.
What rules are typically within ACLs?
Permissions, Protocol, Source, Destination, and Port.
What is a Web Application Firewall (WAF)?
A security solution that protects web applications by filtering and monitoring HTTP/S traffic to block attacks like SQL injection and cross-site scripting.
What is a Host-based Firewall?
A firewall installed on individual devices to monitor and control network traffic to and from that specific host.
What is a Network-based Firewall?
A firewall that filters and protects traffic flowing between networks, typically placed at a network’s perimeter.
What is a Network Appliance?
A specialized hardware device built to perform dedicated network functions like firewalling, routing, or load balancing.
What is the failure mode Fail-open?
System failure results in traffic being allowed, prioritizing availability over security.
What is the failure mode Fail-close?
System failure results in blocking all traffic, prioritizing security over availability.
What is a Security Zone?
A network segment with defined trust levels and security policies to control traffic and reduce risks.
What is the Intranet?
A private internal network for authorized users within an organization?
What is the Extranet?
A private network that securely connects external partners to an organization’s internal systems.
What is a Screened Subnet (DMZ)?
An isolated network segment that hosts public-facing services, acting as a buffer between the Internet and the internal network.
What is Network Address Translation (NAT)?
A technique for modifying IP addresses in packets to enable multiple devices to share a single public IP address.
What is a Network Address Translation Gateway?
A device that performs NAT to allow multiple devices on a private network to access the Internet using a single public IP address.
What is Port Address Translation (PAT)?
A form of NAT that allows multiple devices on a private network to share a single public IP address by using unique port numbers for each connection?
What is a Static NAT?
A one-to-one mapping between a private IP address and a public IP address that remains constant.
What is a Dynamic NAT?
A type of NAT that maps private IP addresses to a pool of public IP addresses dynamically, using an available IP for each outgoing connection.
What is Physical Isolation?
The separation of networks or systems using distinct hardware to prevent data flow between them, ensuring better security and protection.
What is a Supervisory Control and Data Acquisition (SCADA) system?
A system used for monitoring and controlling industrial processes by collecting real-time data and enabling remote control of devices.
What is an Air Gap?
A security measure where a system is physically isolated from external networks to prevent unauthorized access and cyber threats.
What is Segmentation?
The practice of dividing a network into smaller, isolated parts to improve security, performance, and manageability.
What is a Virtual Local Area Network (VLAN)?
A logical division of a network that isolates traffic within groups of devices, improving security, performance, and management.
What does East-West mean?
Data traffic that moves internally within the same network.
What does North-South mean?
Data traffic that moves between an internal network and external networks, such as the Internet or cloud services.
What is a Proxy Server? AKA Forward Proxy Servers.
A server that acts as an intermediary between a client and the Internet, filtering, caching, and anonymizing web traffic.
What is Caching?
The process of storing frequently accessed data temporarily in a storage area to improve performance by speeding up future access.
What is a Reverse Proxy?
A server that forwards client requests to backend servers and returns their responses, providing load balancing, security, and caching.
What is Unified Threat Management (UTM)?
An integrated security solution that combines multiple network security functions into one platform, providing comprehensive protection against various threats.
What are some UTM capabilities?
URL filtering, malware inspection, content inspection, DDos mitigator.
What is a Jump Server?
A secure server that acts as an intermediary between an external network and an internal network, allowing controlled access to sensitive systems.
What are Implicit Trust Zones?
A network or system area where access is granted without rigorous security checks, assuming all devices or users are trusted by default.
What is Zero Trust Network Access (ZTNA)?
A security model that continuously verifies and authenticates users, devices, and applications, applying least-privilege access and assuming no one, whether inside or outside the network, is trusted by default.
What is Policy Enforcement Point (PEP)?
A component that enforces access control policies and security rules, ensuring only authorized users or devices can access resources based on predefined security decisions.
What is Adaptive Identity?
A dynamic identity management approach that adjusts security measures based on contextual factors and real-time risk assessments to ensure secure access to resources.
What is the Control Plane?
The part of a network or system responsible for making decisions about routing, resource allocation, and network management, directing how traffic should flow through the network.
What is the Data Plane?
The part of a network device responsible for forwarding data packets to their destination based on the decisions made by the control plane, handling real-time data transmission.
What is a Policy Engine (PE)?
A system that evaluates and enforces policies, rules, and security measures to make real-time decisions about access control, compliance, and system behavior.
What is the Policy Administrator (PA)?
A role or system component responsible for defining, configuring, and maintaining security policies, ensuring their consistent enforcement across an organization’s infrastructure.
What is Secure Access Service Edge (SASE)?
A cloud-delivered cybersecurity architecture that combines networking and security services into a unified platform to provide secure, seamless access to applications and data for users and devices.
