Chapter 3 Exploring Network Technology and Tools Flashcards
A use case typically describes an organizational goal and administrators enable specific protocols to meet organizational goals.
Protocols used for voice and video include Real-time Transport Protocol (RTP) and Secure Real-time Transport Protocol (SRTP). SRTP provides encryption, message authentication, and integrity for RTP.
File Transfer Protocol (FTP) is commonly used to transfer files over networks, but FTP does not encrypt the transmission.
Several encryption protocols encrypt data-in-transit to protect its confidentiality. They include File Transfer Protocol Secure (FTPS), Secure File Transfer Protocol (SFTP), Secure Shell (SSH), Secure Sockets Layer (SSL), and Transport Layer Security (TLS).
SMTP sends email using TCP port 25. POP3 receives email using TCP port 110. IMAP4 uses TCP port 143. Secure POP uses TLS on port 995 (legacy) or with STARTTLS on port 110. Secure IMAP uses TLS on port 993 (legacy) or with STARTTLS on port 143.
HTTP uses port 80 for web traffic.
HTTPS encrypts HTTP traffic in transit and uses port 443.
Directory services solutions implement Kerberos as the authentication protocol. They also use Lightweight Directory Access Protocol (LDAP) over TCP port 389 and LDAP Secure (LDAPS) over TCP port 636.
Administrators commonly connect to remote systems using SSH instead of Telnet because SSH encrypts the connection. Administrators also use Remote Desktop Protocol (RDP) to connect to remote systems using TCP port 3389.
The Network Time Protocol (NTP) provides time synchronization services.
Domain Name System (DNS) provides domain name resolution. DNS zones include A records for IPv4 addresses and AAAA records for IPv6 addresses.
Zone data is updated with zone transfers and secure zone transfers help prevent unauthorized access to zone data. DNS uses TCP port 53 for zone transfers and UDP port 53 for DNS client queries.
Domain Name System Security Extensions (DNSSEC) provides validation for DNS responses and helps prevent DNS poisoning attacks.
Two command-line tools used to query DNS are nslookup and dig. Both support the axfr switch, allowing them to download all zone data from a DNS server, unless the DNS server blocks the attempt.
Switches are used for network connectivity and they map media access control (MAC) addresses to physical ports.
Port security limits access to switch ports. It includes limiting the number of MAC addresses per port and disabling unused ports. You can also manually map each port to a specific MAC address or group of addresses.
An aggregation switch connects multiple switches together in a network.
Routers connect networks and direct traffic based on the destination IP address. Routers (and firewalls) use rules within access control lists (ACLs) to allow or block traffic.
Implicit deny indicates that unless something is explicitly allowed, it is denied. It is the last rule in an ACL.Host-based firewalls (sometimes called application-based) filter traffic in and out of individual hosts. Some Linux systems use iptables or xtables for firewall capabilities.
Network-based firewalls filter traffic in and out of a network. They are placed on the border of the network, such as between the Internet and an internal network.
A stateless firewall controls traffic between networks using rules within an ACL. The ACL can block traffic based on ports, IP addresses, subnets, and some protocols. Stateful firewalls filter traffic based on the state of a packet within a session.
A web application firewall (WAF) protects a web server against web application attacks. It is typically placed in the demilitarized zone (DMZ) and will alert administrators of suspicious events.
A DMZ provides a layer of protection for servers that are accessible from the Internet.
An intranet is an internal network. People use the intranet to communicate and share content with each other.
An extranet is part of a network that can be accessed by authorized entities from outside of the network.
NAT translates public IP addresses to private IP addresses, private back to public, and hides IP addresses on the internal network from users on the Internet.
Networks use various methods to provide network segregation, segmentation, and isolation.
An airgap is a metaphor for physical isolation, indicating a system or network is completely isolated from another system or network.
Routers provide logical separation and segmentation using ACLs to control traffic.
Forward proxy servers forward requests for services from a client. It can cache content and record users’ Internet activity. A transparent proxy accepts and forwards requests without modifying them. A nontransparent proxy can modify or filter requests, such as filtering traffic based on destination URLs.