Chapter 3: Secure Network Architecture and Securing Network Components Flashcards

Question 1

Q

What is OSI?

Answer

A

Open Systems Interconnect

Question 2

Q

What are the layers of the OSI model?

Answer

A

Physical
Data Link
Network
Transport
Session
Presentation
7 Application

Question 3

Q

What does the Physical Layer in the OSI model do?

Answer

A

The physical layer accepts the frame from the data link layer and converts it into bits for transmission over the physical media, and vice versa. It contains device drivers.

Question 4

Q

What are some examples of specifications or protocols that operate at the physical layer?

Answer

A

EIA/TIA-232 and EIA/TIA-449, X.21, High-Speed Serial Interface (HSSI), Synchronous Optical Network (SONET), V.24 and V.35

Question 5

Q

What network hardware devices operate at the phyical layer?

Answer

A

NICs, hubs, repeaters, concentrators, amplifiers.

Question 6

Q

What is the Data Link Layer?

Answer

A

This layer is responsible for formatting the packet from the Network layer into the proper format for transmission, and vice versa.

Question 7

Q

What are some examples of protocols that operate at the data link layer?

Answer

A

SLIP, PPP, ARP, RARP, L2F (Layer 2 Forwarding), L2TP (Layer 2 Tunneling Protocol), PPTP (Point-to-Point Tunneling Protocol), ISDN.

Question 8

Q

What network hardware devices operate at the data link layer?

Answer

A

Switches and bridges. These support MAC-based traffic routing.

Question 9

Q

Which are the 2 protocols we need to be familiar with at the Data Link Layer?

Answer

A

ARP and RARP

Question 10

Q

What does ARP do?

Answer

A

ARP is the Address Resolution Protocol. It maps IP addresses to MAC addresses.

Question 11

Q

What does RARP do?

Answer

A

RARP is the Reverse Address Resolution Protocol. It maps MAC addresses to IP addresses.

Question 12

Q

What is the Network Layer?

Answer

A

The Network Layer is responsible for adding routing and addressing information to the data. It is not responsible for guaranteeing delivery, but does manage error detection and traffic control.

Question 13

Q

What protocols operate at the Network Layer?

Answer

A

Internet Control Message Protocol (ICMP)
Routing Information Protocol (RIP)
Open Shortest Path First (OSPF)
Border Gateway Protocol (BGP)
Internet Group Management Protocol (IGMP)
Internet Protocol (IP)
Internet Protocol Security (IPSec)
Internetwork Packet Exchange (IPX)
Network Address Translation (NAT)
Simple Key Management for Internet Protocols (SKIP)

Question 14

Q

What hardware devices operate at layer 3?

Answer

A

Routers and bridge routers (brouters).

Question 15

Q

What is the Transport Layer?

Answer

A

The layer responsible for managing the integrity of a connection and controlling the session. This layer defines how much data a segment can contain, how to verify data integrity, and how to determine if data has been lost.

Question 16

Q

What protocols operate at the Transport Layer?

Answer

A

TCP, UDP, Sequenced Packet Exchange (SPX), SSL, TLS.

Question 17

Q

What is the session layer?

Answer

A

The layer responsible for establishing, maintaining, and terminating communications sessions between computers. Controls simplex/duplex. Retransmits lots or damaged segments.

Question 18

Q

What protocols operate at the session layer?

Answer

A

NFS, SQL, RPC

Question 19

Q

What is the presentation Layer?

Answer

A

The layer responsible for transforming data received from the Application layer into a format that any system following the OSI model can understand. Imposes common or standardized structure and formatting rules onto the data. Responsible for encryption and compression.

Most file or data formats are at this layer.

Question 20

Q

What protocols operate at the Presentation Layer?

Answer

A

ASCII, EBCDICM (Extended Binary-Coded Decimal Interchange Mode), TIFF, JPEG, MPEG, MIDI

Question 21

Q

What is the Application Layer?

Answer

A

The application layer is responsible for interfacng user applications, network services, or the operating system with the protocol stack. It determines whether a remote communcations partner is available, and whether sufficient resources are available to support the requested communications.

Question 22

Q

What protocols operate at the Application layer?

Answer

A

HTTP, FTP, LPD, SMTL, TFTP, EDI (Electronic Data INterchange), POP3, IMAP, SNMP, NNTP, S_RPC, SET (Secure Electronic Transaction).

Question 23

Q

What hardware pr services operate at the application layer?

Answer

A

Gateways, application layer firewalls, some filtering software.

Question 24

Q

What are the layers of the TCP/IP model?

Answer

A

Application
Transport
Internet
Link

Question 25

Q

How do the TCP/IP layers map to the OSI layers?

Answer

A

Application: Application/Presentation?Session
Transport: Transport
Internet: Network
Link: Data Link/Physical

Question 26

Q

What TCP/IP protocols operate at the Application Layer?

Answer

A

FTP, Telnet, SNMP, LPD, TFTP, SMTP, NFS, X Windows

Question 27

Q

What TCP/IP protocols operate at the Transport layer?

Question 28

Q

What TCP/IP protocols operate at the Internet Layer?

Answer

A

ICMP, IGMP, IP

Question 29

Q

What TCP/IP protocols operate at the Link Layer?

Answer

A

Ethernet, Fast Ethernet, Token Ring, FDDI

Question 30

Q

What are the first 1024 TCP/UDP ports called?

Answer

A

Well-known ports or service ports.

Question 31

Q

What does the ACK TCP header flag mean?

Answer

A

Acknowlegement - Acknowledges a synchronization or shutdown request

Question 32

Q

What does the RST TCP header flag mean?

Answer

A

Reset - Causes immediate disconnect of the TCP session

Question 33

Q

What does the SYN TCP header flag mean?

Answer

A

Synchronization - Requests synchronization with new sequencing numbers

Question 34

Q

What doe sthe FIN TCP header flag mean?

Answer

A

Finish - Requests graceful shutdown of the TCP session

Question 35

Q

What is IP?

Answer

A

IP is the Internet Protocol. It is a connectionless and unreliable datagram protocol. It contains ICMP, IGMP, and ARP.

Question 36

Q

What is IGMP for?

Answer

A

Multicasting

Question 37

Q

What are class D networks?

Answer

A

Class D networks have addresses starting with 1110, or decimal 224-239, and are for multicast traffic.

Question 38

Q

What are class E networks?

Answer

A

Class E networks have addresses starting with 1111, or decimal 240-255, and are for experimental use.

Question 39

Q

What is the CIDR equivalent of a class A network?

Question 40

Q

What is the CIDR equivalent of a class B network?

Question 41

Q

What is the CIDR equivalent of a class C network?

Question 42

Q

What is ICMP?

Answer

A

Internet Control Message Protocol. ICMP is used to determine the health of a network or specific link. Applications: ping, traceroute, pathping

Question 43

Q

What port does telnet operate on?

Question 44

Q

What is typically on port 23/tcp?

Question 45

Q

What port(s) does ftp operate on

Question 46

Q

What is typicall on ports 20/tcp and 21/tcp

Question 47

Q

What ports does TFTP operate on

Question 48

Q

What is typically on port 69/udp

Question 49

Q

What port does SMTP operate on?

Question 50

Q

What is typically on port 25/tcp

Question 51

Q

What port does POP3 operate on?

Question 52

Q

What is typically on port 110/tcp

Question 53

Q

What port does IMAP operate on?

Question 54

Q

What is typically on port 143/tcp

Question 55

Q

What port does DHCP operate on?

Answer

A

67/tdp and 68/udp

Question 56

Q

What is typically on ports 67/udp and 68/udp

Answer

A

DHCP/bootp

Question 57

Q

What port does HTTP operate on?

Question 58

Q

What is typically on port 80/tcp

Question 59

Q

What port does SSL operate on?

Question 60

Q

What is typically on port 443?

Question 61

Q

What port does LPD operate on?

Question 62

Q

What is typically on port 515/tcp?

Question 63

Q

What ports does X Windows use?

Answer

A

6000-6063/tcp

Question 64

Q

What is typically on port 6000-63/tcp

Answer

A

X Windows

Answer 43

A

67/udp, 68/udp

Answer 44

A

161/udp, 162/udp for trap messages

Answer 45

A

SNMP trap messages

Answer 46

A

An intranet is a private network that is designed to host the same information services found on the Internet.

Answer 47

A

An extranet is a section of an organization’s network that has been sectioned off so that it acts as an intranet for the private network, but also serves information to the public Internet. It’s often reserved for use by specific partners or customers, and is rarely on a public network. Often requires a VPN for access.

An extranet for public consumption is typically called a DMZ or perimeter network.

Answer 48

A

Boost performance by localizing communications.
Reduce communications problems like congestion or broadcast storms.
Provide security by isolating traffic and user access to those segments where they are authorized.

Answer 49

A

Switch-based VLANs, routers, firewalls.

Answer 50

A

Blocking malicious traffic from the internet from entering a private network.

Answer 51

A

Block viruses or malicious code

Answer 52

A

Rebooting the firewall
Proxies or other dependencies not starting
Proxies or other important services crashing or restarting
Changes to the firewall configuration
A configuration or system error while the firewall is running.

Answer 53

A

Yes. Typically, they are a single point of failure.

Answer 54

A

Static packet-filtering firewalls
Application-level gateways
Circuit-level gateways
Stateful inspection firewalls

Answer 55

A

Filters traffic by examining the message header, typically source, destination, and port. Can be spoofed. Layer 3.

Answer 56

A

A firewall that filters traffic based on the Internet service used to transmit or receive the data. Each type of application has to have its own proxy server. An application-level gateway firewall comprises numerous individual proxy servers. Second generation. Operates at layer 7. Also known as proxy firewalls.

Answer 57

A

Used to establish communication sessions between trusted partners. Layer 5.

Answer 58

A

Evaluates the state or context of network traffic. More efficient than application-level gateway firewalls. Third generation firewalls, operate at Network and Transport layers (3/4).

Answer 59

A

Firewalls with more than one interface

Answer 60

A

A firewall with two interfaces. All useful firewalls must be dual-homed (or more).

Answer 61

A

Internet -> Border router -> Firewall -> Private Network

Answer 62

A

Internet -> Border router -> Firewall -> DMZ and Private network

Answer 63

A

Internet -> Border router -> Firewall -> DMZ -> Firewall -> Private Network.

Basically, instead of having the DMZ and Private Network both behind one firewall, there’s a firewall between the DMZ an Private Network.

Answer 64

A

Internet -> Router -> Firewall -> DMZ -> Firwall -> Transaction Subnet -> Firewall -> Private Network

Answer 65

A

Internet -> Router ->Firewall -> DMZ and Transaction Subnet -> Firewall -> Private Network

Answer 66

A

A DMZ is used to host information server systems that external users should have access to.

Answer 67

A

Endpoint security is the concept that each individual device must maintain local security whether or not its network or telecommuncations channels also provide or offer security.

Answer 68

A

A hub is a network device that connects multiple systems that use the same protocol by repeating inbound traffic over all outbound ports. Layer 1.

Answer 69

A

A switch is a network device that repeats inbound traffic only on outbound ports on which the destination is known to exist. Layer 2.

Answer 70

A

Used to control traffic flow on networks, often used to control traffic flow between two similar networks. Level 3.

Answer 71

A

A combination router and bridge. Primarily operates at layer 3, can operate at layer 2.

Answer 72

A

A network device that connects networks that use different network protocols. Layer 7.

Answer 73

A

A gateway that doesn’t translate across protocols. They serve as mediators, filters, caching servers, NAT/PAT servers for a network.

Answer 74

A

185 meters

Answer 75

A

500 meters

Answer 76

A

100 meters

Answer 77

A

100 meters

Answer 78

A

100 meters

Answer 79

A

100 meters

Answer 80

A

Very high

Answer 81

A

Very high

Answer 82

A

Voice only. Not suitable for networks, usable by modems

Answer 83

A

4 Mbps, not suitable for most networks, often used for host-to-terminal connections on mainframes

Answer 84

A

10 Mbps. Primarily used in 10Base-T Ethernet. Only 4 Mbps when used for token ring. Also for telephone cables.

Answer 85

A

16 Mbps. Primarily used in token ring networks

Answer 86

A

100 Mbps. 100Base-TX, FDDI, ATM

Answer 87

A

1,000 Mbps. Used in high speed networks

Answer 88

A

10 Gbps. Used on 10 gig networks

Answer 89

A

3 Hz to 300 GHz.

Answer 90

A

900 Mhz, 2.4 GHz, 5 GHz. They are unlicensed.

Answer 91

A

Communication occurs over mulitple frequencies at the same time. Essentially parallel communication.

Answer 92

A

An early implementation of the spread spectrum concept, it transmits data in series while constantly changing frequency. Minimizes interference because interference will probably not affect all the frequencies in use.

Answer 93

A

A Spread Spectrum implementation that uses all the frequencies available at the same time. Uses a chipping code to allow the receiver to reconstruct missing data if part of it is corrupted in transit.

Answer 94

A

Employs a digital multicarrier modulation scheme that allows for more tightly compatcted transmission. Signals within the transmission don’t interfere with one another. Uses a smaller freuency set but can offer greater throughput.

Answer 95

A

A 4G wireless phone standard for mobile broadband.

Answer 96

A

“Long Term Evolution”, a 4G wireless phone network.

Answer 97

A

Wireless Application Protocol. Cell phones communicate with the carrier network and are gatewayed to the Internet. It’s a suite of protocols that work together. Mostly not used anymore, having been supplanted by 3G/4G technologies like GSM, EDGE, HPDSA, LTE).

This is not the WAP that your home router uses.

Answer 98

A

A security protocol that works with WAP analagously to how SSL and TLS work.

Answer 99

A

CALEA requires all telcos to make it possible to wiretap voice and data communications when a search warrant is provided. To do this, WAP encrypted traffic is decrypted at the telco before being reencapsulated by SSL, TLS, IPSec, etc.

Answer 100

A

A “personal area network” technology. Generally devices connect by pairing, usually using a 4 digit PIN. Should generally not be used for anything sensitive as its security is usually poor.

Answer 101

A

An attack on bluetooth devides that allows an attacker to transmit SMS like messages to a device.

Answer 102

A

An attack on bluetooth devices that allows hackers to connect with a bluetooth device without the user’s knowledge and extract information from them.

Answer 103

A

An attack that grants remote attackers control over the features and functions of a bluetooth device.

Answer 104

A

Generally less than 30 feet, but sometimes as much as 100 meters or more.

Answer 105

A

Easy to deploy, and low cost.

Answer 106

A

ad-hoc and infrastructure

Answer 107

A

One in which wireless clients connect directly without the use of a wireless access point.

Answer 108

A

One in which wireless clients connect to a wireless access point.

Answer 109

A

One in which the wireless devices aren’t connected to any wired networks.

Answer 110

A

One in which the wireless access point acts as a connection point to link the wireless clients to the wired network.

Answer 111

A

Multiple WAPs are used to connect clients to the same network over a wider geographic area.

Answer 112

A

A wireless network is used to link two wired networks.

Answer 113

A

Service Set Identifier. It’s used to differentiate one wireless network from another.

Answer 114

A

Open System Authentication (OSA) == no real authentication required.
Shared Key Authentication (SKA) == challenge handshake authentication must happen before network communication can occur

Answer 115

A

WEP, or Wired Equivalent Privacy, which uses RC4, a symmetric stream cipher.

Answer 116

A

It uses static keys, weak initialization vectors, and doesn’t maintain true packet integrity. It can be cracked in under a minute.

Answer 117

A

WPA is an interim solution to the problems of WEP. Vulnerable to brute force guessing.

Answer 118

A

An effective mechanism for securing wireless networks. Uses AES.

Answer 119

A

Change the default administrator password
Disable SSID broadcast
Change the SSID to something unique
Enable MAC filtering if the pool of wireless clients is relatively small and static
Consider using static IP addresses, or configure DHCP with reservations
Turn on the highest form of authentication and encryption supported (prefereably WPA-2)
Treat wireless as remote access, and manage using 802.1X.
Treat wireless as external access, and separate the WAP from the wired network using a firewall.
Treat wireless as an entry point for attackers, and monitor all WAP to wired network communcations with an IDS.
Require all transmissions between wireless clients and WAPs to be encrypted (VPN link)

Answer 120

A

802.11a, 802.11b, 802.11g, 802.11n

Answer 121

A

54 Mbps, 5 GHz

Answer 122

A

11 Mbps, 2.4 GHz

Answer 123

A

54 Mbps, 2.4 GHz

Answer 124

A

600 Mbps, 2.4 or 5 GHz

Answer 125

A

The physical layout and organization of computers and networking devices.

Answer 126

A

ring, bus, star, mesh

Answer 127

A

Each system is a point on a circle. Only one system can transmit at a time. Token-based traffic management.

Answer 128

A

Each system connects to a trunk or backbone. All systems can transmit at any time, which can cause collisions.

Answer 129

A

Each system is connected to a central hub or switch. The hub is a single point of failure, but the link between any one device and the hub can only impact that device. Usually has less cabling than other topologies.

Answer 130

A

Systems are connected to other systems using numerous paths. A full mesh topology means every system is connected to every other system. Primary benefit is redundancy.

Brainscape's Knowledge GenomeTM

Chapter 3: Secure Network Architecture and Securing Network Components Flashcards

Brainscape's Knowledge Genome^TM