Chapter 3: Secure Network Architecture and Securing Network Components Flashcards
1
Q
What is OSI?
A
Open Systems Interconnect
2
Q
What are the layers of the OSI model?
A
- Physical
- Data Link
- Network
- Transport
- Session
- Presentation
7 Application
3
Q
What does the Physical Layer in the OSI model do?
A
The physical layer accepts the frame from the data link layer and converts it into bits for transmission over the physical media, and vice versa. It contains device drivers.
4
Q
What are some examples of specifications or protocols that operate at the physical layer?
A
EIA/TIA-232 and EIA/TIA-449, X.21, High-Speed Serial Interface (HSSI), Synchronous Optical Network (SONET), V.24 and V.35
5
Q
What network hardware devices operate at the phyical layer?
A
NICs, hubs, repeaters, concentrators, amplifiers.
6
Q
What is the Data Link Layer?
A
This layer is responsible for formatting the packet from the Network layer into the proper format for transmission, and vice versa.
7
Q
What are some examples of protocols that operate at the data link layer?
A
SLIP, PPP, ARP, RARP, L2F (Layer 2 Forwarding), L2TP (Layer 2 Tunneling Protocol), PPTP (Point-to-Point Tunneling Protocol), ISDN.
8
Q
What network hardware devices operate at the data link layer?
A
Switches and bridges. These support MAC-based traffic routing.
9
Q
Which are the 2 protocols we need to be familiar with at the Data Link Layer?
A
ARP and RARP
10
Q
What does ARP do?
A
ARP is the Address Resolution Protocol. It maps IP addresses to MAC addresses.
11
Q
What does RARP do?
A
RARP is the Reverse Address Resolution Protocol. It maps MAC addresses to IP addresses.
12
Q
What is the Network Layer?
A
The Network Layer is responsible for adding routing and addressing information to the data. It is not responsible for guaranteeing delivery, but does manage error detection and traffic control.
13
Q
What protocols operate at the Network Layer?
A
Internet Control Message Protocol (ICMP) Routing Information Protocol (RIP) Open Shortest Path First (OSPF) Border Gateway Protocol (BGP) Internet Group Management Protocol (IGMP) Internet Protocol (IP) Internet Protocol Security (IPSec) Internetwork Packet Exchange (IPX) Network Address Translation (NAT) Simple Key Management for Internet Protocols (SKIP)
14
Q
What hardware devices operate at layer 3?
A
Routers and bridge routers (brouters).
15
Q
What is the Transport Layer?
A
The layer responsible for managing the integrity of a connection and controlling the session. This layer defines how much data a segment can contain, how to verify data integrity, and how to determine if data has been lost.
16
Q
What protocols operate at the Transport Layer?
A
TCP, UDP, Sequenced Packet Exchange (SPX), SSL, TLS.
17
Q
What is the session layer?
A
The layer responsible for establishing, maintaining, and terminating communications sessions between computers. Controls simplex/duplex. Retransmits lots or damaged segments.
18
Q
What protocols operate at the session layer?
A
NFS, SQL, RPC
19
Q
What is the presentation Layer?
A
The layer responsible for transforming data received from the Application layer into a format that any system following the OSI model can understand. Imposes common or standardized structure and formatting rules onto the data. Responsible for encryption and compression.
Most file or data formats are at this layer.
20
Q
What protocols operate at the Presentation Layer?
A
ASCII, EBCDICM (Extended Binary-Coded Decimal Interchange Mode), TIFF, JPEG, MPEG, MIDI
21
Q
What is the Application Layer?
A
The application layer is responsible for interfacng user applications, network services, or the operating system with the protocol stack. It determines whether a remote communcations partner is available, and whether sufficient resources are available to support the requested communications.
22
Q
What protocols operate at the Application layer?
A
HTTP, FTP, LPD, SMTL, TFTP, EDI (Electronic Data INterchange), POP3, IMAP, SNMP, NNTP, S_RPC, SET (Secure Electronic Transaction).
23
Q
What hardware pr services operate at the application layer?
A
Gateways, application layer firewalls, some filtering software.
24
Q
What are the layers of the TCP/IP model?
A
Application
Transport
Internet
Link
25
How do the TCP/IP layers map to the OSI layers?
Application: Application/Presentation?Session
Transport: Transport
Internet: Network
Link: Data Link/Physical
26
What TCP/IP protocols operate at the Application Layer?
FTP, Telnet, SNMP, LPD, TFTP, SMTP, NFS, X Windows
27
What TCP/IP protocols operate at the Transport layer?
TCP, UDP
28
What TCP/IP protocols operate at the Internet Layer?
ICMP, IGMP, IP
29
What TCP/IP protocols operate at the Link Layer?
Ethernet, Fast Ethernet, Token Ring, FDDI
30
What are the first 1024 TCP/UDP ports called?
Well-known ports or service ports.
31
What does the ACK TCP header flag mean?
Acknowlegement - Acknowledges a synchronization or shutdown request
32
What does the RST TCP header flag mean?
Reset - Causes immediate disconnect of the TCP session
33
What does the SYN TCP header flag mean?
Synchronization - Requests synchronization with new sequencing numbers
34
What doe sthe FIN TCP header flag mean?
Finish - Requests graceful shutdown of the TCP session
35
What is IP?
IP is the Internet Protocol. It is a connectionless and unreliable datagram protocol. It contains ICMP, IGMP, and ARP.
36
What is IGMP for?
Multicasting
37
What are class D networks?
Class D networks have addresses starting with 1110, or decimal 224-239, and are for multicast traffic.
38
What are class E networks?
Class E networks have addresses starting with 1111, or decimal 240-255, and are for experimental use.
39
What is the CIDR equivalent of a class A network?
/8
40
What is the CIDR equivalent of a class B network?
/16
41
What is the CIDR equivalent of a class C network?
/24
42
What is ICMP?
Internet Control Message Protocol. ICMP is used to determine the health of a network or specific link. Applications: ping, traceroute, pathping
43
What port does telnet operate on?
23/tcp
44
What is typically on port 23/tcp?
telnet
45
What port(s) does ftp operate on
20, 21
46
What is typicall on ports 20/tcp and 21/tcp
FTP.
47
What ports does TFTP operate on
69/udp
48
What is typically on port 69/udp
TFTP
49
What port does SMTP operate on?
25/tcp
50
What is typically on port 25/tcp
SMTP
51
What port does POP3 operate on?
110/tcp
52
What is typically on port 110/tcp
POP3
53
What port does IMAP operate on?
143/tcp
54
What is typically on port 143/tcp
IMAP
55
What port does DHCP operate on?
67/tdp and 68/udp
56
What is typically on ports 67/udp and 68/udp
DHCP/bootp
57
What port does HTTP operate on?
80
58
What is typically on port 80/tcp
HTTP
59
What port does SSL operate on?
443
60
What is typically on port 443?
SSL
61
What port does LPD operate on?
515/tcp
62
What is typically on port 515/tcp?
LPD
63
What ports does X Windows use?
6000-6063/tcp
64
What is typically on port 6000-63/tcp
X Windows
65
What ports does bootp/DHCP use?
67/udp, 68/udp
66
What port does NFS use?
2049/tcp
67
What is typically on port 2049/tcp?
NFS
68
What port doe SNMP use?
161/udp, 162/udp for trap messages
69
What is typically on port 161/udp?
SNMP
70
What is typically on port 162/udp?
SNMP trap messages
71
What is an intranet?
An intranet is a private network that is designed to host the same information services found on the Internet.
72
What is an extranet?
An extranet is a section of an organization's network that has been sectioned off so that it acts as an intranet for the private network, but also serves information to the public Internet. It's often reserved for use by specific partners or customers, and is rarely on a public network. Often requires a VPN for access.
An extranet for public consumption is typically called a DMZ or perimeter network.
73
Why segment networks?
Boost performance by localizing communications.
Reduce communications problems like congestion or broadcast storms.
Provide security by isolating traffic and user access to those segments where they are authorized.
74
How do you segment a network?
Switch-based VLANs, routers, firewalls.
75
What are firewalls for?
Blocking malicious traffic from the internet from entering a private network.
76
What are firewalls typically not able to do?
Block viruses or malicious code
77
What, beyond network traffic, should firewalls log?
Rebooting the firewall
Proxies or other dependencies not starting
Proxies or other important services crashing or restarting
Changes to the firewall configuration
A configuration or system error while the firewall is running.
78
Are there risks to reliance on firewalls?
Yes. Typically, they are a single point of failure.
79
What are the four basic types of firewalls?
Static packet-filtering firewalls
Application-level gateways
Circuit-level gateways
Stateful inspection firewalls
80
What is a static packet-filtering firewall?
Filters traffic by examining the message header, typically source, destination, and port. Can be spoofed. Layer 3.
81
What is an application-level gateway firewall?
A firewall that filters traffic based on the Internet service used to transmit or receive the data. Each type of application has to have its own proxy server. An application-level gateway firewall comprises numerous individual proxy servers. Second generation. Operates at layer 7. Also known as proxy firewalls.
82
What is a circuit-level gateway?
Used to establish communication sessions between trusted partners. Layer 5.
83
What is a stateful-inspection firewall?
Evaluates the state or context of network traffic. More efficient than application-level gateway firewalls. Third generation firewalls, operate at Network and Transport layers (3/4).
84
What are Multihomed Firewalls?
Firewalls with more than one interface
85
What is a dual-homed firewall?
A firewall with two interfaces. All useful firewalls must be dual-homed (or more).
86
Describe the Single-tier firewall deployment architecture.
Internet -> Border router -> Firewall -> Private Network
87
Describe the Two-tier I firewall deployment architecture.
Internet -> Border router -> Firewall -> DMZ and Private network
88
Describe the Two-tier II firewall deployment architecture.
Internet -> Border router -> Firewall -> DMZ -> Firewall -> Private Network.
Basically, instead of having the DMZ and Private Network both behind one firewall, there's a firewall between the DMZ an Private Network.
89
Describe the Three-tier I firewall deployment architecture.
Internet -> Router -> Firewall -> DMZ -> Firwall -> Transaction Subnet -> Firewall -> Private Network
90
Describe the Three-tier II firewall deployment architecture
Internet -> Router ->Firewall -> DMZ and Transaction Subnet -> Firewall -> Private Network
91
What is a DMZ for?
A DMZ is used to host information server systems that external users should have access to.
92
What is Endpoint Security?
Endpoint security is the concept that each individual device must maintain local security whether or not its network or telecommuncations channels also provide or offer security.
93
What is a hub?
A hub is a network device that connects multiple systems that use the same protocol by repeating inbound traffic over all outbound ports. Layer 1.
94
What is a switch?
A switch is a network device that repeats inbound traffic only on outbound ports on which the destination is known to exist. Layer 2.
95
What is a router?
Used to control traffic flow on networks, often used to control traffic flow between two similar networks. Level 3.
96
What is a brouter?
A combination router and bridge. Primarily operates at layer 3, can operate at layer 2.
97
What is a gateway?
A network device that connects networks that use different network protocols. Layer 7.
98
What is a proxy?
A gateway that doesn't translate across protocols. They serve as mediators, filters, caching servers, NAT/PAT servers for a network.
99
What is the max speed of 10Base2?
10Mbps
100
What is the max speed of 10Base5?
10Mbps
101
What is the max speed of 10BaseT (UTP)?
10 Mbps
102
What is the max speed of STP?
155 Mbps
103
What is the max speed of 100Base-T/100Base-TX?
100 Mbps
104
What is the max speed of 1000Base-T?
1 Gbps
105
What is the max speed of fiber-optic?
2+ Gbps
106
What is the max distance of 10Base-2?
185 meters
107
What is the max distance of 10Base-5?
500 meters
108
What is the max distance of 10Base-T (UTP)?
100 meters
109
What is the max distance of STP?
100 meters
110
What is the max distance of 100Base-T/TX?
100 meters
111
What is the max distance of 1000Base-T?
100 meters
112
What is the max distance of fiber-optic?
2+ km
113
What is the relative installation difficulty of 10Base2?
Medium
114
What is the relative installation difficulty of 10Base5?
High
115
What is the relative installation difficulty of 10Base-T (UTP)?
Low
116
What is the relative installation difficulty of STP?
Medium
117
What is the relative installation difficulty of 100Base-T/TX?
Low
118
What is the relative installation difficulty of 1000Base-T?
Low
119
What is the relative installation difficulty of fiber-optic?
Very high
120
What is the relative EMI susceptibility of 10Base2?
Medium
121
What is the relative EMI susceptibility of 10Base5?
Low
122
What is the relative EMI susceptibility of 10Base-T?
High
123
What is the relative EMI susceptibility of STP?
Medium
124
What is the relative EMI susceptibility of 100Base-T/TX?
High
125
What is the relative EMI susceptibility of 1000Base-T?
High
126
What is the relative EMI susceptibility of fibre-optic?
None
127
What is the relative cost of 10Base2?
Medium
128
What is the relative cost of 10Base5?
High
129
What is the relative cost of 10BaseT (UTP)?
Very Low
130
What is the relative cost of STP?
High
131
What is the relative cost of 100Base-T/TX?
Low
132
What is the relative cost of 1000Base-T?
Medium
133
What is the relative cost of fibre-optic?
Very high
134
Describe Cat 1
Voice only. Not suitable for networks, usable by modems
135
Describe Cat 2
4 Mbps, not suitable for most networks, often used for host-to-terminal connections on mainframes
136
Describe Cat 3
10 Mbps. Primarily used in 10Base-T Ethernet. Only 4 Mbps when used for token ring. Also for telephone cables.
137
Describe Cat 4
16 Mbps. Primarily used in token ring networks
138
Describe Cat 5
100 Mbps. 100Base-TX, FDDI, ATM
139
Describe Cat 6
1,000 Mbps. Used in high speed networks
140
Describe Cat 7
10 Gbps. Used on 10 gig networks
141
What is the frequency range of radio waves?
3 Hz to 300 GHz.
142
What is the most commonly used frequencies for wireless products, and why?
900 Mhz, 2.4 GHz, 5 GHz. They are unlicensed.
143
What is Spread Spectrum?
Communication occurs over mulitple frequencies at the same time. Essentially parallel communication.
144
What is Frequency Hopping Spread Spectrum
An early implementation of the spread spectrum concept, it transmits data in series while constantly changing frequency. Minimizes interference because interference will probably not affect all the frequencies in use.
145
What is Direct Sequence Spread Spectrum?
A Spread Spectrum implementation that uses all the frequencies available at the same time. Uses a chipping code to allow the receiver to reconstruct missing data if part of it is corrupted in transit.
146
What is Orthogonal Frequency-Division Multiplexing?
Employs a digital multicarrier modulation scheme that allows for more tightly compatcted transmission. Signals within the transmission don't interfere with one another. Uses a smaller freuency set but can offer greater throughput.
147
What is IEEE 801.20?
A 4G wireless phone standard for mobile broadband.
148
What is LTE?
"Long Term Evolution", a 4G wireless phone network.
149
What is WAP?
Wireless Application Protocol. Cell phones communicate with the carrier network and are gatewayed to the Internet. It's a suite of protocols that work together. Mostly not used anymore, having been supplanted by 3G/4G technologies like GSM, EDGE, HPDSA, LTE).
This is not the WAP that your home router uses.
150
What is WTLS?
A security protocol that works with WAP analagously to how SSL and TLS work.
151
What is "the gap in the WAP"?
CALEA requires all telcos to make it possible to wiretap voice and data communications when a search warrant is provided. To do this, WAP encrypted traffic is decrypted at the telco before being reencapsulated by SSL, TLS, IPSec, etc.
152
What is bluetooth?
A "personal area network" technology. Generally devices connect by pairing, usually using a 4 digit PIN. Should generally not be used for anything sensitive as its security is usually poor.
153
What is bluejacking?
An attack on bluetooth devides that allows an attacker to transmit SMS like messages to a device.
154
What is bluesnarfing?
An attack on bluetooth devices that allows hackers to connect with a bluetooth device without the user's knowledge and extract information from them.
155
What is bluebugging?
An attack that grants remote attackers control over the features and functions of a bluetooth device.
156
What is the typical range of bluetooth?
Generally less than 30 feet, but sometimes as much as 100 meters or more.
157
What are the benefits of 802.11 wireless networking?
Easy to deploy, and low cost.
158
What are the two kinds of wireless networks?
ad-hoc and infrastructure
159
What is an ad-hoc wireless network?
One in which wireless clients connect directly without the use of a wireless access point.
160
What is an infrastructure wireless network?
One in which wireless clients connect to a wireless access point.
161
What is a stand-alone mode infrastructure wireless network?
One in which the wireless devices aren't connected to any wired networks.
162
What is a wired extension mode wireless network?
One in which the wireless access point acts as a connection point to link the wireless clients to the wired network.
163
What is n enterprise extended mode infrastructure wireless network?
Multiple WAPs are used to connect clients to the same network over a wider geographic area.
164
What is a bridge mode infrastructure?
A wireless network is used to link two wired networks.
165
What is SSID?
Service Set Identifier. It's used to differentiate one wireless network from another.
166
What are the two methods wireless clients can use to authenticate to WAPs?
Open System Authentication (OSA) == no real authentication required.
Shared Key Authentication (SKA) == challenge handshake authentication must happen before network communication can occur
167
What optional encryption technique does 802.11 define?
WEP, or Wired Equivalent Privacy, which uses RC4, a symmetric stream cipher.
168
What are the problems with WEP?
It uses static keys, weak initialization vectors, and doesn't maintain true packet integrity. It can be cracked in under a minute.
169
What is WPA?
WPA is an interim solution to the problems of WEP. Vulnerable to brute force guessing.
170
What is WPA2?
An effective mechanism for securing wireless networks. Uses AES.
171
How should you secure a wireless network?
1. Change the default administrator password
2. Disable SSID broadcast
3. Change the SSID to something unique
4. Enable MAC filtering if the pool of wireless clients is relatively small and static
5. Consider using static IP addresses, or configure DHCP with reservations
6. Turn on the highest form of authentication and encryption supported (prefereably WPA-2)
7. Treat wireless as remote access, and manage using 802.1X.
8. Treat wireless as external access, and separate the WAP from the wired network using a firewall.
9. Treat wireless as an entry point for attackers, and monitor all WAP to wired network communcations with an IDS.
10. Require all transmissions between wireless clients and WAPs to be encrypted (VPN link)
172
What are the 4 802.11 amendments that definte unqiue frequencie and speeds of transmission?
802.11a, 802.11b, 802.11g, 802.11n
173
What is the speed and frequency of 802.11a?
54 Mbps, 5 GHz
174
What is the speed and frequency of 802.11b
11 Mbps, 2.4 GHz
175
What is the speed and frequency of 802.11g?
54 Mbps, 2.4 GHz
176
What is the speed and frequency of 802.11n?
600 Mbps, 2.4 or 5 GHz
177
Define network topology?
The physical layout and organization of computers and networking devices.
178
What are the four basic network topologies?
ring, bus, star, mesh
179
What is a ring topology?
Each system is a point on a circle. Only one system can transmit at a time. Token-based traffic management.
180
What is a bus topology?
Each system connects to a trunk or backbone. All systems can transmit at any time, which can cause collisions.
181
What is a star topology?
Each system is connected to a central hub or switch. The hub is a single point of failure, but the link between any one device and the hub can only impact that device. Usually has less cabling than other topologies.
182
What is a mesh topology?
Systems are connected to other systems using numerous paths. A full mesh topology means every system is connected to every other system. Primary benefit is redundancy.
