Chapter 3 Understanding Devices and Infrastructure Flashcards
What are the four layers of TCP/IP?
74
Application
Host-to-Host
Internet
Network Access
TCP/IP Application layer
75
Gives applications access to services or protocols that can be used to exchange data. Common protocols would be:
- HTTP
- FTP
- SMTP
- Telnet
- DNS
- RDP
- SNMP
- POP
- IMAP
Host-To-Host (Transport) Layer
77
Gives the Application Layer a session and datagram communication services. Common protocols are:
- TCP
- UDP
Internet Layer
77
Responsible for IP addressing, routing, and packaging.
- Accomplishes all the behind-the-scenes information exchange work. Common protocols are:
- IP
- ARP
- ICMP
Network Access (Interface) Layer (78)
Placing and removig packets on the physical network through communication with a computer that has a NIC
Encapsulation
79
Allows a transport proocol to be sent across the network and utilized
How Can You View Active TCP/UDP Ports?
83
Command Prompt
Netstat -a
Application Programming interface
86
Allows programmers to more easily create an interface to the TCP/IP suite
-The default Microsoft one is Windows Sockets (Winsocks)
iSCSI
87
Allows data storage and transfers across an existing network. Allows for Storage Area Networks to exist
Ports 860, 3260
Fibre Channel
87
Like iSCSI, but it was originally designed for fiber only. It’s also not routable at the IP layer, so it’s not very popular.
DMZ
87
Demilitarized Zone
- Makes a public server that’s isolated from the rest of your network
- You can do this using a firewall that can transmit to the internal network, the external world, and the public information you’re sharing.
VLAN
89
Allows you to make groups of users and devices and segment them on the network. You can then hide these network segments from other segments and even control paths the data will take to get from A to B.
PPTP
90
Point-to-Point Tunneling Protocol
-Encapsulates and encrypts PPP packets
-The data itself is encrypted, but the negotiation between the two ends is not. It’s not foolproof.
1723, TCP
L2F
91
Layer 2 Forwarding
-Created by Cisco for dial-up connections. it’s a lot like PPP
-offers authentication, but not encryption, so it’s not really secure
1701, UDP
SSH
91
Secure Shell
-Originally designed for Unix, it gives security to common clear text applications, like Telnet.
22, TCP
IPSec
91
Not a tunneling protocol, but it’s often used in conjunction with them.
- Tunneling mode: Data and message headers are encrypted
- Transport mode: Only data is encrypted
Remote Access Service
92
Any service that allows you to connect remote systems
NAT
93
Network Address Translation
- Translates all your internal IPs to one single external IP
- Effectively hides the information of your network from the outside world
Telephony
94
Telephone technology and network technology together. The most common is VoIP
-VoIP is susceptible to DoS attacks and sniffing.
Network Access Control
95
A set of standards that clients on the network must abide by
Packet Filter Firewall
97
Blocks traffic or lets it pass based on the type of application. It doesn’t analyze the packet, just goes based on addressing information. You can set different rules for different IPs.
Proxy Firewall
98
An intermediary between your network and another one. Routes all traffic request through itself, and can offer caching.
-Usually uses two NICs
Stateful Inspection Firewall
100
Records network traffic and stores it in a state table. Provides some additional security.
Routers
100
Provides a path between networks. Stores information about the networks for intelligent routing decisions
-can be used as packet-filter firewalls
Switches
102
Routing based on physical addresses
enhances efficiency and security
Load Balancers
103
Balances the load between devices, usually servers. If one goes down, the rest will continue running
Web Security Gateway
103
Proxy server with web protection software built in. Can range from a virus scanner on incoming packets to monitoring outgoing traffic for red flags
IDS
105
Intrusion Detection System
Monitors network activity, alerts if it sees anything weird.
It can be a separate network device or it can run on a workstation
In an emergency, it can disable systems, end sessions, or shut down the network.
IDS Data Source
107
The information IDS uses to detect suspicious activity
Behavior-Based IDS
109
Looks for variations in behavior. This could be high traffic, policy violations, and more.
Signature-Based IDS
109
Evaluates attacks based on signatures it knows to look for. For example, a TCP flood starts with a bunch of incomplete sessions, the IDS will say “NOPE” and block the traffic.
Anomaly-Detection IDS
109
Learns normal network operation and looks for anything out of the ordinary
Heuristic IDS
109
Use algorithms to analyze traffic
Port Spanning
113
Copies traffic from all ports to a single port, and disallows bidirectional traffic on said port.
Shunning
113
The act of ignoring an attack. Usually when you know it’s not gonna do anything.
Log Files in Linux
117
/var/log/faillog-Failed authentication attempts
/var/log/lastlog-all users and when they were last logged in
/var/log/messages-grep will show you login-related entries found in this file
/var/log/wtmp-list of users who have authenticated to the system
Time to live exceeded (TTL)
The TTL time exceeded ICMP message is sent when the TTL value of an IP packet reaches zero. In normal operation, a network should not have a diameter so great that the TTL gets reduced to zero. The most common occurrence of this is when there is a routing loop.
PING 87.117.221.17 (87.117.221.17) 56(84) bytes of data.
From 87.117.211.46 icmp_seq=1 Time to live exceeded
RFC 1918
Private Network address space
RFC1918 name IP address range number of addresses
24-bit block 10.0.0.0 - 10.255.255.255 16,777,216
20-bit block 172.16.0.0 - 172.31.255.255 1,048,576
16-bit block 192.168.0.0 - 192.168.255.255 65,536
