Chapter 3 Understanding Devices and Infrastructure Flashcards

1
Q

What are the four layers of TCP/IP?

74

A

Application
Host-to-Host
Internet
Network Access

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

TCP/IP Application layer

75

A

Gives applications access to services or protocols that can be used to exchange data. Common protocols would be:

  • HTTP
  • FTP
  • SMTP
  • Telnet
  • DNS
  • RDP
  • SNMP
  • POP
  • IMAP
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Host-To-Host (Transport) Layer

77

A

Gives the Application Layer a session and datagram communication services. Common protocols are:

  • TCP
  • UDP
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Internet Layer

77

A

Responsible for IP addressing, routing, and packaging.

  • Accomplishes all the behind-the-scenes information exchange work. Common protocols are:
  • IP
  • ARP
  • ICMP
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q
Network Access (Interface) Layer
(78)
A

Placing and removig packets on the physical network through communication with a computer that has a NIC

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Encapsulation

79

A

Allows a transport proocol to be sent across the network and utilized

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

How Can You View Active TCP/UDP Ports?

83

A

Command Prompt

Netstat -a

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Application Programming interface

86

A

Allows programmers to more easily create an interface to the TCP/IP suite
-The default Microsoft one is Windows Sockets (Winsocks)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

iSCSI

87

A

Allows data storage and transfers across an existing network. Allows for Storage Area Networks to exist
Ports 860, 3260

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Fibre Channel

87

A

Like iSCSI, but it was originally designed for fiber only. It’s also not routable at the IP layer, so it’s not very popular.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

DMZ

87

A

Demilitarized Zone

  • Makes a public server that’s isolated from the rest of your network
  • You can do this using a firewall that can transmit to the internal network, the external world, and the public information you’re sharing.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

VLAN

89

A

Allows you to make groups of users and devices and segment them on the network. You can then hide these network segments from other segments and even control paths the data will take to get from A to B.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

PPTP

90

A

Point-to-Point Tunneling Protocol
-Encapsulates and encrypts PPP packets
-The data itself is encrypted, but the negotiation between the two ends is not. It’s not foolproof.
1723, TCP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

L2F

91

A

Layer 2 Forwarding
-Created by Cisco for dial-up connections. it’s a lot like PPP
-offers authentication, but not encryption, so it’s not really secure
1701, UDP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

SSH

91

A

Secure Shell
-Originally designed for Unix, it gives security to common clear text applications, like Telnet.
22, TCP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

IPSec

91

A

Not a tunneling protocol, but it’s often used in conjunction with them.

  • Tunneling mode: Data and message headers are encrypted
  • Transport mode: Only data is encrypted
17
Q

Remote Access Service

92

A

Any service that allows you to connect remote systems

18
Q

NAT

93

A

Network Address Translation

  • Translates all your internal IPs to one single external IP
  • Effectively hides the information of your network from the outside world
19
Q

Telephony

94

A

Telephone technology and network technology together. The most common is VoIP
-VoIP is susceptible to DoS attacks and sniffing.

20
Q

Network Access Control

95

A

A set of standards that clients on the network must abide by

21
Q

Packet Filter Firewall

97

A

Blocks traffic or lets it pass based on the type of application. It doesn’t analyze the packet, just goes based on addressing information. You can set different rules for different IPs.

22
Q

Proxy Firewall

98

A

An intermediary between your network and another one. Routes all traffic request through itself, and can offer caching.
-Usually uses two NICs

23
Q

Stateful Inspection Firewall

100

A

Records network traffic and stores it in a state table. Provides some additional security.

24
Q

Routers

100

A

Provides a path between networks. Stores information about the networks for intelligent routing decisions
-can be used as packet-filter firewalls

25
Q

Switches

102

A

Routing based on physical addresses

enhances efficiency and security

26
Q

Load Balancers

103

A

Balances the load between devices, usually servers. If one goes down, the rest will continue running

27
Q

Web Security Gateway

103

A

Proxy server with web protection software built in. Can range from a virus scanner on incoming packets to monitoring outgoing traffic for red flags

28
Q

IDS

105

A

Intrusion Detection System
Monitors network activity, alerts if it sees anything weird.
It can be a separate network device or it can run on a workstation
In an emergency, it can disable systems, end sessions, or shut down the network.

29
Q

IDS Data Source

107

A

The information IDS uses to detect suspicious activity

30
Q

Behavior-Based IDS

109

A

Looks for variations in behavior. This could be high traffic, policy violations, and more.

31
Q

Signature-Based IDS

109

A

Evaluates attacks based on signatures it knows to look for. For example, a TCP flood starts with a bunch of incomplete sessions, the IDS will say “NOPE” and block the traffic.

32
Q

Anomaly-Detection IDS

109

A

Learns normal network operation and looks for anything out of the ordinary

33
Q

Heuristic IDS

109

A

Use algorithms to analyze traffic

34
Q

Port Spanning

113

A

Copies traffic from all ports to a single port, and disallows bidirectional traffic on said port.

35
Q

Shunning

113

A

The act of ignoring an attack. Usually when you know it’s not gonna do anything.

36
Q

Log Files in Linux

117

A

/var/log/faillog-Failed authentication attempts
/var/log/lastlog-all users and when they were last logged in
/var/log/messages-grep will show you login-related entries found in this file
/var/log/wtmp-list of users who have authenticated to the system

37
Q

Time to live exceeded (TTL)

A

The TTL time exceeded ICMP message is sent when the TTL value of an IP packet reaches zero. In normal operation, a network should not have a diameter so great that the TTL gets reduced to zero. The most common occurrence of this is when there is a routing loop.
PING 87.117.221.17 (87.117.221.17) 56(84) bytes of data.
From 87.117.211.46 icmp_seq=1 Time to live exceeded

38
Q

RFC 1918

A

Private Network address space
RFC1918 name IP address range number of addresses
24-bit block 10.0.0.0 - 10.255.255.255 16,777,216
20-bit block 172.16.0.0 - 172.31.255.255 1,048,576
16-bit block 192.168.0.0 - 192.168.255.255 65,536