Chapter 3 Understanding Devices and Infrastructure

Question 1

What are the four layers of TCP/IP?

74

Answer 1

Application
Host-to-Host
Internet
Network Access

Question 2

TCP/IP Application layer

75

Answer 2

Gives applications access to services or protocols that can be used to exchange data. Common protocols would be:

• HTTP
• FTP
• SMTP
• Telnet
• DNS
• RDP
• SNMP
• POP
• IMAP

Question 3

Host-To-Host (Transport) Layer

77

Answer 3

Gives the Application Layer a session and datagram communication services. Common protocols are:

• TCP
• UDP

Question 4

Internet Layer

77

Answer 4

Responsible for IP addressing, routing, and packaging.

• Accomplishes all the behind-the-scenes information exchange work. Common protocols are:
• IP
• ARP
• ICMP

Question 5

Network Access (Interface) Layer
(78)

Answer 5

Placing and removig packets on the physical network through communication with a computer that has a NIC

Question 6

Encapsulation

79

Answer 6

Allows a transport proocol to be sent across the network and utilized

Question 7

How Can You View Active TCP/UDP Ports?

83

Answer 7

Command Prompt

Netstat -a

Question 8

Application Programming interface

86

Answer 8

Allows programmers to more easily create an interface to the TCP/IP suite
-The default Microsoft one is Windows Sockets (Winsocks)

Question 9

iSCSI

87

Answer 9

Allows data storage and transfers across an existing network. Allows for Storage Area Networks to exist
Ports 860, 3260

Question 10

Fibre Channel

87

Answer 10

Like iSCSI, but it was originally designed for fiber only. It’s also not routable at the IP layer, so it’s not very popular.

Question 11

DMZ

87

Answer 11

Demilitarized Zone

• Makes a public server that’s isolated from the rest of your network
• You can do this using a firewall that can transmit to the internal network, the external world, and the public information you’re sharing.

Question 12

VLAN

89

Answer 12

Allows you to make groups of users and devices and segment them on the network. You can then hide these network segments from other segments and even control paths the data will take to get from A to B.

Question 13

PPTP

90

Answer 13

Point-to-Point Tunneling Protocol
-Encapsulates and encrypts PPP packets
-The data itself is encrypted, but the negotiation between the two ends is not. It’s not foolproof.
1723, TCP

Question 14

L2F

91

Answer 14

Layer 2 Forwarding
-Created by Cisco for dial-up connections. it’s a lot like PPP
-offers authentication, but not encryption, so it’s not really secure
1701, UDP

Question 15

SSH

91

Answer 15

Secure Shell
-Originally designed for Unix, it gives security to common clear text applications, like Telnet.
22, TCP

Question 16

IPSec

91

Answer 16

Not a tunneling protocol, but it’s often used in conjunction with them.

• Tunneling mode: Data and message headers are encrypted
• Transport mode: Only data is encrypted

Question 17

Remote Access Service

92

Answer 17

Any service that allows you to connect remote systems

Question 18

NAT

93

Answer 18

Network Address Translation

• Translates all your internal IPs to one single external IP
• Effectively hides the information of your network from the outside world

Question 19

Telephony

94

Answer 19

Telephone technology and network technology together. The most common is VoIP
-VoIP is susceptible to DoS attacks and sniffing.

Question 20

Network Access Control

95

Answer 20

A set of standards that clients on the network must abide by

Question 21

Packet Filter Firewall

97

Answer 21

Blocks traffic or lets it pass based on the type of application. It doesn’t analyze the packet, just goes based on addressing information. You can set different rules for different IPs.

Question 22

Proxy Firewall

98

Answer 22

An intermediary between your network and another one. Routes all traffic request through itself, and can offer caching.
-Usually uses two NICs

Question 23

Stateful Inspection Firewall

100

Answer 23

Records network traffic and stores it in a state table. Provides some additional security.

Question 24

Routers

100

Answer 24

Provides a path between networks. Stores information about the networks for intelligent routing decisions
-can be used as packet-filter firewalls

Question 25

Switches

102

Answer 25

Routing based on physical addresses

enhances efficiency and security

Question 26

Load Balancers

103

Answer 26

Balances the load between devices, usually servers. If one goes down, the rest will continue running

Question 27

Web Security Gateway

103

Answer 27

Proxy server with web protection software built in. Can range from a virus scanner on incoming packets to monitoring outgoing traffic for red flags

Question 28

IDS

105

Answer 28

Intrusion Detection System
Monitors network activity, alerts if it sees anything weird.
It can be a separate network device or it can run on a workstation
In an emergency, it can disable systems, end sessions, or shut down the network.

Question 29

IDS Data Source

107

Answer 29

The information IDS uses to detect suspicious activity

Question 30

Behavior-Based IDS

109

Answer 30

Looks for variations in behavior. This could be high traffic, policy violations, and more.

Question 31

Signature-Based IDS

109

Answer 31

Evaluates attacks based on signatures it knows to look for. For example, a TCP flood starts with a bunch of incomplete sessions, the IDS will say “NOPE” and block the traffic.

Question 32

Anomaly-Detection IDS

109

Answer 32

Learns normal network operation and looks for anything out of the ordinary

Question 33

Heuristic IDS

109

Answer 33

Use algorithms to analyze traffic

Question 34

Port Spanning

113

Answer 34

Copies traffic from all ports to a single port, and disallows bidirectional traffic on said port.

Question 35

Shunning

113

Answer 35

The act of ignoring an attack. Usually when you know it’s not gonna do anything.

Question 36

Log Files in Linux

117

Answer 36

/var/log/faillog-Failed authentication attempts
/var/log/lastlog-all users and when they were last logged in
/var/log/messages-grep will show you login-related entries found in this file
/var/log/wtmp-list of users who have authenticated to the system

Question 37

Time to live exceeded (TTL)

Answer 37

The TTL time exceeded ICMP message is sent when the TTL value of an IP packet reaches zero. In normal operation, a network should not have a diameter so great that the TTL gets reduced to zero. The most common occurrence of this is when there is a routing loop.
PING 87.117.221.17 (87.117.221.17) 56(84) bytes of data.
From 87.117.211.46 icmp_seq=1 Time to live exceeded

Question 38

RFC 1918

Answer 38

Private Network address space
RFC1918 name IP address range number of addresses
24-bit block 10.0.0.0 - 10.255.255.255 16,777,216
20-bit block 172.16.0.0 - 172.31.255.255 1,048,576
16-bit block 192.168.0.0 - 192.168.255.255 65,536