Chapter 3 - Understanding Devices & Infrastructure

Question 1

Any device connected to the network that runs a TCP/IP protocol suite is called a what?

3-74

Answer 1

host

Question 2

Tell me the 4 layers of the TCP/IP model, bottom up.

3-74

Answer 2

network access
internet
transport (host to host)
application

Question 3

Tell me the default ports for HTTP and HTTPS.

What does HTTPS use for encryption?

3-75

Answer 3

80 and 443

SSL (Secure Socket Layer)

Question 4

Tell me the ports used by File Transfer Protocol.
Simple Mail Transfer Protocol.
Telnet
Domain Name System
Remote Desktop protocol
Simple Network Management Protocol
Post Office Protocol

Which layer do all of these protocols operate at?
3-76

Answer 4

20, 21
25
23
53
3389
161, 162 (trap)
110

Application Layer

Question 5

True or False

Antiquated protocols are those that are no longer needed and should therefore be removed because they are leaving an opening for an attacker.

3-77

Answer 5

True

Question 6

Which layer does TCP and UDP operate at?

What’s the difference between them?

3-77

Answer 6

transport layer

tcp - connection oriented
udp - not connection oriented

Question 7

The Internet layer is responsible for routing, IP addressing, and packaging. Tell me 3 standard protocols of the Internet layer.

3-77,78

Answer 7

Internet Protocol
Address Resolution Protocol
Internet Control Message Protocol

(IP, ARP, ICMP)

Question 8

Network Access Layer. Tell me what it does.

3-78

Answer 8

Defines how you put data on the wire and defines what that wire is.

Question 9

IPv6. How many bits in an IPv6 address?

What security does it employ?

3-79

Answer 9

128

IPSec, is mandatory

Question 10

You have some data that needs to be sent from PC A to PC B. Your data is going to go through an encapsulation process. Tell me the headers that get attached, in sequence, and where they get attached.

3-79

Answer 10

A TCP header gets added to the front of your Application Data.
An IP header gets placed in front of the TCP header.
A Hardware header gets placed in front of the IP header.

Question 11

There are well-known TCP ports and UDP ports that we need to pay particular attention to. What are they?

3-81,82

Answer 11

21 - FTP
22 - SSH
25 - SMTP
53 - DNS
80 - HTTP
110 - POP3
139 - NetBIOS
143 - IMAP
443 - HTTPS

Question 12

Tell me the command you use to see which ports are active on your server.

3-83

Answer 12

netstat

Question 13

Tell me the TCP three way handshake connection process by using acronyms.

3-86

Answer 13

1. PC A sends SYN to PC B
2. PC B sends SYN-ACK to PC A
3. PC A sends ACK to PC B

Question 14

What is the thing that allows a server or client to interface to the TCP/IP protocol suite?

3-86

Answer 14

Windows Sockets Application Programming Interface

also known as Winsock

Question 15

What is iSCSI?
What ports does it use?
What is it for?
What does it create?

3-87

Answer 15

Internet Small Computer Systems Interface
860 and 3260
data storage and data transfers
a SAN (storage area network)

Question 16

You are designing the security topology of your network, so what 3 things must you be concerned with?

3-87

Answer 16

access methods
security
technologies used

Question 17

Tell me a common protocol used by Fibre Channel and tell me what is bad about it.

3-87

Answer 17

FCoE (Fibre Channel over Ethernet)

The problem with FCoE is that it is not routable at the IP layer and so it won’t work on large networks.

Question 18

What do you use to establish a DMZ for your server?

3-87

Answer 18

firewall

Question 19

If a host exists outside the DMZ and is open to the public, what kind of host is that?

3-88

Answer 19

bastion host

Question 20

What do you use to subnet a network?

3-89

Answer 20

subnet mask

Question 21

What can you use to hide segments of your network and therefore control access?

3-89

Answer 21

VLANs

virtual local area networks

Question 22

What is the key benefit of a VLAN from a security standpoint?

3-90

Answer 22

users with similar data sensitivity levels can be grouped together, and this helps to increase security

Question 23

What is the weakness of PPTP?

3-91

Answer 23

The negotiation of the connection is not encrypted.

Question 24

Layer 2 Forwarding.  
What does it provide? 
What does it not provide?  
Where should you NOT use it?
What port does it use?
What transport protocol does it use?

3-91

Answer 24

authentication
encryption
WAN
1701
TCP

Question 25

Layer 2 Tunneling Protocol.
Does it provide encryption?
What’s its port?
What’s its transport protocol?

3-91

Answer 25

no
1701, same as L2F
UDP

Question 26

SSH.
What port does it use?
What’s its transport protocol?

3-91

Answer 26

22

TCP

Question 27

PPTP, L2F, L2TP, SSH, and IPSec. Which one doesn’t belong and why?

3-91

Answer 27

IPSec, because unlike the others, it is NOT a tunneling protocol.

Question 28

It is true that NAT can save IP addresses, but what else can it do?

3-93

Answer 28

act as a firewall, because its a proxy between your LAN and the hostile Internet

Question 29

Tell me the 3 ranges of private IP addresses.

3-93

Answer 29

10. 0.0.0 - 10.255.255.255
11. 16.0.0 - 172.31.255.255
12. 168.0.0 - 192.168.255.255

Question 30

What’s the difference between NAT and PAT?

3-94

Answer 30

NAT - more than one public IP address

PAT - only one public IP address

Question 31

What is NAC?

3-95

Answer 31

Network Access Control

Question 32

What is the first line of defense in your network?

What are its functions?

3-96

Answer 32

firewall

packet filter
proxy firewall
statefull packet inspection firewall

Question 33

How does a packet filter work?

3-97

Answer 33

filters traffic bases on the application type

Question 34

You have a proxy firewall. It has 2 NICs in it. This kind of firewall is called what?

3-99

Answer 34

dual-homed firewall

Question 35

Tell me the difference between an application level proxy and a circuit level proxy.

3-99

Answer 35

circuit level proxy does not deal with the contents of the packet. the application level proxy DOES.

Question 36

What’s the difference between stateless and stateful?

3-100

Answer 36

stateful is concerned with where packets came from. stateless does not care about the source.

Question 37

What is the primary device used for connecting two networks together?

3-100

Answer 37

router

Question 38

The router that ties your LAN to a WAN is a what?

3-100

Answer 38

border router

Question 39

Will network segmentation increase or decrease traffic?

3-101

Answer 39

decrease it

Question 40

Will you use switches internally, externally, or both?

3-102

Answer 40

internally only

Question 41

In four words, tell me what a load balancer does.

3-103

Answer 41

It splits the traffic.

Question 42

What can you use to connect LANs together across the Internet?

3-103

Answer 42

a virtual private network

Question 43

What is the encryption system used in VPNs?

3-104

Answer 43

IPSec

Question 44

What does a VPN concentrator do?

3-105

Answer 44

Creates remote access VPNs

Question 45

Intrusion Detection Systems act a lot like what?

What can it do in the event that the firewall gets compromised?

3-105

Answer 45

burglar alarms

disable systems
end sessions
shut down the whole network

Question 46

The process by which the IDS manager makes the operator aware of an alert is what?

3-108

Answer 46

notification

Question 47

Tell me 4 different kinds of IDS.

3-109

Answer 47

behavior based
signature based
anomaly detection
heuristic

Question 48

Tell me 3 passive response strategies.

3-113

Answer 48

logging
notification
shunning

Question 49

Tell me 3 active response strategies.

3-113,114

Answer 49

terminating processes or sessions
network configuration changes
deception (send them to the honeypot)

Question 50

You have a host-based IDS. What 3 things will it monitor and what will it not monitor?

3-116

Answer 50

machine logs
system events
applications interactions

incoming traffic to the host

Question 51

Tell me 2 problems with HIDS. Tell me 2 benefits.

3-117

Answer 51

possibly compromise the system
must be deployed on each system that needs it

keeps checksums on file
can read memory

Question 52

Tell me 4 log files on Linux you should check for indications of an intrusion.

3-117

Answer 52

faillog
lastlog
messages
wtmp