Chapter 3 - Understanding Devices & Infrastructure Flashcards
Any device connected to the network that runs a TCP/IP protocol suite is called a what?
3-74
host
Tell me the 4 layers of the TCP/IP model, bottom up.
3-74
network access
internet
transport (host to host)
application
Tell me the default ports for HTTP and HTTPS.
What does HTTPS use for encryption?
3-75
80 and 443
SSL (Secure Socket Layer)
Tell me the ports used by File Transfer Protocol. Simple Mail Transfer Protocol. Telnet Domain Name System Remote Desktop protocol Simple Network Management Protocol Post Office Protocol
Which layer do all of these protocols operate at?
3-76
20, 21 25 23 53 3389 161, 162 (trap) 110
Application Layer
True or False
Antiquated protocols are those that are no longer needed and should therefore be removed because they are leaving an opening for an attacker.
3-77
True
Which layer does TCP and UDP operate at?
What’s the difference between them?
3-77
transport layer
tcp - connection oriented
udp - not connection oriented
The Internet layer is responsible for routing, IP addressing, and packaging. Tell me 3 standard protocols of the Internet layer.
3-77,78
Internet Protocol
Address Resolution Protocol
Internet Control Message Protocol
(IP, ARP, ICMP)
Network Access Layer. Tell me what it does.
3-78
Defines how you put data on the wire and defines what that wire is.
IPv6. How many bits in an IPv6 address?
What security does it employ?
3-79
128
IPSec, is mandatory
You have some data that needs to be sent from PC A to PC B. Your data is going to go through an encapsulation process. Tell me the headers that get attached, in sequence, and where they get attached.
3-79
A TCP header gets added to the front of your Application Data.
An IP header gets placed in front of the TCP header.
A Hardware header gets placed in front of the IP header.
There are well-known TCP ports and UDP ports that we need to pay particular attention to. What are they?
3-81,82
21 - FTP 22 - SSH 25 - SMTP 53 - DNS 80 - HTTP 110 - POP3 139 - NetBIOS 143 - IMAP 443 - HTTPS
Tell me the command you use to see which ports are active on your server.
3-83
netstat
Tell me the TCP three way handshake connection process by using acronyms.
3-86
- PC A sends SYN to PC B
- PC B sends SYN-ACK to PC A
- PC A sends ACK to PC B
What is the thing that allows a server or client to interface to the TCP/IP protocol suite?
3-86
Windows Sockets Application Programming Interface
also known as Winsock
What is iSCSI?
What ports does it use?
What is it for?
What does it create?
3-87
Internet Small Computer Systems Interface
860 and 3260
data storage and data transfers
a SAN (storage area network)
You are designing the security topology of your network, so what 3 things must you be concerned with?
3-87
access methods
security
technologies used
Tell me a common protocol used by Fibre Channel and tell me what is bad about it.
3-87
FCoE (Fibre Channel over Ethernet)
The problem with FCoE is that it is not routable at the IP layer and so it won’t work on large networks.
What do you use to establish a DMZ for your server?
3-87
firewall
If a host exists outside the DMZ and is open to the public, what kind of host is that?
3-88
bastion host
What do you use to subnet a network?
3-89
subnet mask
What can you use to hide segments of your network and therefore control access?
3-89
VLANs
virtual local area networks
What is the key benefit of a VLAN from a security standpoint?
3-90
users with similar data sensitivity levels can be grouped together, and this helps to increase security
What is the weakness of PPTP?
3-91
The negotiation of the connection is not encrypted.
Layer 2 Forwarding. What does it provide? What does it not provide? Where should you NOT use it? What port does it use? What transport protocol does it use?
3-91
authentication encryption WAN 1701 TCP
Layer 2 Tunneling Protocol.
Does it provide encryption?
What’s its port?
What’s its transport protocol?
3-91
no
1701, same as L2F
UDP
SSH.
What port does it use?
What’s its transport protocol?
3-91
22
TCP
PPTP, L2F, L2TP, SSH, and IPSec. Which one doesn’t belong and why?
3-91
IPSec, because unlike the others, it is NOT a tunneling protocol.
It is true that NAT can save IP addresses, but what else can it do?
3-93
act as a firewall, because its a proxy between your LAN and the hostile Internet
Tell me the 3 ranges of private IP addresses.
3-93
- 0.0.0 - 10.255.255.255
- 16.0.0 - 172.31.255.255
- 168.0.0 - 192.168.255.255
What’s the difference between NAT and PAT?
3-94
NAT - more than one public IP address
PAT - only one public IP address
What is NAC?
3-95
Network Access Control
What is the first line of defense in your network?
What are its functions?
3-96
firewall
packet filter
proxy firewall
statefull packet inspection firewall
How does a packet filter work?
3-97
filters traffic bases on the application type
You have a proxy firewall. It has 2 NICs in it. This kind of firewall is called what?
3-99
dual-homed firewall
Tell me the difference between an application level proxy and a circuit level proxy.
3-99
circuit level proxy does not deal with the contents of the packet. the application level proxy DOES.
What’s the difference between stateless and stateful?
3-100
stateful is concerned with where packets came from. stateless does not care about the source.
What is the primary device used for connecting two networks together?
3-100
router
The router that ties your LAN to a WAN is a what?
3-100
border router
Will network segmentation increase or decrease traffic?
3-101
decrease it
Will you use switches internally, externally, or both?
3-102
internally only
In four words, tell me what a load balancer does.
3-103
It splits the traffic.
What can you use to connect LANs together across the Internet?
3-103
a virtual private network
What is the encryption system used in VPNs?
3-104
IPSec
What does a VPN concentrator do?
3-105
Creates remote access VPNs
Intrusion Detection Systems act a lot like what?
What can it do in the event that the firewall gets compromised?
3-105
burglar alarms
disable systems
end sessions
shut down the whole network
The process by which the IDS manager makes the operator aware of an alert is what?
3-108
notification
Tell me 4 different kinds of IDS.
3-109
behavior based
signature based
anomaly detection
heuristic
Tell me 3 passive response strategies.
3-113
logging
notification
shunning
Tell me 3 active response strategies.
3-113,114
terminating processes or sessions
network configuration changes
deception (send them to the honeypot)
You have a host-based IDS. What 3 things will it monitor and what will it not monitor?
3-116
machine logs
system events
applications interactions
incoming traffic to the host
Tell me 2 problems with HIDS. Tell me 2 benefits.
3-117
possibly compromise the system
must be deployed on each system that needs it
keeps checksums on file
can read memory
Tell me 4 log files on Linux you should check for indications of an intrusion.
3-117
faillog
lastlog
messages
wtmp
