Chapter 4 - Advance Networking

Question 1

What are switches?

Answer 1

Connects devices within a network.

Operates in the Data Link layer (layer 2)

Question 2

What are routers?

Answer 2

Connects multiple networks together.

Operates in the Network Layer (layer 3)

Question 3

Are VLANs an example of physical or logical network segmentation?

Answer 3

Logical

Question 4

What are the other functions of a proxy server?

Answer 4

Caching - popular sites can be cached for quicker site retrieval.

Filtering - proxy based white/black listing domains and urls as a security service.

Question 5

What are the two different types of Firewalls?

Answer 5

Network-Based Firewalls
- placed in line of network traffic that filters all traffic going in and out of a network

Host-Based Firewalls
- software based firework application that filters traffic in/out of a network node or machine.

Question 6

What are Packet Filtering firewalls?

Answer 6

Firewalls that filter data packet based on headers such as IP address, ports, protocols etc.

Filtering based on a Access Control List (ACL)

Question 7

What is an Access Control List?

Answer 7

A list that determines whether traffic is permitted or rejected.

Rules are analyzed from top to bottom to see if any rules match the traffic.

At the bottom of ACL should contain - Deny ‘ANY ANY ANY’

Question 8

What are Stateful Inspection Firewalls?

Answer 8

Stateful Inspection firewalls analyze packets for the entirety of the session.

Packet filtering firewalls only analyze each packet as an individual object.

Question 9

What are Application Proxy Firewalls?

Answer 9

Application Proxy Firewalls are firewalls with added capabilities of analyzing protocol specific commands.

The firewall understands data and commands for many protocols such as HTTP, SMTP etc.

Admins can configure these firewalls based on some commands and actions regarding a specific protocol.

Question 10

What are Unified Threat Management Devices? (UTM)

Answer 10

UTM’s are a single device that houses multiple firewall and security capabilities such as:
- Packet Filtering
- Malware Blocking through AV
- URL management
etc.

Question 11

What are the purpose of tunneling protocols?

Answer 11

Tunneling protocols encapsulate and encrypt this encapsulated data prior to data transmission.

Question 12

What are the two constituents of IPSec?

Answer 12

Authentication Headers (AH) for authentication and integrity (protocol 51)

Encapsulation Security Protocol (ESP) for data encryption prior to transmission. (protocol 50)

L2TP/IPSec are used in conjunction together as an effective tunneling protocol.

Question 13

What are the problems of using L2TP as a tunneling protocol?

Answer 13

Using a NAT service with L2TP corrupts the encrypted data.

NAT-T was created to allow L2TP/IPSec data to pass through NAT.

Question 14

What are the two different IPSec modes?

Answer 14

Tunnel Mode:
- The entire packet is encapsulated, encrypted and transported over the Internet.

Transport Mode:
- Only the payload data is encrypted.
- This improves network performance and used for internal traffic.

Question 15

How does the Challenge Handshake Authentication Protocol (CHAP) work?

Answer 15

1. Server sends a “number used only once” nonce to the client.
2. Client received the nonce, combines it with a shared secret between client and server.
3. Nonce + shared secret is then hashed.
4. Hash is sent to server for validation as it also knows the shared secret
5. If hashes match, client is authenticated.

Question 16

What is CHAPv2?

Answer 16

CHAPv2 is the same as CHAP but instead requires mutual authentication - the server also needs to authenticate to the client.

Question 17

What purpose does a RADIUS server serve?

Answer 17

RADIUS server provides a centralized AAA service.

Clients connecting to a remote server passes the credentials to the RADIUS server for AAA.

RADIUS uses UDP

RADIUS only encrypts the password during authentication.

Question 18

What is a Diameter service?

Answer 18

Similar to RADIUS but uses TCP instead of UDP.

Diameter also supports IPSec and TLS

Question 19

What is TACACS+

Answer 19

Another AAA alternative to RADIUS and Diameter.

TACACS+ encrypts the entire authentication process.

TACACS+ uses TCP 49

Question 20

What is traffic shaping?

Answer 20

Traffic Shaping is the process where certain traffic types are prioritized over other traffic types in a network to improve performance.

Question 21

What purpose does the Network Access Control serve (NAC) ?

Answer 21

NAC controls which clients are allowed to connect to a network.

The NAC checks the health of the potential client to determine if it can connect to the network.

Checks such as:
- AV software installed
- Patches installed
- Host-Based FW enabled

Among many other requirements set by the network admin.

Any clients that are deemed ‘unhealthy’ are quarantined to a different network where they can access resources to improve their ‘health’ - patches, software packages etc.

Quarantine VLAN also allows for monitoring should the device be deemed malicious.

Question 22

What is a VM Hypervisor?

Answer 22

A Hypervisor manages different VM’s that run on the physical device.

Question 23

What are the two different types of VDIs that employees can use?

Answer 23

Persistent:
- Changes made are saved and stored

Non-Persistent:
- Any changes made are not saved and the VDI reverts to its original configuration once powered down or restarted.

Question 24

What are the Data and Control planes in relation to hardware routers?

Answer 24

The Data Plane uses ACL rules to determine whether the router will pass or block traffic.

The Control Plane uses routing protocols to map the network and determine paths to other networks.

Question 25

What are SaaS, PaaS and IaaS?

Answer 25

Software as a Service

Platform as a Service

Infrastructure as a Service

Question 26

What is a Community Cloud?

Answer 26

Cloud platform shared by two or more organizations.

Typically provides a way to share data between organizations.