Chapter 4 - Advance Networking Flashcards
What are switches?
Connects devices within a network.
Operates in the Data Link layer (layer 2)
What are routers?
Connects multiple networks together.
Operates in the Network Layer (layer 3)
Are VLANs an example of physical or logical network segmentation?
Logical
What are the other functions of a proxy server?
Caching - popular sites can be cached for quicker site retrieval.
Filtering - proxy based white/black listing domains and urls as a security service.
What are the two different types of Firewalls?
Network-Based Firewalls
- placed in line of network traffic that filters all traffic going in and out of a network
Host-Based Firewalls
- software based firework application that filters traffic in/out of a network node or machine.
What are Packet Filtering firewalls?
Firewalls that filter data packet based on headers such as IP address, ports, protocols etc.
Filtering based on a Access Control List (ACL)
What is an Access Control List?
A list that determines whether traffic is permitted or rejected.
Rules are analyzed from top to bottom to see if any rules match the traffic.
At the bottom of ACL should contain - Deny ‘ANY ANY ANY’
What are Stateful Inspection Firewalls?
Stateful Inspection firewalls analyze packets for the entirety of the session.
Packet filtering firewalls only analyze each packet as an individual object.
What are Application Proxy Firewalls?
Application Proxy Firewalls are firewalls with added capabilities of analyzing protocol specific commands.
The firewall understands data and commands for many protocols such as HTTP, SMTP etc.
Admins can configure these firewalls based on some commands and actions regarding a specific protocol.
What are Unified Threat Management Devices? (UTM)
UTM’s are a single device that houses multiple firewall and security capabilities such as:
- Packet Filtering
- Malware Blocking through AV
- URL management
etc.
What are the purpose of tunneling protocols?
Tunneling protocols encapsulate and encrypt this encapsulated data prior to data transmission.
What are the two constituents of IPSec?
Authentication Headers (AH) for authentication and integrity (protocol 51)
Encapsulation Security Protocol (ESP) for data encryption prior to transmission. (protocol 50)
L2TP/IPSec are used in conjunction together as an effective tunneling protocol.
What are the problems of using L2TP as a tunneling protocol?
Using a NAT service with L2TP corrupts the encrypted data.
NAT-T was created to allow L2TP/IPSec data to pass through NAT.
What are the two different IPSec modes?
Tunnel Mode:
- The entire packet is encapsulated, encrypted and transported over the Internet.
Transport Mode:
- Only the payload data is encrypted.
- This improves network performance and used for internal traffic.
How does the Challenge Handshake Authentication Protocol (CHAP) work?
- Server sends a “number used only once” nonce to the client.
- Client received the nonce, combines it with a shared secret between client and server.
- Nonce + shared secret is then hashed.
- Hash is sent to server for validation as it also knows the shared secret
- If hashes match, client is authenticated.
What is CHAPv2?
CHAPv2 is the same as CHAP but instead requires mutual authentication - the server also needs to authenticate to the client.
What purpose does a RADIUS server serve?
RADIUS server provides a centralized AAA service.
Clients connecting to a remote server passes the credentials to the RADIUS server for AAA.
RADIUS uses UDP
RADIUS only encrypts the password during authentication.
What is a Diameter service?
Similar to RADIUS but uses TCP instead of UDP.
Diameter also supports IPSec and TLS
What is TACACS+
Another AAA alternative to RADIUS and Diameter.
TACACS+ encrypts the entire authentication process.
TACACS+ uses TCP 49
What is traffic shaping?
Traffic Shaping is the process where certain traffic types are prioritized over other traffic types in a network to improve performance.
What purpose does the Network Access Control serve (NAC) ?
NAC controls which clients are allowed to connect to a network.
The NAC checks the health of the potential client to determine if it can connect to the network.
Checks such as:
- AV software installed
- Patches installed
- Host-Based FW enabled
Among many other requirements set by the network admin.
Any clients that are deemed ‘unhealthy’ are quarantined to a different network where they can access resources to improve their ‘health’ - patches, software packages etc.
Quarantine VLAN also allows for monitoring should the device be deemed malicious.
What is a VM Hypervisor?
A Hypervisor manages different VM’s that run on the physical device.
What are the two different types of VDIs that employees can use?
Persistent:
- Changes made are saved and stored
Non-Persistent:
- Any changes made are not saved and the VDI reverts to its original configuration once powered down or restarted.
What are the Data and Control planes in relation to hardware routers?
The Data Plane uses ACL rules to determine whether the router will pass or block traffic.
The Control Plane uses routing protocols to map the network and determine paths to other networks.
What are SaaS, PaaS and IaaS?
Software as a Service
Platform as a Service
Infrastructure as a Service
What is a Community Cloud?
Cloud platform shared by two or more organizations.
Typically provides a way to share data between organizations.
