Chapter 4 Mod 1: Understanding Computer Networking Flashcards
Understanding Computer Networking, Network Threats and attacks, Understanding Network Security Infrastructure
1
Q
What is the basic definition of a network?
A
A network is a connection between two or more computers that allows them to share data, information, or resources.
2
Q
What is crucial for establishing secure data communications?
A
o establish secure data communications, it is important to explore technologies in computer communications, including hardware, software, protocols, encryption, and other related details, standards, and procedures.
3
Q
How many basic types of networks are there, and what are they?
A
There are two basic types of networks: Local Area Network (LAN) and Wide Area Network (WAN).
4
Q
What does LAN stand for, and what does it typically span?
A
LAN stands for Local Area Network, and it typically spans a single floor or building, representing a limited geographical area.
5
Q
What does WAN stand for, and what is its usual scope?
A
WAN stands for Wide Area Network, and it refers to long-distance connections between geographically remote networks.
6
Q
What aspects need to be considered for secure data communications?
A
To ensure secure data communications, one must consider hardware, software, protocols, encryption, and various details, standards, and procedures involved in computer communications.
7
Q
What is the primary function of hubs in a network?
A
Hubs are used to connect multiple devices in a network.
8
Q
Where are hubs less likely to be seen, business networks, or home networks?
A
Hubs are less likely to be seen in business or corporate networks than in home networks.
9
Q
Are hubs wired or wireless devices?
A
Hubs are wired devices.
10
Q
In comparison to switches and routers, how intelligent are hubs?
A
Hubs are not as smart as switches or routers.
11
Q
What is suggested as an alternative to using a hub in a network?
A
An alternative to using a hub is a switch, also known as an intelligent hub.
12
Q
How do switches differ from hubs in terms of addressing devices?
A
Switches know the addresses of the devices connected to them and route traffic to specific ports/devices, unlike hubs that retransmit to all devices.
13
Q
What type of devices are switches?
A
Switches are wired devices.
14
Q
In comparison to hubs, are switches considered smarter?
A
Yes, switches are considered smarter than hubs.
15
Q
Are switches as smart as routers?
A
No, switches are not as smart as routers.
16
Q
How do switches contribute to greater efficiency in traffic delivery?
A
Switches improve the overall throughput of data by routing traffic to specific ports/devices based on addresses, enhancing traffic delivery efficiency.
17
Q
What additional feature do switches have in terms of creating separate broadcast domains?
A
Switches can create separate broadcast domains when used to create VLANs (Virtual Local Area Networks).
18
Q
What is the primary function of routers in a network?
A
Routers are used to control traffic flow on networks.
19
Q
How are routers commonly employed in connecting networks?
A
Routers are often used to connect similar networks and control traffic flow between them.
20
Q
Can routers be both wired and wireless devices?
A
Yes, routers can be both wired or wireless devices.
21
Q
What is the capability of routers regarding switches?
A
Routers can connect multiple switches.
22
Q
In comparison to hubs and switches, how intelligent are routers?
A
Routers are smarter than hubs and switches.
23
Q
What role do routers play in determining traffic flow across a network?
A
Routers determine the most efficient “route” for traffic to flow across the network.
24
Q
What is the primary role of firewalls in network management?
A
Firewalls are essential tools for managing and controlling network traffic and protecting the network.
25
Where is a firewall typically deployed in a network architecture?
A firewall is typically deployed between a private network and the internet.
26
In addition to being placed between a private network and the internet, where else can firewalls be deployed?
Firewalls can also be deployed between departments (segmented networks) within an organization that forms the overall network.
27
How does a firewall filter network traffic?
Firewalls filter traffic based on a defined set of rules, also known as filters or access control lists.
28
What is the purpose of filters or access control lists in firewalls?
Filters or access control lists in firewalls define the rules based on which traffic is filtered, allowing for the control and management of network traffic.
29
What is the primary function of a server in a network?
A server is a computer that provides information to other computers on a network.
30
Can you name some common types of servers? (4)
Common types of servers include web servers, email servers, print servers, database servers, and file servers.
31
How are servers typically accessed?
Internet file servers are accessible via FTP and HTTP protocols, while file servers on LAN, such as the ones used in offices and schools, are accessed using SMB or NFS protocol
32
How are servers usually secured in comparison to workstations?
Servers are usually secured differently than workstations to protect the information they contain.
33
Are servers designed to be networked?
Yes, servers are designed to be networked.
34
What are endpoints in the context of a network communication link?
Endpoints are the ends of a network communication link.
35
Where is one end of an endpoint often located, and what is its role?
One end of an endpoint is often at a server where a resource resides.
36
What is the role of the other end of an endpoint?
The other end of an endpoint is often a client making a request to use a network resource.
37
What are some examples of devices that can serve as endpoints?
Examples of devices that can serve as endpoints include another server, desktop workstation, laptop, tablet, mobile phone, or any other end-user device.
38
What does Ethernet (IEEE 802.3) define?
Ethernet is a standard (IEEE 802.3) that defines wired connections of networked devices.
39
What does IEEE 802.3 define?
Ethernet is a standard (IEEE 802.3) that defines wired connections of networked devices.
40
What is the purpose of the Ethernet standard?
The Ethernet standard defines the way data is formatted over the wire to ensure disparate devices can communicate over the same cables.
41
What is a MAC address, and how is it structured?
A MAC (Media Access Control) address is assigned to every network device. It is structured in the form of six pairs of hexadecimal digits, such as 00-13-02-1F-58-F5. The first 3 bytes (24 bits) denote the vendor or manufacturer of the physical network interface.
42
What happens if two devices have the same MAC address in the same local network?
If two devices have the same MAC address in the same local network, an address conflict occurs.
43
How are MAC addresses typically assigned?
MAC addresses are assigned in the firmware of the network interface.
44
What is an IP address, and what does it represent?
An IP (Internet Protocol) address is a unique logical address associated with a network device. It represents the network interface within the network.
45
In what situations can a IP address be useful?
A IP address can be useful to maintain communications when a physical device is swapped with new hardware.
46
Can you provide examples of both MAC and IP addresses?
An example of a MAC address is 00-13-02-1F-58-F5. Examples of IP addresses are 192.168.1.1 and 2001:db8::ffff:0:1.
47
How many layers does a network model have in its most basic form
A network model in its most basic form has at least two layers.
48
What is the upper layer of a network model responsible for, and what is it also known as?
The upper layer, also known as the host or application layer, is responsible for managing the integrity of a connection, controlling the session, establishing, maintaining, and terminating communication sessions between two computers. It is also responsible for transforming data received from the Application Layer into a format that any system can understand and allowing applications to communicate.
49
What is the lower layer of a network model often referred to as, and what is its responsibility?
The lower layer is often referred to as the media or transport layer, and it is responsible for receiving bits from the physical connection medium and converting them into a frame. Frames are grouped into standardized sizes.
50
What is added to the frames of data in the lower layer to create packets?
Route data is added to the frames of data in the lower layer to create packets. In other words, a destination address is added to the bucket.
51
Once the buckets of data are sorted and ready to go, what layer takes over?
Once the buckets of data are sorted and ready to go, the host layer takes over.
52
Why was the OSI Model developed?
The OSI Model was developed to establish a common way to describe the communication structure for interconnected computer systems.
53
How does the OSI model serve as a reference?
The OSI model serves as a model for how protocols should function in an ideal world, on ideal hardware.
It is used to understand the communication of various hierarchical components from software interfaces to physical hardware.
54
How many layers does the OSI model divide networking tasks into?
The OSI model divides networking tasks into seven distinct layers.
55
How are the layers of the OSI model ordered, and why?
The layers of the OSI model are ordered specifically to indicate how information flows through the various levels of communication.
1) Physical
2) Data Link
3) Network
4) Transport
5) Session
6) Presentation
7) Application
(Please Do Not Touch Sam's Pet Alligator)
Each layer communicates directly with the layer above and the layer below it.
56
What is encapsulation, and when is it particularly important in the OSI model?
Encapsulation is the addition of header and possibly a footer (trailer) data by a protocol used at that layer of the OSI model. It is particularly important when discussing Transport, Network, and Data Link layers (2-4), which generally include some form of header.
57
What is the process known as when data moves up the OSI model layers from Physical to Application?
The process is known as de-encapsulation (or decapsulation).
58
How does the data unit size change as it moves down the OSI model? (Application to Physical)
The data unit size increases as it moves down the OSI model, and the contents continue to encapsulate.
59
What are some examples of networking terminology mapped to the OSI Model?
Examples include:
JPEG or PNG image files are associated with the Presentation Layer (6).
Logical ports such as NetBIOS are associated with the Session Layer (5).
TCP/UDP is associated with the Transport Layer (4).
Routers sending packets are associated with the Network Layer (3).
Switches, bridges, or WAPs sending frames are associated with the Data Link Layer (2).
60
What is TCP/IP, and when was it developed in comparison to the OSI model?
TCP/IP is the most widely used protocol today and was developed in the early 1970s, predating the development of the OSI model, which occurred in the late 1970s.
61
How does the TCP/IP protocol stack differ from the OSI model in terms of layers?
The TCP/IP protocol stack has four layers: Application Layer, Transport Layer, Internet Layer, and Network Interface Layer.
62
What is the focus of the TCP/IP protocol stack?
The TCP/IP protocol stack focuses on the core functions of networking.
63
What does the Application Layer of the TCP/IP protocol stack define?
The Application Layer defines the protocols for the transport layer.
64
What is the role of the Transport Layer in the TCP/IP protocol stack?
The Transport Layer permits data to move among devices.
65
What does the Internet Layer do in the TCP/IP protocol stack?
The Internet Layer creates and inserts packets.
66
What is the function of the Network Interface Layer in the TCP/IP protocol stack?
The Network Interface Layer determines how data moves through the network.
67
Is TCP/IP a single protocol or a protocol stack?
TCP/IP is not just a single protocol; it is a protocol stack comprising dozens of individual protocols.
68
What are some characteristics of TCP/IP in terms of platform independence and security?
TCP/IP is a platform-independent protocol based on open standards. It is found in just about every available operating system. However, it consumes a significant amount of resources and is relatively easy to hack into because it was designed for ease of use rather than for security.
69
What are some TCP/IP protocols included in the Application Layer?
TCP/IP protocols at the Application Layer include Telnet, File Transfer Protocol (FTP), Simple Mail Transport Protocol (SMTP), and Domain Name Service (DNS).
70
What are the two primary Transport Layer protocols of TCP/IP, and how do they differ?
The two primary Transport Layer protocols of TCP/IP are TCP (Transmission Control Protocol) and UDP (User Datagram Protocol). TCP is a full-duplex connection-oriented protocol, whereas UDP is a simplex connectionless protocol.
71
What is the role of ICMP in the Internet Layer of TCP/IP?
In the Internet Layer, Internet Control Message Protocol (ICMP) is used to determine the health of a network or a specific link.
72
How is ICMP utilized in network management tools like ping?
ICMP is utilized by ping, traceroute, and other network management tools. The ping utility employs ICMP echo packets and bounces them off remote systems to determine various aspects such as online status, responsiveness, support for communications by intermediary systems, and the efficiency of communication between intermediary systems.
73
What type of protocol is TCP, and what distinguishes it from UDP?
TCP is a full-duplex connection-oriented protocol. It establishes a connection before data exchange and ensures reliable delivery. This distinguishes it from UDP, which is a simplex connectionless protocol that does not establish a connection and does not guarantee reliable delivery.
74
What are the two major versions of IP currently deployed worldwide?
The two major versions of IP currently deployed worldwide are IPv4 and IPv6.
75
What address space does IPv4 provide, and why was IPv6 introduced?
IPv4 provides a 32-bit address space, and IPv6 was introduced in December 1995 to address the exhaustion of IPv4 addresses and provides a larger 128-bit address space along with other important features.
76
How is an IPv4 address expressed, and what is an example?
An IPv4 address is expressed as four octets separated by a dot (.), such as 216.12.146.140. Each octet may have a value between 0 and 255.
77
How is an IPv4 address subdivided, and what are the two parts?
An IPv4 address is subdivided into two parts: the network number and the host. The network number is assigned by external organizations like ICANN and represents the organization’s network, while the host represents the network interface within the network.
78
What is the purpose of a subnet mask, and how is it expressed?
To ease network administration, networks are divided into subnets, and a subnet mask is used to define the part of the address used for the subnet. The subnet mask is usually expressed in decimal notation like 255.255.255.0.
79
How did IPv4 address the limitation of available addresses?
IPv4 addressed the limitation of available addresses by subdividing into public and private address ranges. While public addresses are limited, private addressing was introduced to allow sharing of addresses, especially in small office, home office (SOHO) situations.
80
How does IPv4 facilitate address reuse, especially in small office and home office situations?
IPv4 facilitates address reuse by creating private address groups, allowing every LAN in every small office and home office situation to use addresses like 192.168.2.xxx for its internal network without the fear of interception by other systems.
81
What is the purpose of the reserved IP address ranges in IPv4?
The reserved IP address ranges in IPv4 are designated for specific purposes, such as private addressing, multicast, and loopback.
82
Can you provide examples of reserved IP address ranges in IPv4?
Examples of reserved IP address ranges in IPv4 include:
Private addresses: 10.0.0.0 to 10.255.255.255, 172.16.0.0 to 172.31.255.255, and 192.168.0.0 to 192.168.255.255.
Loopback address: 127.0.0.1
Multicast addresses: 224.0.0.0 to 239.255.255.255
83
What is a Loopback Address? and what is it used for?
The IP address 127.0. 0.1 is called a loopback address. Packets sent to this address never reach the network but are looped through the network interface card only. This can be used for diagnostic purposes to verify that the internal path through the TCP/IP protocols is working.
For example, a web server running on a computer can point to 127.0. 0.1 so that the pages run locally and test before it's deployed
84
What are multicast IP addresses used for?
Multicast IP Routing protocols are used to distribute data (for example, audio/video streaming broadcasts) to multiple recipients. Using multicast, a source can send a single copy of data to a single multicast address, which is then distributed to an entire group of recipients.
85
What is the significance of private IP address ranges like 192.168.x.x?
Private IP address ranges like 192.168.x.x are reserved for internal use within private networks, allowing multiple organizations to use the same addressing scheme without conflicts on the public internet.
86
Why is the loopback address (127.0.0.1) important, and how is it commonly used?
The loopback address (127.0.0.1) is used to test network connectivity on an individual device. It allows a device to send and receive data to itself, facilitating diagnostics and troubleshooting.
87
In what scenarios are multicast addresses (224.0.0.0 to 239.255.255.255) typically used?
Multicast addresses are used for one-to-many communication scenarios, where a single sender transmits data to multiple receivers simultaneously. This is commonly used in streaming applications and group communication.
88
How does the use of reserved IP addresses enhance network design and security?
The use of reserved IP addresses enhances network design and security by providing dedicated ranges for specific purposes. For example, private addresses allow internal network addressing without exposing internal devices to the public internet, contributing to network security.
89
What are the benefits of IPv6 compared to IPv4?
IPv6 offers a much larger address field (128 bits), improved security with mandatory IPsec, and enhanced Quality of Service (QoS) to ensure appropriate bandwidth allocation.
90
How is an IPv6 address represented, and what is an example?
An IPv6 address is represented as 8 groups of four hexadecimal digits separated by colons (e.g., 2001:db8::ffff:0:1). Leading zeros can be omitted, and consecutive zero fields can be represented by two colons (::).
91
What is the purpose of the reserved IPv6 address ::1?
The IPv6 address ::1 is the local loopback address, equivalent to 127.0.0.1 in IPv4, used for self-testing and diagnostics at the machine level.
92
What is the reserved IPv6 address range 2001:db8:: to 2001:db8:ffff:ffff:ffff:ffff:ffff:ffff used for?
The range 2001:db8:: to 2001:db8:ffff:ffff:ffff:ffff:ffff:ffff in IPv6 is reserved for documentation use, similar to reserved examples in IPv4.
93
What is the purpose of the IPv6 address range fc00:: to fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff?
The range fc00:: to fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff in IPv6 is reserved for internal network use and is not routable on the internet.
94
Why is wireless networking popular for connecting corporate and home systems?
Wireless networking is popular due to its ease of deployment and relatively low cost, making it versatile for both corporate and home systems.
95
What advantage does wireless networking offer to workstations and portable systems?
Wireless networking allows workstations and portable systems to roam freely within the signal range of deployed wireless access points, eliminating the need for physical cables.
96
How can the range of Wi-Fi be extended for larger campuses or homes?
Range extenders can be strategically placed to extend the Wi-Fi signal for larger campuses or homes.
97
How has the Wi-Fi standard evolved over time?
The Wi-Fi standard has evolved over time, with each updated version being faster than the last.
98
What vulnerability does the freedom of wireless networking introduce?
The freedom of wireless networking introduces additional vulnerabilities, as threat actors can intrude at a distance without needing physical access to the network.
99
In a wired LAN, how might threat actors gain access to the network, and how does it differ from wireless LANs?
In a wired LAN, threat actors need to enter the physical space or immediate vicinity of the physical media, using methods like sniffer taps or USB devices. In wireless LANs, intrusions can happen at a distance without physical access to the network.
100
What types of attacks can improperly implemented TCP/IP stacks in various operating systems be vulnerable to?
Improperly implemented TCP/IP stacks can be vulnerable to various attacks, including DoS/DDoS attacks, fragment attacks, oversized packet attacks, spoofing attacks, and man-in-the-middle attacks.
101
What is network monitoring or sniffing, and how can it impact network security?
Network monitoring, or sniffing, is the act of monitoring traffic patterns to obtain information about a network. It can lead to passive attacks on TCP/IP and other protocols, compromising network security.
102
What is a DoS/DDoS attack, and how can it exploit vulnerabilities in TCP/IP?
A Denial of Service (DoS) or Distributed Denial of Service (DDoS) attack overwhelms a system or network, making it unavailable to users. Improperly implemented TCP/IP stacks can be exploited in such attacks.
103
How can a fragment attack exploit vulnerabilities in TCP/IP?
A fragment attack exploits vulnerabilities in TCP/IP by manipulating or fragmenting packets, causing issues in packet reassembly and potentially leading to system vulnerabilities.
104
What is an oversized packet attack, and how does it target TCP/IP?
An oversized packet attack involves sending abnormally large packets to a system, potentially causing buffer overflows or other vulnerabilities in TCP/IP stacks.
105
How does a spoofing attack target TCP/IP, and what is its potential impact?
Spoofing attacks involve sending forged data to a system to deceive it about the source of the information. In TCP/IP, this can lead to unauthorized access or manipulation of data.
106
What is a man-in-the-middle attack, and how can it exploit vulnerabilities in TCP/IP?
A man-in-the-middle attack involves intercepting communication between two parties. In TCP/IP, it can exploit vulnerabilities to eavesdrop on or manipulate data exchanged between systems.
107
What is a logical port, and how is it related to communication between two systems?
A logical port (or socket) is an address number agreed upon by both ends of a communication link. It allows for the establishment of communication connections between two systems.
108
How do ports contribute to the versatility of a single IP address?
Ports enable a single IP address to support multiple simultaneous communications, each using a different port number.
109
In which layer of the TCP/IP model do logical ports reside, and what other layers in the OSI model include them?
Logical ports reside in the Application Layer of the TCP/IP model, which includes the Session, Presentation, and Application Layers of the OSI model.
110
Provide examples of application- or service-specific protocols and their associated port numbers.
Examples include:
HTTP (web traffic) - port 80
HTTPS (secure web traffic) - port 443
111
What is the significance of having two ports assigned for a service or protocol?
In some cases, a service or protocol may have two ports assigned—one secure and one insecure. Implementing the most secure version of a protocol and its services is recommended.
112
What are well-known ports, and what range do they fall within?
Well-known ports (0–1023) are associated with common protocols at the core of the TCP/IP model, such as DNS and SMTP.
113
How are registered ports (1024–49151) different from well-known ports?
Registered ports are often associated with proprietary applications from vendors and developers, officially approved by the Internet Assigned Numbers Authority (IANA). Vendors may choose their port, unlike well-known ports.
114
What characterizes dynamic or private ports, and in which port range are they found?
Dynamic or private ports (49152–65535) are used for sessions associated with well-known or registered ports. They are dynamically assigned for the duration of a session and then released.
115
What is the port number associated with web traffic (HTTP)?
The port number associated with web traffic (HTTP) is port 80.
116
For secure web traffic (HTTPS), what is the corresponding port number?
The corresponding port number for secure web traffic (HTTPS) is port 443.
117
Which port is commonly used for Remote Authentication Dial-In User Service (RADIUS) authentication?
The port commonly used for Remote Authentication Dial-In User Service (RADIUS) authentication is port 1812.
118
What are the port numbers associated with Microsoft SQL Server?
Microsoft SQL Server is associated with port numbers 1433 (insecure) and 1434 (secure).
119
Which ports are often associated with proprietary applications from vendors and developers and fall within the registered port range?
Ports often associated with proprietary applications and falling within the registered port range (1024–49151) include Microsoft SQL Server (1433/1434) and Docker REST API (2375/2376).
120
In the well-known port range, which port is typically used for Simple Mail Transfer Protocol (SMTP)?
Simple Mail Transfer Protocol (SMTP) is typically associated with port 25 in the well-known port range.
121
What is the range of well-known ports?
Well-known ports fall within the range of 0–1023.
122
Explain the purpose of dynamic or private ports and the port range they occupy.
Dynamic or private ports (49152–65535) are used for sessions associated with well-known or registered ports. They are dynamically assigned for the duration of a session and then released.
123
What is the port number associated with File Transfer Protocol (FTP) for control purposes?
The port number associated with FTP for control purposes is 21.
124
Which port is commonly used for Secure Shell (SSH) connections?
Port 22 is commonly used for Secure Shell (SSH) connections.
125
What is the default port number for Telnet connections?
The default port number for Telnet connections is 23.
126
Which ports are associated with the Domain Name System (DNS), and what are their purposes?
DNS uses port 53 for both UDP and TCP. UDP is used for general queries, while TCP is used for zone transfers.
127
What are the port numbers used by the Dynamic Host Configuration Protocol (DHCP) for server and client communication?
DHCP uses port 67 for the server and port 68 for the client.
128
Which port is associated with the Trivial File Transfer Protocol (TFTP)?
TFTP is associated with port 69.
129
What is the default port number for Simple Mail Transfer Protocol (SMTP)?
The default port number for SMTP is 25.
130
Which ports are commonly used for receiving emails using the Post Office Protocol version 3 (POP3)?
POP3 commonly uses port 110.
131
What is the port number associated with the Internet Message Access Protocol (IMAP)?
IMAP is associated with port 143.
132
For secure web communication using HTTPS, what is the default port number?
The default port number for secure web communication using HTTPS is 443.
133
Which port is typically used for the Lightweight Directory Access Protocol (LDAP)?
LDAP typically uses port 389.
134
What is the port number for the Simple Network Management Protocol (SNMP)?
The port number for SNMP is 161 (UDP).
135
What is the default port number for the Network Time Protocol (NTP)?
The default port number for NTP is 123 (UDP).
136
Which port is commonly associated with Server Message Block (SMB) for file sharing?
SMB is commonly associated with port 445.
137
What is the port number used for Remote Desktop Protocol (RDP)?
The port number used for Remote Desktop Protocol (RDP) is 3389.
138
Which port is commonly used for Virtual Network Computing (VNC)?
VNC commonly uses port 5900.
139
What is the default port number for Internet Relay Chat (IRC)?
The default port number for IRC is 6667.
140
Which port is commonly associated with MySQL Database connections?
MySQL Database connections commonly use port 3306.
141
What is the default port number for File Transfer Protocol (FTP), and what is its secure alternative port?
The default port number for File Transfer Protocol (FTP) is 21. Its secure alternative port is 22.
142
Which port is commonly associated with the legacy Time Protocol, and what port has mostly replaced it for improved error-handling capabilities in the context of Network Time Protocol (NTP)?
The legacy Time Protocol is commonly associated with port 37, and it has mostly been replaced by port 123 for Network Time Protocol (NTP), which offers better error-handling capabilities, reducing the likelihood of unexpected errors.
143
What is the default port number for Domain Name Service (DNS), and how can DNS information be protected from being modified in transit?
What is the default port number for Domain Name Service (DNS), and how can DNS information be protected from being modified in transit?
144
What is the default port number for Internet Message Access Protocol (IMAP), and why is IMAP traffic on this port susceptible to network sniffing?
The default port number for Internet Message Access Protocol (IMAP) is 143. IMAP traffic on port 143 is susceptible to network sniffing because it is not encrypted.
145
What is the secure alternative to port 143 for IMAP, and how does it enhance security?
The secure alternative to port 143 for IMAP is port 993. Using port 993 for IMAP adds SSL/TLS security, encrypting the data between the mail client and the mail server, making it resistant to network sniffing.
146
What are the default port numbers for Simple Network Management Protocol (SNMP), and why is it recommended to use SNMP version 2 or 3 for managing infrastructure devices?
The default port numbers for SNMP are 161 and 162. It is recommended to use SNMP version 2 or 3 (SNMPv2 or SNMPv3) for managing infrastructure devices because these versions include encryption and additional security features.
147
Why is there no definitive secure and insecure pairing for SNMP ports 161 and 162?
Unlike many other protocols, all versions of SNMP use the same ports (161 and 162), so there is not a definitive secure and insecure pairing. Additional context is needed to determine if information on ports 161 and 162 is secured or not.
148
What is the default port number for Server Message Block (SMB), and why is it recommended not to allow traffic on this port through a firewall at the network perimeter?
The default port number for Server Message Block (SMB) is 445. It is recommended not to allow traffic on port 445 through a firewall at the network perimeter because files transmitted over SMB are unencrypted, and many vulnerabilities are well-known.
149
Is there a more secure alternative to port 445 for file access, and why is it not recommended to allow this alternative through firewalls?
A more secure alternative to port 445 for file access is port 2049, used by Network File System (NFS). However, it is also not recommended to allow NFS traffic through firewalls, even though NFS can use encryption.
150
What is the default port number for Lightweight Directory Access Protocol (LDAP), and what type of information does LDAP typically communicate?
The default port number for Lightweight Directory Access Protocol (LDAP) is 389. LDAP typically communicates directory information, serving as an address book for email or providing usernames for logins.
151
Why is LDAP susceptible to sniffing and manipulation attacks, and what is the secure alternative that adds security to the protocol?
LDAP is susceptible to sniffing and manipulation attacks because it is not encrypted. The secure alternative is Lightweight Directory Access Protocol Secure (LDAPS), which adds SSL/TLS security to protect the information while it is in transit.
152
What is the purpose of the three-way handshake in establishing a TCP connection between two devices?
The three-way handshake is used to establish a TCP connection between two devices by synchronizing and acknowledging any request.
153
Describe the steps involved in the three-way handshake when a client is establishing a connection to a web server.
1) The client sends a synchronization (SYN) packet to the web server's port 80 or 443, requesting to establish a connection.
2) The web server replies to the SYN packet with an acknowledgment, known as SYN/ACK.
3) The client acknowledges the connection with an acknowledgement (ACK). At this point, the basic connection is established, and further negotiation for secure communications takes place over that connection.
154
What Protocol is a secure alternative to using telnet?
Secure Shell (SSH) is the secure alternative to telnet as it encrypts all traffic between the host and remote user.
155
