Chapter 4: Network Flashcards

1
Q

DoS/DDoS attacks

A

The prevention of authorized access to resources or the delaying of time-critical operations. (Time-critical may be milliseconds or it may be hours, depending upon the service provided.)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Fragment Attacks

A

In a fragment attack, an attacker fragments traffic in such a way that a system is unable to put data packets back together.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Oversized Packet Attacks

A

Purposely sending a network packet that is larger than expected or larger than can be handled by the receiving system, causing the receiving system to fail unexpectedly.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Spoofing

A

Faking the sending address of a transmission to gain illegal entry into a secure system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Man in the Middle Attacks

A

An attack where the adversary positions himself in between the user and the system so that he can intercept and alter data traveling between them.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Physical Ports

A

Physical ports are the ports on the routers, switches, servers, computers, etc. that you connect the wires, e.g., fiber optic cables, Cat5 cables, etc., to create a network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Logical Ports

A

A logical port (also called a socket) is little more than an address number that both ends of the communication link agree to use when transferring data. Ports allow a single IP address to be able to support multiple simultaneous communications, each using a different port number. In the Application Layer of the TCP/IP model (which includes the Session, Presentation, and Application Layers of the OSI model) reside numerous application- or service-specific protocols. Data types are mapped using port numbers associated with services.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Three ways Handshake

A

SYN, SYN-ACK, ACK

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

TCP/IP

A

TCP/IP stands for Transmission Control Protocol/Internet Protocol.

TCP/IP is a set of standardized rules that allow computers to communicate on a network such as the internet.

5 layers:
- Physical Layer: The physical devices that connect computers
- Data Link Layer: Defines a common way of interpreting signals so that network devices can communicate (ex. ethernet).
- Network/Internet Layer: allows different networks to communicate with each other through devices known as routers (ex. IP).
- Transport layer: Sorts out which client and server programs are supposed to get that data. (ex. TCP, UDP)
- Application Layer: Browser, Email

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

VLAN

A

Virtual Local Area Network

A logical group of workstations, servers, and network devices that appear to be on the same LAN despite their geographical distribution.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

VPN

A

Virtual Private Network

A virtual private network (VPN), built on top of existing networks, that can provide a secure communications mechanism for transmission between networks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

WLAN

A

Wireless Local Area Network

A group of computers and devices that are located in the same vicinity, forming a network based on radio transmissions rather than wired connections. A Wi-Fi network is a type of WLAN.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Zenmap

A

The graphical user interface (GUI) for the Nmap Security Scanner, an open-source application that scans networks to determine everything that is connected as well as other information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Zero Trust

A

Removing the design belief that the network has any trusted space. Security is managed at each possible level, representing the most granular asset. Microsegmentation of workloads is a tool of the model.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

PCI DSS

A

Payment Card Industry Data Security Standard

An information security standard administered by the Payment Card Industry Security Standards Council that applies to merchants and service providers who process credit or debit card transactions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

SMTP

A

Simple Mail Transport Protocol

The standard communication protocol for sending and receiving emails between senders and receivers. The SMTP is an application layer protocol that operates at level 7.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Protocols

A

A set of rules (formats and procedures) to implement and control some type of association (that is, communication) between systems.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Payload

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Packet

A

Representation of data at Layer 3 of the Open Systems Interconnection (OSI) model.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

ICMP

A

Internet Control Message Protocol

An IP network protocol standardized by the Internet Engineering Task Force (IETF) through RFC 792 to determine if a particular service or host is available.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

IPv4

A

Internal Protocol version 4

Standard protocol for transmission of data from source to destinations in packet-switched communications networks and interconnected systems of such networks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

De-encapsulation

A

The opposite process of encapsulation, in which bundles of data are unpacked or revealed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

DNS

A

Domain Name Service

This acronym can be applied to three interrelated elements: a service, a physical server and a network protocol.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

FTP

A

Port 21, File Transfer Protocol (FTP) sends the username and password using plaintext from the client to the server. This could be intercepted by an attacker and later used to retrieve confidential information from the server. The secure alternative, SFTP, on port 22 uses encryption to protect the user credentials and packets of data being transferred.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Encapsulation

A

Enforcement of data hiding and code hiding during all phases of software development and operational use. Bundling together data and methods is the process of encapsulation; its opposite process may be called unpacking, revealing, or using other terms. Also used to refer to taking any set of data and packaging it or hiding it in another data structure, as is common in network protocols and encryption.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

Phishing

A

An attack that attempts to misdirect legitimate users to malicious websites through the abuse of URLs or hyperlinks in emails could be considered phishing.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

Trojan

A

Named after the ancient story of the Trojan horse, the Trojan is a software program that appears benevolent but carries a malicious, behind-the-scenes payload that has the potential to wreak havoc on a system or network. For example, ransomware often uses a Trojan to infect a target machine and then uses encryption technology to encrypt documents, spreadsheets and other files stored on the system with a key known only to the malware creator.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

Malware

A

A program that is inserted into a system, usually covertly, with the intent of compromising the confidentiality, integrity or availability of the victim’s data, applications or operating system or otherwise annoying or disrupting the victim.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

Ransomware

A

Malware used for the purpose of facilitating a ransom attack. Ransomware attacks often use cryptography to “lock” the files on an affected computer and require the payment of a ransom fee in return for the “unlock” code.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

Insider Threat

A

Insider threats are threats that arise from individuals who are trusted by the organization. These could be disgruntled employees or employees involved in espionage. Insider threats are not always willing participants. A trusted user who falls victim to a scam could be an unwilling insider threat.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

On-path attack (MitM):

A

In an on-path attack, attackers place themselves between two devices, often between a web browser and a web server, to intercept or modify information that is intended for one or both of the endpoints. On-path attacks are also known as man-in-the-middle (MITM) attacks.

32
Q

IDS

A

Intrusion Detection System

33
Q

HIDS

A

Host-based Intrusion Detection System

A HIDS monitors activity on a single computer, including process calls and information recorded in system, application, security and host-based firewall logs. It can often examine events in more detail than a NIDS can, and it can pinpoint specific files compromised in an attack. It can also track processes employed by the attacker. A benefit of HIDSs over NIDSs is that HIDSs can detect anomalies on the host system that NIDSs cannot detect.

34
Q

NIDS

A

Network-based Intrusion Detection System

A NIDS monitors and evaluates network activity to detect attacks or event anomalies. It cannot monitor the content of encrypted traffic but can monitor other packet details. A single NIDS can monitor a large network by using remote sensors to collect data at key network locations that send data to a central management console. These sensors can monitor traffic at routers, firewalls, network switches that support port mirroring, and other types of network taps.

35
Q

Antivirus/anti-malware

A

Seeks to identify malicious software or processes

36
Q

Scans

A

Evaluates the effectiveness of Security Controls

37
Q

Firewalls

A

Filter Network Traffic, manages and controls network traffic and protects the network

38
Q

IPS

A

Intrusion Protection System

39
Q

SIEM

A

Security management involves the use of tools that collect information about the IT environment from many disparate sources to better examine the overall security of the organization and streamline security efforts. These tools are generally known as security information and event management (or S-I-E-M, pronounced “SIM”) solutions. The general idea of a SIEM solution is to gather log data from various sources across the enterprise to better understand potential security concerns and apportion resources accordingly.

SIEM systems can be used along with other components (defense-in-depth) as part of an overall information security program.

40
Q

MOU

A

Memorandum of Understanding

41
Q

MOA

A

Memorandum of Agreement

42
Q

Network Segmentation

A

Network segmentation involves controlling traffic among networked devices. Complete or physical network segmentation occurs when a network is isolated from all outside communications, so transactions can only occur between devices within the segmented network.

43
Q

DMZ

A

Demilitarised Zone

A DMZ is a network area that is designed to be accessed by outside visitors but is still isolated from the private network of the organization. The DMZ is often the host of public web, email, file and other resource servers.

44
Q

Defence in Depth

A

Defense in depth uses multiple types of access controls in literal or theoretical layers to help an organization avoid a monolithic security stance.

45
Q

NAC

A

Network Access Control

Network access control (NAC) is a security solution that enforces policy on devices that access networks to increase network visibility and reduce risk.

46
Q

Micro-segmentation

A

Part of a zero-trust strategy that breaks LANs into very small, highly localized zones using firewalls or similar technologies. At the limit, this places firewall at every connection point.

47
Q

OSI

A

The OSI model organises communicating systems according to 7 layers:
- Physical layer:
- Data Link layer
- Network layer
- Transport layer
- Session layer
- Presentation layer
- Application layer

48
Q

IP

A

The Internet Protocol (IP) is a set of requirements for addressing and routing data on the Internet. IP can be used with several transport protocols, including TCP and UDP. Protocols. Network layer. How Internet works. Internet Protocol (IP) is known to be a level 3 protocol.

49
Q

SNMP

A

Simple Network Management Protocol (SNMP) is a protocol used to configure and monitor devices attached to networks. It is an application-level protocol (level 7), and therefore the only option that is not from level 3.

50
Q

IGMP

A

The Internet Group Management Protocol (IGMP) is a protocol that allows several devices to share one IP address so they can all receive the same data. IGMP is a network layer protocol used to set up multicasting on networks that use the Internet Protocol version 4 (IPv4). Specifically, IGMP allows devices to join a multicasting group.

51
Q

Ranges of Private IP addresses

A

The ranges of IP addresses 10.0.0.0 to 10.255.255.254, 172.16.0.0 to 172.31.255.254, and 192.168.0.0 to 192.168.255.254 are reserved for private use

52
Q

Port 80

A

Port 80 is reserved for plain HTTP connections.

53
Q

Port 69

A

Port 69 is reserved for TFTP protocol.

54
Q

Port 25

A

Port 25 is reserved for SMTP protocol.

55
Q

Port 443

A

Port 443 is reserved for HTTPS connections.

56
Q

IPv6

A

An IPv6 address is a 128-bit address represented as a sequence of eight groups of 16-bit hexadecimal values.

Example: 8be2:4382:8d84:7ce2:ec0f:3908:d29a:903a

57
Q

Subnet mask

A

A subnet mask is a number that distinguishes between the network address and the host address. Subnetting divides a network into two or more subnets

58
Q

Standard temperature for server room

A
  • 18 to 27 Celsius
  • 3 temperature sensors: one at the top, one in the middle and one at the bottom.
59
Q

APT

A

Advanced Persistent Threat

60
Q

Port numbers ranges

A

Port numbers are divided into three ranges:

  • Known Ports (0-1023)
  • Registered Ports (1024-49151)
  • Dynamic or Private Ports (49152-65535).

The dynamic or private ports are those from 49152 to 65535. These ports are typically used for ephemeral ports, which are temporary and only used for the duration of a specific communication session

61
Q

Ping command

A

The ‘ping’ command is a common network diagnostic tool used to test the availability of a host by measuring the round-trip time for Internet Control Message Protocol (ICMP) echo requests messages to the target host. If the server is unavailable, ‘ping’ will display a timeout.

62
Q

Port 21

A

FTP File Transfer Protocol

63
Q

Port 22

A

SFTP Secure File Transfer Protocol

64
Q

Port 23

A

Telnet

65
Q

Port 25

A

Port 25, Simple Mail Transfer Protocol (SMTP) is the default unencrypted port for sending email messages. Since it is unencrypted, data contained within the emails could be discovered by network sniffing.

66
Q

Port 37

A

Port 37, Time Protocol, may be in use by legacy equipment and has mostly been replaced by using port 123 for Network Time Protocol (NTP). NTP on port 123 offers better error-handling capabilities, which reduces the likelihood of unexpected errors.

67
Q

Port 53

A

Port 53, Domain Name Service (DNS), is still used widely. However, using DNS over TLS (DoT) on port 853 protects DNS information from being modified in transit.

68
Q

Port 143

A

Port 143, Internet Message Access Protocol (IMAP) is a protocol used for retrieving emails. IMAP traffic on port 143 is not encrypted and susceptible to network sniffing. The secure alternative is to use port 993 for IMAP, which adds SSL/TLS security to encrypt the data between the mail client and the mail server.

69
Q

Port 161/162

A

Ports 161 and 162, Simple Network Management Protocol, are commonly used to send and receive data used for managing infrastructure devices.

70
Q

Port 445

A

Port 445, Server Message Block (SMB), is used by many versions of Windows for accessing files over the network. Files are transmitted unencrypted, and many vulnerabilities are well-known.

71
Q

Port 389

A

Port 389, Lightweight Directory Access Protocol (LDAP), is used to communicate directory information from servers to clients. This can be an address book for email or usernames for logins. The LDAP protocol also allows records in the directory to be updated, introducing additional risk.

72
Q

Port 443

A

HTTPS
HyperText Transfer Protocol Secure

73
Q

Port 445

A

SMB
Server Message Block

74
Q

Port 445

A

SMB
Server Message Block

75
Q

Port 3389

A

RDP
Remote Desktop Protocol