Chapter 4: Network and Communications Flashcards
What are the well known/ registerd and dynamic ports
well known : 0 to 1023
Registered : 1024 to 49151
Dynamic: 49152 to 65535
Name a few common session layer protocols
- PAP
- PPTP
- Netbios
- RPC
What is the difference between session layer and transport layer protocols
Session: Application to application communication
Transport: computer to computer
what is a key service that session layer protocols should provide
secure authentication capabilities
what are the sublayers of data link
Logical Link Control (takes care of flow control and error checking)
Media Access control ( knows how to put the data on the wire)
Eg of MAC are 802.3 (ethernet),802.11 etc
What are some of the protocols that work at data link layer
- Point to Point protocol
- Layer 2 tunneling protocol
- ATM
- FDDI
- Ethernet
- Token ring
Acronym for OSI Layers
All People Seem To Need Data Processing
Application
Presentation
Session
Transport
Network
Datalink
Physical
Sample application layer protocols
HTTP, FTP, SNMP, SMTP, TFTP
Application layer data is known as MESSAGE
Services that work at presentation layer
ASCII, EBCDIC, TIFF, JPEG, MPEG, MIDI,
Transport layer protocols
TCP/UDP/SPX
TCP Data - Segment
UDP Data - Datagram
Protocols at network layer
IP, ICMP, IGMP, RIP, OSPF, IPX
Data at network layer is packets
Protocols at data link layer
ARP, RARP,
PPP,
Serial Line internet (SLIP)
Ethernet (802.3), Token ring (802.5), Wireless ethernet (802.11)
Protocols at physical layer
RS/EIA/TIA-422, 423, 449, 485, 10BaseT, 10base2, ISDN, SONET, DSL,
What communication protocol is used by SCADA systems
Distributed Network Protocol 3 (DNP 3)
- Uses simple three layer model called Enhanced performance architecture (EPA)
- Corresponds to layers 2,4, 7 of OSI (roughly)
Controller Area Network Bus (CAN Bus)
allows microcontrollers and other embedded devices to communicate with each other on shared bus
Used in smart/connected cars
What is a socket
Socket = TCP/UDP + IP Address + Port
how can SYN floods be prevented
use of SYN caches that delays the allocation of a socket untill the handshake is completed
how can TCP session hijacking take place
through correctly guessing sequence number and spoofing it
IPV4 vs IPV6
32 bits :: 128 bits
65535 byte packets :: 4.3 billion byts (jumbograms)
Less multicasting:: Better Mutlicasting
No unicast :: new concept of unicast
inefficient forwarding :: efficient forwarding
No labelling and QoS :: Labelling enables QoS
no security support :: supports integrity, authentication, confidentiality
What are some of the IPV6 to IPV4 tunneling protocols
6 to 4 (intersite ie between two networks, hence can be used on internet)
Teredo (intersite, same as above)
Intrasite automatic tunnel addressing protocol (ISATAP)
What are the security standards for data link layer
- 1 AE - for encryption of frames
- 1 AF - for key management and distribution
- 1 AR - unique id for each device
What framework does 802.1AE/F/R work with
802.1X EAP-TLS framework
why is MPLS considered a converged protocol
MPLS is a converged protocol as it can encapsulate any higher level protocol and tunnel it over a variety of links
Difference between bandwidth and data throughput
Bandwidth is the data transfer capability of a link and is associated with the available frequencies in the link and the link speed
Data throughput is the actual amount of data that can be carried acroos this link
what affects the througput of the links
Data through put can be higher if compression is used. If links are congested, throughput can be lower
synchronous vs asynchronous timing in connection links
Asynchronous uses start and stop bits
Synchronous timing - large amount of data in predictable manner
Asynchronous timing - data in unpredictable manner
what is broadband
Any communication technology that chops us one communication channel into many is considered broadband
what does bandwidth of a cable indicate
The bandwidth of a cable indicates the highest frequency range it uses eg 10BaseT uses 10 Mhz, 100 Base TX uses 80 Mhz and 1000Base T uses 100 Mhz
how is attenuation impacted by higher frequencies
Effects of attenuation increase with higher frequencies. Hence cables used to transmit data at higher frequencies should have shorter cable runs
What are the data rates of 10 Base T, 100 Base T and 1000 Base T
10Mbps
100Mbps
1000Mbps
Single mode fiber vs multi-mode
Single mode fiber - high speed data transmission over long distances
Multimode fiber - shorter distances, can carry more data
(single mode like 2 lane highway, multimode 6 lane city road)
Plenum vs non plenum cables
Plenum rated cables - jacket covers made of fluoropolymers
Non Plenum cables - usually have a polyvinyl chloride (PVC) jacket covering
What is Maximum Transmission Unit (MTU)
indicates how much data a frame can carry on a particular network. Frames may need to be fragmented as well
CSMA CD vs CSMA CA
CSMA/CD (collision detection) - each computer detects if wire is free before talking ie transmitting
CSMA/CA (collision avoidance) - each computer does the above and then puts a message that it is going to start to transmit and then transmit the data
What does wireless technology use to avoid collision
802.11x uses CSMA/CD
What does Internet group management protocol (IGMP) do
used to report multicast group membership to routers
What is RARP used for
used to find IP address by diskless workstations who know their MAC address
What is SNMP community string
is a password that the snmp manager uses to request data from the agent.
Snmp v3 has cryptographic functionality and is secure
What are DNS Zones
DNS Namespaces are split up administratively into zones
DNS server that hosts the files for the zone is the authoritative name server for that zone
A zone may contain one or more domains
common use of POP and IMAP
POP - internet based accounts (all messages are downloaded ie popped on checking for new mail)
IMAP - corporate accounts (messages are kept on server or downloaded at user requirement)
Key points of Simple Authentication and Security Layer (SASL)
- Protocol independent framework
- performs authentication
- new & legacy protocols use it
- used by protocols so that they dont have to design authentication
How does sender policy framework (SPF) work
- validates senders IP address (prevents spoofing)
- SPF record tags authorised mail server IDs to domain
- mail exchanges use DNS to validate the IP
What protocol replaced Exterior Gateway Protocol (EGP)
Replaced by BGP
BGP uses a combination of linkstate and _distance vecto_r routing algorithms
how does Source Routing work
the packets contain the routing information built in them instead of depending on a bridge or networking devices
External devices and border routers should not accept source routing as it can override the forwarding and routing tables configured in the intermediate devices
What is 802.1Q
802.1Q is about how VLANs should be constructed and how tagging is to take place
How can VLAN traffic be compromised
A compromised system can function as a switch and insert itself between different vlans and gain access to traffic
What is a double tagging attack in VLANs
An attacker can insert vlan tags to manipulate the control of traffic at the data link layer
What are Weaknesses of packet filtering firewalls
- No application specific visibility
- Limited logging
- No advanced user authentication support
- Cannot detect spoofed address
- Cannot detect packet fragmentation attacks
What is a circuit-level proxy
A proxy based firewall that works at lower layers
works at session layer and monitors traffic from a network based view
Creates a communication between two systems
What is the main feature of application level proxy
An application level proxy firewall has one proxy for each protocol
What is SOCKS
SOCKS is an example of a circuit level proxy gateway that provides a secure channel between two computers
Dynamic packet filtering firewall
- the return journey is automatically mapped as a dynamic ACL
What are key features of Kernel proxy firewall
- Creates dynamic , customised network stacks when a packet needs to be evaluated.
- faster than app level proxy firewalls because all of the inspection and processing takes place at the kernel
What is the precaution to take on a dual homed firewall configuration
On dual homed firewall installed on a system, underlying OS should have packet forwarding and routing turned off, else acls will be skipped
What is a screened host
A screened host is a firewall that communicates directly with a perimeter router and the internal network. Also known as single tiered configuration
what is a a screened subnet configuration
A screened subnet is when the screened host firewall forwards traffic to another firewall which is controlling traffic to internal network. This creates a dmz between the two firewalls. Also knownd as two tiered configuration
If three firewalls are used to create two dmzs, it is known as three tiered configuration
What are the three approaches to SDN
- Open / from open networking foundation
- Api / from cisco that enhances the ONF approach
- Overlay
how is routing done in SDN
the routing decisions are made by controller
Hence the networking devices behave and are referred to as switches
What is a virtual private lan service
emulates a LAN over a managed IP/MPLS
How many calls and bandwidth does T1 provide
T1 trunks provided 24 voice communication calls over two pairs of copper wires
this provided a 1.544mbps transmission rate
How many T1 lines are within T3
T3 lines carry 28 T1 lines
What does SONET enable
SONET standard enables all carriers to interconnect
SONET is standard for NorthAmerica , SDH (synchronous digital hierarchy) is the standard for rest of world
Asynchronous transfer mode (ATM)
encapsulates data in fixed cells and carried over SONET
ATM is the car and SONET is the highway
What are the Optical carrier lines and their different bandwidth values
OC1 - 51.84Mbps
OC3 - 155.52 Mbps
OC12 - 622.08
(3 is 3x of 1, 12 is 12x of 1)
Speeds of E1/E3 and T1/T3
E1 - 2.048Mbps / E3 - 34.368 Mbps
T1 - 1.544Mbps / T3 - 44.736Mbps
Number of channels in T1/T2/T3/T4
T1 - 24 channels
T2 - 96 (4 T1s)
T3 - 672 (28 T1s)
T4 - 4032 (168 T1s)
what is the role of Channel Service Unit / Data Service Unit
- required when digital requirement will be used to connect a LAN to a WAN
- functions as a translator and line conditioner
- connects the lan to the service providers line
which are the two most prominent packet switching protocols
Frame Relay
X.25
How does Frame Relay and X.25 work
- both forwards frames across virtual circuits (VCs)
- VCs can be either permanent or switched
the frame relay cloud is the group of devices that provides switching and data communications functionality
X.25, data is divided into 128 bytes and encapsulated in high level data link control (HDLC) frames
How does ATM (Asynchronous transfer mode) work
- uses cell switching
- Data segmented into fixed size cells of 53 bytes
What are the QoS parameters in ATM
constant bit rate - for time sensitive apps like video
Variable bit rate - for time insensitve app, flow is uneven
Unspecified bit rate - no promise on data throughput
Available bit rate - bandwidth provided from what is left over after guaranteed rate is met
What are the typcial three levels of QoS
Best effort - no guarantee
Differentiated - more b/w shorter delays
Guaranteed service - ensures specific data throughput at guaranteed speed
What is Synchronous Data Link Control
- used in networks that use dedicated links
- generally in mainframe environments
- used for communication with IBM hosts in systems network architecture (SNA)
What are the offshoots of SDLC
- HDLC (device to device wan communication)
- Link access procedure (LAP)
- Link access procedure - Balanced (LAP-B)
What is the Point to Point (PPP) protocol
It is a WAN protocol and has two subprotocols
- Link control protocol - establishes, maintains and configures connection
- Network control protocol - makes sure that PPP can integrate and work with many different protocols like IP, IPX, Netbeui (if only ip traffic was to be moved then NCP would not have been required)
How does PPP provide for user authentication
PPP provides user authentication through
- PAP (Password authentication protocol)
- CHAP (Challenge Handshake authentication protocol)
- EAP (Extensible authentication protocol)
What is the High Speed Serial Interface (HSSI)
HSSI is an interface used to connect multiplexers and routers to high speed communication services such as ATM and Frame relay
What is the difference between HDLC and PPP
HDLC - data encapsulation method for synchronous links
PPP - above plus asynchronous
what is commanality between HDLC and PPP
both are used for point to point and multipoint communication
What network should be used for time sensitive applications
Applications that are time sensitive such as voice and video signals need to work over an isochronous network.
An isochronous network contains the necessary protocols and devices that guarantee continuous bandwidth without interruption
What is an example of a media gateway
A media gateway is the translation unit between different telecommunications network. Eg VOIP media gateways perform the conversion between TDM voice to VOIP
What is the session initiation protocol
- setup and breakdown call sessions
- works over tcp as well as udp
- two components , user agent client (UAC) and user agent servers (UAS)
SIP is not used to carry actual voice or video
What does UAC and UAS don in SIP
User agent client (UAC) -creates call request eg softphone or ipphone
User agent server (UAS) - handles routing and signalling
What is Real Time Protocol (RTP)
- Used to carry actual voice or video
- provides standardised packe format for delivering voice and video over IP networks
What are the 3 server roles in a SIP architecture
Proxy servers - relay packets within a network between the UAC and UAS
Registrar servers -centralised record of the updated locations of all the users on the network
Redirect servers - for connectivity across network zones (intraorganizational)
Why is DSL faster than analog
because it uses all frequencies on the line
what is point to point tunneling protocol userd for (PPTP)
- tunnel PPP connections over an IP network
- included security features
- uses Generic Routing Encapsulation (GRE) and TCP to encapsulate PPP packets and extend a PPP connection through an IP network
What is the limitation of PPTP
- PPTP cannot support multiple connections within single VPN tunnel
- Hence it can be used for system to system communication and not gateway to gateway communication
Why is PPP used over an IP network like internet
Point to point line devices that connect individual systems to the internet do not understand IP. So the traffic that travels over these links have to be encapsulated in PPP)
When is Layer 2 tunneling protocol used (L2TP)
When PPP connection has to be carried over a non IP network eg framerelay
At what layer does PPTP and L2TP work
Data Link Layer
At what layer does IPSec work
Network layer
What are the main protocols within the IPSec suite
- Authentication Header (AH)- data integrity, origin authentication, protection from replay
- Encapsulating security payload (ESP)- data integrity, origin authentication , confidentiality
- Internet security association and Key management protocol (ISAKMP) - framework for security association creation and key exchange
- Internet Key exchange (IKE)- provides authenticated keying material for use with ISAKMKP
How does iterated tunneling work in IPSec
IPSec tunnel is tunneled through another IPSec tunnel
e.g for internal tunnel only AH is used, while for routing this tunnel over the internet , ESP is used which further tunnels the AH payload
At what layer does TLS work
Session layer
What is a TLS Portal VPN
an individual uses a single standard TLS connection to a website to securely access multiple network services
what is the use of PAP/ CHAP / EAP
used by remote users to authenticate over PPP connections
CHAP does not need password to be transferred over the wire
which is least to most secure among PAP/CHAP/EAP
PAP least secure
CHAP better secure
EAP most secure among three
how does CHAP function
- server sends a challenge (nonce)
- client encrypts it using the password entered
- server decrypts it basis the stored password
- if the nonce matches, then it means same password was used to encrypt and decrypt
What are the different authentication techniques that EAP enables
- OTPs,
- token cards,
- biometrics,
- kerberos,
- digital certificates and
- future mechanisms
what all protocols can EAP be used with
EAP can be used with PPP, PPTP, L2TP, 802.11, 802.16 etc
FHSS vs DHSS
FHSS uses frequency hopping (spectrum is split into subchannels)
DHSS uses sub bits to a message and uses all available frequencies
OFDM
is a multiplexing technology and not a spread spectrum technology but is used in similar manner
Infrastructure WLAN
APs connected to wired and wireless lans
APs and clients form Basis
What is 802.11
Wired equivalent Privacy
what is the 802.11i full standard also known as
WPA2
What are the two modes of authentication in WEP
OSA - open system auth- all transactions in cleartex. No encryption
SKA shared key authentication - symmetric encryption, same key on device and AP
What are the four major issues with WEP
- static encryption keys on all devices
- same IV values are used which leads to detection of patterns and hence the detection of keys
- data integrity is an issue
- WEP does not allow for mutual authentication
how is 802.1X used in 802.11i
provides access control by restricting access until full authentication and authorisation have been completed
How does TKIP address concerns with WEP
- addresses issue pertaining to static WEP keys
- increases the length of the IV value
- addresses integrity issue by using a MIC instead of a ICV
What are the two layers to understand 802.11i
Upper layer - authentication using 802.1x
lower layer - encyrption using TKIP and CCMP
No network traffic is allowed to flow until the authentication is completed
what are the 802.1x components for wireless
Wireless Device
Access Point
Authentication server (RADIUS)
802.1X works on both Wired and Wireless : TRUE or FALSE
TRUE
Why use 802.1x instead of or over WEP
WEP allows for only system authentication. Use of 802.1X over wireless allows for user authentication which provides higher degree of confidence
Is mutual authentication allowed in WEP
No, only Wireless device can authenticate to AP
How does 802.11i solve the mutual authentication issue of WEP
802.11i solves this issue by the use of EAP
What encryption algorithm is used by WEP and TKIP
RC4 (not best fit for wireless)
what is the other name for WPA2
Robust network security
What are the different wireless LAN standards
- 11b , 11Mbps, 2.4Ghz
- 11a , 54Mbps , 5 Ghz (OFDM)
- 11g (54 Mbps, backward compatible with 802.11b)
- 11e QoS
- 11f user roaming across multiple APs
- 11h (European equivalent of 802.11a)
- 11j (bringing together disparate standards)
- 11 n , 100 Mhz, 5 Ghz
- 11 ac , 1.3 Gbps, 5Ghz (longer distance)
how to remember key 802.11 protocols
B.A.G n AC
what is the wireless man standard
802.16
Wimax is one implementation
what is 802.15.4
Wireless personal area network (PAN)
what is the use case of 802.15.4
- low bandwidth
- low distances
- IoT and M2M use cases
what is bluejacking
sending unsolicited message to a bluetooth listening device
What is bluesnarfing
using a wireless device to break into a bluetooth enabled device
What are the pros and cons of end to end encryption
Pros: message remains encrypted till destination
Cons: attackers get more information about packets
what gets covered in link encryption
everything except datalink headers and trailers
What is MIME
Multipurpose internet mail extension - MIME is a specification that dictates how certain file types must be handled and transferred
What is S/MIME
standard for encrypting and digitally signing email
how does PGP / Pretty Good Privacy work
it uses a web of trust rather than a CA authority structure
trusted users sign public keys for each other
What is the drawbakc of PGP
managing keys in decentralised manner is difficult especially revocation of private key
What is TLS
The open community and standardised version of SSL
At what layer does TLS work
Transport
why are cookies required
because HTTP is stateless protocol
how does one protect from Syn Flood attacks
Delayed binding - half open connections are not tied to a socket till the three way handshake is completed.