Chapter 4: Network and Communications Flashcards
What are the well known/ registerd and dynamic ports
well known : 0 to 1023
Registered : 1024 to 49151
Dynamic: 49152 to 65535
Name a few common session layer protocols
- PAP
- PPTP
- Netbios
- RPC
What is the difference between session layer and transport layer protocols
Session: Application to application communication
Transport: computer to computer
what is a key service that session layer protocols should provide
secure authentication capabilities
what are the sublayers of data link
Logical Link Control (takes care of flow control and error checking)
Media Access control ( knows how to put the data on the wire)
Eg of MAC are 802.3 (ethernet),802.11 etc
What are some of the protocols that work at data link layer
- Point to Point protocol
- Layer 2 tunneling protocol
- ATM
- FDDI
- Ethernet
- Token ring
Acronym for OSI Layers
All People Seem To Need Data Processing
Application
Presentation
Session
Transport
Network
Datalink
Physical
Sample application layer protocols
HTTP, FTP, SNMP, SMTP, TFTP
Application layer data is known as MESSAGE
Services that work at presentation layer
ASCII, EBCDIC, TIFF, JPEG, MPEG, MIDI,
Transport layer protocols
TCP/UDP/SPX
TCP Data - Segment
UDP Data - Datagram
Protocols at network layer
IP, ICMP, IGMP, RIP, OSPF, IPX
Data at network layer is packets
Protocols at data link layer
ARP, RARP,
PPP,
Serial Line internet (SLIP)
Ethernet (802.3), Token ring (802.5), Wireless ethernet (802.11)
Protocols at physical layer
RS/EIA/TIA-422, 423, 449, 485, 10BaseT, 10base2, ISDN, SONET, DSL,
What communication protocol is used by SCADA systems
Distributed Network Protocol 3 (DNP 3)
- Uses simple three layer model called Enhanced performance architecture (EPA)
- Corresponds to layers 2,4, 7 of OSI (roughly)
Controller Area Network Bus (CAN Bus)
allows microcontrollers and other embedded devices to communicate with each other on shared bus
Used in smart/connected cars
What is a socket
Socket = TCP/UDP + IP Address + Port
how can SYN floods be prevented
use of SYN caches that delays the allocation of a socket untill the handshake is completed
how can TCP session hijacking take place
through correctly guessing sequence number and spoofing it
IPV4 vs IPV6
32 bits :: 128 bits
65535 byte packets :: 4.3 billion byts (jumbograms)
Less multicasting:: Better Mutlicasting
No unicast :: new concept of unicast
inefficient forwarding :: efficient forwarding
No labelling and QoS :: Labelling enables QoS
no security support :: supports integrity, authentication, confidentiality
What are some of the IPV6 to IPV4 tunneling protocols
6 to 4 (intersite ie between two networks, hence can be used on internet)
Teredo (intersite, same as above)
Intrasite automatic tunnel addressing protocol (ISATAP)
What are the security standards for data link layer
- 1 AE - for encryption of frames
- 1 AF - for key management and distribution
- 1 AR - unique id for each device
What framework does 802.1AE/F/R work with
802.1X EAP-TLS framework
why is MPLS considered a converged protocol
MPLS is a converged protocol as it can encapsulate any higher level protocol and tunnel it over a variety of links
Difference between bandwidth and data throughput
Bandwidth is the data transfer capability of a link and is associated with the available frequencies in the link and the link speed
Data throughput is the actual amount of data that can be carried acroos this link
what affects the througput of the links
Data through put can be higher if compression is used. If links are congested, throughput can be lower
synchronous vs asynchronous timing in connection links
Asynchronous uses start and stop bits
Synchronous timing - large amount of data in predictable manner
Asynchronous timing - data in unpredictable manner
what is broadband
Any communication technology that chops us one communication channel into many is considered broadband
what does bandwidth of a cable indicate
The bandwidth of a cable indicates the highest frequency range it uses eg 10BaseT uses 10 Mhz, 100 Base TX uses 80 Mhz and 1000Base T uses 100 Mhz
how is attenuation impacted by higher frequencies
Effects of attenuation increase with higher frequencies. Hence cables used to transmit data at higher frequencies should have shorter cable runs
What are the data rates of 10 Base T, 100 Base T and 1000 Base T
10Mbps
100Mbps
1000Mbps
Single mode fiber vs multi-mode
Single mode fiber - high speed data transmission over long distances
Multimode fiber - shorter distances, can carry more data
(single mode like 2 lane highway, multimode 6 lane city road)
Plenum vs non plenum cables
Plenum rated cables - jacket covers made of fluoropolymers
Non Plenum cables - usually have a polyvinyl chloride (PVC) jacket covering
What is Maximum Transmission Unit (MTU)
indicates how much data a frame can carry on a particular network. Frames may need to be fragmented as well
CSMA CD vs CSMA CA
CSMA/CD (collision detection) - each computer detects if wire is free before talking ie transmitting
CSMA/CA (collision avoidance) - each computer does the above and then puts a message that it is going to start to transmit and then transmit the data
What does wireless technology use to avoid collision
802.11x uses CSMA/CD
What does Internet group management protocol (IGMP) do
used to report multicast group membership to routers
What is RARP used for
used to find IP address by diskless workstations who know their MAC address
What is SNMP community string
is a password that the snmp manager uses to request data from the agent.
Snmp v3 has cryptographic functionality and is secure
What are DNS Zones
DNS Namespaces are split up administratively into zones
DNS server that hosts the files for the zone is the authoritative name server for that zone
A zone may contain one or more domains
common use of POP and IMAP
POP - internet based accounts (all messages are downloaded ie popped on checking for new mail)
IMAP - corporate accounts (messages are kept on server or downloaded at user requirement)
Key points of Simple Authentication and Security Layer (SASL)
- Protocol independent framework
- performs authentication
- new & legacy protocols use it
- used by protocols so that they dont have to design authentication
How does sender policy framework (SPF) work
- validates senders IP address (prevents spoofing)
- SPF record tags authorised mail server IDs to domain
- mail exchanges use DNS to validate the IP
What protocol replaced Exterior Gateway Protocol (EGP)
Replaced by BGP
BGP uses a combination of linkstate and _distance vecto_r routing algorithms
how does Source Routing work
the packets contain the routing information built in them instead of depending on a bridge or networking devices
External devices and border routers should not accept source routing as it can override the forwarding and routing tables configured in the intermediate devices
What is 802.1Q
802.1Q is about how VLANs should be constructed and how tagging is to take place
How can VLAN traffic be compromised
A compromised system can function as a switch and insert itself between different vlans and gain access to traffic
What is a double tagging attack in VLANs
An attacker can insert vlan tags to manipulate the control of traffic at the data link layer
What are Weaknesses of packet filtering firewalls
- No application specific visibility
- Limited logging
- No advanced user authentication support
- Cannot detect spoofed address
- Cannot detect packet fragmentation attacks
What is a circuit-level proxy
A proxy based firewall that works at lower layers
works at session layer and monitors traffic from a network based view
Creates a communication between two systems
What is the main feature of application level proxy
An application level proxy firewall has one proxy for each protocol
What is SOCKS
SOCKS is an example of a circuit level proxy gateway that provides a secure channel between two computers
Dynamic packet filtering firewall
- the return journey is automatically mapped as a dynamic ACL
What are key features of Kernel proxy firewall
- Creates dynamic , customised network stacks when a packet needs to be evaluated.
- faster than app level proxy firewalls because all of the inspection and processing takes place at the kernel
What is the precaution to take on a dual homed firewall configuration
On dual homed firewall installed on a system, underlying OS should have packet forwarding and routing turned off, else acls will be skipped