Chapter 4: Network and Communications Flashcards

1
Q

What are the well known/ registerd and dynamic ports

A

well known : 0 to 1023

Registered : 1024 to 49151

Dynamic: 49152 to 65535

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Name a few common session layer protocols

A
  1. PAP
  2. PPTP
  3. Netbios
  4. RPC
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is the difference between session layer and transport layer protocols

A

Session: Application to application communication

Transport: computer to computer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

what is a key service that session layer protocols should provide

A

secure authentication capabilities

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

what are the sublayers of data link

A

Logical Link Control (takes care of flow control and error checking)

Media Access control ( knows how to put the data on the wire)

Eg of MAC are 802.3 (ethernet),802.11 etc

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What are some of the protocols that work at data link layer

A
  1. Point to Point protocol
  2. Layer 2 tunneling protocol
  3. ATM
  4. FDDI
  5. Ethernet
  6. Token ring
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Acronym for OSI Layers

A

All People Seem To Need Data Processing

Application

Presentation

Session

Transport

Network

Datalink

Physical

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Sample application layer protocols

A

HTTP, FTP, SNMP, SMTP, TFTP

Application layer data is known as MESSAGE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Services that work at presentation layer

A

ASCII, EBCDIC, TIFF, JPEG, MPEG, MIDI,

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Transport layer protocols

A

TCP/UDP/SPX

TCP Data - Segment

UDP Data - Datagram

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Protocols at network layer

A

IP, ICMP, IGMP, RIP, OSPF, IPX

Data at network layer is packets

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Protocols at data link layer

A

ARP, RARP,

PPP,

Serial Line internet (SLIP)

Ethernet (802.3), Token ring (802.5), Wireless ethernet (802.11)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Protocols at physical layer

A

RS/EIA/TIA-422, 423, 449, 485, 10BaseT, 10base2, ISDN, SONET, DSL,

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What communication protocol is used by SCADA systems

A

Distributed Network Protocol 3 (DNP 3)

  • Uses simple three layer model called Enhanced performance architecture (EPA)
  • Corresponds to layers 2,4, 7 of OSI (roughly)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Controller Area Network Bus (CAN Bus)

A

allows microcontrollers and other embedded devices to communicate with each other on shared bus

Used in smart/connected cars

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is a socket

A

Socket = TCP/UDP + IP Address + Port

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

how can SYN floods be prevented

A

use of SYN caches that delays the allocation of a socket untill the handshake is completed

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

how can TCP session hijacking take place

A

through correctly guessing sequence number and spoofing it

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

IPV4 vs IPV6

A

32 bits :: 128 bits

65535 byte packets :: 4.3 billion byts (jumbograms)

Less multicasting:: Better Mutlicasting

No unicast :: new concept of unicast

inefficient forwarding :: efficient forwarding

No labelling and QoS :: Labelling enables QoS

no security support :: supports integrity, authentication, confidentiality

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What are some of the IPV6 to IPV4 tunneling protocols

A

6 to 4 (intersite ie between two networks, hence can be used on internet)

Teredo (intersite, same as above)

Intrasite automatic tunnel addressing protocol (ISATAP)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What are the security standards for data link layer

A
  1. 1 AE - for encryption of frames
  2. 1 AF - for key management and distribution
  3. 1 AR - unique id for each device
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

What framework does 802.1AE/F/R work with

A

802.1X EAP-TLS framework

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

why is MPLS considered a converged protocol

A

MPLS is a converged protocol as it can encapsulate any higher level protocol and tunnel it over a variety of links

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Difference between bandwidth and data throughput

A

Bandwidth is the data transfer capability of a link and is associated with the available frequencies in the link and the link speed

Data throughput is the actual amount of data that can be carried acroos this link

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

what affects the througput of the links

A

Data through put can be higher if compression is used. If links are congested, throughput can be lower

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

synchronous vs asynchronous timing in connection links

A

Asynchronous uses start and stop bits

Synchronous timing - large amount of data in predictable manner

Asynchronous timing - data in unpredictable manner

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

what is broadband

A

Any communication technology that chops us one communication channel into many is considered broadband

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

what does bandwidth of a cable indicate

A

The bandwidth of a cable indicates the highest frequency range it uses eg 10BaseT uses 10 Mhz, 100 Base TX uses 80 Mhz and 1000Base T uses 100 Mhz

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

how is attenuation impacted by higher frequencies

A

Effects of attenuation increase with higher frequencies. Hence cables used to transmit data at higher frequencies should have shorter cable runs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

What are the data rates of 10 Base T, 100 Base T and 1000 Base T

A

10Mbps

100Mbps

1000Mbps

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

Single mode fiber vs multi-mode

A

Single mode fiber - high speed data transmission over long distances

Multimode fiber - shorter distances, can carry more data

(single mode like 2 lane highway, multimode 6 lane city road)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

Plenum vs non plenum cables

A

Plenum rated cables - jacket covers made of fluoropolymers

Non Plenum cables - usually have a polyvinyl chloride (PVC) jacket covering

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

What is Maximum Transmission Unit (MTU)

A

indicates how much data a frame can carry on a particular network. Frames may need to be fragmented as well

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

CSMA CD vs CSMA CA

A

CSMA/CD (collision detection) - each computer detects if wire is free before talking ie transmitting

CSMA/CA (collision avoidance) - each computer does the above and then puts a message that it is going to start to transmit and then transmit the data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

What does wireless technology use to avoid collision

A

802.11x uses CSMA/CD

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

What does Internet group management protocol (IGMP) do

A

used to report multicast group membership to routers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

What is RARP used for

A

used to find IP address by diskless workstations who know their MAC address

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

What is SNMP community string

A

is a password that the snmp manager uses to request data from the agent.

Snmp v3 has cryptographic functionality and is secure

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

What are DNS Zones

A

DNS Namespaces are split up administratively into zones

DNS server that hosts the files for the zone is the authoritative name server for that zone

A zone may contain one or more domains

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

common use of POP and IMAP

A

POP - internet based accounts (all messages are downloaded ie popped on checking for new mail)

IMAP - corporate accounts (messages are kept on server or downloaded at user requirement)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

Key points of Simple Authentication and Security Layer (SASL)

A
  • Protocol independent framework
  • performs authentication
  • new & legacy protocols use it
  • used by protocols so that they dont have to design authentication
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
42
Q

How does sender policy framework (SPF) work

A
  • validates senders IP address (prevents spoofing)
  • SPF record tags authorised mail server IDs to domain
  • mail exchanges use DNS to validate the IP
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
43
Q

What protocol replaced Exterior Gateway Protocol (EGP)

A

Replaced by BGP

BGP uses a combination of linkstate and _distance vecto_r routing algorithms

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
44
Q

how does Source Routing work

A

the packets contain the routing information built in them instead of depending on a bridge or networking devices

External devices and border routers should not accept source routing as it can override the forwarding and routing tables configured in the intermediate devices

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
45
Q

What is 802.1Q

A

802.1Q is about how VLANs should be constructed and how tagging is to take place

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
46
Q

How can VLAN traffic be compromised

A

A compromised system can function as a switch and insert itself between different vlans and gain access to traffic

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
47
Q

What is a double tagging attack in VLANs

A

An attacker can insert vlan tags to manipulate the control of traffic at the data link layer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
48
Q

What are Weaknesses of packet filtering firewalls

A
  • No application specific visibility
  • Limited logging
  • No advanced user authentication support
  • Cannot detect spoofed address
  • Cannot detect packet fragmentation attacks
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
49
Q

What is a circuit-level proxy

A

A proxy based firewall that works at lower layers

works at session layer and monitors traffic from a network based view

Creates a communication between two systems

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
50
Q

What is the main feature of application level proxy

A

An application level proxy firewall has one proxy for each protocol

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
51
Q

What is SOCKS

A

SOCKS is an example of a circuit level proxy gateway that provides a secure channel between two computers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
52
Q

Dynamic packet filtering firewall

A
  • the return journey is automatically mapped as a dynamic ACL
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
53
Q

What are key features of Kernel proxy firewall

A
  • Creates dynamic , customised network stacks when a packet needs to be evaluated.
  • faster than app level proxy firewalls because all of the inspection and processing takes place at the kernel
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
54
Q

What is the precaution to take on a dual homed firewall configuration

A

On dual homed firewall installed on a system, underlying OS should have packet forwarding and routing turned off, else acls will be skipped

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
55
Q

What is a screened host

A

A screened host is a firewall that communicates directly with a perimeter router and the internal network. Also known as single tiered configuration

56
Q

what is a a screened subnet configuration

A

A screened subnet is when the screened host firewall forwards traffic to another firewall which is controlling traffic to internal network. This creates a dmz between the two firewalls. Also knownd as two tiered configuration

If three firewalls are used to create two dmzs, it is known as three tiered configuration

57
Q

What are the three approaches to SDN

A
  • Open / from open networking foundation
  • Api / from cisco that enhances the ONF approach
  • Overlay
58
Q

how is routing done in SDN

A

the routing decisions are made by controller

Hence the networking devices behave and are referred to as switches

59
Q

What is a virtual private lan service

A

emulates a LAN over a managed IP/MPLS

60
Q

How many calls and bandwidth does T1 provide

A

T1 trunks provided 24 voice communication calls over two pairs of copper wires

this provided a 1.544mbps transmission rate

61
Q

How many T1 lines are within T3

A

T3 lines carry 28 T1 lines

62
Q

What does SONET enable

A

SONET standard enables all carriers to interconnect

SONET is standard for NorthAmerica , SDH (synchronous digital hierarchy) is the standard for rest of world

63
Q

Asynchronous transfer mode (ATM)

A

encapsulates data in fixed cells and carried over SONET

ATM is the car and SONET is the highway

64
Q

What are the Optical carrier lines and their different bandwidth values

A

OC1 - 51.84Mbps

OC3 - 155.52 Mbps

OC12 - 622.08

(3 is 3x of 1, 12 is 12x of 1)

65
Q

Speeds of E1/E3 and T1/T3

A

E1 - 2.048Mbps / E3 - 34.368 Mbps

T1 - 1.544Mbps / T3 - 44.736Mbps

66
Q

Number of channels in T1/T2/T3/T4

A

T1 - 24 channels

T2 - 96 (4 T1s)

T3 - 672 (28 T1s)

T4 - 4032 (168 T1s)

67
Q

what is the role of Channel Service Unit / Data Service Unit

A
  • required when digital requirement will be used to connect a LAN to a WAN
  • functions as a translator and line conditioner
  • connects the lan to the service providers line
68
Q

which are the two most prominent packet switching protocols

A

Frame Relay

X.25

69
Q

How does Frame Relay and X.25 work

A
  • both forwards frames across virtual circuits (VCs)
  • VCs can be either permanent or switched

the frame relay cloud is the group of devices that provides switching and data communications functionality

X.25, data is divided into 128 bytes and encapsulated in high level data link control (HDLC) frames

70
Q

How does ATM (Asynchronous transfer mode) work

A
  • uses cell switching
  • Data segmented into fixed size cells of 53 bytes
71
Q

What are the QoS parameters in ATM

A

constant bit rate - for time sensitive apps like video

Variable bit rate - for time insensitve app, flow is uneven

Unspecified bit rate - no promise on data throughput

Available bit rate - bandwidth provided from what is left over after guaranteed rate is met

72
Q

What are the typcial three levels of QoS

A

Best effort - no guarantee

Differentiated - more b/w shorter delays

Guaranteed service - ensures specific data throughput at guaranteed speed

73
Q

What is Synchronous Data Link Control

A
  • used in networks that use dedicated links
  • generally in mainframe environments
  • used for communication with IBM hosts in systems network architecture (SNA)
74
Q

What are the offshoots of SDLC

A
  • HDLC (device to device wan communication)
  • Link access procedure (LAP)
  • Link access procedure - Balanced (LAP-B)
75
Q

What is the Point to Point (PPP) protocol

A

It is a WAN protocol and has two subprotocols

  1. Link control protocol - establishes, maintains and configures connection
  2. Network control protocol - makes sure that PPP can integrate and work with many different protocols like IP, IPX, Netbeui (if only ip traffic was to be moved then NCP would not have been required)
76
Q

How does PPP provide for user authentication

A

PPP provides user authentication through

  • PAP (Password authentication protocol)
  • CHAP (Challenge Handshake authentication protocol)
  • EAP (Extensible authentication protocol)
77
Q

What is the High Speed Serial Interface (HSSI)

A

HSSI is an interface used to connect multiplexers and routers to high speed communication services such as ATM and Frame relay

78
Q

What is the difference between HDLC and PPP

A

HDLC - data encapsulation method for synchronous links

PPP - above plus asynchronous

79
Q

what is commanality between HDLC and PPP

A

both are used for point to point and multipoint communication

80
Q

What network should be used for time sensitive applications

A

Applications that are time sensitive such as voice and video signals need to work over an isochronous network.

An isochronous network contains the necessary protocols and devices that guarantee continuous bandwidth without interruption

81
Q

What is an example of a media gateway

A

A media gateway is the translation unit between different telecommunications network. Eg VOIP media gateways perform the conversion between TDM voice to VOIP

82
Q

What is the session initiation protocol

A
  • setup and breakdown call sessions
  • works over tcp as well as udp
  • two components , user agent client (UAC) and user agent servers (UAS)

SIP is not used to carry actual voice or video

83
Q

What does UAC and UAS don in SIP

A

User agent client (UAC) -creates call request eg softphone or ipphone

User agent server (UAS) - handles routing and signalling

84
Q

What is Real Time Protocol (RTP)

A
  • Used to carry actual voice or video
  • provides standardised packe format for delivering voice and video over IP networks
85
Q

What are the 3 server roles in a SIP architecture

A

Proxy servers - relay packets within a network between the UAC and UAS

Registrar servers -centralised record of the updated locations of all the users on the network

Redirect servers - for connectivity across network zones (intraorganizational)

86
Q

Why is DSL faster than analog

A

because it uses all frequencies on the line

87
Q

what is point to point tunneling protocol userd for (PPTP)

A
  • tunnel PPP connections over an IP network
  • included security features
  • uses Generic Routing Encapsulation (GRE) and TCP to encapsulate PPP packets and extend a PPP connection through an IP network
88
Q

What is the limitation of PPTP

A
  • PPTP cannot support multiple connections within single VPN tunnel
  • Hence it can be used for system to system communication and not gateway to gateway communication
89
Q

Why is PPP used over an IP network like internet

A

Point to point line devices that connect individual systems to the internet do not understand IP. So the traffic that travels over these links have to be encapsulated in PPP)

90
Q

When is Layer 2 tunneling protocol used (L2TP)

A

When PPP connection has to be carried over a non IP network eg framerelay

91
Q

At what layer does PPTP and L2TP work

A

Data Link Layer

92
Q

At what layer does IPSec work

A

Network layer

93
Q

What are the main protocols within the IPSec suite

A
  1. Authentication Header (AH)- data integrity, origin authentication, protection from replay
  2. Encapsulating security payload (ESP)- data integrity, origin authentication , confidentiality
  3. Internet security association and Key management protocol (ISAKMP) - framework for security association creation and key exchange
  4. Internet Key exchange (IKE)- provides authenticated keying material for use with ISAKMKP
94
Q

How does iterated tunneling work in IPSec

A

IPSec tunnel is tunneled through another IPSec tunnel

e.g for internal tunnel only AH is used, while for routing this tunnel over the internet , ESP is used which further tunnels the AH payload

95
Q

At what layer does TLS work

A

Session layer

96
Q

What is a TLS Portal VPN

A

an individual uses a single standard TLS connection to a website to securely access multiple network services

97
Q

what is the use of PAP/ CHAP / EAP

A

used by remote users to authenticate over PPP connections

CHAP does not need password to be transferred over the wire

98
Q

which is least to most secure among PAP/CHAP/EAP

A

PAP least secure

CHAP better secure

EAP most secure among three

99
Q

how does CHAP function

A
  1. server sends a challenge (nonce)
  2. client encrypts it using the password entered
  3. server decrypts it basis the stored password
  4. if the nonce matches, then it means same password was used to encrypt and decrypt
100
Q

What are the different authentication techniques that EAP enables

A
  • OTPs,
  • token cards,
  • biometrics,
  • kerberos,
  • digital certificates and
  • future mechanisms
101
Q

what all protocols can EAP be used with

A

EAP can be used with PPP, PPTP, L2TP, 802.11, 802.16 etc

102
Q

FHSS vs DHSS

A

FHSS uses frequency hopping (spectrum is split into subchannels)

DHSS uses sub bits to a message and uses all available frequencies

103
Q

OFDM

A

is a multiplexing technology and not a spread spectrum technology but is used in similar manner

104
Q

Infrastructure WLAN

A

APs connected to wired and wireless lans

APs and clients form Basis

105
Q

What is 802.11

A

Wired equivalent Privacy

106
Q

what is the 802.11i full standard also known as

A

WPA2

107
Q

What are the two modes of authentication in WEP

A

OSA - open system auth- all transactions in cleartex. No encryption

SKA shared key authentication - symmetric encryption, same key on device and AP

108
Q

What are the four major issues with WEP

A
  1. static encryption keys on all devices
  2. same IV values are used which leads to detection of patterns and hence the detection of keys
  3. data integrity is an issue
  4. WEP does not allow for mutual authentication
109
Q

how is 802.1X used in 802.11i

A

provides access control by restricting access until full authentication and authorisation have been completed

110
Q

How does TKIP address concerns with WEP

A
    1. addresses issue pertaining to static WEP keys
  1. increases the length of the IV value
  2. addresses integrity issue by using a MIC instead of a ICV
111
Q

What are the two layers to understand 802.11i

A

Upper layer - authentication using 802.1x

lower layer - encyrption using TKIP and CCMP

No network traffic is allowed to flow until the authentication is completed

112
Q
A
113
Q

what are the 802.1x components for wireless

A

Wireless Device

Access Point

Authentication server (RADIUS)

114
Q

802.1X works on both Wired and Wireless : TRUE or FALSE

A

TRUE

115
Q

Why use 802.1x instead of or over WEP

A

WEP allows for only system authentication. Use of 802.1X over wireless allows for user authentication which provides higher degree of confidence

116
Q

Is mutual authentication allowed in WEP

A

No, only Wireless device can authenticate to AP

117
Q

How does 802.11i solve the mutual authentication issue of WEP

A

802.11i solves this issue by the use of EAP

118
Q

What encryption algorithm is used by WEP and TKIP

A

RC4 (not best fit for wireless)

119
Q

what is the other name for WPA2

A

Robust network security

120
Q

What are the different wireless LAN standards

A
  1. 11b , 11Mbps, 2.4Ghz
  2. 11a , 54Mbps , 5 Ghz (OFDM)
  3. 11g (54 Mbps, backward compatible with 802.11b)
  4. 11e QoS
  5. 11f user roaming across multiple APs
  6. 11h (European equivalent of 802.11a)
  7. 11j (bringing together disparate standards)
  8. 11 n , 100 Mhz, 5 Ghz
  9. 11 ac , 1.3 Gbps, 5Ghz (longer distance)
121
Q

how to remember key 802.11 protocols

A

B.A.G n AC

122
Q

what is the wireless man standard

A

802.16

Wimax is one implementation

123
Q

what is 802.15.4

A

Wireless personal area network (PAN)

124
Q

what is the use case of 802.15.4

A
  • low bandwidth
  • low distances
  • IoT and M2M use cases
125
Q

what is bluejacking

A

sending unsolicited message to a bluetooth listening device

126
Q

What is bluesnarfing

A

using a wireless device to break into a bluetooth enabled device

127
Q

What are the pros and cons of end to end encryption

A

Pros: message remains encrypted till destination

Cons: attackers get more information about packets

128
Q

what gets covered in link encryption

A

everything except datalink headers and trailers

129
Q

What is MIME

A

Multipurpose internet mail extension - MIME is a specification that dictates how certain file types must be handled and transferred

130
Q

What is S/MIME

A

standard for encrypting and digitally signing email

131
Q

how does PGP / Pretty Good Privacy work

A

it uses a web of trust rather than a CA authority structure

trusted users sign public keys for each other

132
Q

What is the drawbakc of PGP

A

managing keys in decentralised manner is difficult especially revocation of private key

133
Q

What is TLS

A

The open community and standardised version of SSL

134
Q

At what layer does TLS work

A

Transport

135
Q

why are cookies required

A

because HTTP is stateless protocol

136
Q

how does one protect from Syn Flood attacks

A

Delayed binding - half open connections are not tied to a socket till the three way handshake is completed.