Chapter 4: Network and Communications Flashcards
1
Q
What are the well known/ registerd and dynamic ports
A
well known : 0 to 1023
Registered : 1024 to 49151
Dynamic: 49152 to 65535
2
Q
Name a few common session layer protocols
A
- PAP
- PPTP
- Netbios
- RPC
3
Q
What is the difference between session layer and transport layer protocols
A
Session: Application to application communication
Transport: computer to computer
4
Q
what is a key service that session layer protocols should provide
A
secure authentication capabilities
5
Q
what are the sublayers of data link
A
Logical Link Control (takes care of flow control and error checking)
Media Access control ( knows how to put the data on the wire)
Eg of MAC are 802.3 (ethernet),802.11 etc
6
Q
What are some of the protocols that work at data link layer
A
- Point to Point protocol
- Layer 2 tunneling protocol
- ATM
- FDDI
- Ethernet
- Token ring
7
Q
Acronym for OSI Layers
A
All People Seem To Need Data Processing
Application
Presentation
Session
Transport
Network
Datalink
Physical
8
Q
Sample application layer protocols
A
HTTP, FTP, SNMP, SMTP, TFTP
Application layer data is known as MESSAGE
9
Q
Services that work at presentation layer
A
ASCII, EBCDIC, TIFF, JPEG, MPEG, MIDI,
10
Q
Transport layer protocols
A
TCP/UDP/SPX
TCP Data - Segment
UDP Data - Datagram
11
Q
Protocols at network layer
A
IP, ICMP, IGMP, RIP, OSPF, IPX
Data at network layer is packets
12
Q
Protocols at data link layer
A
ARP, RARP,
PPP,
Serial Line internet (SLIP)
Ethernet (802.3), Token ring (802.5), Wireless ethernet (802.11)
13
Q
Protocols at physical layer
A
RS/EIA/TIA-422, 423, 449, 485, 10BaseT, 10base2, ISDN, SONET, DSL,
14
Q
What communication protocol is used by SCADA systems
A
Distributed Network Protocol 3 (DNP 3)
- Uses simple three layer model called Enhanced performance architecture (EPA)
- Corresponds to layers 2,4, 7 of OSI (roughly)
15
Q
Controller Area Network Bus (CAN Bus)
A
allows microcontrollers and other embedded devices to communicate with each other on shared bus
Used in smart/connected cars
16
Q
What is a socket
A
Socket = TCP/UDP + IP Address + Port
17
Q
how can SYN floods be prevented
A
use of SYN caches that delays the allocation of a socket untill the handshake is completed
18
Q
how can TCP session hijacking take place
A
through correctly guessing sequence number and spoofing it
19
Q
IPV4 vs IPV6
A
32 bits :: 128 bits
65535 byte packets :: 4.3 billion byts (jumbograms)
Less multicasting:: Better Mutlicasting
No unicast :: new concept of unicast
inefficient forwarding :: efficient forwarding
No labelling and QoS :: Labelling enables QoS
no security support :: supports integrity, authentication, confidentiality
20
Q
What are some of the IPV6 to IPV4 tunneling protocols
A
6 to 4 (intersite ie between two networks, hence can be used on internet)
Teredo (intersite, same as above)
Intrasite automatic tunnel addressing protocol (ISATAP)
21
Q
What are the security standards for data link layer
A
- 1 AE - for encryption of frames
- 1 AF - for key management and distribution
- 1 AR - unique id for each device
22
Q
What framework does 802.1AE/F/R work with
A
802.1X EAP-TLS framework
23
Q
why is MPLS considered a converged protocol
A
MPLS is a converged protocol as it can encapsulate any higher level protocol and tunnel it over a variety of links
24
Q
Difference between bandwidth and data throughput
A
Bandwidth is the data transfer capability of a link and is associated with the available frequencies in the link and the link speed
Data throughput is the actual amount of data that can be carried acroos this link
25
what affects the througput of the links
Data through put can be higher if compression is used. If links are congested, throughput can be lower
26
synchronous vs asynchronous timing in connection links
Asynchronous uses start and stop bits
Synchronous timing - large amount of data in predictable manner
Asynchronous timing - data in unpredictable manner
27
what is broadband
Any communication technology that chops us one communication channel into many is considered broadband
28
what does bandwidth of a cable indicate
The bandwidth of a cable indicates the highest frequency range it uses eg 10BaseT uses 10 Mhz, 100 Base TX uses 80 Mhz and 1000Base T uses 100 Mhz
29
how is attenuation impacted by higher frequencies
Effects of attenuation increase with higher frequencies. Hence cables used to transmit data at higher frequencies should have shorter cable runs
30
What are the data rates of 10 Base T, 100 Base T and 1000 Base T
10Mbps
100Mbps
1000Mbps
31
Single mode fiber vs multi-mode
Single mode fiber - high speed data transmission over long distances
Multimode fiber - shorter distances, can carry more data
(single mode like 2 lane highway, multimode 6 lane city road)
32
Plenum vs non plenum cables
Plenum rated cables - jacket covers made of fluoropolymers
Non Plenum cables - usually have a polyvinyl chloride (PVC) jacket covering
33
What is Maximum Transmission Unit (MTU)
indicates how much data a frame can carry on a particular network. Frames may need to be fragmented as well
34
CSMA CD vs CSMA CA
CSMA/CD (collision detection) - each computer detects if wire is free before talking ie transmitting
CSMA/CA (collision avoidance) - each computer does the above and then puts a message that it is going to start to transmit and then transmit the data
35
What does wireless technology use to avoid collision
802.11x uses CSMA/CD
36
What does Internet group management protocol (IGMP) do
used to report multicast group membership to routers
37
What is RARP used for
used to find IP address by diskless workstations who know their MAC address
38
What is SNMP community string
is a password that the snmp manager uses to request data from the agent.
Snmp v3 has cryptographic functionality and is secure
39
What are DNS Zones
DNS Namespaces are split up administratively into zones
DNS server that hosts the files for the zone is the authoritative name server for that zone
A zone may contain _one or more domains_
40
common use of POP and IMAP
POP - internet based accounts (all messages are downloaded ie popped on checking for new mail)
IMAP - corporate accounts (messages are kept on server or downloaded at user requirement)
41
Key points of Simple Authentication and Security Layer (SASL)
* Protocol independent framework
* performs authentication
* new & legacy protocols use it
* used by protocols so that they dont have to design authentication
42
How does sender policy framework (SPF) work
- validates senders IP address (prevents spoofing)
- SPF record tags authorised mail server IDs to domain
- mail exchanges use DNS to validate the IP
43
What protocol replaced Exterior Gateway Protocol (EGP)
Replaced by BGP
BGP uses a combination of _linkstate_ and _distance vecto_r routing algorithms
44
how does Source Routing work
the packets contain the routing information built in them instead of depending on a bridge or networking devices
External devices and border routers should not accept source routing as it can override the forwarding and routing tables configured in the intermediate devices
45
What is 802.1Q
802.1Q is about how VLANs should be constructed and how tagging is to take place
46
How can VLAN traffic be compromised
A compromised system can function as a switch and insert itself between different vlans and gain access to traffic
47
What is a double tagging attack in VLANs
An attacker can insert vlan tags to manipulate the control of traffic at the data link layer
48
What are Weaknesses of packet filtering firewalls
* No application specific visibility
* Limited logging
* No advanced user authentication support
* Cannot detect spoofed address
* Cannot detect packet fragmentation attacks
49
What is a circuit-level proxy
A proxy based firewall that works at lower layers
works at session layer and monitors traffic from a network based view
Creates a communication between two systems
50
What is the main feature of application level proxy
An application level proxy firewall has one proxy for each protocol
51
What is SOCKS
SOCKS is an example of a circuit level proxy gateway that provides a secure channel between two computers
52
Dynamic packet filtering firewall
- the return journey is automatically mapped as a dynamic ACL
53
What are key features of Kernel proxy firewall
* Creates dynamic , customised network stacks when a packet needs to be evaluated.
* faster than app level proxy firewalls because all of the inspection and processing takes place at the kernel
54
What is the precaution to take on a dual homed firewall configuration
On dual homed firewall installed on a system, underlying OS should have packet forwarding and routing turned off, else acls will be skipped
55
What is a screened host
A screened host is a firewall that communicates directly with a perimeter router and the internal network. Also known as single tiered configuration
56
what is a a screened subnet configuration
A screened subnet is when the screened host firewall forwards traffic to another firewall which is controlling traffic to internal network. This creates a dmz between the two firewalls. Also knownd as two tiered configuration
If three firewalls are used to create two dmzs, it is known as three tiered configuration
57
What are the three approaches to SDN
* Open / from open networking foundation
* Api / from cisco that enhances the ONF approach
* Overlay
58
how is routing done in SDN
the routing decisions are made by controller
Hence the networking devices behave and are referred to as switches
59
What is a virtual private lan service
emulates a LAN over a managed IP/MPLS
60
How many calls and bandwidth does T1 provide
T1 trunks provided 24 voice communication calls over two pairs of copper wires
this provided a 1.544mbps transmission rate
61
How many T1 lines are within T3
T3 lines carry 28 T1 lines
62
What does SONET enable
SONET standard enables all carriers to interconnect
SONET is standard for NorthAmerica , SDH (synchronous digital hierarchy) is the standard for rest of world
63
Asynchronous transfer mode (ATM)
encapsulates data in fixed cells and carried over SONET
ATM is the car and SONET is the highway
64
What are the Optical carrier lines and their different bandwidth values
OC1 - 51.84Mbps
OC3 - 155.52 Mbps
OC12 - 622.08
(3 is 3x of 1, 12 is 12x of 1)
65
Speeds of E1/E3 and T1/T3
E1 - 2.048Mbps / E3 - 34.368 Mbps
T1 - 1.544Mbps / T3 - 44.736Mbps
66
Number of channels in T1/T2/T3/T4
T1 - 24 channels
T2 - 96 (4 T1s)
T3 - 672 (28 T1s)
T4 - 4032 (168 T1s)
67
what is the role of Channel Service Unit / Data Service Unit
* required when digital requirement will be used to connect a LAN to a WAN
* functions as a translator and line conditioner
* connects the lan to the service providers line
68
which are the two most prominent packet switching protocols
Frame Relay
X.25
69
How does Frame Relay and X.25 work
* both forwards frames across virtual circuits (VCs)
* VCs can be either permanent or switched
the frame relay cloud is the group of devices that provides switching and data communications functionality
X.25, data is divided into 128 bytes and encapsulated in high level data link control (HDLC) frames
70
How does ATM (Asynchronous transfer mode) work
* uses cell switching
* Data segmented into _fixed_ size cells of 53 bytes
71
What are the QoS parameters in ATM
**constant bit rate** - for time sensitive apps like video
**Variable bit rate** - for time insensitve app, flow is uneven
**Unspecified bit rate** - no promise on data throughput
**Available bit rate** - bandwidth provided from what is left over after guaranteed rate is met
72
What are the typcial three levels of QoS
Best effort - no guarantee
Differentiated - more b/w shorter delays
Guaranteed service - ensures specific data throughput at guaranteed speed
73
What is Synchronous Data Link Control
* used in networks that use dedicated links
* generally in mainframe environments
* used for communication with IBM hosts in systems network architecture (SNA)
74
What are the offshoots of SDLC
* HDLC (device to device wan communication)
* Link access procedure (LAP)
* Link access procedure - Balanced (LAP-B)
75
What is the Point to Point (PPP) protocol
It is a WAN protocol and has two subprotocols
1. **Link control protocol** - establishes, maintains and configures connection
2. **Network control protocol** - makes sure that PPP can integrate and work with many different protocols like IP, IPX, Netbeui (if only ip traffic was to be moved then NCP would not have been required)
76
How does PPP provide for user authentication
PPP provides user authentication through
* PAP (Password authentication protocol)
* CHAP (Challenge Handshake authentication protocol)
* EAP (Extensible authentication protocol)
77
What is the High Speed Serial Interface (HSSI)
HSSI is an interface used to connect multiplexers and routers to high speed communication services such as ATM and Frame relay
78
What is the difference between HDLC and PPP
HDLC - data encapsulation method for synchronous links
PPP - above plus asynchronous
79
what is commanality between HDLC and PPP
both are used for point to point and multipoint communication
80
What network should be used for time sensitive applications
Applications that are time sensitive such as voice and video signals need to work over an **_isochronous_** network.
An isochronous network contains the necessary protocols and devices that guarantee continuous bandwidth without interruption
81
What is an example of a media gateway
A media gateway is the translation unit between different telecommunications network. Eg VOIP media gateways perform the conversion between TDM voice to VOIP
82
What is the session initiation protocol
* setup and breakdown call sessions
* works over tcp as well as udp
* two components , user agent client (UAC) and user agent servers (UAS)
SIP is not used to carry actual voice or video
83
What does UAC and UAS don in SIP
User agent client (UAC) -creates call request eg softphone or ipphone
User agent server (UAS) - handles routing and signalling
84
What is Real Time Protocol (RTP)
* Used to carry actual voice or video
* provides standardised packe format for delivering voice and video over IP networks
85
What are the 3 server roles in a SIP architecture
**Proxy servers** - relay packets within a network between the UAC and UAS
**Registrar servers** -centralised record of the updated locations of all the users on the network
**Redirect servers** - for connectivity across network zones (intraorganizational)
86
Why is DSL faster than analog
because it uses all frequencies on the line
87
what is point to point tunneling protocol userd for (PPTP)
* tunnel PPP connections over an IP network
* included security features
* uses Generic Routing Encapsulation (GRE) and TCP to encapsulate PPP packets and extend a PPP connection through an IP network
88
What is the limitation of PPTP
* PPTP cannot support multiple connections within single VPN tunnel
* Hence it can be used for system to system communication and not gateway to gateway communication
89
Why is PPP used over an IP network like internet
Point to point line devices that connect individual systems to the internet do not understand IP. So the traffic that travels over these links have to be encapsulated in PPP)
90
When is Layer 2 tunneling protocol used (L2TP)
When PPP connection has to be carried over a non IP network eg framerelay
91
At what layer does PPTP and L2TP work
Data Link Layer
92
At what layer does IPSec work
Network layer
93
What are the main protocols within the IPSec suite
1. **Authentication Header (AH)**- data integrity, origin authentication, protection from replay
2. **Encapsulating security payload (ESP**)- data integrity, origin authentication , confidentiality
3. Internet security association and Key management protocol (**ISAKMP**) - framework for security association creation and key exchange
4. Internet Key exchange (**IKE**)- provides authenticated keying material for use with ISAKMKP
94
How does iterated tunneling work in IPSec
IPSec tunnel is tunneled through another IPSec tunnel
e.g for internal tunnel only AH is used, while for routing this tunnel over the internet , ESP is used which further tunnels the AH payload
95
At what layer does TLS work
Session layer
96
What is a TLS Portal VPN
an individual uses a single standard TLS connection to a website to securely access multiple network services
97
what is the use of PAP/ CHAP / EAP
used by remote users to authenticate over PPP connections
CHAP does not need password to be transferred over the wire
98
which is least to most secure among PAP/CHAP/EAP
PAP least secure
CHAP better secure
EAP most secure among three
99
how does CHAP function
1. server sends a challenge (nonce)
2. client encrypts it using the password entered
3. server decrypts it basis the stored password
4. if the nonce matches, then it means same password was used to encrypt and decrypt
100
What are the different authentication techniques that EAP enables
* OTPs,
* token cards,
* biometrics,
* kerberos,
* digital certificates and
* future mechanisms
101
what all protocols can EAP be used with
EAP can be used with PPP, PPTP, L2TP, 802.11, 802.16 etc
102
FHSS vs DHSS
FHSS uses frequency hopping (spectrum is split into subchannels)
DHSS uses sub bits to a message and uses all available frequencies
103
OFDM
is a multiplexing technology and not a spread spectrum technology but is used in similar manner
104
Infrastructure WLAN
APs connected to wired and wireless lans
APs and clients form Basis
105
What is 802.11
Wired equivalent Privacy
106
what is the 802.11i full standard also known as
WPA2
107
What are the two modes of authentication in WEP
OSA - open system auth- all transactions in cleartex. No encryption
SKA shared key authentication - symmetric encryption, same key on device and AP
108
What are the four major issues with WEP
1. static encryption keys on all devices
2. same IV values are used which leads to detection of patterns and hence the detection of keys
3. data integrity is an issue
4. WEP does not allow for mutual authentication
109
how is 802.1X used in 802.11i
provides access control by restricting access until full authentication and authorisation have been completed
110
How does TKIP address concerns with WEP
1. 1. addresses issue pertaining to static WEP keys
2. increases the length of the IV value
3. addresses integrity issue by using a MIC instead of a ICV
111
What are the two layers to understand 802.11i
Upper layer - authentication using 802.1x
lower layer - encyrption using TKIP and CCMP
No network traffic is allowed to flow until the authentication is completed
112
113
what are the 802.1x components for wireless
Wireless Device
Access Point
Authentication server (RADIUS)
114
802.1X works on both Wired and Wireless : TRUE or FALSE
TRUE
115
Why use 802.1x instead of or over WEP
WEP allows for only system authentication. Use of 802.1X over wireless allows for user authentication which provides higher degree of confidence
116
Is mutual authentication allowed in WEP
No, only Wireless device can authenticate to AP
117
How does 802.11i solve the mutual authentication issue of WEP
802.11i solves this issue by the use of EAP
118
What encryption algorithm is used by WEP and TKIP
RC4 (not best fit for wireless)
119
what is the other name for WPA2
Robust network security
120
What are the different wireless LAN standards
802. 11b , 11Mbps, 2.4Ghz
802. 11a , 54Mbps , 5 Ghz (OFDM)
802. 11g (54 Mbps, backward compatible with 802.11b)
802. 11e QoS
802. 11f user roaming across multiple APs
802. 11h (European equivalent of 802.11a)
802. 11j (bringing together disparate standards)
802. 11 n , 100 Mhz, 5 Ghz
802. 11 ac , 1.3 Gbps, 5Ghz (longer distance)
121
how to remember key 802.11 protocols
B.A.G n AC
122
what is the wireless man standard
802.16
Wimax is one implementation
123
what is 802.15.4
Wireless personal area network (PAN)
124
what is the use case of 802.15.4
- low bandwidth
- low distances
- IoT and M2M use cases
125
what is bluejacking
sending unsolicited message to a bluetooth listening device
126
What is bluesnarfing
using a wireless device to break into a bluetooth enabled device
127
What are the pros and cons of end to end encryption
Pros: message remains encrypted till destination
Cons: attackers get more information about packets
128
what gets covered in link encryption
everything except datalink headers and trailers
129
What is MIME
Multipurpose internet mail extension - MIME is a specification that dictates how certain file types must be handled and transferred
130
What is S/MIME
standard for encrypting and digitally signing email
131
how does PGP / Pretty Good Privacy work
it uses a web of trust rather than a CA authority structure
trusted users sign public keys for each other
132
What is the drawbakc of PGP
managing keys in decentralised manner is difficult especially revocation of private key
133
What is TLS
The open community and standardised version of SSL
134
At what layer does TLS work
Transport
135
why are cookies required
because HTTP is stateless protocol
136
how does one protect from Syn Flood attacks
Delayed binding - half open connections are not tied to a socket till the three way handshake is completed.
