Chapter 6 Flash Cards - TCP/IP, Applications, Security

1
Q

Describe the TCP/IP Transport Layer Function: Multiplexing using ports

A

Function that allows receiving hosts to choose the correct application for which the data is destined, based on the port number.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Describe the TCP/IP Transport Layer Function: Error Recovery (Reliability)

A

Process of numbering and acknowledging data with Sequence and Acknowledgment header fields.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Describe the TCP/IP Transport Layer Function: Flow Control using windowing

A

Process that uses window sizes to protect buffer space and routing devices.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Describe the TCP/IP Transport Layer Function: Connection Establishment and temination

A

Process used to initialize port numbers and sequence and acknowledgement fields.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Describe the TCP/IP Transport Layer Function: Ordered data transfer and data segmentation

A

Continuous stream of bytes from an upper-layer process that is “segmented” for transmission and delivered to upper-layer processes at the receiving device, with the bytes in the same order.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What are dynamic port numbers?

A

Ports allocated by host starting at 1024 because the ports below are reserved for well-known applications.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Give the Protocol and Application for the given Port: 20

A

TCP/ FTP Data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Give the Protocol and Application for the given Port: 21

A

TCP/ FTP Control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Give the Protocol and Application for the given Port: 22

A

TCP/ SSH

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Give the Protocol and Application for the given Port: 23

A

TCP/ Telnet

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Give the Protocol and Application for the given Port: 25

A

TCP/ SMTP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Give the Protocol and Application for the given Port: 53

A

UDP,TCP/ DNS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Give the Protocol and Application for the given Port: 67, 68

A

UDP/ DHCP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Give the Protocol and Application for the given Port: 69

A

UDP/ TFTP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Give the Protocol and Application for the given Port: 80

A

TCP/ HTTP (WWW)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Give the Protocol and Application for the given Port: 110

A

TCP/ POP3

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Give the Protocol and Application for the given Port: 161

A

UDP/ SNMP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Give the Protocol and Application for the given Port: 443

A

TCP/ SSL

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Give the Protocol and Application for the given Port: 16,384-32,767

A

UDP/ RTP-based Voice (VoIP) and Video

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Define Connection-Oriented Protocol

A

A protocol that requires an exchange of messages before data transfer begins or that has a required preestablished correlation between two endpoints.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Define Connectionless Protocol

A

A protocol that does not require an exchange of messages and that does not require a preestablished correlation between two endpoints.

22
Q

What are the QoS requirements for VoIP?

A
  1. Low delay: VoIP requires a very low delay between the sending phone and the receiving phone–typically less than 200 milliseconds (.2 seconds). This is a much lower delay than what is required by typical data applications.
  2. Low jitter: Jitter is the variation in delay. VoIP requires very low jitter as well whereas data applications can tolerate much higher jitter. For example, the jitter for consecutive VoIP packets should not exceed 30 milliseconds (.03 seconds), or the quality degrades.
  3. Loss: If a VoIP packet is lost in transit because of errors or because a router doesn’t have room to store the packet while waiting to send it, the VoIP packet is not delivered across the network. Because of the delay and jitter issues, there is no need to try to recover the lost packet. It would be useless by the time it was recovered. Lost packets can sound like a break in the sound of the VoIP call.
23
Q

Define Denial of Service (DoS) attacks.

A

An attack whose purpose is to break things.
DoS attacks called destroyers try to harm the hosts, erasing data and software.
DoS attacks called crashers cause harm by causing hosts to fail or causing the machine to no longer be able to connect to the network.
Also, DoS attacks called flooders flood the network with packets to make the network unusable, preventing any useful communications with the servers.

24
Q

Define Reconnaissance attacks.

A

This kind of attack may be disruptive as a side effect, but its goal is gathering information to perform an access attack. An example is learning IP addresses and then trying to discover servers that do not appear to require encryption to connect to the server.

25
Q

Define Access Attacks

A

An attempt to steal data for some financial advantage, for a competitive advantage with another company, or even for international espionage.

26
Q

Explain the following security issue: Access from the Wireless LAN

A

Wireless LANs allow users to access the rest of the devices in the Enterprise. The wireless radio signals might leave the building, so an unsecured wireless LAN allows the user across the street in a coffee shop to access the Enterprise network, letting the attacker begin the next phase of trying to gain access to the computers in the Enterprise.

27
Q

Explain the following security issue: Infected mobile laptops

A

When an employee brings his or her laptop home, with no firewalls or other security, the laptop may become infected with a virus. When the user returns to the office in the morning, the laptop connects to the Enterprise network, with the virus spreading to other PCs. The PC may be vulnerable in part because the users may have avoided running the daily ant-virus software scans that, although useful, can annoy the user.

28
Q

Explain the following security issue: Disgruntled employees

A

When a user is planning to move to a new company. He steals information from the network and loads it onto an MP3 player or USB flash drive. This allows him to carry the entire customer database in a device that can be easily concealed and removed from the building.

29
Q

Describe the following attacking tool: Scanner

A

A tool that sends connection requests to different TCP and UDP ports, for different applications, in an attempt to discover which hosts run which IP services, and possibly the operating system used on each host.

30
Q

Describe the following attacking tool: Spyware

A

A virus that looks for private or sensitive information, tracking what the user does with the computer, and passing the information back to the attacker in the Internet.

31
Q

Describe the following attacking tool: Worm

A

A self-propagating program that can quickly replicate itself around Enterprise networks and the Internet, often performing DoS attacks, particularly on servers.

32
Q

Describe the following attacking tool: Keystroke logger

A

A virus that logs all keystrokes, or possibly just keystrokes from when secure sites are accessed, reporting the information to the attacker. Loggers can actually capture your username and password to secure sites before the information leaves the computer, which could give the attacker access to your favorite financial websites.

33
Q

Define Anti-x

A

The term used by Cisco to refer to a variety of security tools that help prevent various attacks, including antivirus, anti-phishing, and anti-spam.

34
Q

Define Connection Establishment

A

The process by which a connection-oriented protocol creates a connection. With TCP, a connection is established by a three-way transmission of TCP segments.

35
Q

Define DoS

A

A type of attack whose goal is to cause problems by preventing legitimate users from being able to access services, thereby preventing the normal operation of computers and networks.

36
Q

Define Error detection

A

The process of discovering whether or not a data-link level frame was changed during transmission. This process typically uses a Frame Check Sequence (FCS) field in the data-link trailer.

37
Q

Define Error Recovery

A

The process of noticing when some transmitted data was not successfully received and re-sending the data until it is successfully received.

38
Q

Define Firewall

A

A device that forwards packets between the less secure and more secure parts of the network, applying rules that determine which packets are allowed to pass, and which are not.

39
Q

Define Flow Control

A

The process of regulating the amount of data sent by a sending computer toward a receiving computer. Several flow control mechanisms exist, including TCP flow control, which uses windowing.

40
Q

Define Forward Acknowledgement

A

A process used by protocols that do error recovery in which the number that acknowledges data lists the next data that should be sent, not the last data that was successfully received.

41
Q

Define HTTP

A

Hypertext Transfer Protocol. The protocol used by web browsers and web servers to transfer files, such as text and graphic files.

42
Q

Define Intrusion Detection System (IDS)

A

A security function that examines more complex traffic patterns against a list of both known attack signatures and general characteristics of how attacks may be carried out, rating each perceived threat and reporting the threats

43
Q

Define Intrusion Prevention System (IPS)

A

A security function that examines more complex traffic patterns against a list of both know attack signatures and general characteristics of how attacks may be carried out, rating each perceived threat and reacting to prevent the more significant threats.

44
Q

Define Ordered data transfer

A

A networking function, included in TCP, in which the protocol defines how the sending host should number the data transmitted, defines how the receiving device should attempt to reorder that data if it arrives out of order, and specifies to discard the data if it cannot be delivered in order.

45
Q

Define Port

A

In TCP and UDP, a number that is used to uniquely identify the application process that either sent (source port) or should receive (destination port) the data inside the data segment.

46
Q

Define Positive Acknowledgement and Re-transmission (PAR)

A

A generic reference to how the error recovery feature works in many protocols, including TCP, in which the receiver must send an acknowledgement that either implies that the data was (positively) received, or send an acknowledgement that implies that some data was lost, so the sender can resend the lost data.

47
Q

Define Segment

A

In TCP, a term used to describe a TCP header and its encapsulated data (also called L4PDU). Also in TCP, the process of accepting a large chunk of data from the application layer and breaking it into smaller pieces that fit into TCP segments.

48
Q

Define Sliding Windows

A

For protocols such as TCP that allow the receiving device to dictate the amount of data the sender can send before receiving an acknowledgement–a concept called a window—a reference to the fact that the mechanism to grant future windows is typically just a number that grows upwards slowly after each acknowledgement, sliding upward.

49
Q

Define URL

A

Universal Resource Locator. A standard for how to refer to any piece of information retrievable via a TCP/IP network, most notably used to identify web pages. For example, http://www.cisco.com/univercd is a URL that identifies the protocol (HTTP), hostname (www.cisco.com) and web page (/univercd).

50
Q

Define Virtual Private Network (VPN)

A

The process of securing communication between two devices whose packets pass over some public and unsecured network typically the Internet. VPNs encrypt packets so that the communication is private and authenticate the identity of the endpoints.

51
Q

Define VoIP

A

Voice over IP. The transport of voice traffic inside IP packets over an IP network.

52
Q

Define Web Server

A

Software, running on some computer, that stores web pages and send those web pages to web clients (web browsers) that request the web pages.