Chapter 6 - Network Security Flashcards
What is the tcp/ip model
Predecessor to the OSI model, had 4 layers instead of 7 application is one instead of 3 layers
What ISO is the OSI model
ISO 7498
What are the OSI layers?
Physical Data link Network Transport Session Presentation Application
Open network architecture
A non proprietary architecture no one owns
Encapsulation
Appending data to a packet one OSI layer at a time in a wrapper
Application Layer 7
Application protocol layer, software accesses API to common protocols like HTTP SMTP FTP each of which starts the OSI process and hands off to the presentation layer
Presentation layer 6
Data is converted to a standard and may be encrypted and/or compressed.
Ex word 2010 document is made in application layer, at presentation layer this becomes ASCII and at another workstation this ASCII is opened in open office to view the file
Session Layer 5
This is where the data is sent from application to application.. This is where the server/client pieces have relevant association. The session is controlled by the software still at this point, authentication requirements live here
Transport layer 4
TCP/UDP type network sessions are handled and maintained at this layer
SSL resides here due to network level encryption
Network layer 3
IP and routing protocols live here
Data link layer 2
Logical link control - LLC
Media access control - MAC
Logical link control
Interprets network data and converts it to a MAC addressing aware format
Media access control MAC
This is what specifies the appropriate voltage output. MAC addressing is also encapsulated in the packet. Different media requires different voltages, these decisions occur here
Physical layer 1
Transmits the voltage specified by the MAC into or from the wire
What are the port ranges?
Well known 0-1024
Registered 1024-49151
Dynamic 49152-65535
SYN proxy
Software that will hold onto the connection until the tcp handshake is complete
TCP session hijacking
This is done by predicting the sequence number and inserting packets into the stream
Protocol data units
Data - application layer Transport - segments Network - packets Data link - frames Physical - bits
CIDR
Classless inter domain routing / supernetting
Type of service
QoS?
IPng
IPv6
Jumbo grams
Massive oversize packets, aka jumbo packets
Automatic tunneling
A technique used to autonegotiate and build tunnels
6to4
Embeds ipv4 in ipv6 remotely
Teredo
Remote UDP tunneling
ISA-TAP
Ip4 to ip6 virtual map used for local association
Security issues with ipv6
Biggest is having tunneling on and accessible and not knowing it
802.1AE
MACSec - switch to switch encryption
802.1AR
Provides unique iD that can be used for authentication 802.1AE
802.1X
EAP-TLS
Bandwidth vs throughput
Bandwidth is the maximum amount of throughput possible
Multistation access unit
Used in token ring as a central switch
Carrier sense multiple access / collision detection
CSMA/CD
Used to sense if a line is free and if collisions are occurring on the wire
Back off algorithm
When a collision is sensed all systems wait a random amount of time before sending a new frame
CSMA/CA
CSMA with collision avoidance.. It waits till it’s clear then tells everyone to shut up and it transmits
Used by 802.11
Collision Domain
A set of systems contending for the same piece of physical media
What protocol assigns the group in multicast?
IGMP
DORA
Discover
Offer
Request
Ack
RARP
A MAC is sent out and a server sends an IP to the requester
Reverse arp
This evolved into bootp then dhcp
Arp poisoning
Modifying he arp table to send data to an attacker
Ping of death
When oversized sized packets are sent to ddos a system
Smurf attack
A spoofed icmp echo is sent to a broadcast address and all machines on a network will reply to the spoofed address, ie the ddos machine
Fragile attack
Same as smurf, over udp
Managed information base MIB
A logical group of managed objects that contain management task data
Communities
Establish a trust between MIB agents/server
Community string
A community password
DNSSEC
Secure DNS that requires a digital signature before responding and caching
Split DNS
External queries are handled by wan side servers only, internal queries are only handled by internal servers are are not accessible externally, these should forward recursion to the external servers
URL Hiding
Hiding a URL in an HTML link
SASL
Framework for protocol independent authentication for SMTP
Email spoofing
Using an email address that looks like it is legitimate but is not
SMTP-AUTH
Used to verify the sender of a message
Sender Policy Framework SPF
A DNS entry that is generated to associate a specific server to the email server
Whaling attack
Targeting largely important people in a company and very specifically engineer an email to trick then
Autonomous System (AS)
An internal network isolated by BGP
Distance Vector Routing Protocol
Uses # hops and distance as a decision maker for the route
Link state routing protocols
Chooses routes based on link speed, packet size, delay, load and reliability
VRRP
A virtual interface that is mapped to two different actual routers
Exterior Gateway Protocols
eBGP
Routing policy
An administrative weight override
Bridge
Used to extend a LAN segment
Source routing
Routing information is put into the packet at creation, this is dangerous
How are layer 3 switches more efficient than routers?
They use hardware based port tagging
802.1Q
VLAN
VLAN Hopping Attacks
VLAN tags are inserted into the headers to fake VLAN access
Private branch exchange
PBX system used to translate phone data streams
Phreakers
Phone hackers
How does MPLS work?
It uses packet tagging just like a layer 3 switch, which is why it is more reliable
Egress vs ingress
Ingress is inbound
Egress is outbound
How do stateful firewalls work?
They keep track of a connection state in a state table. This scans headers and verify protocol rules are not being broken
What is the difference between circuit level and application level proxy?
Circuit level is layer 1-4 inspection
Application level is layer 1-7 inspection
Both recreate the traffic
SOCKS firewall?
Look it up, no idea
What is a dynamic packet filtering firewall?
A firewall that dynamically add outbound source based rules for requests from inside to specific systems outside, this assists with avoid any out rules
Appliances
OS layer software used for a specific and isolated purpose. Everything is locked down other than that one purpose
Kernel firewalls
This is a firewall specific kernel design to interface directly with hardware
Bastion Host
A highly exposed system that is most likely to get targeted and most hardened
Screened host
A firewall behind a router that has packet analysis
Screened subnet
Fancy name for DMZ
Silent rule
Drop noisy traffic to reduce logs
Stealth rule
Disallows traffic from unauthorized systems to firewall software
Cleanup Rule
Log traffic allowed
Negate rule
Specific deny rules
Forwarding proxy
Handles the traffic on behalf of another computer
Open proxy
Anonymous proxy
Reverse proxy
A proxy that does not hide the identity of the source and handles inbound traffic
Honeypot
A sweet server to hack into that detracts attention away from priority systems long enough to discover the offender
Tarpit
A system with ultra slow response that will cause timeouts and inconsistency for the automated hacking tools
Extranet
An internal network that extends to other companies, like EDI
Value added network
A company between companies handling EDI traffic
Sonet
Synchronous optical network
Used in MANs by ISPs to handle city and nationally wide infrastructure
Synchronous digital hierarchy
This is the world wide standard used version of sonet ring (US only) and varies in speed and density
Multiplexing
Running multiple channels at once sending data per channel per frame,
One frame has 8 bits of each channel being multiplexed in a T1 (24 channels)
What is an E carrier?
This is the world standard instead of T lines in the US
E1 - 2.048 Mbps
OC - x
This is the optical carrier used for the Internet backbone
Scale has 4 OC - 192s
Statistical time division multiplexing
STDM - transmit several types of data over a cable (T1)
Frequency division multiplexing
FDM - an available wireless channel is split up into smaller multiple channels then used for multiplexing
Wave division multiplexing
Laser wavelength multiplexing
CSU/DSU
Used by T telecom to multiplex data into separate channels per frame
Circuit switching
Switching changes made within an ISP to simulate a dedicated line
Packet switching
This is how the interwebs works
Committed information rate
Higher cost to guarantee services
Frame relay
Switching based dedicated links
Permanent virtual circuit
This is a dedicated line connected to a frame relay cloud
Switched virtual circuits
Dynamically makes a dedicated switch circuit as needed
ATM
Asynchronous transfer mode
Like frame relay but better
Uses 53B fried frames to optimize switching
What are the bit rates for QOS?
Constant - prioritize connection oriented
Variable - de-prioritize connection oriented
Unspecified - no specification
Available - the bit rate changes by availability
What are the levels of QoS?
Best effort - no guarantees
Differentiated - shorter delays
Guaranteed - first in line
Traffic shaping
uses QoS to maintain bandwidth levels
Switched multimegabit data service
Antiquated packet switching service
Synchronous data link protocol
Mainframe datalink layer switching protocol used between mainframes
High level data link control
Mainly used for device to device communication like router to router
LCP/NCP
LCP is link control protocol and handles the connection of a PPP
NCP is network control protocol and controls the authentication
SLIP
Serial line internet protocol - old technology used to connect serial lines. PPP replaced it
High speed serial interface HSSI
Used for an interface to connect multiplexers and routers to high speed ATM and frame relay
Multiservice access technology
Running several services at the same time like voice and data
PSTN - public switched telephone network
Old technology that used circuit switching instead of packet switching .. Think of POTS
H.323
Conversion gateways between the circuit based PSTN to the packet based VOIP
Vishing
A telephone phishing attack where people call you trying to get information
SIP
Three way handshake used to establish IP telephony connections for conferences and VOIP
SIP process
Caller Invite Server sends Trying Receiver Ringing Receiver sends Ok Caller Ack
What is RTP?
Standardized packet format for delivering audio / video
What is a VoIP registrar used for?
Keeps a centralized record of the updated locations
What is RTCP?
Provided feedback on RTP
RTP control protocol
Is SIP encrypted?
Nope!
SPIT
Spam over ip telephony
This is VoIP spam and causes voicemail overload and wasted time
What is an ISDN bri/pri?
BRI - 2 channel home quality ISDN 144kbps
PRI - 23 channel commercial quality ISDN often used as an on demand redundant connection
What are the types of DSL?
Sdsl - slow symetrical service Adsl - faster asymetrical service Hdsl - faster yet asymetrical Vdsl - fastest asymetrical service Radsl - rate adaptive based in media
What is DOCSIS?
A standard for adding high speed data transfer over existing cable infrastructure
Layer 2 tunneling protocol
Used to traverse layer 2 point to point (PPP) networks like MPLS
How does IPSec work?
IP Tunnel Encryption Protocol
Authentication header (AH)
Used for data integrity, data origin, protection from replay
Encapsulating security payload (ESP)
Provides confidentiality, and integrity
ISAKMP
Provides a framework for security
IKE
Authentication Ceritcifcate keys
HAIPE
A layer 3 VPN tunneling protocol used mostly by the NSA as a replacement for PPP/L2TP devices and methods
Transport adjacency
More then one security policy used in a VPN.
Iterated tunneling
Tunnels within tunnels
What is PAP?
Clear text authentication used over PPP
How does CHAP work?
It is a challenge response authentication..
A random number (challenge) is encrypted with a predefined password and sent for verification
EAP
Is a framework to enable authentication and has many variants like
EAPGSS - generic security service using Kerberos
EAPTLS - digital certificate based authentication
Spread Spectrum
Parrellel wireless over multiple frequencies
Frequency hopping spread spectrum - FHSS
Frequency hopping is when sub-spectrums are used in a particular order to reduce the possibility of collision
1-2 Mbps
Direct sequence spread spectrum -DSSS
A chipping number is placed in each transmission and randomized only the proper chipping sequence can interpret the data, offers resend capability
11 Mbps
Orthogonal frequency division multiplexing OFDM
Used to tightly and precisely pack signals near each other using different perpendicular modulation
52 Mbps +
What is open system authentication?
Non-encrypted wireless ssid
Shared key authentication
Wireless that used challenge / response to encrypt the communication
802.11i
Standard for wireless security
802.1x
Allows for authentication as a separate process since it is at the networking level
Bluejacking
Sending a user something like a contact or message via Bluetooth connection
Bluesnarfing
Getting access to personal information through a Bluetooth connection
What allows wireless mobile devices to use the limited frequency of radio?
Each tower uses a different frequency and no adjacent tower can use the same
FDMA
1G - first gen. Used sub band frequencies per call, this ran out quickly.
TDMA
Time slice of a frequency allows no one user to hog a frequency - GSM
CDMA
3G - spread spectrum using the entire bandwidth for each user call
OFDMA
Frequencies are extremely closely packet using narrow sub channels to get the most bandwidth.. This is where 4G comes in.
Cell phone cloning
The use of someone’s cell phone credentials to utilize calls on their account
