Chapter 6 The Basic LAN Flashcards
What is the role of the Physical Layer?
It handles the physical transmission of raw data bits over a communication channel.
What does the Data Link Layer do?
It provides error-free transmission of data frames over a physical link and handles flow control.
What is the purpose of the Network Layer?
It enables routing and logical addressing, allowing packets to be properly routed across multiple networks.
What does the Transport Layer do?
It ensures reliable delivery of data by providing error recovery, flow control, and segmentation of data into smaller units.
What is the role of the Session Layer?
It establishes, manages, and terminates sessions between applications, providing synchronization and checkpointing.
What does the Presentation Layer handle?
It is responsible for data formatting, encryption, compression, and translation between different data formats.
What is the purpose of the Application Layer?
It provides network services directly to end-users and applications, such as email, web browsing, and file transfer.
What is Address Resolution Protocol (ARP)?
ARP is a protocol used to map IP addresses to the MAC addresses of network interfaces.
Which layer of the OSI model does ARP operate at?
ARP operates at the Data Link Layer (Layer 2) of the OSI model.
What is the purpose of ARP?
ARP allows devices on a local area network (LAN) to discover and communicate with each other using MAC addresses.
What is a MAC address?
A MAC address, also known as a physical address, is a unique 48-bit hexadecimal identifier assigned to network interfaces.
What type of networks does ARP apply to?
ARP applies to local area networks (LANs) where devices communicate using MAC addresses.
What information does an ARP packet contain?
An ARP packet includes the source MAC address, source IP address, destination MAC address, and destination IP address.
How does ARP work?
When a device wants to communicate with another device on the same LAN, it sends an ARP request to discover the MAC address associated with a given IP address. The destination device replies with an ARP response containing its MAC address.
What is ARP cache poisoning?
ARP cache poisoning, also known as an ARP spoofing attack, is a type of man-in-the-middle attack where an attacker alters the ARP cache of a device to redirect network traffic through their system.
How can ARP cache poisoning be mitigated?
Mitigation measures include using static ARP cache entries, implementing network access controls, employing multifactor authentication, and applying conditional access policies.
Which layer of the OSI model is responsible for MAC addresses?
MAC addresses are handled at the Data Link Layer (Layer 2) of the OSI model.
What is a Layer 2 attack?
A Layer 2 attack refers to attacks that exploit vulnerabilities in the Data Link Layer (Layer 2) of the OSI model, specifically related to MAC addresses.
What is a MAC address flooding attack?
A MAC address flooding attack involves sending a flood of forged packets with spoofed MAC addresses to overwhelm a switch, causing it to behave like a hub and broadcast all traffic to every switch port.
What is a broadcast storm?
A broadcast storm, also known as a switching loop, is a situation where excessive amounts of network traffic flood the network, usually caused by faulty switches, failing network cards, or redundant network links.
How can MAC address flooding attacks be mitigated?
Mitigation measures for MAC address flooding attacks include limiting network access through MAC address filtering, using static MAC address assignments, and disabling unused switch ports.
How can broadcast storms be mitigated?
Broadcast storms can be mitigated by implementing Spanning Tree Protocol (STP) to prevent switching loops, enabling features like Bridge Protocol Data Unit Guard (BPDU Guard), and ensuring proper network configuration.
What are the security risks associated with Layer 2 attacks?
Layer 2 attacks can expose sensitive network traffic, compromise network integrity, and disrupt network operations, posing significant security risks to an organization.
What is MAC address filtering?
MAC address filtering is a security measure that allows only specific MAC addresses to access the network, limiting unauthorized devices from connecting.
What is Spanning Tree Protocol (STP)?
Spanning Tree Protocol (STP) is a network protocol that prevents switching loops and ensures a loop-free topology by dynamically managing redundant network paths.
What is Bridge Protocol Data Unit Guard (BPDU Guard)?
BPDU Guard is a feature that prevents unauthorized switches from being connected to a network, protecting against potential switching loops and network disruptions.
What is the importance of network access controls and proper network configuration?
Network access controls and proper network configuration help prevent unauthorized access, mitigate Layer 2 attacks, and maintain network security and stability.
What is the concept of zero trust in IT security?
Zero trust refers to the approach of not automatically trusting anyone or anything, including insiders, and implementing strict security measures to protect the network.
What are insider threats?
Insider threats refer to security risks posed by individuals within an organization who have authorized access to the network and may intentionally or unintentionally compromise its security.
How can insider threats be mitigated?
Mitigation measures for insider threats include providing security awareness training to employees, implementing intrusion detection and prevention systems, and monitoring for suspicious activities.
Why is having a network diagram important for network security?
A network diagram provides an overview of the network infrastructure, enabling effective incident response, troubleshooting, and security management.
What are some best practices for network planning and preparation?
Best practices for network planning include using standardized naming conventions for devices, implementing VLANs for network segmentation, configuring screened subnets for publicly reachable services, and enforcing strict firewall rules.
What is a VLAN (Virtual Local Area Network)?
A VLAN is a virtual network created within a physical network infrastructure that allows for network segmentation, isolation, and improved security by separating devices into different logical networks.
What is a screened subnet?
A screened subnet, also known as a demilitarized zone (DMZ), is a separate network segment where publicly accessible services are placed, with strict firewall rules to control traffic between the DMZ and the internal network.
How does zero trust apply to network security?
Zero trust principles emphasize the need for continuous authentication, authorization, and verification of all devices and users accessing the network, regardless of their location or insider status.
Why are standardized naming conventions and IP address schemes important for network security?
Standardized naming conventions and IP address schemes improve network manageability, troubleshooting, and security incident response by providing consistency and easy identification of devices and their roles.
What is the role of firewalls in network security?
Firewalls act as a barrier between networks, enforcing security policies and controlling traffic flow to protect against unauthorized access and potential threats from the internet or other networks.
What is load balancing in the context of app availability?
Load balancing refers to distributing client traffic across multiple backend servers running the same app, improving performance and increasing availability
How does a load balancer work?
Clients connect to the load balancer, which selects the least busy backend server from a pool to handle the client’s request, ensuring even distribution of workload and providing redundancy.
What is auto scaling in a load balancing configuration?
Auto scaling allows the load balancer to dynamically add or remove backend servers based on the demand for incoming client requests, optimizing resource utilization and scaling the environment horizontally.
What is session persistence in load balancing?
Session persistence, also known as sticky sessions, ensures that a client remains connected to the same backend server for the duration of a session, maintaining session-related data and providing a consistent experience.
What are the different scheduling methods in load balancing?
The scheduling methods include Round-Robin (requests are sent sequentially to backend servers), Least Connection (requests are sent to the least busy server), and Weighted (servers are assigned relative weights to distribute traffic).
What is an active-active load balancing configuration?
An active-active configuration refers to multiple backend servers being actively available simultaneously, handling client requests in parallel, without any servers being in standby mode.
What is an active-passive load balancing configuration?
An active-passive configuration involves one active backend server handling client requests, while the standby servers remain idle until the active server becomes unresponsive or overwhelmed, at which point a standby server takes over.
How can load balancing improve app availability?
Load balancing enhances availability by distributing client traffic across multiple servers, providing redundancy and failover capabilities in case of server failures or high traffic loads.
What are the considerations for load balancer configuration?
Factors to consider include the type of load balancer (hardware or software-based), the application’s specific needs, session persistence requirements, scheduling methods, and the ability to scale horizontally or vertically.