CHAPTER 6_Telecommunications and Network Security_v2 Flashcards
Bullets: Carrier sense multiple access with collision detection
A media access control method that uses a carrier sensing scheme. When a transmitting system detects another signal while transmitting a frame, it stops transmitting that frame, transmits a jam signal, and then waits for a random time interval before trying to resend the frame. This reduces collisions on a network.
Explanations: Digging Deeper into SIP
As stated earlier, SIP is a signaling protocol widely used for VoIP communications sessions. It is used in applications such as video conferencing, multimedia, instant messaging, and online gaming. It is analogous to the SS7 protocol used in PSTN networks and supports features present in traditional telephony systems.
Bullets: Open Systems Interconnection (OSI) model
International standardization of system-based network communication through a modular seven-layer architecture.
Emphasis: Quality of Service (QoS)
Quality of Service Quality of Service (QoS) is a capability that allows a protocol to distinguish between different classes of messages and assign priority levels. Some applications, such as video conferencing, are time sensitive, meaning delays would cause unacceptable performance of the application. A technology that provides QoS allows an administrator to assign a priority level to time-sensitive traffic. The protocol then ensures this type of traffic has a specific or minimum rate of delivery.
Bullets: Fraggle attack
A DDoS attack type on a computer that floods the target system with a large amount of UDP echo traffic to IP broadcast addresses.
Bullets: BNC (British Naval Connector)
is often used for terminating coaxial cables. It is used to connect various types of radio, television, and other radio-frequency electronic equipment. (Also referred to as Bayonet Neill–Concelman connector.)
Bullets: Light detector
Converts light signal back into electrical signal
Explanation Bullets: It is important to understand the following characteristics of these firewall architecture types:
Dual-homed:
- A single computer with separate NICs connected to each network.
- Used to divide an internal trusted network from an external untrusted network.
- Must disable a computer’s forwarding and routing functionality so the two networks are truly segregated.
Explanations: Internet Control Message Protocol
The Internet Control Message Protocol (ICMP) is basically IP’s “messenger boy.” ICMP delivers status messages, reports errors, replies to certain requests, reports routing information, and is used to test connectivity and troubleshoot problems on IP networks.
Bullets: Virtual Router Redundancy Protocol
VRRP is used in networks that require high availability where routers as points of failure cannot be tolerated. It is designed to increase the availability of the default gateway by advertising a “virtual router” as a default gateway. Two physical routers (primary and secondary) are mapped to one virtual router. If one of the physical routers fails, the other router takes over the workload.
Explanation Bullets: The industry had to come up with other ways to allow millions of users to be able to use this finite resource (frequency range) in a flexible manner. Over time, mobile wireless has been made up of progressively more complex and more powerful “multiple access” technologies, listed here:
- Frequency division multiple access (FDMA)
- Time division multiple access (TDMA)
- Code division multiple access (CDMA)
- Orthogonal frequency division multiple access (OFDMA)
Bullets: IPv6
IP version 6 is the successor to IP version 4 and provides 128-bit addressing, integrated IPSec security protocol, simplified header formats, and some automated configuration.
Bullets: Synchronous communication
Transmission sequencing technology that uses a clocking pulse or timing scheme for data transfer synchronization.
Bullets: Single-attachment station (SAS)
Attaches to only one ring (the primary) through a concentrator
Bullets: Multimode
Large glass cores, and are able to carry more data than single-core fibers, though they are best for shorter distances because of their higher attenuation levels.
Bullets: Autonomous system (AS)
A collection of connected IP routing prefixes under the control of one or more network operators that presents a common, clearly defined routing policy to the Internet. They are uniquely identified as individual networks on the Internet.
Emphasis: Orthogonal frequency division multiple access (OFDMA)
Orthogonal frequency division multiple access (OFDMA) is derived from a combination of FDMA and TDMA. In earlier implementations of FDMA, the different frequencies for each channel were widely spaced to allow analog hardware to separate the different channels. In OFDMA, each of the channels is subdivided into a set of closely spaced orthogonal frequencies with narrow bandwidths (subchannels). Each of the different subchannels can be transmitted and received simultaneously in a multiple input and output (MIMO) manner. The use of orthogonal frequencies and MIMO allows signal processing techniques to reduce the impacts of any interference between different subchannels and to correct for channel impairments, such as noise and selective frequency fading. 4G requires that OFDMA be used.
Emphasis: amplitudes
Signals are measured in frequency and amplitudes. The frequency of a signal dictates the amount of data that can be carried and how far. The higher the frequency, the more data the signal can carry, but the higher the frequency, the more susceptible the signal is to atmospheric interference. A higher frequency can carry more data, but over a shorter distance.
Bullets: Metropolitan area network (MAN)
A network that usually spans a city or a large campus, interconnects a number of LANs using a high-capacity backbone technology, and provides up-link services to WANs or the Internet.
Explanations: Tying the Layers Together
Pick up all of these protocols from the floor and put them into a stack—a network stack.
Bullets: Star topology
Network consists of one central device, which acts as a conduit to transmit messages. The central device, to which all other nodes are connected, provides a common connection point for all nodes.
Bullets: DHCP snooping
A series of techniques applied to ensure the security of an existing DHCP infrastructure through tracking physical locations, ensuring only authorized DHCP servers are accessible, and hosts use only addresses assigned to them.
Bullets: Screened host
A firewall that communicates directly with a perimeter router and the internal network. The router carries out filtering activities on the traffic before it reaches the firewall.
Bullets: War dialing
When a specialized program is used to automatically scan a list of telephone numbers to search for computers for the purposes of exploitation and hacking.
Emphasis: User Agent Server (UAS)
SIP consists of two major components: the User Agent Client (UAC) and User Agent Server (UAS). The UAC is the application that creates the SIP requests for initiating a communication session. UACs are generally messaging tools and soft-phone applications that are used to place VoIP calls. The UAS is the SIP server, which is responsible for handling all routing and signaling involved in VoIP calls.
Emphasis: state table
A stateful firewall is like a nosy neighbor who gets into people’s business and conversations. She keeps track of the suspicious cars that come into the neighborhood, who is out of town for the week, and the postman who stays a little too long at the neighbor lady’s house. This can be annoying until your house is burglarized. Then you and the police will want to talk to the nosy neighbor, because she knows everything going on in the neighborhood and would be the one most likely to know something unusual happened. A stateful inspection firewall is nosier than a regular filtering device because it keeps track of what computers say to each other. This requires that the firewall maintain a state table, which is like a score sheet of who said what to whom.
Emphasis: multihomed
Many network devices today are multihomed, which just means they have several NICs that are used to connect several different networks. Multihomed devices are commonly used to house firewall software, since the job of a firewall is to control the traffic as it goes from one network to another. A common multihomed firewall architecture allows a company to have several DMZs. One DMZ may hold devices that are shared between companies in an extranet, another DMZ may house the company’s DNS and mail servers, and yet another DMZ may hold the company’s web servers. Different DMZs are used for two reasons: to control the different traffic types (for example, to make sure HTTP traffic only goes toward the web servers and ensure DNS requests go toward the DNS server), and to ensure that if one system on one DMZ is compromised, the other systems in the rest of the DMZs are not accessible to this attacker.
Bullets: Overlapping fragment attack
Used to subvert packet filters that do not reassemble packet fragments before inspection. A malicious fragment overwrites a previously approved fragment and executes an attack on the victim’s system.
Explanations: Dynamic Host Configuration Protocol
Can you just throw out addresses as necessary? I am too tired to do it manually.
Bullets: User Datagram Protocol (UDP)
Connectionless, unreliable transport layer protocol, which is considered a “best effort” protocol.
Bullets: Public-switched telephone network (PSTN)
The public circuit-switched telephone network, which is made up of telephone lines, fiber-optic cables, cellular networks, communications satellites, and undersea telephone cables and allows all phone-to-phone communication. It was a fixed-line analog telephone system, but is now almost entirely digital and includes mobile as well as fixed telephones.
Summary of Tunneling Protocols : Point-to-Point Tunneling Protocol (PPTP):
- Works in a client/server model
- Extends and protects PPP connections
- Works at the data link layer
- Transmits over IP networks only
Explanation Bullets: Packet filtering was the first generation of firewalls and it is the most rudimentary type of all of the firewall technologies. The filters only have the capability of reviewing protocol header information at the network and transport levels and carrying out PERMIT or DENY actions on individual packets. This means the filters can make access decisions based upon the following basic criteria:
- Source and destination IP addresses
- Source and destination port numbers
- Protocol types
- Inbound and outbound traffic direction
Emphasis: IPSec
IPSec is covered in Chapter 7 from a cryptography point of view, so we will cover it from a VPN point of view here. IPSec is a suite of protocols that was developed to specifically protect IP traffic. IPv4 does not have any integrated security, so IPSec was developed to “bolt onto” IP and secure the data the protocol transmits. Where PPTP and L2TP work at the data link layer, IPSec works at the network layer of the OSI model.
Bullets: Internet Message Access Protocol (IMAP)
An Internet standard protocol used by e-mail clients to retrieve e-mail from a remote server. E-mail clients using IMAP generally leave messages on the server until the user explicitly deletes them.
Emphasis: fiber-optic
Because it uses glass, fiber-optic cabling has higher transmission speeds that allow signals to travel over longer distances. Fiber cabling is not as affected by attenuation and EMI when compared to cabling that uses copper. It does not radiate signals, as does UTP cabling, and is difficult to eavesdrop on; therefore, fiber-optic cabling is much more secure than UTP, STP, or coaxial.
Physical : Network interface cards and drivers convert bits into electrical signals and control the physical aspects of data transmission, including optical, electrical, and mechanical requirements. The following are some of the standard interfaces at this layer:
- EIA-422, EIA-423, RS-449, RS-485
- 10BASE-T, 10BASE2, 10BASE5, 100BASE-TX, 100BASE-FX, 100BASE-T, 1000BASE-T, 1000BASE-SX
- Integrated Services Digital Network (ISDN)
- Digital subscriber line (DSL)
- Synchronous Optical Networking (SONET)
Bullets: Internet Control Message Protocol (ICMP)
A core protocol of the IP suite used to send status and error messages.
Bullets: Voice over IP (VoIP)
The set of protocols, technologies, methodologies, and transmission techniques involved in the delivery of voice data and multimedia sessions over IP-based networks.
Summary of Tunneling Protocols : Layer 2 Tunneling Protocol (L2TP):
- Hybrid of L2F and PPTP
- Extends and protects PPP connections
- Works at the data link layer
- Transmits over multiple types of networks, not just IP
- Combined with IPSec for security
Emphasis: Always Connected
Always ConnectedUnlike dial-up modems and ISDN connections, DSL lines and cable modems are connected to the Internet and “live” all the time. No dial-up steps are required. This can cause a security issue because many hackers look for just these types of connections. Systems using these types of connections are always online and available for scanning, probing, hacking, and attacking. These systems are also often used in DDoS attacks. Because the systems are on all the time, attackers plant Trojan horses that lie dormant until they get the command from the attacker to launch an attack against a victim. Many of the DDoS attacks use as their accomplices systems with DSL and cable modems, and usually the owner of the computer has no idea their system is being used to attack another system.
Bullets: Open Shortest Path First
OSPF uses link-state algorithms to send out routing table information. The use of these algorithms allows for smaller, more frequent routing table updates to take place. This provides a more stable network than RIP, but requires more memory and CPU resources to support this extra processing. OSPF allows for a hierarchical routing network that has a backbone link connecting all subnets together. OSPF has replaced RIP in many networks today. Authentication can take place with cleartext passwords or hashed passwords, or you can choose to configure no authentication on the routers using this protocol.
Emphasis: Digital subscriber line (DSL)
Digital subscriber line (DSL) is another type of high-speed connection technology used to connect a home or business to the service provider’s central office. It can provide 6 to 30 times higher bandwidth speeds than ISDN and analog technologies. It uses existing phone lines and provides a 24-hour connection to the Internet. This does indeed sound better than sliced bread, but only certain people can get this service because you have to be within a 2.5-mile radius of the DSL service provider’s equipment. As the distance between a residence and the central office increases, the transmission rates for DSL decrease.
Bullets: Baseband transmission
Uses the full bandwidth for only one communication channel and has a low data transfer rate compared to broadband.
Bullets: Internet Group Management Protocol (IGMP)
Used by systems and adjacent routers on IP networks to establish and maintain multicast group memberships.
Bullets: Wide area network (WAN)
A telecommunication network that covers a broad area and allows a business to effectively carry out its daily function, regardless of location.
Bullets: Ring topology
Each system connects to two other systems, forming a single, unidirectional network pathway for signals, thus forming a ring.
Emphasis: IP Telephony Issues
IP Telephony IssuesVoIP’s integration with the TCP/IP protocol has brought about immense security challenges because it allows malicious users to bring their TCP/IP experience into this relatively new platform, where they can probe for flaws in both the architecture and the VoIP systems. Also involved are the traditional security issues associated with networks, such as unauthorized access, exploitation of communication protocols, and the spreading of malware. The promise of financial benefit derived from stolen call time is a strong incentive for most attackers. In short, the VoIP telephony network faces all the flaws that traditional computer networks have faced. Moreover, VoIP devices follow architectures similar to traditional computers—that is, they use operating systems, communicate through Internet protocols, and provide a combination of services and applications.
Bullets: 6to4
Transition mechanism for migrating from IPv4 to IPv6. It allows systems to use IPv6 to communicate if their traffic has to transverse an IPv4 network.
Bullets: Multiplexing
A method of combining multiple channels of data over a single transmission line.
Explanation Bullets: Fourth generation (4G)
- Based on an all-IP packet-switched network
* Data exchange at 100 Mbps–1 Gbps
Explanations: Mobile Technology Generations
Like many technologies, the mobile communication technology has gone through several different generations.
Emphasis: Telecommunications
Telecommunications is the electrical transmission of data among systems, whether through analog, digital, or wireless transmission types. The data can flow through copper wires; coaxial cable; airwaves; the telephone company’s public-switched telephone network (PSTN); and a service provider’s fiber cables, switches, and routers. Definitive lines exist between the media used for transmission, the technologies, the protocols, and whose equipment is being used. However, the definitive lines get blurry when one follows how data created on a user’s workstation flows within seconds through a complex path of Ethernet cables, to a router that divides the company’s network and the rest of the world, through the Asynchronous Transfer Mode (ATM) switch provided by the service provider, to the many switches the packets transverse throughout the ATM cloud, on to another company’s network, through its router, and to another user’s workstation. Each piece is interesting, but when they are all integrated and work together, it is awesome.
Emphasis: Simple Network Management Protocol
Simple Network Management ProtocolSimple Network Management Protocol (SNMP) was released to the networking world in 1988 to help with the growing demand of managing network IP devices. Companies use many types of products that use SNMP to view the status of their network, traffic flows, and the hosts within the network. Since these tasks are commonly carried out using graphical user interface (GUI)–based applications, many people do not have a full understanding of how the protocol actually works. The protocol is important to understand because it can provide a wealth of information to attackers, and you should understand the amount of information that is available to the ones who wish to do you harm, how they actually access this data, and what can be done with it.
Bullets: RJ-11
is often used for terminating telephone wires.
Networking Devices : Several types of devices are used in LANs, MANs, and WANs to provide intercommunication among computers and networks. We need to have physical devices throughout the network to actually use all the protocols and services we have covered up to this point. The different networking devices vary according to their functionality, capabilities, intelligence, and network placement. We will look at the following devices:
- Repeaters
- Bridges
- Routers
- Switches
Emphasis: Streaming Protocols
Streaming ProtocolsRTP is a session layer protocol that carries data in media stream format, as in audio and video, and is used extensively in VoIP, telephony, video conferencing, and other multimedia streaming technologies. It provides end-to-end delivery services and is commonly run over the transport layer protocol UDP. RTP Control Protocol (RTCP) is used in conjunction with RTP and is also considered a session layer protocol. It provides out-of-band statistics and control information to provide feedback on QoS levels of individual streaming multimedia sessions.
Bullets: Half-duplex
Communication takes place in both directions, but only one application can send information at a time.
Bullets: Attenuation
Gradual loss in intensity of any kind of flux through a medium. As an electrical signal travels down a cable, the signal can degrade and distort or corrupt the data it is carrying.
Bullets: Teredo
Transition mechanism for migrating from IPv4 to IPv6. It allows systems to use IPv6 to communicate if their traffic has to transverse an IPv4 network, but also performs its function behind NAT devices.
Emphasis: E-mail Authorization
E-mail AuthorizationPOP has gone through a few version updates and is currently on POP3. POP3 has the capability to integrate Simple Authentication and Security Layer (SASL). SASL is a protocol-independent framework for performing authentication. This means that any protocol that knows how to interact with SASL can use its various authentication mechanisms without having to actually embed the authentication mechanisms within its code.
Bullets: Source routing
Allows a sender of a packet to specify the route the packet takes through the network versus routers determining the path.
Bullets: Dual-homed firewall
This device has two interfaces and sits between an untrusted network and trusted network to provide secure access. A multihomed device just means it has multiple interfaces. Firewalls that have multiple interfaces allow for networks to be segmented based upon security zone, with unique security configurations.
Bullets: Subnet
Logical subdivision of a network that improves network administration and helps reduce network traffic congestion. Process of segmenting a network into smaller networks through the use of an addressing scheme made up of network and host portions.
Explanation Bullets: First generation (1G):
- Analog services
* Voice service only
Bullets: Metro Ethernet
A data link technology that is used as a metropolitan area network to connect customer networks to larger service networks or the Internet. Businesses can also use Metro Ethernet to connect distributed locations to their intranet.
Bullets: Cable modem
A device that provides bidirectional data communication via radio frequency channels on cable TV infrastructures. Cable modems are primarily used to deliver broadband Internet access to homes.
Explanations: Mobile Phone Security
Most corporations do not incorporate the use of portable devices and mobile cell phone technologies into their security policies or overarching security program. This was all right when phones were just phones, but today they are small computers that can connect to web sites and various devices, and thus are new entry points for malicious activities.
Emphasis: Time division multiple access (TDMA)
Time division multiple access (TDMA) increases the speed and efficiency of the cellular network by taking the radio-frequency spectrum channels and dividing them into time slots. At various time periods, multiple users can share the same channel; the systems within the cell swap from one user to another user, in effect, reusing the available frequencies. TDMA increased speeds and service quality. A common example of TDMA in action is a conversation. One person talks for a time then quits, and then a different person talks. In TDMA systems, time is divided into frames. Each frame is divided into slots. TDMA requires that each slot’s start and end time are known to both the source and the destination. Mobile communication systems such as Global System for Mobile Communication (GSM), Digital AMPS (D-AMPS), and Personal Digital Cellular (PDC) use TDMA.
Bullets: Private Branch Exchange (PBX)
A telephone exchange that serves a particular business, makes connections among the internal telephones, and connects them to the public-switched telephone network (PSTN) via trunk lines.
Emphasis: DNS Threats
DNS ThreatsAs stated earlier, not every DNS server knows the IP address of every hostname it is asked to resolve. When a request for a hostname-to-IP address mapping arrives at a DNS server (server A), the server reviews its resource records to see if it has the necessary information to fulfill this request. If the server does not have a resource record for this hostname, it forwards the request to another DNS server (server B), which in turn reviews its resource records and, if it has the mapping information, sends the information back to server A. Server A caches this hostname-to-IP address mapping in its memory (in case another client requests it) and sends the information on to the requesting client.
Explanation Bullets: Ethernet is defined by the following characteristics:
- Contention-based technology (all resources use the same shared communication medium)
- Uses broadcast and collision domains
- Uses the carrier sense multiple access with collision detection (CSMA/CD) access method
- Supports full duplex communication
- Can use coaxial, twisted-pair, or fiber-optic cabling types
- Is defined by standard IEEE 802.3
Explanation Bullets: Some of the best practices pertaining to WLAN implementations are as follows:
- Change the default SSID. Each AP comes with a preconfigured default SSID value.
- Disable “broadcast SSID” on the AP. Most APs allow for this to be turned off.
- Implement another layer of authentication (RADIUS, Kerberos). Before the user can access the network, require him to authenticate.
- Physically put the AP at the center of the building. The AP has a specific zone of coverage it can provide.
- Logically put the AP in a DMZ with a firewall between the DMZ and internal network. Allow the firewall to investigate the traffic before it gets to the wired network.
- Implement VPN for wireless devices to use. This adds another layer of protection for data being transmitted.
- Configure the AP to allow only known MAC addresses into the network. Allow only known devices to authenticate. But remember that these MAC addresses are sent in cleartext, so an attacker could capture them and masquerade himself as an authenticated device.
- Carry out penetration tests on the WLAN. Use the tools described in this section to identify APs and attempt to break the current encryption scheme being used.
- Move to a product that follows the 802.11i standard.
Emphasis: Bluesnarfing
NOTE Bluesnarfing is the unauthorized access from a wireless device through a Bluetooth connection. This allows access to a calendar, contact list, e-mails, and text messages, and on some phones users can copy pictures and private videos.
Emphasis: High-level Data Link Control (HDLC)
High-level Data Link Control (HDLC) is a protocol that is also a bit-oriented link layer protocol and is used for serial device-to-device WAN communication. HDLC is an extension of SDLC, which was mainly used in SNA environments. SDLC basically died out as the mainframe environments using SNA reduced greatly in numbers. HDLC stayed around and evolved.
Bullets: Full-duplex
Communication takes place in both directions, and both applications can send information at the same time.
Emphasis: Wormhole Attack
Wormhole AttackAn attacker can capture a packet at one location in the network and tunnel it to another location in the network. In this type of attack, there are two attackers, one at each end of the tunnel (referred to as a wormhole). Attacker A could capture an authentication token that is being sent to an authentication server, and then send this token to the other attacker, who then uses it to gain unauthorized access to a resource. This can take place on a wired or wireless network, but it is easier to carry out on a wireless network because the attacker does not need to actually penetrate a physical wire.
Emphasis: local area network (LAN)
A local area network (LAN) is a network that provides shared communication and resources in a relatively small area. What defines a LAN, as compared to a WAN, depends on the physical medium, encapsulation protocols, and media access technology. For example, a LAN could use 10Base-T cabling, TCP/IP protocols, and Ethernet media access technology, and it could enable users who are in the same local building to communicate. A WAN, on the other hand, could use fiber-optic cabling, the L2TP encapsulation protocol, and ATM media access technology, and could enable users from one building to communicate with users in another building in another state (or country). A WAN connects LANs over great distances geographically. Most of the differences between these technologies are found at the data link layer.
Emphasis: bastion host
A system is considered a bastion host if it is a highly exposed device that is most likely to be targeted by attackers. The closer any system is to an untrusted network, as in the Internet, the more it is considered a target candidate since it has a smaller number of layers of protection guarding it. If a system is on the public side of a DMZ or is directly connected to an untrusted network, it is considered a bastion host; thus, it needs to be extremely locked down.
Bullets: Electronic data interchange (EDI)
The structured transmission of data between organizations. It is considered to describe the rigorously standardized format of electronic documents and commonly used in supply chains between customers, vendors, and suppliers.
Explanations: Attacks Using ICMP
The ICMP protocol was developed to send status messages, not to hold or transmit user data. But someone figured out how to insert some data inside of an ICMP packet, which can be used to communicate to an already compromised system. Loki is actually a client/server program used by hackers to set up back doors on systems. The attacker targets a computer and installs the server portion of the Loki software. This server portion “listens” on a port, which is the back door an attacker can use to access the system. To gain access and open a remote shell to this computer, an attacker sends commands inside of ICMP packets. This is usually successful, because most routers and firewalls are configured to allow ICMP traffic to come and go out of the network, based on the assumption that this is safe because ICMP was developed to not hold any data or a payload.
Bullets: PRI ISDN
This implementation has up to 23 B channels and 1 D channel, at 64 Kbps per channel. The total bandwidth is equivalent to a T1, which is 1.544 Mbps. This would be more suitable for a company that requires a higher amount of bandwidth compared to BRI ISDN.
Bullets: DNSSEC
A set of extensions to DNS that provide to DNS clients (resolvers) origin authentication of DNS data to reduce the threat of DNS poisoning, spoofing, and similar attack types.
Explanation Bullets: Frequency-division multiplexing (FDM)
- An available wireless spectrum is used to move data.
- Available frequency band is divided into narrow frequency bands and used to have multiple parallel channels for data transfer.
Bullets: Token ring
LAN medium access technology that controls network communication traffic through the use of token frames. This technology has been mostly replaced by Ethernet.
Bullets: DHCPOFFER message
This message is a response to a DHCPDISCOVER message, and is sent by one or numerous DHCP servers.
Emphasis: Optical Wireless
Optical WirelessOptical wireless is the combined use of two technologies: radio-frequency (RF) wireless and optical fiber. Long-range links are provided by optical fiber cables, and links from the long-range end-points to end users are accomplished by RF wireless transmitters. The local links can be provided by laser systems, also known as free-space optics (FSO), rather than by RF wireless. FSO is a point-to-point optical connection supporting very high rates in outdoor environments. These types of wireless transmissions are hard to intercept and do not require a license to deploy. While older versions of optical wireless used to be negatively affected by weather conditions, currently all-weather optical wireless systems are continuously becoming available.
Emphasis: bridge
A bridge is a LAN device used to connect LAN segments. It works at the data link layer and therefore works with MAC addresses. A repeater does not work with addresses; it just forwards all signals it receives. When a frame arrives at a bridge, the bridge determines whether or not the MAC address is on the local network segment. If the MAC address is not on the local network segment, the bridge forwards the frame to the necessary network segment.
Emphasis: WLAN Security
WLAN SecurityThe first WLAN standard, IEEE 802.11, had a tremendous number of security flaws. These were found within the core standard itself, as well as in different implementations of this standard. The three core deficiencies with WEP are the use of static encryption keys, the ineffective use of initialization vectors, and the lack of packet integrity assurance. The WEP protocol uses the RC4 algorithm, which is a stream-symmetric cipher. Symmetric means the sender and receiver must use the exact same key for encryption and decryption purposes. The 802.11 standard does not stipulate how to update these keys through an automated process, so in most environments, the RC4 symmetric keys are never changed out. And usually all of the wireless devices and the AP share the exact same key. This is like having everyone in your company use the exact same password. Not a good idea. So that is the first issue—static WEP encryption keys on all devices.
Explanation Bullets: The data, IP, and network relationship can be compared to the relationship between a letter and the postal system:
- Data = Letter
- IP = Addressed envelope
- Network = Postal system
Emphasis: source routing
If source routing is allowed, the packets contain the necessary information within them to tell the bridge or router where they should go. The packets hold the forwarding information so they can find their way to their destination without needing bridges and routers to dictate their paths. If the computer wants to dictate its forwarding information instead of depending on a bridge, how does it know the correct route to the destination computer? The source computer sends out explorer packets that arrive at the destination computer. These packets contain the route information the packets had to take to get to the destination, including what bridges and/or routers they had to pass through. The destination computer then sends these packets back to the source computer, and the source computer strips out the routing information, inserts it into the packets, and sends them on to the destination.
Bullets: IEEE 802. 1AE (MACSec)
Standard that specifies a set of protocols to meet the security requirements for protecting data traversing Ethernet LANs.
Bullets: Media access control (MAC)
Data communication protocol sublayer of the data link layer specified in the OSI model. It provides hardware addressing and channel access control mechanisms that make it possible for several nodes to communicate within a multiple-access network that incorporates a shared medium.
Bullets: Transmission Control Protocol (TCP)
Core protocol of the TCP/IP suite, which provides connection-oriented, end-to-end, reliable network connectivity.
Bullets: Multiprotocol Label Switching (MPLS)
A networking technology that directs data from one network node to the next based on short path labels rather than long network addresses, avoiding complex lookups in a routing table.
Bullets: Link-state routing protocol
A routing protocol used in packet-switching networks where each router constructs a map of the connectivity within the network and calculates the best logical paths, which form its routing table.
Emphasis: Wide Area Networks
Wide Area NetworksLAN technologies provide communication capabilities over a small geographic area, whereas wide area network (WAN) technologies are used when communication needs to travel over a larger geographical area. LAN technologies encompass how a computer puts its data onto a network cable, the rules and protocols of how that data are formatted and transmitted, how errors are handled, and how the destination computer picks up this data from the cable. When a computer on one network needs to communicate with a network on the other side of the country or in a different country altogether, WAN technologies kick in.
Bullets: Fiber Distributed Data Interface
Ring-based token network protocol that was derived from the IEEE 802.4 token bus timed token protocol. It can work in LAN or MAN environments and provides fault tolerance through dual-ring architecture.
Bullets: DHCPACK message
The DHCP Acknowledge message is sent by the DHCP server to the DHCP client and is the process whereby the DHCP server assigns the IP address lease to the DHCP client.
Emphasis: star topology
In a star topology, all nodes connect to a central device such as a switch. Each node has a dedicated link to the central device. The central device needs to provide enough throughput that it does not turn out to be a detrimental bottleneck for the network as a whole. Because a central device is required, it is a potential single point of failure, so redundancy may need to be implemented. Switches can be configured in flat or hierarchical implementations so larger organizations can use them.
Emphasis: Software as a Service (SaaS)
• Software as a Service (SaaS) Provider gives users access to specific application software (CRM, e-mail, games). The provider gives the customers network-based access to a single copy of an application created specifically for SaaS distribution and use.
Explanation Bullets: Some of the security measures that should be put into place for dial-up connections include:
- Configure the remote access server to call back the initiating phone number to ensure it is a valid and approved number.
- Modems should be configured to answer after a predetermined number of rings to counter war dialers.
- Disable or remove modems if not in use.
- All modems should be consolidated into one location and managed centrally if possible.
- Use of two-factor authentication, VPNs, and personal firewalls should be implemented for remote access connections.
Bullets: Very High-Data-Rate Digital Subscriber Line (VDSL)
VDSL is basically ADSL at much higher data rates (13 Mbps downstream and 2 Mbps upstream). It is capable of supporting high-bandwidth applications such as HDTV, telephone services (voice over IP), and general Internet access over a single connection.
Explanation Bullets: The following list outlines the functions of a bridge:
- Segments a large network into smaller, more controllable pieces.
- Uses filtering based on MAC addresses.
- Joins different types of network links while retaining the same broadcast domain.
- Isolates collision domains within the same broadcast domain.
- Bridging functionality can take place locally within a LAN or remotely to connect two distant LANs.
- Can translate between protocol types.
Bullets: Rate-Adaptive Digital Subscriber Line (RADSL)
Rate-adaptive feature that will adjust the transmission speed to match the quality and the length of the line.
Bullets: DHCPREQUEST message
The client sends the initial DHCP server that responded to its request a DHCP Request message.
Emphasis: stateless inspection
Packet filtering is also known as stateless inspection because the device does not understand the context that the packets are working within. This means that the device does not have the capability to understand the “full picture” of the communication that is taking place between two systems, but can only focus on individual packet characteristics. As we will see in a later section, stateful firewalls understand and keep track of a full communication session, not just the individual packets that make it up. Stateless firewalls make their decisions for each packet based solely on the data contained in that individual packet. Stateful firewalls accumulate data about the packets they see and use that data in an attempt to match incoming and outgoing packets to determine which packets may be part of the same network communications session. By evaluating a packet in the larger context of a network communications session, a stateful firewall has much more complete information than a stateless firewall and can therefore more readily recognize and reject packets that may be part of a network protocol–based attack.
Emphasis: Copper Distributed Data Interface (CDDI)
A version of FDDI, Copper Distributed Data Interface (CDDI), can work over UTP cabling. Whereas FDDI would be used more as a MAN, CDDI can be used within a LAN environment to connect network segments.
Explanation Bullets: Generation 2½ (2.5G):
- Higher bandwidth than 2G
* “Always on” technology for e-mail and pages
Bullets: Interior Gateway Routing Protocol
IGRP is a distance-vector routing protocol that was developed by, and is proprietary to, Cisco Systems. Whereas RIP uses one criterion to find the best path between the source and destination, IGRP uses five criteria to make a “best route” decision. A network administrator can set weights on these different metrics so that the protocol works best in that specific environment.
Bullets: Mesh topology
Network where each system must not only capture and disseminate its own data, but also serve as a relay for other systems; that is, it must collaborate to propagate the data in the network.
Explanations: Cable Modems
We already have a cable running to your house, so just buy this extra service for Internet connectivity.
Explanation Bullets: PPP replaced Serial Line Internet Protocol (SLIP), an older protocol that was used to encapsulate data to be sent over serial connection links. PPP has several capabilities that SLIP does not have:
- Implements header and data compression for efficiency and better use of bandwidth
- Implements error correction
- Supports different authentication methods
- Can encapsulate protocols other than just IP
- Does not require both ends to have an IP address assigned before data transfer can occur
Bullets: Screened subnet architecture
When two filtering devices are used to create a DMZ. The external device screens the traffic entering the DMZ network, and the internal filtering device screens the traffic before it enters the internal network.
Explanation Bullets: We will then dive into the three main firewall architectures, which are
- Screened host
- Multihome
- Screened subnet
Bullets: Broadband ISDN (BISDN)
This implementation can handle many different types of services simultaneously and is mainly used within telecommunications carrier backbones. When BISDN is used within a backbone, ATM is commonly employed to encapsulate data at the data link layer into cells, which travel over a SONET network.
Explanation Bullets: Wave-division multiplexing (WDM)
- Used in fiber optic communication.
* Multiplexes a number of optical carrier signals onto a single optical fiber.
Bullets: Teardrop attack
Malformed fragments are created by the attacker, and once they are reassembled, they could cause the victim system to become unstable.
Bullets: Digital signals
Binary digits are represented and transmitted as discrete electrical pulses. Signaling allows for higher data transfer rates and high data integrity compared to analog signaling.
Bullets: SSL Tunnel VPNs
An individual uses a web browser to securely access multiple network services, including applications and protocols that are not web-based, through an SSL tunnel. This commonly requires custom programming to allow the services to be accessible through a web-based connection.
Bullets: Shielded twisted pair
Twisted-pair cables are often shielded in an attempt to prevent RFI and EMI. This shielding can be applied to individual pairs or to the collection of pairs.
Bullets: Constant Bit Rate (CBR)
A connection-oriented channel that provides a consistent data throughput for time-sensitive applications, such as voice and video applications. Customers specify the necessary bandwidth requirement at connection setup.
Emphasis: self-healing
SONET is self-healing, meaning that if a break in the line occurs, it can use a backup redundant ring to ensure transmission continues. All SONET lines and rings are fully redundant. The redundant line waits in the wings in case anything happens to the primary ring.
Bullets: IP fragmentation
Exploitation of fragmentation and reassembly flaws within IP, which causes DoS.
Emphasis: Point-to-Point Protocol
Point-to-Point ProtocolPoint-to-point protocol (PPP) is similar to HDLC in that it is a data link protocol that carries out framing and encapsulation for point-to-point connections. A point-to-point connection means there is one connection between one device (point) and another device (point). If the systems on your LAN use the Ethernet protocol, what happens when a system needs to communicate to a server at your ISP for Internet connectivity? This is not an Ethernet connection, so how do the systems know how to communicate with each other if they cannot use Ethernet as their data link protocol? They use a data link protocol they do understand. Telecommunication devices commonly use PPP as their data link protocol.
Emphasis: Bluetooth Wireless
Bluetooth WirelessThe Bluetooth wireless technology is actually based upon a portion of the 802.15 standard. It has a 1-to 3-Mbps transfer rate and works in a range of approximately ten meters. If you have a cell phone and a PDA that are both Bluetooth-enabled and both have calendar functionality, you could have them update each other without any need to connect them physically. If you added some information to your cell phone contacts list and task list, for example, you could just place the phone close to your PDA. The PDA would sense that the other device was nearby, and it would then attempt to set up a network connection with it. Once the connection was made, synchronization between the two devices would take place, and the PDA would add the new contacts list and task list data. Bluetooth works in the frequency range of other 802.11 devices (2.4GHz).
Explanation Bullets: The following shows some of the most commonly used protocols and the ports to which they are usually mapped:
- Telnet port 23
- SMTP port 25
- HTTP port 80
- SNMP ports 161 and 162
- FTP ports 21 and 20
Emphasis: Code division multiple access (CDMA)
Code division multiple access (CDMA) was developed after FDMA, and as the term “code” implies, CDMA assigns a unique code to each voice call or data transmission to uniquely identify it from all other transmissions sent over the cellular network. In a CDMA “spread spectrum” network, calls are spread throughout the entire radio-frequency band. CDMA permits every user of the network to simultaneously use every channel in the network. At the same time, a particular cell can simultaneously interact with multiple other cells. These features make CDMA a very powerful technology. It is the main technology for the mobile cellular networks that presently dominate the wireless space.
Explanations: How Many Protocols Do We Need?
If you are new to networking, all of these protocols can get quite confusing. For example, this chapter has already covered the following data link protocols: Ethernet, Token Ring, FDDI, ATM, frame relay, SDLC, HDLC, and now PPP and we have not even gotten to PPTP, Wi-Fi, or WiMAX. Why in the world do we need so many data link protocols?
Bullets: Available Bit Rate (ABR)
A connection-oriented channel that allows the bit rate to be adjusted. Customers are given the bandwidth that remains after a guaranteed service rate has been met.
Bullets: Open mail relay
An SMTP server configured in such a way that it allows anyone on the Internet to send e-mail through it, not just mail destined to or originating from known users.
Bullets: VLAN hopping
An exploit that allows an attacker on a VLAN to gain access to traffic on other VLANs that would normally not be accessible.
Explanations: FHSS vs. DSSS
FHSS uses only a portion of the total bandwidth available at any one time, while the DSSS technology uses all of the available bandwidth continuously. DSSS spreads the signals over a wider frequency band, whereas FHSS uses a narrow band carrier.
Emphasis: Firewalls
Firewalls are used to restrict access to one network from another network. Most companies use firewalls to restrict access to their networks from the Internet. They may also use firewalls to restrict one internal network segment from accessing another internal segment. For example, if the security administrator wants to make sure employees cannot access the research and development network, he would place a firewall between this network and all other networks and configure the firewall to allow only the type of traffic he deems acceptable.
Emphasis: DNS Splitting
DNS SplittingOrganizations should implement split DNS, which means a DNS server in the DMZ handles external hostname-to-IP resolution requests, while an internal DNS server handles only internal requests. This helps ensure that the internal DNS has layers of protection and is not exposed by being “Internet facing.” The internal DNS server should only contain resource records for the internal computer systems, and the external DNS server should only contain resource records for the systems the organization wants the outside world to be able to connect to. If the external DNS server is compromised and it has the resource records for all of the internal systems, now the attacker has a lot of “inside knowledge” and can carry out targeted attacks. External DNS servers should only contain information on the systems within the DMZ that the organization wants others on the Internet to be able to communicate with (web servers, external mail server, etc.).
Bullets: BRI ISDN
This implementation operates over existing copper lines at the local loop and provides digital voice and data channels. It uses two B channels and one D channel with a combined bandwidth of 144 Kbps and is generally used for home subscribers.
Emphasis: Star Topology
Star TopologyIn a star topology, all nodes connect to a central device such as a switch. Each node has a dedicated link to the central device. The central device needs to provide enough throughput that it does not turn out to be a detrimental bottleneck for the network as a whole. Because a central device is required, it is a potential single point of failure, so redundancy may need to be implemented. Switches can be configured in flat or hierarchical implementations so larger organizations can use them.
Bullets: E-mail spoofing
Activity in which the sender address and other parts of the e-mail header are altered to appear as though the e-mail originated from a different source. Since SMTP does not provide any authentication, it is easy to impersonate and forge e-mails.
Bullets: Sender Policy Framework (SPF)
An e-mail validation system designed to prevent e-mail spam by detecting e-mail spoofing, a common vulnerability, by verifying sender IP addresses.