CHAPTER 6_Telecommunications and Network Security_v2 Flashcards

1
Q

Bullets: Carrier sense multiple access with collision detection

A

A media access control method that uses a carrier sensing scheme. When a transmitting system detects another signal while transmitting a frame, it stops transmitting that frame, transmits a jam signal, and then waits for a random time interval before trying to resend the frame. This reduces collisions on a network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Explanations: Digging Deeper into SIP

A

As stated earlier, SIP is a signaling protocol widely used for VoIP communications sessions. It is used in applications such as video conferencing, multimedia, instant messaging, and online gaming. It is analogous to the SS7 protocol used in PSTN networks and supports features present in traditional telephony systems.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Bullets: Open Systems Interconnection (OSI) model

A

International standardization of system-based network communication through a modular seven-layer architecture.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Emphasis: Quality of Service (QoS)

A

Quality of Service Quality of Service (QoS) is a capability that allows a protocol to distinguish between different classes of messages and assign priority levels. Some applications, such as video conferencing, are time sensitive, meaning delays would cause unacceptable performance of the application. A technology that provides QoS allows an administrator to assign a priority level to time-sensitive traffic. The protocol then ensures this type of traffic has a specific or minimum rate of delivery.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Bullets: Fraggle attack

A

A DDoS attack type on a computer that floods the target system with a large amount of UDP echo traffic to IP broadcast addresses.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Bullets: BNC (British Naval Connector)

A

is often used for terminating coaxial cables. It is used to connect various types of radio, television, and other radio-frequency electronic equipment. (Also referred to as Bayonet Neill–Concelman connector.)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Bullets: Light detector

A

Converts light signal back into electrical signal

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Explanation Bullets: It is important to understand the following characteristics of these firewall architecture types:

Dual-homed:

A
  • A single computer with separate NICs connected to each network.
  • Used to divide an internal trusted network from an external untrusted network.
  • Must disable a computer’s forwarding and routing functionality so the two networks are truly segregated.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Explanations: Internet Control Message Protocol

A

The Internet Control Message Protocol (ICMP) is basically IP’s “messenger boy.” ICMP delivers status messages, reports errors, replies to certain requests, reports routing information, and is used to test connectivity and troubleshoot problems on IP networks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Bullets: Virtual Router Redundancy Protocol

A

VRRP is used in networks that require high availability where routers as points of failure cannot be tolerated. It is designed to increase the availability of the default gateway by advertising a “virtual router” as a default gateway. Two physical routers (primary and secondary) are mapped to one virtual router. If one of the physical routers fails, the other router takes over the workload.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Explanation Bullets: The industry had to come up with other ways to allow millions of users to be able to use this finite resource (frequency range) in a flexible manner. Over time, mobile wireless has been made up of progressively more complex and more powerful “multiple access” technologies, listed here:

A
  • Frequency division multiple access (FDMA)
  • Time division multiple access (TDMA)
  • Code division multiple access (CDMA)
  • Orthogonal frequency division multiple access (OFDMA)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Bullets: IPv6

A

IP version 6 is the successor to IP version 4 and provides 128-bit addressing, integrated IPSec security protocol, simplified header formats, and some automated configuration.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Bullets: Synchronous communication

A

Transmission sequencing technology that uses a clocking pulse or timing scheme for data transfer synchronization.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Bullets: Single-attachment station (SAS)

A

Attaches to only one ring (the primary) through a concentrator

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Bullets: Multimode

A

Large glass cores, and are able to carry more data than single-core fibers, though they are best for shorter distances because of their higher attenuation levels.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Bullets: Autonomous system (AS)

A

A collection of connected IP routing prefixes under the control of one or more network operators that presents a common, clearly defined routing policy to the Internet. They are uniquely identified as individual networks on the Internet.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Emphasis: Orthogonal frequency division multiple access (OFDMA)

A

Orthogonal frequency division multiple access (OFDMA) is derived from a combination of FDMA and TDMA. In earlier implementations of FDMA, the different frequencies for each channel were widely spaced to allow analog hardware to separate the different channels. In OFDMA, each of the channels is subdivided into a set of closely spaced orthogonal frequencies with narrow bandwidths (subchannels). Each of the different subchannels can be transmitted and received simultaneously in a multiple input and output (MIMO) manner. The use of orthogonal frequencies and MIMO allows signal processing techniques to reduce the impacts of any interference between different subchannels and to correct for channel impairments, such as noise and selective frequency fading. 4G requires that OFDMA be used.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Emphasis: amplitudes

A

Signals are measured in frequency and amplitudes. The frequency of a signal dictates the amount of data that can be carried and how far. The higher the frequency, the more data the signal can carry, but the higher the frequency, the more susceptible the signal is to atmospheric interference. A higher frequency can carry more data, but over a shorter distance.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Bullets: Metropolitan area network (MAN)

A

A network that usually spans a city or a large campus, interconnects a number of LANs using a high-capacity backbone technology, and provides up-link services to WANs or the Internet.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Explanations: Tying the Layers Together

A

Pick up all of these protocols from the floor and put them into a stack—a network stack.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Bullets: Star topology

A

Network consists of one central device, which acts as a conduit to transmit messages. The central device, to which all other nodes are connected, provides a common connection point for all nodes.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Bullets: DHCP snooping

A

A series of techniques applied to ensure the security of an existing DHCP infrastructure through tracking physical locations, ensuring only authorized DHCP servers are accessible, and hosts use only addresses assigned to them.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Bullets: Screened host

A

A firewall that communicates directly with a perimeter router and the internal network. The router carries out filtering activities on the traffic before it reaches the firewall.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Bullets: War dialing

A

When a specialized program is used to automatically scan a list of telephone numbers to search for computers for the purposes of exploitation and hacking.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Emphasis: User Agent Server (UAS)

A

SIP consists of two major components: the User Agent Client (UAC) and User Agent Server (UAS). The UAC is the application that creates the SIP requests for initiating a communication session. UACs are generally messaging tools and soft-phone applications that are used to place VoIP calls. The UAS is the SIP server, which is responsible for handling all routing and signaling involved in VoIP calls.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

Emphasis: state table

A

A stateful firewall is like a nosy neighbor who gets into people’s business and conversations. She keeps track of the suspicious cars that come into the neighborhood, who is out of town for the week, and the postman who stays a little too long at the neighbor lady’s house. This can be annoying until your house is burglarized. Then you and the police will want to talk to the nosy neighbor, because she knows everything going on in the neighborhood and would be the one most likely to know something unusual happened. A stateful inspection firewall is nosier than a regular filtering device because it keeps track of what computers say to each other. This requires that the firewall maintain a state table, which is like a score sheet of who said what to whom.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

Emphasis: multihomed

A

Many network devices today are multihomed, which just means they have several NICs that are used to connect several different networks. Multihomed devices are commonly used to house firewall software, since the job of a firewall is to control the traffic as it goes from one network to another. A common multihomed firewall architecture allows a company to have several DMZs. One DMZ may hold devices that are shared between companies in an extranet, another DMZ may house the company’s DNS and mail servers, and yet another DMZ may hold the company’s web servers. Different DMZs are used for two reasons: to control the different traffic types (for example, to make sure HTTP traffic only goes toward the web servers and ensure DNS requests go toward the DNS server), and to ensure that if one system on one DMZ is compromised, the other systems in the rest of the DMZs are not accessible to this attacker.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

Bullets: Overlapping fragment attack

A

Used to subvert packet filters that do not reassemble packet fragments before inspection. A malicious fragment overwrites a previously approved fragment and executes an attack on the victim’s system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

Explanations: Dynamic Host Configuration Protocol

A

Can you just throw out addresses as necessary? I am too tired to do it manually.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

Bullets: User Datagram Protocol (UDP)

A

Connectionless, unreliable transport layer protocol, which is considered a “best effort” protocol.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

Bullets: Public-switched telephone network (PSTN)

A

The public circuit-switched telephone network, which is made up of telephone lines, fiber-optic cables, cellular networks, communications satellites, and undersea telephone cables and allows all phone-to-phone communication. It was a fixed-line analog telephone system, but is now almost entirely digital and includes mobile as well as fixed telephones.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

Summary of Tunneling Protocols : Point-to-Point Tunneling Protocol (PPTP):

A
  • Works in a client/server model
  • Extends and protects PPP connections
  • Works at the data link layer
  • Transmits over IP networks only
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

Explanation Bullets: Packet filtering was the first generation of firewalls and it is the most rudimentary type of all of the firewall technologies. The filters only have the capability of reviewing protocol header information at the network and transport levels and carrying out PERMIT or DENY actions on individual packets. This means the filters can make access decisions based upon the following basic criteria:

A
  • Source and destination IP addresses
  • Source and destination port numbers
  • Protocol types
  • Inbound and outbound traffic direction
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

Emphasis: IPSec

A

IPSec is covered in Chapter 7 from a cryptography point of view, so we will cover it from a VPN point of view here. IPSec is a suite of protocols that was developed to specifically protect IP traffic. IPv4 does not have any integrated security, so IPSec was developed to “bolt onto” IP and secure the data the protocol transmits. Where PPTP and L2TP work at the data link layer, IPSec works at the network layer of the OSI model.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

Bullets: Internet Message Access Protocol (IMAP)

A

An Internet standard protocol used by e-mail clients to retrieve e-mail from a remote server. E-mail clients using IMAP generally leave messages on the server until the user explicitly deletes them.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

Emphasis: fiber-optic

A

Because it uses glass, fiber-optic cabling has higher transmission speeds that allow signals to travel over longer distances. Fiber cabling is not as affected by attenuation and EMI when compared to cabling that uses copper. It does not radiate signals, as does UTP cabling, and is difficult to eavesdrop on; therefore, fiber-optic cabling is much more secure than UTP, STP, or coaxial.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

Physical : Network interface cards and drivers convert bits into electrical signals and control the physical aspects of data transmission, including optical, electrical, and mechanical requirements. The following are some of the standard interfaces at this layer:

A
  • EIA-422, EIA-423, RS-449, RS-485
  • 10BASE-T, 10BASE2, 10BASE5, 100BASE-TX, 100BASE-FX, 100BASE-T, 1000BASE-T, 1000BASE-SX
  • Integrated Services Digital Network (ISDN)
  • Digital subscriber line (DSL)
  • Synchronous Optical Networking (SONET)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

Bullets: Internet Control Message Protocol (ICMP)

A

A core protocol of the IP suite used to send status and error messages.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

Bullets: Voice over IP (VoIP)

A

The set of protocols, technologies, methodologies, and transmission techniques involved in the delivery of voice data and multimedia sessions over IP-based networks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

Summary of Tunneling Protocols : Layer 2 Tunneling Protocol (L2TP):

A
  • Hybrid of L2F and PPTP
  • Extends and protects PPP connections
  • Works at the data link layer
  • Transmits over multiple types of networks, not just IP
  • Combined with IPSec for security
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

Emphasis: Always Connected

A

Always ConnectedUnlike dial-up modems and ISDN connections, DSL lines and cable modems are connected to the Internet and “live” all the time. No dial-up steps are required. This can cause a security issue because many hackers look for just these types of connections. Systems using these types of connections are always online and available for scanning, probing, hacking, and attacking. These systems are also often used in DDoS attacks. Because the systems are on all the time, attackers plant Trojan horses that lie dormant until they get the command from the attacker to launch an attack against a victim. Many of the DDoS attacks use as their accomplices systems with DSL and cable modems, and usually the owner of the computer has no idea their system is being used to attack another system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
42
Q

Bullets: Open Shortest Path First

A

OSPF uses link-state algorithms to send out routing table information. The use of these algorithms allows for smaller, more frequent routing table updates to take place. This provides a more stable network than RIP, but requires more memory and CPU resources to support this extra processing. OSPF allows for a hierarchical routing network that has a backbone link connecting all subnets together. OSPF has replaced RIP in many networks today. Authentication can take place with cleartext passwords or hashed passwords, or you can choose to configure no authentication on the routers using this protocol.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
43
Q

Emphasis: Digital subscriber line (DSL)

A

Digital subscriber line (DSL) is another type of high-speed connection technology used to connect a home or business to the service provider’s central office. It can provide 6 to 30 times higher bandwidth speeds than ISDN and analog technologies. It uses existing phone lines and provides a 24-hour connection to the Internet. This does indeed sound better than sliced bread, but only certain people can get this service because you have to be within a 2.5-mile radius of the DSL service provider’s equipment. As the distance between a residence and the central office increases, the transmission rates for DSL decrease.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
44
Q

Bullets: Baseband transmission

A

Uses the full bandwidth for only one communication channel and has a low data transfer rate compared to broadband.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
45
Q

Bullets: Internet Group Management Protocol (IGMP)

A

Used by systems and adjacent routers on IP networks to establish and maintain multicast group memberships.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
46
Q

Bullets: Wide area network (WAN)

A

A telecommunication network that covers a broad area and allows a business to effectively carry out its daily function, regardless of location.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
47
Q

Bullets: Ring topology

A

Each system connects to two other systems, forming a single, unidirectional network pathway for signals, thus forming a ring.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
48
Q

Emphasis: IP Telephony Issues

A

IP Telephony IssuesVoIP’s integration with the TCP/IP protocol has brought about immense security challenges because it allows malicious users to bring their TCP/IP experience into this relatively new platform, where they can probe for flaws in both the architecture and the VoIP systems. Also involved are the traditional security issues associated with networks, such as unauthorized access, exploitation of communication protocols, and the spreading of malware. The promise of financial benefit derived from stolen call time is a strong incentive for most attackers. In short, the VoIP telephony network faces all the flaws that traditional computer networks have faced. Moreover, VoIP devices follow architectures similar to traditional computers—that is, they use operating systems, communicate through Internet protocols, and provide a combination of services and applications.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
49
Q

Bullets: 6to4

A

Transition mechanism for migrating from IPv4 to IPv6. It allows systems to use IPv6 to communicate if their traffic has to transverse an IPv4 network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
50
Q

Bullets: Multiplexing

A

A method of combining multiple channels of data over a single transmission line.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
51
Q

Explanation Bullets: Fourth generation (4G)

A
  • Based on an all-IP packet-switched network

* Data exchange at 100 Mbps–1 Gbps

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
52
Q

Explanations: Mobile Technology Generations

A

Like many technologies, the mobile communication technology has gone through several different generations.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
53
Q

Emphasis: Telecommunications

A

Telecommunications is the electrical transmission of data among systems, whether through analog, digital, or wireless transmission types. The data can flow through copper wires; coaxial cable; airwaves; the telephone company’s public-switched telephone network (PSTN); and a service provider’s fiber cables, switches, and routers. Definitive lines exist between the media used for transmission, the technologies, the protocols, and whose equipment is being used. However, the definitive lines get blurry when one follows how data created on a user’s workstation flows within seconds through a complex path of Ethernet cables, to a router that divides the company’s network and the rest of the world, through the Asynchronous Transfer Mode (ATM) switch provided by the service provider, to the many switches the packets transverse throughout the ATM cloud, on to another company’s network, through its router, and to another user’s workstation. Each piece is interesting, but when they are all integrated and work together, it is awesome.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
54
Q

Emphasis: Simple Network Management Protocol

A

Simple Network Management ProtocolSimple Network Management Protocol (SNMP) was released to the networking world in 1988 to help with the growing demand of managing network IP devices. Companies use many types of products that use SNMP to view the status of their network, traffic flows, and the hosts within the network. Since these tasks are commonly carried out using graphical user interface (GUI)–based applications, many people do not have a full understanding of how the protocol actually works. The protocol is important to understand because it can provide a wealth of information to attackers, and you should understand the amount of information that is available to the ones who wish to do you harm, how they actually access this data, and what can be done with it.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
55
Q

Bullets: RJ-11

A

is often used for terminating telephone wires.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
56
Q

Networking Devices : Several types of devices are used in LANs, MANs, and WANs to provide intercommunication among computers and networks. We need to have physical devices throughout the network to actually use all the protocols and services we have covered up to this point. The different networking devices vary according to their functionality, capabilities, intelligence, and network placement. We will look at the following devices:

A
  • Repeaters
  • Bridges
  • Routers
  • Switches
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
57
Q

Emphasis: Streaming Protocols

A

Streaming ProtocolsRTP is a session layer protocol that carries data in media stream format, as in audio and video, and is used extensively in VoIP, telephony, video conferencing, and other multimedia streaming technologies. It provides end-to-end delivery services and is commonly run over the transport layer protocol UDP. RTP Control Protocol (RTCP) is used in conjunction with RTP and is also considered a session layer protocol. It provides out-of-band statistics and control information to provide feedback on QoS levels of individual streaming multimedia sessions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
58
Q

Bullets: Half-duplex

A

Communication takes place in both directions, but only one application can send information at a time.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
59
Q

Bullets: Attenuation

A

Gradual loss in intensity of any kind of flux through a medium. As an electrical signal travels down a cable, the signal can degrade and distort or corrupt the data it is carrying.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
60
Q

Bullets: Teredo

A

Transition mechanism for migrating from IPv4 to IPv6. It allows systems to use IPv6 to communicate if their traffic has to transverse an IPv4 network, but also performs its function behind NAT devices.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
61
Q

Emphasis: E-mail Authorization

A

E-mail AuthorizationPOP has gone through a few version updates and is currently on POP3. POP3 has the capability to integrate Simple Authentication and Security Layer (SASL). SASL is a protocol-independent framework for performing authentication. This means that any protocol that knows how to interact with SASL can use its various authentication mechanisms without having to actually embed the authentication mechanisms within its code.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
62
Q

Bullets: Source routing

A

Allows a sender of a packet to specify the route the packet takes through the network versus routers determining the path.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
63
Q

Bullets: Dual-homed firewall

A

This device has two interfaces and sits between an untrusted network and trusted network to provide secure access. A multihomed device just means it has multiple interfaces. Firewalls that have multiple interfaces allow for networks to be segmented based upon security zone, with unique security configurations.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
64
Q

Bullets: Subnet

A

Logical subdivision of a network that improves network administration and helps reduce network traffic congestion. Process of segmenting a network into smaller networks through the use of an addressing scheme made up of network and host portions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
65
Q

Explanation Bullets: First generation (1G):

A
  • Analog services

* Voice service only

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
66
Q

Bullets: Metro Ethernet

A

A data link technology that is used as a metropolitan area network to connect customer networks to larger service networks or the Internet. Businesses can also use Metro Ethernet to connect distributed locations to their intranet.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
67
Q

Bullets: Cable modem

A

A device that provides bidirectional data communication via radio frequency channels on cable TV infrastructures. Cable modems are primarily used to deliver broadband Internet access to homes.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
68
Q

Explanations: Mobile Phone Security

A

Most corporations do not incorporate the use of portable devices and mobile cell phone technologies into their security policies or overarching security program. This was all right when phones were just phones, but today they are small computers that can connect to web sites and various devices, and thus are new entry points for malicious activities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
69
Q

Emphasis: Time division multiple access (TDMA)

A

Time division multiple access (TDMA) increases the speed and efficiency of the cellular network by taking the radio-frequency spectrum channels and dividing them into time slots. At various time periods, multiple users can share the same channel; the systems within the cell swap from one user to another user, in effect, reusing the available frequencies. TDMA increased speeds and service quality. A common example of TDMA in action is a conversation. One person talks for a time then quits, and then a different person talks. In TDMA systems, time is divided into frames. Each frame is divided into slots. TDMA requires that each slot’s start and end time are known to both the source and the destination. Mobile communication systems such as Global System for Mobile Communication (GSM), Digital AMPS (D-AMPS), and Personal Digital Cellular (PDC) use TDMA.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
70
Q

Bullets: Private Branch Exchange (PBX)

A

A telephone exchange that serves a particular business, makes connections among the internal telephones, and connects them to the public-switched telephone network (PSTN) via trunk lines.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
71
Q

Emphasis: DNS Threats

A

DNS ThreatsAs stated earlier, not every DNS server knows the IP address of every hostname it is asked to resolve. When a request for a hostname-to-IP address mapping arrives at a DNS server (server A), the server reviews its resource records to see if it has the necessary information to fulfill this request. If the server does not have a resource record for this hostname, it forwards the request to another DNS server (server B), which in turn reviews its resource records and, if it has the mapping information, sends the information back to server A. Server A caches this hostname-to-IP address mapping in its memory (in case another client requests it) and sends the information on to the requesting client.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
72
Q

Explanation Bullets: Ethernet is defined by the following characteristics:

A
  • Contention-based technology (all resources use the same shared communication medium)
  • Uses broadcast and collision domains
  • Uses the carrier sense multiple access with collision detection (CSMA/CD) access method
  • Supports full duplex communication
  • Can use coaxial, twisted-pair, or fiber-optic cabling types
  • Is defined by standard IEEE 802.3
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
73
Q

Explanation Bullets: Some of the best practices pertaining to WLAN implementations are as follows:

A
  • Change the default SSID. Each AP comes with a preconfigured default SSID value.
  • Disable “broadcast SSID” on the AP. Most APs allow for this to be turned off.
  • Implement another layer of authentication (RADIUS, Kerberos). Before the user can access the network, require him to authenticate.
  • Physically put the AP at the center of the building. The AP has a specific zone of coverage it can provide.
  • Logically put the AP in a DMZ with a firewall between the DMZ and internal network. Allow the firewall to investigate the traffic before it gets to the wired network.
  • Implement VPN for wireless devices to use. This adds another layer of protection for data being transmitted.
  • Configure the AP to allow only known MAC addresses into the network. Allow only known devices to authenticate. But remember that these MAC addresses are sent in cleartext, so an attacker could capture them and masquerade himself as an authenticated device.
  • Carry out penetration tests on the WLAN. Use the tools described in this section to identify APs and attempt to break the current encryption scheme being used.
  • Move to a product that follows the 802.11i standard.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
74
Q

Emphasis: Bluesnarfing

A

NOTE Bluesnarfing is the unauthorized access from a wireless device through a Bluetooth connection. This allows access to a calendar, contact list, e-mails, and text messages, and on some phones users can copy pictures and private videos.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
75
Q

Emphasis: High-level Data Link Control (HDLC)

A

High-level Data Link Control (HDLC) is a protocol that is also a bit-oriented link layer protocol and is used for serial device-to-device WAN communication. HDLC is an extension of SDLC, which was mainly used in SNA environments. SDLC basically died out as the mainframe environments using SNA reduced greatly in numbers. HDLC stayed around and evolved.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
76
Q

Bullets: Full-duplex

A

Communication takes place in both directions, and both applications can send information at the same time.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
77
Q

Emphasis: Wormhole Attack

A

Wormhole AttackAn attacker can capture a packet at one location in the network and tunnel it to another location in the network. In this type of attack, there are two attackers, one at each end of the tunnel (referred to as a wormhole). Attacker A could capture an authentication token that is being sent to an authentication server, and then send this token to the other attacker, who then uses it to gain unauthorized access to a resource. This can take place on a wired or wireless network, but it is easier to carry out on a wireless network because the attacker does not need to actually penetrate a physical wire.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
78
Q

Emphasis: local area network (LAN)

A

A local area network (LAN) is a network that provides shared communication and resources in a relatively small area. What defines a LAN, as compared to a WAN, depends on the physical medium, encapsulation protocols, and media access technology. For example, a LAN could use 10Base-T cabling, TCP/IP protocols, and Ethernet media access technology, and it could enable users who are in the same local building to communicate. A WAN, on the other hand, could use fiber-optic cabling, the L2TP encapsulation protocol, and ATM media access technology, and could enable users from one building to communicate with users in another building in another state (or country). A WAN connects LANs over great distances geographically. Most of the differences between these technologies are found at the data link layer.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
79
Q

Emphasis: bastion host

A

A system is considered a bastion host if it is a highly exposed device that is most likely to be targeted by attackers. The closer any system is to an untrusted network, as in the Internet, the more it is considered a target candidate since it has a smaller number of layers of protection guarding it. If a system is on the public side of a DMZ or is directly connected to an untrusted network, it is considered a bastion host; thus, it needs to be extremely locked down.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
80
Q

Bullets: Electronic data interchange (EDI)

A

The structured transmission of data between organizations. It is considered to describe the rigorously standardized format of electronic documents and commonly used in supply chains between customers, vendors, and suppliers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
81
Q

Explanations: Attacks Using ICMP

A

The ICMP protocol was developed to send status messages, not to hold or transmit user data. But someone figured out how to insert some data inside of an ICMP packet, which can be used to communicate to an already compromised system. Loki is actually a client/server program used by hackers to set up back doors on systems. The attacker targets a computer and installs the server portion of the Loki software. This server portion “listens” on a port, which is the back door an attacker can use to access the system. To gain access and open a remote shell to this computer, an attacker sends commands inside of ICMP packets. This is usually successful, because most routers and firewalls are configured to allow ICMP traffic to come and go out of the network, based on the assumption that this is safe because ICMP was developed to not hold any data or a payload.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
82
Q

Bullets: PRI ISDN

A

This implementation has up to 23 B channels and 1 D channel, at 64 Kbps per channel. The total bandwidth is equivalent to a T1, which is 1.544 Mbps. This would be more suitable for a company that requires a higher amount of bandwidth compared to BRI ISDN.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
83
Q

Bullets: DNSSEC

A

A set of extensions to DNS that provide to DNS clients (resolvers) origin authentication of DNS data to reduce the threat of DNS poisoning, spoofing, and similar attack types.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
84
Q

Explanation Bullets: Frequency-division multiplexing (FDM)

A
  • An available wireless spectrum is used to move data.
  • Available frequency band is divided into narrow frequency bands and used to have multiple parallel channels for data transfer.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
85
Q

Bullets: Token ring

A

LAN medium access technology that controls network communication traffic through the use of token frames. This technology has been mostly replaced by Ethernet.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
86
Q

Bullets: DHCPOFFER message

A

This message is a response to a DHCPDISCOVER message, and is sent by one or numerous DHCP servers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
87
Q

Emphasis: Optical Wireless

A

Optical WirelessOptical wireless is the combined use of two technologies: radio-frequency (RF) wireless and optical fiber. Long-range links are provided by optical fiber cables, and links from the long-range end-points to end users are accomplished by RF wireless transmitters. The local links can be provided by laser systems, also known as free-space optics (FSO), rather than by RF wireless. FSO is a point-to-point optical connection supporting very high rates in outdoor environments. These types of wireless transmissions are hard to intercept and do not require a license to deploy. While older versions of optical wireless used to be negatively affected by weather conditions, currently all-weather optical wireless systems are continuously becoming available.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
88
Q

Emphasis: bridge

A

A bridge is a LAN device used to connect LAN segments. It works at the data link layer and therefore works with MAC addresses. A repeater does not work with addresses; it just forwards all signals it receives. When a frame arrives at a bridge, the bridge determines whether or not the MAC address is on the local network segment. If the MAC address is not on the local network segment, the bridge forwards the frame to the necessary network segment.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
89
Q

Emphasis: WLAN Security

A

WLAN SecurityThe first WLAN standard, IEEE 802.11, had a tremendous number of security flaws. These were found within the core standard itself, as well as in different implementations of this standard. The three core deficiencies with WEP are the use of static encryption keys, the ineffective use of initialization vectors, and the lack of packet integrity assurance. The WEP protocol uses the RC4 algorithm, which is a stream-symmetric cipher. Symmetric means the sender and receiver must use the exact same key for encryption and decryption purposes. The 802.11 standard does not stipulate how to update these keys through an automated process, so in most environments, the RC4 symmetric keys are never changed out. And usually all of the wireless devices and the AP share the exact same key. This is like having everyone in your company use the exact same password. Not a good idea. So that is the first issue—static WEP encryption keys on all devices.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
90
Q

Explanation Bullets: The data, IP, and network relationship can be compared to the relationship between a letter and the postal system:

A
  • Data = Letter
  • IP = Addressed envelope
  • Network = Postal system
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
91
Q

Emphasis: source routing

A

If source routing is allowed, the packets contain the necessary information within them to tell the bridge or router where they should go. The packets hold the forwarding information so they can find their way to their destination without needing bridges and routers to dictate their paths. If the computer wants to dictate its forwarding information instead of depending on a bridge, how does it know the correct route to the destination computer? The source computer sends out explorer packets that arrive at the destination computer. These packets contain the route information the packets had to take to get to the destination, including what bridges and/or routers they had to pass through. The destination computer then sends these packets back to the source computer, and the source computer strips out the routing information, inserts it into the packets, and sends them on to the destination.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
92
Q

Bullets: IEEE 802. 1AE (MACSec)

A

Standard that specifies a set of protocols to meet the security requirements for protecting data traversing Ethernet LANs.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
93
Q

Bullets: Media access control (MAC)

A

Data communication protocol sublayer of the data link layer specified in the OSI model. It provides hardware addressing and channel access control mechanisms that make it possible for several nodes to communicate within a multiple-access network that incorporates a shared medium.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
94
Q

Bullets: Transmission Control Protocol (TCP)

A

Core protocol of the TCP/IP suite, which provides connection-oriented, end-to-end, reliable network connectivity.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
95
Q

Bullets: Multiprotocol Label Switching (MPLS)

A

A networking technology that directs data from one network node to the next based on short path labels rather than long network addresses, avoiding complex lookups in a routing table.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
96
Q

Bullets: Link-state routing protocol

A

A routing protocol used in packet-switching networks where each router constructs a map of the connectivity within the network and calculates the best logical paths, which form its routing table.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
97
Q

Emphasis: Wide Area Networks

A

Wide Area NetworksLAN technologies provide communication capabilities over a small geographic area, whereas wide area network (WAN) technologies are used when communication needs to travel over a larger geographical area. LAN technologies encompass how a computer puts its data onto a network cable, the rules and protocols of how that data are formatted and transmitted, how errors are handled, and how the destination computer picks up this data from the cable. When a computer on one network needs to communicate with a network on the other side of the country or in a different country altogether, WAN technologies kick in.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
98
Q

Bullets: Fiber Distributed Data Interface

A

Ring-based token network protocol that was derived from the IEEE 802.4 token bus timed token protocol. It can work in LAN or MAN environments and provides fault tolerance through dual-ring architecture.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
99
Q

Bullets: DHCPACK message

A

The DHCP Acknowledge message is sent by the DHCP server to the DHCP client and is the process whereby the DHCP server assigns the IP address lease to the DHCP client.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
100
Q

Emphasis: star topology

A

In a star topology, all nodes connect to a central device such as a switch. Each node has a dedicated link to the central device. The central device needs to provide enough throughput that it does not turn out to be a detrimental bottleneck for the network as a whole. Because a central device is required, it is a potential single point of failure, so redundancy may need to be implemented. Switches can be configured in flat or hierarchical implementations so larger organizations can use them.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
101
Q

Emphasis: Software as a Service (SaaS)

A

• Software as a Service (SaaS) Provider gives users access to specific application software (CRM, e-mail, games). The provider gives the customers network-based access to a single copy of an application created specifically for SaaS distribution and use.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
102
Q

Explanation Bullets: Some of the security measures that should be put into place for dial-up connections include:

A
  • Configure the remote access server to call back the initiating phone number to ensure it is a valid and approved number.
  • Modems should be configured to answer after a predetermined number of rings to counter war dialers.
  • Disable or remove modems if not in use.
  • All modems should be consolidated into one location and managed centrally if possible.
  • Use of two-factor authentication, VPNs, and personal firewalls should be implemented for remote access connections.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
103
Q

Bullets: Very High-Data-Rate Digital Subscriber Line (VDSL)

A

VDSL is basically ADSL at much higher data rates (13 Mbps downstream and 2 Mbps upstream). It is capable of supporting high-bandwidth applications such as HDTV, telephone services (voice over IP), and general Internet access over a single connection.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
104
Q

Explanation Bullets: The following list outlines the functions of a bridge:

A
  • Segments a large network into smaller, more controllable pieces.
  • Uses filtering based on MAC addresses.
  • Joins different types of network links while retaining the same broadcast domain.
  • Isolates collision domains within the same broadcast domain.
  • Bridging functionality can take place locally within a LAN or remotely to connect two distant LANs.
  • Can translate between protocol types.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
105
Q

Bullets: Rate-Adaptive Digital Subscriber Line (RADSL)

A

Rate-adaptive feature that will adjust the transmission speed to match the quality and the length of the line.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
106
Q

Bullets: DHCPREQUEST message

A

The client sends the initial DHCP server that responded to its request a DHCP Request message.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
107
Q

Emphasis: stateless inspection

A

Packet filtering is also known as stateless inspection because the device does not understand the context that the packets are working within. This means that the device does not have the capability to understand the “full picture” of the communication that is taking place between two systems, but can only focus on individual packet characteristics. As we will see in a later section, stateful firewalls understand and keep track of a full communication session, not just the individual packets that make it up. Stateless firewalls make their decisions for each packet based solely on the data contained in that individual packet. Stateful firewalls accumulate data about the packets they see and use that data in an attempt to match incoming and outgoing packets to determine which packets may be part of the same network communications session. By evaluating a packet in the larger context of a network communications session, a stateful firewall has much more complete information than a stateless firewall and can therefore more readily recognize and reject packets that may be part of a network protocol–based attack.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
108
Q

Emphasis: Copper Distributed Data Interface (CDDI)

A

A version of FDDI, Copper Distributed Data Interface (CDDI), can work over UTP cabling. Whereas FDDI would be used more as a MAN, CDDI can be used within a LAN environment to connect network segments.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
109
Q

Explanation Bullets: Generation 2½ (2.5G):

A
  • Higher bandwidth than 2G

* “Always on” technology for e-mail and pages

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
110
Q

Bullets: Interior Gateway Routing Protocol

A

IGRP is a distance-vector routing protocol that was developed by, and is proprietary to, Cisco Systems. Whereas RIP uses one criterion to find the best path between the source and destination, IGRP uses five criteria to make a “best route” decision. A network administrator can set weights on these different metrics so that the protocol works best in that specific environment.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
111
Q

Bullets: Mesh topology

A

Network where each system must not only capture and disseminate its own data, but also serve as a relay for other systems; that is, it must collaborate to propagate the data in the network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
112
Q

Explanations: Cable Modems

A

We already have a cable running to your house, so just buy this extra service for Internet connectivity.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
113
Q

Explanation Bullets: PPP replaced Serial Line Internet Protocol (SLIP), an older protocol that was used to encapsulate data to be sent over serial connection links. PPP has several capabilities that SLIP does not have:

A
  • Implements header and data compression for efficiency and better use of bandwidth
  • Implements error correction
  • Supports different authentication methods
  • Can encapsulate protocols other than just IP
  • Does not require both ends to have an IP address assigned before data transfer can occur
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
114
Q

Bullets: Screened subnet architecture

A

When two filtering devices are used to create a DMZ. The external device screens the traffic entering the DMZ network, and the internal filtering device screens the traffic before it enters the internal network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
115
Q

Explanation Bullets: We will then dive into the three main firewall architectures, which are

A
  • Screened host
  • Multihome
  • Screened subnet
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
116
Q

Bullets: Broadband ISDN (BISDN)

A

This implementation can handle many different types of services simultaneously and is mainly used within telecommunications carrier backbones. When BISDN is used within a backbone, ATM is commonly employed to encapsulate data at the data link layer into cells, which travel over a SONET network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
117
Q

Explanation Bullets: Wave-division multiplexing (WDM)

A
  • Used in fiber optic communication.

* Multiplexes a number of optical carrier signals onto a single optical fiber.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
118
Q

Bullets: Teardrop attack

A

Malformed fragments are created by the attacker, and once they are reassembled, they could cause the victim system to become unstable.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
119
Q

Bullets: Digital signals

A

Binary digits are represented and transmitted as discrete electrical pulses. Signaling allows for higher data transfer rates and high data integrity compared to analog signaling.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
120
Q

Bullets: SSL Tunnel VPNs

A

An individual uses a web browser to securely access multiple network services, including applications and protocols that are not web-based, through an SSL tunnel. This commonly requires custom programming to allow the services to be accessible through a web-based connection.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
121
Q

Bullets: Shielded twisted pair

A

Twisted-pair cables are often shielded in an attempt to prevent RFI and EMI. This shielding can be applied to individual pairs or to the collection of pairs.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
122
Q

Bullets: Constant Bit Rate (CBR)

A

A connection-oriented channel that provides a consistent data throughput for time-sensitive applications, such as voice and video applications. Customers specify the necessary bandwidth requirement at connection setup.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
123
Q

Emphasis: self-healing

A

SONET is self-healing, meaning that if a break in the line occurs, it can use a backup redundant ring to ensure transmission continues. All SONET lines and rings are fully redundant. The redundant line waits in the wings in case anything happens to the primary ring.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
124
Q

Bullets: IP fragmentation

A

Exploitation of fragmentation and reassembly flaws within IP, which causes DoS.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
125
Q

Emphasis: Point-to-Point Protocol

A

Point-to-Point ProtocolPoint-to-point protocol (PPP) is similar to HDLC in that it is a data link protocol that carries out framing and encapsulation for point-to-point connections. A point-to-point connection means there is one connection between one device (point) and another device (point). If the systems on your LAN use the Ethernet protocol, what happens when a system needs to communicate to a server at your ISP for Internet connectivity? This is not an Ethernet connection, so how do the systems know how to communicate with each other if they cannot use Ethernet as their data link protocol? They use a data link protocol they do understand. Telecommunication devices commonly use PPP as their data link protocol.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
126
Q

Emphasis: Bluetooth Wireless

A

Bluetooth WirelessThe Bluetooth wireless technology is actually based upon a portion of the 802.15 standard. It has a 1-to 3-Mbps transfer rate and works in a range of approximately ten meters. If you have a cell phone and a PDA that are both Bluetooth-enabled and both have calendar functionality, you could have them update each other without any need to connect them physically. If you added some information to your cell phone contacts list and task list, for example, you could just place the phone close to your PDA. The PDA would sense that the other device was nearby, and it would then attempt to set up a network connection with it. Once the connection was made, synchronization between the two devices would take place, and the PDA would add the new contacts list and task list data. Bluetooth works in the frequency range of other 802.11 devices (2.4GHz).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
127
Q

Explanation Bullets: The following shows some of the most commonly used protocols and the ports to which they are usually mapped:

A
  • Telnet port 23
  • SMTP port 25
  • HTTP port 80
  • SNMP ports 161 and 162
  • FTP ports 21 and 20
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
128
Q

Emphasis: Code division multiple access (CDMA)

A

Code division multiple access (CDMA) was developed after FDMA, and as the term “code” implies, CDMA assigns a unique code to each voice call or data transmission to uniquely identify it from all other transmissions sent over the cellular network. In a CDMA “spread spectrum” network, calls are spread throughout the entire radio-frequency band. CDMA permits every user of the network to simultaneously use every channel in the network. At the same time, a particular cell can simultaneously interact with multiple other cells. These features make CDMA a very powerful technology. It is the main technology for the mobile cellular networks that presently dominate the wireless space.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
129
Q

Explanations: How Many Protocols Do We Need?

A

If you are new to networking, all of these protocols can get quite confusing. For example, this chapter has already covered the following data link protocols: Ethernet, Token Ring, FDDI, ATM, frame relay, SDLC, HDLC, and now PPP and we have not even gotten to PPTP, Wi-Fi, or WiMAX. Why in the world do we need so many data link protocols?

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
130
Q

Bullets: Available Bit Rate (ABR)

A

A connection-oriented channel that allows the bit rate to be adjusted. Customers are given the bandwidth that remains after a guaranteed service rate has been met.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
131
Q

Bullets: Open mail relay

A

An SMTP server configured in such a way that it allows anyone on the Internet to send e-mail through it, not just mail destined to or originating from known users.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
132
Q

Bullets: VLAN hopping

A

An exploit that allows an attacker on a VLAN to gain access to traffic on other VLANs that would normally not be accessible.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
133
Q

Explanations: FHSS vs. DSSS

A

FHSS uses only a portion of the total bandwidth available at any one time, while the DSSS technology uses all of the available bandwidth continuously. DSSS spreads the signals over a wider frequency band, whereas FHSS uses a narrow band carrier.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
134
Q

Emphasis: Firewalls

A

Firewalls are used to restrict access to one network from another network. Most companies use firewalls to restrict access to their networks from the Internet. They may also use firewalls to restrict one internal network segment from accessing another internal segment. For example, if the security administrator wants to make sure employees cannot access the research and development network, he would place a firewall between this network and all other networks and configure the firewall to allow only the type of traffic he deems acceptable.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
135
Q

Emphasis: DNS Splitting

A

DNS SplittingOrganizations should implement split DNS, which means a DNS server in the DMZ handles external hostname-to-IP resolution requests, while an internal DNS server handles only internal requests. This helps ensure that the internal DNS has layers of protection and is not exposed by being “Internet facing.” The internal DNS server should only contain resource records for the internal computer systems, and the external DNS server should only contain resource records for the systems the organization wants the outside world to be able to connect to. If the external DNS server is compromised and it has the resource records for all of the internal systems, now the attacker has a lot of “inside knowledge” and can carry out targeted attacks. External DNS servers should only contain information on the systems within the DMZ that the organization wants others on the Internet to be able to communicate with (web servers, external mail server, etc.).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
136
Q

Bullets: BRI ISDN

A

This implementation operates over existing copper lines at the local loop and provides digital voice and data channels. It uses two B channels and one D channel with a combined bandwidth of 144 Kbps and is generally used for home subscribers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
137
Q

Emphasis: Star Topology

A

Star TopologyIn a star topology, all nodes connect to a central device such as a switch. Each node has a dedicated link to the central device. The central device needs to provide enough throughput that it does not turn out to be a detrimental bottleneck for the network as a whole. Because a central device is required, it is a potential single point of failure, so redundancy may need to be implemented. Switches can be configured in flat or hierarchical implementations so larger organizations can use them.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
138
Q

Bullets: E-mail spoofing

A

Activity in which the sender address and other parts of the e-mail header are altered to appear as though the e-mail originated from a different source. Since SMTP does not provide any authentication, it is easy to impersonate and forge e-mails.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
139
Q

Bullets: Sender Policy Framework (SPF)

A

An e-mail validation system designed to prevent e-mail spam by detecting e-mail spoofing, a common vulnerability, by verifying sender IP addresses.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
140
Q

Bullets: Honeypots

A

Systems that entice with the goal of protecting critical production systems. If two or more honeypots are used together, this is considered a honeynet.

141
Q

Emphasis: Dedicated Links

A

Dedicated LinksA dedicated link is also called a leased line or point-to-point link. It is one single link that is pre-established for the purposes of WAN communications between two destinations. It is dedicated, meaning only the destination points can communicate with each other. This link is not shared by any other entities at any time. This was the main way companies communicated in the past, because not as many choices were available as there are today. Establishing a dedicated link is a good idea for two locations that will communicate often and require fast transmission and a specific bandwidth, but it is expensive compared to other possible technologies that enable several companies to share the same bandwidth and also share the cost. This does not mean that dedicated lines are not in use; they definitely are used, but many other options are now available, including X.25, frame relay, MPLS, and ATM technologies.

142
Q

Emphasis: Asynchronous Transfer Mode (ATM)

A

Asynchronous Transfer Mode (ATM) is another switching technology, but instead of being a packet-switching method, it uses a cell-switching method. ATM is a high-speed networking technology used for LAN, MAN, WAN, and service provider connections. Like frame relay, it is a connection-oriented switching technology, and creates and uses a fixed channel. IP is an example of a connectionless technology. Within the TCP/IP protocol suite, IP is connectionless and TCP is connection oriented. This means IP segments can be quickly and easily routed and switched without each router or switch in between having to worry about whether the data actually made it to its destination—that is TCP’s job. TCP works at the source and destination ends to ensure data were properly transmitted, and it resends data that ran into some type of problem and did not get delivered properly. When using ATM or frame relay, the devices in between the source and destination have to ensure that data get to where they need to go, unlike when a purely connectionless protocol is being used.

143
Q

Bullets: Asymmetric DSL (ADSL)

A

Data travel downstream faster than upstream. Upstream speeds are 128 Kbps to 384 Kbps, and downstream speeds can be as fast as 768 Kbps. Generally used by residential users.

144
Q

Spread Spectrum Types : This technology transmits data by “spreading” it over a broad range of frequencies:

A
  • FHSS moves data by changing frequencies.
  • DSSS takes a different approach by applying sub-bits to a message and uses all of the available frequencies at the same time.
145
Q

Bullets: Light sources

A

Convert electrical signal into light signal

146
Q

Emphasis: carrier sense multiple access with collision detection (CSMA/CD)

A

A transmission is called a carrier, so if a computer is transmitting frames, it is performing a carrier activity. When computers use the carrier sense multiple access with collision detection (CSMA/CD) protocol, they monitor the transmission activity, or carrier activity, on the wire so they can determine when would be the best time to transmit data. Each node monitors the wire continuously and waits until the wire is free before it transmits its data. As an analogy, consider several people gathered in a group talking here and there about this and that. If a person wants to talk, she usually listens to the current conversation and waits for a break before she proceeds to talk. If she does not wait for the first person to stop talking, she will be speaking at the same time as the other person, and the people around them may not be able to understand fully what each is trying to say.

147
Q

Emphasis: Password Authentication Protocol (PAP)

A

Password Authentication Protocol (PAP) is used by remote users to authenticate over PPP connections. It provides identification and authentication of the user who is attempting to access a network from a remote system. This protocol requires a user to enter a password before being authenticated. The password and the username credentials are sent over the network to the authentication server after a connection has been established via PPP. The authentication server has a database of user credentials that are compared to the supplied credentials to authenticate users.

148
Q

Bullets: Bastion host

A

A highly exposed device that will most likely be targeted for attacks, and thus should be properly locked down.

149
Q

Bullets: Variable Bit Rate (VBR)

A

A connection-oriented channel best used for delay-insensitive applications because the data throughput flow is uneven. Customers specify their required peak and sustained rate of data throughput.

150
Q

Bullets: Port address translation (PAT)

A

The company owns and uses only one public IP address for all systems that need to communicate outside the internal network. How in the world could all computers use the exact same IP address? Good question. Here’s an example: The NAT device has an IP address of 127.50.41.3. When computer A needs to communicate with a system on the Internet, the NAT device documents this computer’s private address and source port number (10.10.44.3; port 43,887). The NAT device changes the IP address in the computer’s packet header to 127.50.41.3, with the source port 40,000. When computer B also needs to communicate with a system on the Internet, the NAT device documents the private address and source port number (10.10.44.15; port 23,398) and changes the header information to 127.50.41.3 with source port 40,001. So when a system responds to computer A, the packet first goes to the NAT device, which looks up the port number 40,000 and sees that it maps to computer A’s real information. So the NAT device changes the header information to address 10.10.44.3 and port 43,887 and sends it to computer A for processing. A company can save a lot more money by using PAT, because the company needs to buy only a few public IP addresses, which are used by all systems in the network.

151
Q

Bullets: Static mapping

A

The NAT software has a pool of public IP addresses configured. Each private address is statically mapped to a specific public address. So computer A always receives the public address x, computer B always receives the public address y, and so on. This is generally used for servers that need to keep the same public address at all times.

152
Q

Explanations: Application

A

The protocols at the application layer handle file transfer, virtual terminals, network management, and fulfilling networking requests of applications. A few of the protocols that work at this layer include

153
Q

Summary of Tunneling Protocols : IPSec:

A
  • Handles multiple VPN connections at the same time
  • Provides secure authentication and encryption
  • Supports only IP networks
  • Focuses on LAN-to-LAN communication rather than user-to-user
  • Works at the network layer, and provides security on top of IP
154
Q

Emphasis: SMTP authentication (SMTP-AUTH)

A

SMTP authentication (SMTP-AUTH) was developed to provide an access control mechanism. This extension comprises an authentication feature that allows clients to authenticate to the mail server before an e-mail is sent. Servers using the SMTP-AUTH extension are configured in such a manner that their clients are obliged to use the extension so that the sender can be authenticated.

155
Q

Emphasis: electronic mail

A

A popular type of gateway is an electronic mail gateway. Because several e-mail vendors have their own syntax, message format, and way of dealing with message transmission, e-mail gateways are needed to convert messages between e-mail server software. For example, suppose that David, whose corporate network uses Sendmail, writes an e-mail message to Dan, whose corporate network uses Microsoft Exchange. The e-mail gateway will convert the message into a standard that all mail servers understand—usually X.400—and pass it on to Dan’s mail server.

156
Q

Emphasis: Platform as a Service (PaaS)

A

• Platform as a Service (PaaS) Cloud providers deliver a computing platform, which can include an operating system, database, and web server as a holistic execution environment. Where IaaS is the “raw IT network,” PaaS is the software environment that runs on top of the IT network.

157
Q

Explanation Bullets: If the proper countermeasures are not put into place, then an attacker can gain access to a wealth of device-oriented data that can be used in her follow-up attacks. The following are just some data sets held within MIB SNMP objects that attackers would be interested in:

A
  • .server.svSvcTable.svSvcEntry.svSvcName
  • .server.svShareTable.svShareEntry.svShareName
  • .server.sv.ShareTable.svShareEntry.svSharePath
  • .server.sv.ShareTable.svShareEntry.svShareComment
  • .server.svUserTable.svUserEntry.svUserName
  • .domain.domPrimaryDomain
158
Q

Emphasis: Instant Messaging

A

Instant MessagingInstant messaging (IM) allows people to communicate with one another through a type of real-time, bidirectional exchange. IM provides instantaneous transmissions of text-based messages between people with shared client software. Most of the communication takes place in text-based format, but some IM software allows for voice and video data to be passed back and forth also. Several instant messaging services offer video calling features, Voice over IP, and web conferencing capabilities. Many instant messaging applications offer functions like file transfer, contact lists, and the ability to maintain several simultaneous conversations.

159
Q

Emphasis: X.25

A

X.25 is an older WAN protocol that defines how devices and networks establish and maintain connections. Like frame relay, X.25 is a switching technology that uses carrier switches to provide connectivity for many different networks. It also provides an any-to-any connection, meaning many users use the same service simultaneously. Subscribers are charged based on the amount of bandwidth they use, unlike dedicated links, for which a flat fee is charged.

160
Q

Emphasis: Bluetooth wireless

A

The Bluetooth wireless technology is actually based upon a portion of the 802.15 standard. It has a 1-to 3-Mbps transfer rate and works in a range of approximately ten meters. If you have a cell phone and a PDA that are both Bluetooth-enabled and both have calendar functionality, you could have them update each other without any need to connect them physically. If you added some information to your cell phone contacts list and task list, for example, you could just place the phone close to your PDA. The PDA would sense that the other device was nearby, and it would then attempt to set up a network connection with it. Once the connection was made, synchronization between the two devices would take place, and the PDA would add the new contacts list and task list data. Bluetooth works in the frequency range of other 802.11 devices (2.4GHz).

161
Q

Bullets: Virtual firewall

A

A firewall that runs within a virtualized environment and monitors and controls traffic as it passes through virtual machines. The firewall can be a traditional firewall running within a guest virtual machine or a component of a hypervisor.

162
Q

Bullets: SYN flood

A

DoS attack where an attacker sends a succession of SYN packets with the goal of overwhelming the victim system so that it is unresponsive to legitimate traffic.

163
Q

Explanations: Protocol

A

A network protocol is a standard set of rules that determines how systems will communicate across networks. Two different systems that use the same protocol can communicate and understand each other despite their differences, similar to how two people can communicate and understand each other by using the same language.

164
Q

Emphasis: Transmission Control Protocol/Internet Protocol (TCP/IP)

A

Transmission Control Protocol/Internet Protocol (TCP/IP) is a suite of protocols that governs the way data travel from one device to another. Besides its eponymous two main protocols, TCP/IP includes other protocols as well, which we will cover in this chapter.

165
Q

Bullets: Performance issues

A

Latency and bandwidth issues can arise since this is a “choke point” device that requires a lot of processing.

166
Q

Bullets: Frequency-division multiplexing (FDM)

A

Dividing available bandwidth into a series of nonoverlapping frequency sub-bands that are then assigned to each communicating source and user pair. FDM is inherently an analog technology.

167
Q

Explanations: Screened subnet:

A

• External router filters (screens) traffic before it enters the subnet. Traffic headed toward the internal network then goes through two firewalls.

168
Q

Emphasis: Cable modems

A

Cable modems provide high-speed access, up to 50 Mbps, to the Internet through existing cable coaxial and fiber lines. The cable modem provides upstream and downstream conversions.

169
Q

Bullets: Wormhole attack

A

This takes place when an attacker captures packets at one location in the network and tunnels them to another location in the network for a second attacker to use against a target system.

170
Q

Emphasis: stateful

A

Most NAT implementations are stateful, meaning they keep track of a communication between the internal host and an external host until that session is ended. The NAT device needs to remember the internal IP address and port to send the reply messages back. This stateful characteristic is similar to stateful-inspection firewalls, but NAT does not perform scans on the incoming packets to look for malicious characteristics. Instead, NAT is a service usually performed on routers or gateway devices within a company’s screened subnet.

171
Q

Emphasis: bus topology

A

In a simple bus topology, a single cable runs the entire length of the network. Nodes are attached to the network through drop points on this cable. Data communications transmit the length of the medium, and each packet transmitted has the capability of being “looked at” by all nodes. Each node decides to accept or ignore the packet, depending upon the packet’s destination address.

172
Q

Explanations: Remote Connectivity

A

Remote connectivity covers several technologies that enable remote and home users to connect to networks that will grant them access to network resources that help them perform their tasks. Most of the time, these users must first gain access to the Internet through an ISP, which sets up a connection to the destination network.

173
Q

Bullets: Address Resolution Protocol (ARP)

A

A networking protocol used for resolution of network layer IP addresses into link layer MAC addresses.

174
Q

Emphasis: Spanning Tree Algorithm (STA)

A

Many bridges use the Spanning Tree Algorithm (STA), which adds more intelligence to the bridges. STA ensures that frames do not circle networks forever, provides redundant paths in case a bridge goes down, assigns unique identifiers to each bridge, assigns priority values to these bridges, and calculates path costs. This creates much more efficient frame-forwarding processes by each bridge. STA also enables an administrator to indicate whether he wants traffic to travel certain paths instead of others.

175
Q

Explanations: Cabling Problems

A

Cables are extremely important within networks, and when they experience problems, the whole network could experience problems. This section addresses some of the more common cabling issues many networks experience.

176
Q

Bullets: Negate rule

A

Used instead of the broad and permissive “any rules.” Negate rules provide tighter permission rights by specifying what system can be accessed and how.

177
Q

Emphasis: Data-Over-Cable Service Interface Specifications (DOCSIS)

A

Most cable providers comply with Data-Over-Cable Service Interface Specifications (DOCSIS), which is an international telecommunications standard that allows for the addition of high-speed data transfer to an existing cable TV (CATV) system. DOCSIS includes MAC layer security services in its Baseline Privacy Interface/Security (BPI/SEC) specifications. This protects individual user traffic by encrypting the data as they travel over the provider’s infrastructure.

178
Q

Bullets: IEEE 802. 1AR

A

Standard that specifies unique per-device identifiers (DevID) and the management and cryptographic binding of a device (router, switch, access point) to its identifiers.

179
Q

Explanations: Packet Filtering Firewalls

A

I don’t like this packet. Oh, but I like this packet. I don’t like this packet. This other packet is okay.

180
Q

Bullets: SSL Portal VPNs

A

An individual uses a single standard SSL connection to a web site to securely access multiple network services. The web site accessed is typically called a portal because it is a single location that provides access to other resources. The remote user accesses the SSL VPN gateway using a web browser, is authenticated, and is then presented with a web page that acts as the portal to the other services.

181
Q

Explanations: TCP/IP Model

A

Transmission Control Protocol/Internet Protocol (TCP/IP) is a suite of protocols that governs the way data travel from one device to another. Besides its eponymous two main protocols, TCP/IP includes other protocols as well, which we will cover in this chapter.

182
Q

Bullets: Single mode

A

Small glass core, and are used for high-speed data transmission over long distances. They are less susceptible to attenuation than multimode fibers.

183
Q

Emphasis: switched virtual circuits (SVCs)

A

Unlike PVCs, switched virtual circuits (SVCs) require steps similar to a dial-up and connection procedure. The difference is that a permanent path is set up for PVC frames, whereas when SVCs are used, a circuit must be built. It is similar to setting up a phone call over the public network. During the setup procedure, the required bandwidth is requested, the destination computer is contacted and must accept the call, a path is determined, and forwarding information is programmed into each switch along the SVC’s path. SVCs are used for teleconferencing, establishing temporary connections to remote sites, data replication, and voice calls. Once the connection is no longer needed, the circuit is torn down and the switches forget it ever existed.

184
Q

Emphasis: split DNS

A

Organizations should implement split DNS, which means a DNS server in the DMZ handles external hostname-to-IP resolution requests, while an internal DNS server handles only internal requests. This helps ensure that the internal DNS has layers of protection and is not exposed by being “Internet facing.” The internal DNS server should only contain resource records for the internal computer systems, and the external DNS server should only contain resource records for the systems the organization wants the outside world to be able to connect to. If the external DNS server is compromised and it has the resource records for all of the internal systems, now the attacker has a lot of “inside knowledge” and can carry out targeted attacks. External DNS servers should only contain information on the systems within the DMZ that the organization wants others on the Internet to be able to communicate with (web servers, external mail server, etc.).

185
Q

Bullets: Smurf attack

A

A DDoS attack type on a computer that floods the target system with spoofed broadcast ICMP packets.

186
Q

Bullets: Session hijacking

A

Attack method that allows an attacker to overtake and control a communication session between two systems.

187
Q

Emphasis: public-switched telephone network (PSTN)

A

Multiservice access technologies combine several types of communication categories (data, voice, and video) over one transmission line. This provides higher performance, reduced operational costs, and greater flexibility, integration, and control for administrators. The regular phone system is based on a circuit-switched, voice-centric network, called the public-switched telephone network (PSTN). The PSTN uses circuit switching instead of packet switching. When a phone call is made, the call is placed at the PSTN interface, which is the user’s telephone. This telephone is connected to the telephone company’s local loop via copper wiring. Once the signals for this phone call reach the telephone company’s central office (the end of the local loop), they are part of the telephone company’s circuit-switching world. A connection is made between the source and the destination, and as long as the call is in session, the data flows through the same switches.

188
Q

Bullets: Analog signals

A

Continuously varying electromagnetic wave that represents and transmits data. Carrier signals vary by amplification and frequency.

189
Q

Application-Level vs. Circuit-Level Proxy Firewall Characteristics : Characteristics of circuit-level proxy firewalls:

A
  • Do not require a proxy for each and every protocol.
  • Do not provide the deep-inspection capabilities of an application layer proxy.
  • Provide security for a wider range of protocols.
190
Q

Emphasis: Data throughput

A

NOTE Bandwidth refers to the number of electrical pulses that can be transmitted over a link within a second, and these electrical pulses carry individual bits of information. Bandwidth is the data transfer capability of a connection and is commonly associated with the amount of available frequencies and speed of a link. Data throughput is the actual amount of data that can be carried over this connection. Data throughput values can be higher than bandwidth values if compression mechanisms are implemented. But if links are highly congested or there are interference issues, the data throughput values can be lower. Both bandwidth and data throughput are measured in bits per second.

191
Q

Explanations: Application-Level Proxy Firewalls

A

Application-level proxy firewalls like all technologies have their pros and cons. It is important to fully understand all characteristics of this type of firewall before purchasing and deploying this type of solution.

192
Q

Bullets: T-carriers

A

Dedicated lines that can carry voice and data information over trunk lines. It is a general term for any of several digitally multiplexed telecommunications carrier systems.

193
Q

Emphasis: asymmetric services

A

DSL offers several types of services. With symmetric services, traffic flows at the same speed upstream and downstream (to and from the Internet or destination). With asymmetric services, the downstream speed is much higher than the upstream speed. In most situations, an asymmetric connection is fine for residence users because they usually download items from the Web much more often than they upload data.

194
Q

Bullets: Cloud computing

A

The delivery of computer processing capabilities as a service rather than as a product, whereby shared resources, software, and information are provided to end users as a utility. Offerings are usually bundled as an infrastructure, platform, or software.

195
Q

Bullets: Unshielded twisted pair

A

Cabling in which copper wires are twisted together for the purposes of canceling out EMI from external sources. UTP cables are found in many Ethernet networks and telephone systems.

196
Q

Emphasis: Value-Added Networks

A

Value-Added NetworksMany different types of companies use EDI for internal communication and for communication with other companies. A very common implementation is between a company and its supplier. For example, some supplier companies provide inventory to many different companies, such as Target, Wal-Mart, and Kmart. Many of these supplies are made in China and then shipped to a warehouse somewhere in a specific country, as in the United States. When Wal-Mart needs to order more inventory, it sends its request through an EDI network, which is basically an electronic form of our paper-based world. Instead of using paper purchase orders, receipts, and forms, EDI provides all of this digitally.

197
Q

Explanation Bullets: Packet switching:

A
  • Packets can use many different dynamic paths to get to the same destination.
  • Traffic is usually bursty in nature.
  • Variable delays.
  • Usually carries data-oriented data.
198
Q

Emphasis: value-added network (VAN)

A

A value-added network (VAN) is an EDI infrastructure developed and maintained by a service bureau. A Wal-Mart store tracks its inventory by having employees scan bar codes on individual items. When the inventory of an item becomes low, a Wal-Mart employee sends a request for more of that specific item. This request goes to a mailbox at a VAN that Wal-Mart pays to use, and the request is then pushed out to a supplier that provides this type of inventory for Wal-Mart. Because Wal-Mart (and other stores) deals with thousands of suppliers, using a VAN simplifies the ordering process: instead of an employee having to track down the right supplier and submit a purchase order, this all happens in the background through an automated EDI network, which is managed by a VAN company for use by other companies.

199
Q

Explanation Bullets: The following is a quick snapshot of telecommunications history:

A
  • Copper lines carry purely analog signals.
  • T1 lines carry up to 24 conversations.
  • T3 lines carry up to 28 T1 lines.
  • Fiber optics and the SONET network.
  • ATM over SONET.
200
Q

Emphasis: broadband

A

A baseband technology uses the entire communication channel for its transmission, whereas a broadband technology divides the communication channel into individual and independent subchannels so that different types of data can be transmitted simultaneously. Baseband permits only one signal to be transmitted at a time, whereas broadband carries several signals over different subchannels. For example, a coaxial cable TV (CATV) system is a broadband technology that delivers multiple television channels over the same cable. This system can also provide home users with Internet access, but these data are transmitted at a different frequency spectrum than the TV channels.

201
Q

Explanations: Mobile Wireless Communication

A

Mobile wireless has now exploded into a trillion-dollar industry, with over 4.5 billion subscriptions, fueled by a succession of new technologies and by industry and international standard agreements.

202
Q

Emphasis: Dynamic ports

A

Registered ports are 1024 to 49151, which can be registered with the Internet Corporation for Assigned Names and Numbers (ICANN) for a particular use. Vendors register specific ports to map to their proprietary software. Dynamic ports are 49152 to 65535 and are available to be used by any application on an “as needed” basis.

203
Q

Explanations: Dial-up Connections

A

Since almost every house and office had a telephone line running to it already, the first type of remote connectivity technology that was used took advantage of this in-place infrastructure. Modems were added to computers that needed to communicate with other computers over telecommunication lines.

204
Q

Explanations: Functions and Protocols in the OSI Model

A

For the exam, you will need to know the functionality that takes place at the different layers of the OSI model, along with specific protocols that work at each layer. The following is a quick overview of each layer and its components.

205
Q

Bullets: Routing Information Protocol

A

RIP is a standard that outlines how routers exchange routing table data and is considered a distance-vector protocol, which means it calculates the shortest distance between the source and destination. It is considered a legacy protocol because of its slow performance and lack of functionality. It should only be used in small networks. RIP version 1 has no authentication, and RIP version 2 sends passwords in cleartext or hashed with MD5.

206
Q

Emphasis: kernel proxy firewall

A

A kernel proxy firewall is considered a fifth-generation firewall. It differs from all the previously discussed firewall technologies because it creates dynamic, customized network stacks when a packet needs to be evaluated.

207
Q

Bullets: Network address translation (NAT)

A

The process of modifying IP address information in packet headers while in transit across a traffic routing device, with the goal of reducing the demand for public IP addresses.

208
Q

Bullets: Classless Interdomain Routing

A

Variable-length subnet masking, which allows a network to be divided into different-sized subnets. The goal is to increase the efficiency of the use of IP addresses since classful addressing schemes commonly end up in unused addresses.

209
Q

Bullets: Reverse Address Resolution Protocol (RARP) and Bootstrap Protocol (BootP)

A

Networking protocols used by host computers to request the IP address from an administrative configuration server.

210
Q

Bullets: Single point of compromise

A

If the UTM is successfully hacked, there may not have other layers deployed for protection.

211
Q

Explanation Bullets: Even with all of these issues and potential vulnerabilities, many companies allow their employees to use this technology because it allows quick and effective communication to take place. So, if you absolutely have to allow this technology in your environment, there are some things you should do to help reduce your threat level. The following are best practices for protecting an environment from these types of security breaches:

A
  • Establish a security policy specifying IM usage restrictions.
  • Implement an integrated antivirus/firewall product on all computers.
  • Configure firewalls to block unwanted IM traffic.
  • Patch IM software to ensure that the most secure versions are running.
  • Implement corporate IM servers so internal employees communicate within the organization’s network only.
  • Only allow IM client software that provides encryption capabilities if protection of this type of traffic is required.
212
Q

Application-Level vs. Circuit-Level Proxy Firewall Characteristics : Characteristics of application-level proxy firewalls:

A
  • Each protocol that is to be monitored must have a unique proxy.
  • Provides more protection than circuit-level proxy firewalls.
  • Require more processing per packet and thus are slower than a circuit-level proxy firewall.
213
Q

Bullets: Integrated Services Digital Network (ISDN)

A

A circuit-switched telephone network system technology designed to allow digital transmission of voice and data over ordinary telephone copper wires.

214
Q

VoIP Security Measures Broken Down : Hackers can intercept incoming and outgoing calls, carry out DoS attacks, spoof phone calls, and eavesdrop on sensitive conversations. Many of the countermeasures to these types of attacks are the same ones used with traditional data-oriented networks:

A
  • Keep patches updated on each network device involved with VoIP transmissions:
  • Identify unidentified or rogue telephony devices:
  • Install and maintain
  • Disable unnecessary ports and services on routers, switches, PCs, and IP telephones.
  • Employ real-time monitoring that looks for attacks, tunneling, and abusive call patterns through IDS/IPS.
215
Q

Bullets: Guaranteed service

A

Ensures specific data throughput at a guaranteed speed. Time-sensitive traffic (voice and video) is assigned this classification.

216
Q

Emphasis: IP next generation (IPng)

A

IPv6, also called IP next generation (IPng), not only has a larger address space than IPv4 to support more IP addresses; it has some capabilities that IPv4 does not and it accomplishes some of the same tasks differently. All of the specifics of the new functions within IPv6 are beyond the scope of this book, but we will look at a few of them, because IPv6 is the way of the future. IPv6 allows for scoped addresses, which enables an administrator to restrict specific addresses for specific servers or file and print sharing, for example. IPv6 has Internet Protocol Security (IPSec) integrated into the protocol stack, which provides end-to-end secure transmission and authentication. IPv6 has more flexibility and routing capabilities and allows for Quality of Service (QoS) priority values to be assigned to time-sensitive transmissions. The protocol offers autoconfiguration, which makes administration much easier, and it does not require network address translation (NAT) to extend its address space.

217
Q

Emphasis: Network Protocols and Services

A

Network Protocols and ServicesSome protocols, such as UDP, TCP, IP, and IGMP, were addressed in earlier sections. Networks are made up of these and many other types of protocols that provide an array of functionality. Networks are also made up of many different services, as in DHCP, DNS, e-mail, and others. The services that network infrastructure components provide directly support the functionality required of the users of the network. Protocols usually provide a communication channel for these services to use so that they can carry out their jobs. Networks are complex because there are layers of protocols and services that all work together simultaneously and hopefully seamlessly. We will cover some of the core protocols and services that are used in all networks today.

218
Q

Bullets: Simple Authentication and Security Layer (SASL)

A

A framework for authentication and data security in Internet protocols. It decouples authentication mechanisms from application protocols and allows any authentication mechanism supported by SASL to be used in any application protocol that uses SASL.

219
Q

Bullets: Internet Protocol (IP)

A

Core protocol of the TCP/IP suite. Provides packet construction, addressing, and routing functionality.

220
Q

Emphasis: Data Link Layer

A

Data Link LayerAs we continue down the protocol stack, we are getting closer to the actual transmission channel (i.e., network wire) over which all these data will travel. The outer format of the data packet changes slightly at each layer, and it comes to a point where it needs to be translated into the LAN or wide area network (WAN) technology binary format for proper line transmission. This happens at the data link layer, layer 2.

221
Q

Emphasis: Vishing

A

Vishing is an attack type that is similar to phishing because it attempts to trick and persuade victims to reveal sensitive information through a social engineering attack. A victim may receive a pre-recorded message on their phone that indicates that there has been suspicious activity on their credit card, bank account, or other financial account. The victim is told to call a specific telephone number, where he must key in identification information. The identification information is commonly the associated account number, PIN, and/or password value. The victim thinks this data is being sent to a trusted source, as in their bank, but it is actually being recorded by an attacker who uses it for some type of fraudulent activity.

222
Q

Bullets: Single-attached concentrator (SAC)

A

Concentrator that connects an SAS device to the primary ring

223
Q

Bullets: Ping of Death

A

A DoS attack type on a computer that involves sending malformed or oversized ICMP packets to a target.

224
Q

Bullets: Network convergence

A

The combining of server, storage, and network capabilities into a single framework, which decreases the costs and complexity of data centers. Converged infrastructures provide the ability to pool resources, automate resource provisioning, and increase and decrease processing capacity quickly to meet the needs of dynamic computing workloads.

225
Q

Emphasis: Ports Types

A

Ports TypesPort numbers up to 1023 (0 to 1023) are called well-known ports, and almost every computer in the world has the exact same protocol mapped to the exact same port number. That is why they are called well known—everyone follows this same standardized approach. This means that on almost every computer, port 25 is mapped to SMTP, port 21 is mapped to FTP, port 80 is mapped to HTTP, and so on. This mapping between lower-numbered ports and specific protocols is a de facto standard, which just means that we all do this and that we do not have a standards body dictating that it absolutely has to be done this way. The fact that almost everyone follows this approach translates to more interoperability among systems all over the world.

226
Q

Emphasis: Routers

A

Routers are layer 3, or network layer, devices that are used to connect similar or different networks. (For example, they can connect two Ethernet LANs or an Ethernet LAN to a Token Ring LAN.) A router is a device that has two or more interfaces and a routing table so it knows how to get packets to their destinations. It can filter traffic based on access control lists (ACLs), and it fragments packets when necessary. Because routers have more network-level knowledge, they can perform higher-level functions, such as calculating the shortest and most economical path between the sending and receiving hosts.

227
Q

Emphasis: Dynamic Packet Filtering

A

Dynamic Packet FilteringWhen an internal system needs to communicate to an entity outside its trusted network, it must choose a source port so the receiving system knows how to respond properly. Ports up to 1023 are called well-known ports and are reserved for server-side services. The sending system must choose a dynamic port higher than 1023 when it sets up a connection with another entity. The dynamic packet-filtering firewall then creates an ACL that allows the external entity to communicate with the internal system via this high port. If this were not an available option for your dynamic packet-filtering firewall, you would have to allow “punch holes” in your firewalls for all ports above 1023, because the client side chooses these ports dynamically and the firewall would never know exactly on which port to allow or disallow traffic.

228
Q

Bullets: Wave-division multiplexing (WDM)

A

Multiplying the available capacity of optical fibers through use of parallel channels, with each channel on a dedicated wavelength of light. The bandwidth of an optical fiber can be divided into as many as 160 channels.

229
Q

Emphasis: Gateway

A

Gateway is a general term for software running on a device that connects two different environments and that many times acts as a translator for them or somehow restricts their interactions. Usually a gateway is needed when one environment speaks a different language, meaning it uses a certain protocol that the other environment does not understand. The gateway can translate Internetwork Packet Exchange (IPX) protocol packets to IP packets, accept mail from one type of mail server and format it so another type of mail server can accept and understand it, or connect and translate different data link technologies such as FDDI to Ethernet.

230
Q

Explanation Bullets: Second generation (2G):

A
  • Primarily voice, some low-speed data (circuit switched)
  • Phones were smaller in size
  • Added functionality of e-mail, paging, and caller ID
231
Q

Emphasis: LAN and WAN Protocols

A

LAN and WAN ProtocolsCommunication error rates are lower in LAN environments than in WAN environments, which makes sense when you compare the complexity of each environment. WAN traffic may have to travel hundreds or thousands of miles and pass through several different types of devices, cables, and protocols. Because of this difference, most LAN MAC protocols are connectionless and most WAN communication protocols are connection oriented. Connection-oriented protocols provide reliable transmission because they have the capability of error detection and correction.

232
Q

Bullets: Best-effort service

A

No guarantee of throughput, delay, or delivery. Traffic that has priority classifications goes before traffic that has been assigned this classification. Most of the traffic that travels on the Internet has this classification.

233
Q

Bullets: Virtual local area network (VLAN)

A

A group of hosts that communicate as if they were attached to the same broadcast domain, regardless of their physical location. VLAN membership can be configured through software instead of physically relocating devices or connections, which allows for easier centralized management.

234
Q

Bullets: DHCPDISCOVER message

A

This message is used to request an IP address lease from a DHCP server.

235
Q

Emphasis: circuit-level proxy

A

A circuit-level proxy creates a connection (circuit) between the two communicating systems. It works at the session layer of the OSI model and monitors traffic from a network-based view. This type of proxy cannot “look into” the contents of a packet; thus, it does not carry out deep-packet inspection. It can only make access decisions based upon protocol header and session information that is available to it. While this means that it cannot provide as much protection as an application-level proxy, because it does not have to understand application layer protocols, it is considered application independent. So it cannot provide the detail-oriented protection that a proxy that works at a higher level can, but this allows it to provide a broader range of protection where application layer proxies may not be appropriate or available.

236
Q

Emphasis: screened-subnet

A

Screened Subnet A screened-subnet architecture adds another layer of security to the screened-host architecture. The external firewall screens the traffic entering the DMZ network. However, instead of the firewall then redirecting the traffic to the internal network, an interior firewall also filters the traffic. The use of these two physical firewalls creates a DMZ.

237
Q

Bullets: Synchronous Optical Networking (SONET) and Synchronous Digital Hierarchy (SDH)

A

Standardized multiplexing protocols that transfer multiple digital bit streams over optical fiber and allow for simultaneous transportation of many different circuits of differing origin within a single framing protocol.

238
Q

Explanations: IP Addressing

A

Take a right at the router and a left at the access server. I live at 10.10.2.3.

239
Q

Explanations: Wireless Communications

A

When two people are talking, they are using wireless communication because their vocal cords are altering airwaves, which are signals that travel with no cables attached to another person. Wireless communication involves transmitting signals via radio waves through air and space, which also alters airwaves.

240
Q

Bullets: Vishing (voice and phishing)

A

Social engineering activity over the telephone system, most often using features facilitated by VoIP, to gain unauthorized access to sensitive data.

241
Q

Summary of Tunneling Protocols : Secure Sockets Layer (SSL):

A
  • Works at the transport layer and protects mainly web-based traffic
  • Granular access control and configuration are available
  • Easy deployment since SSL is already embedded into web browsers
  • Can only protect a small number of protocol types, thus is not an infrastructure-level VPN solution
242
Q

Bullets: Session Initiation Protocol (SIP)

A

The signaling protocol widely used for controlling communication, as in voice and video calls over IP-based networks.

243
Q

Emphasis: Nonplenum

A

Nonplenum cables usually have a polyvinyl chloride (PVC) jacket covering, whereas plenum-rated cables have jacket covers made of fluoropolymers. When setting up a network or extending an existing network, it is important you know which wire types are required in which situation.

244
Q

Bullets: DNS zone transfer

A

The process of replicating the databases containing the DNS data across a set of DNS servers.

245
Q

Emphasis: proxy

A

A proxy is a middleman. It intercepts and inspects messages before delivering them to the intended recipients. Suppose you need to give a box and a message to the president of the United States. You couldn’t just walk up to the president and hand over these items. Instead, you would have to go through a middleman, likely the Secret Service, who would accept the box and message and thoroughly inspect the box to ensure nothing dangerous was inside. This is what a proxy firewall does—it accepts messages either entering or leaving a network, inspects them for malicious information, and, when it decides the messages are okay, passes the data on to the destination computer.

246
Q

Bullets: Symmetric DSL (SDSL)

A

Data travel upstream and downstream at the same rate. Bandwidth can range between 192 Kbps and 1.1 Mbps. Used mainly for business applications that require high speeds in both directions.

247
Q

Bullets: Silent rule

A

Drop “noisy” traffic without logging it. This reduces log sizes by not responding to packets that are deemed unimportant.

248
Q

Bullets: Simple Mail Transfer Protocol (SMTP)

A

An Internet standard protocol for electronic mail (e-mail) transmission across IP-based networks.

249
Q

Emphasis: iterated tunneling

A

IPSec can be configured to provide transport adjacency, which just means that more than one security protocol (ESP and AH) is used in a VPN tunnel. IPSec can also be configured to provide iterated tunneling, in which an IPSec tunnel is tunneled through another IPSec tunnel, as shown in the following diagram. Iterated tunneling would be used if the traffic needed different levels of protection at different junctions of its path. For example, if the IPSec tunnel started from an internal host to an internal border router, this may not require encryption, so only the AH protocol would be used. But when that data travel from that border router throughout the Internet to another network, then the data require more protection. So the first packets travel through a semisecure tunnel until they get ready to hit the Internet and then they go through a very secure second tunnel.

250
Q

Bullets: Unspecified Bit Rate (UBR)

A

A connectionless channel that does not promise a specific data throughput rate. Customers cannot, and do not need to, control their traffic rate.

251
Q

Explanation Bullets: Disadvantages of using application-level proxy firewalls:

A
  • Are not generally well suited to high-bandwidth or real-time applications.
  • Tend to be limited in terms of support for new network applications and protocols.
  • Create performance issues because of the necessary per-packet processing requirements.
252
Q

Bullets: Enhanced Interior Gateway Routing Protocol

A

EIGRP is a Cisco proprietary and advanced distance-vector routing protocol. It allows for faster router table updates than its predecessor IGRP and minimizes routing instability, which can occur after topology changes. Routers exchange messages that contain information about bandwidth, delay, load, reliability, and maximum transmission unit (MTU) of the path to each destination as known by the advertising router.

253
Q

Bullets: Carrier sense multiple access with collision avoidance

A

A media access control method that uses a carrier sensing scheme. A system wishing to transmit data has to first listen to the channel for a predetermined amount of time to determine whether or not another system is transmitting on the channel. If the channel is sensed as “idle,” then the system is permitted to begin the transmission process. If the channel is sensed as “busy,” the system defers its transmission for a random period of time.

254
Q

Emphasis: Types of Transmission

A

Types of TransmissionPhysical data transmission can happen in different ways (analog or digital); can use different synchronization schemes (synchronous or asynchronous); can use either one sole channel over a transmission medium (baseband) or several different channels over a transmission medium (broadband); and transmission can take place as electrical voltage, radiowave, microwave, or infrared signals. These transmission types and their characteristics are described in the following sections.

255
Q

Emphasis: network layer

A

The main responsibilities of the network layer, layer 3, are to insert information into the packet’s header so it can be properly addressed and routed, and then to actually route the packets to their proper destination. In a network, many routes can lead to one destination. The protocols at the network layer must determine the best path for the packet to take. Routing protocols build and maintain their routing tables. These tables are maps of the network, and when a packet must be sent from computer A to computer M, the protocols check the routing table, add the necessary information to the packet’s header, and send it on its way.

256
Q

Explanation Bullets: The following list addresses some of the issues that need to be understood as they pertain to firewalls:

A
  • Most of the time a distributed approach needs to be used to control all network access points, which cannot happen through the use of just one firewall.
  • Firewalls can present a potential bottleneck to the flow of traffic and a single point of failure threat.
  • Most firewalls do not provide protection from malware and can be fooled by the more sophisticated attack types.
  • Firewalls do not protect against sniffers or rogue wireless access points, and provide little protection against insider attacks.
257
Q

Emphasis: electronic data interchange (EDI)

A

An extranet extends outside the bounds of the company’s network to enable two or more companies to share common information and resources. Business partners commonly set up extranets to accommodate business-to-business communication. An extranet enables business partners to work on projects together; share marketing information; communicate and work collaboratively on issues; post orders; and share catalogs, pricing structures, and information on upcoming events. Trading partners often use electronic data interchange (EDI), which provides structure and organization to electronic documents, orders, invoices, purchase orders, and a data flow. EDI has evolved into web-based technologies to provide easy access and easier methods of communication.

258
Q

Emphasis: point-to-point

A

A dedicated link is also called a leased line or point-to-point link. It is one single link that is pre-established for the purposes of WAN communications between two destinations. It is dedicated, meaning only the destination points can communicate with each other. This link is not shared by any other entities at any time. This was the main way companies communicated in the past, because not as many choices were available as there are today. Establishing a dedicated link is a good idea for two locations that will communicate often and require fast transmission and a specific bandwidth, but it is expensive compared to other possible technologies that enable several companies to share the same bandwidth and also share the cost. This does not mean that dedicated lines are not in use; they definitely are used, but many other options are now available, including X.25, frame relay, MPLS, and ATM technologies.

259
Q

Emphasis: E-carriers

A

E-carriers are similar to T-carrier telecommunication connections, where a single physical wire pair can be used to carry many simultaneous voice conversations by time-division multiplexing. Within this technology 30 channels interleave eight bits of data in a frame. While the T-carrier and E-carrier technologies are similar, they are not interoperable. E-carriers are used by European countries.

260
Q

Bullets: Post Office Protocol (POP)

A

An Internet standard protocol used by e-mail clients to retrieve e-mail from a remote server and supports simple download-and-delete requirements for access to remote mailboxes.

261
Q

Bullets: H.323

A

A standard that addresses call signaling and control, multimedia transport and control, and bandwidth control for point-to-point and multipoint conferences.

262
Q

Explanation Bullets: Generation 3.5 G (3GPP)

A
  • Higher data rates

* Use of OFDMA technology

263
Q

Emphasis: Carrier sense multiple access with collision avoidance (CSMA/CA)

A

Carrier sense multiple access with collision avoidance (CSMA/CA) is a medium-sharing method in which each computer signals its intent to transmit data before it actually does so. This tells all other computers on the network not to transmit data right now because doing so could cause a collision. Basically, a system listens to the shared medium to determine whether it is busy or free. Once the system identifies that the “coast is clear” and it can put its data on the wire, it sends out a broadcast to all other systems, telling them it is going to transmit information. It is similar to saying, “Everyone shut up. I am going to talk now.” Each system will wait a period of time before attempting to transmit data to ensure collisions do not take place. The wireless LAN technology 802.11 uses CSMA/CA for its media access functionality.

264
Q

Emphasis: extends

A

Extensible Authentication Protocol (EAP) is also supported by PPP. Actually, EAP is not a specific authentication protocol as are PAP and CHAP. Instead, it provides a framework to enable many types of authentication techniques to be used when establishing network connections. As the name states, it extends the authentication possibilities from the norm (PAP and CHAP) to other methods, such as one-time passwords, token cards, biometrics, Kerberos, digital certificates, and future mechanisms. So when a user connects to an authentication server and both have EAP capabilities, they can negotiate between a longer list of possible authentication methods.

265
Q

What’s in a Name? : The terms “IP telephony” and “Voice over IP” are used interchangeably:

A
  • The term “VoIP” is widely used to refer to the actual services offered: caller ID, QoS, voicemail, and so on.
  • IP telephony is an umbrella term for all real-time applications over IP, including voice over instant messaging (IM) and videoconferencing.
266
Q

Emphasis: Frequency hopping spread spectrum (FHSS)

A

Frequency Hopping Spread Spectrum Frequency hopping spread spectrum (FHSS) takes the total amount of bandwidth (spectrum) and splits it into smaller subchannels. The sender and receiver work at one of these subchannels for a specific amount of time and then move to another subchannel. The sender puts the first piece of data on one frequency, the second on a different frequency, and so on. The FHSS algorithm determines the individual frequencies that will be used and in what order, and this is referred to as the sender and receiver’s hop sequence.

267
Q

Data Link : The protocols at the data link layer convert data into LAN or WAN frames for transmission and define how a computer accesses a network. This layer is divided into the Logical Link Control (LLC) and the Media Access Control (MAC) sublayers. Some protocols that work at this layer include the following:

A
  • Address Resolution Protocol (ARP)
  • Reverse Address Resolution Protocol (RARP)
  • Point-to-Point Protocol (PPP)
  • Serial Line Internet Protocol (SLIP)
  • Ethernet
  • Token Ring
  • FDDI
  • ATM
268
Q

Bullets: Time-division multiplexing (TDM)

A

A type of multiplexing in which two or more bit streams or signals are transferred apparently simultaneously as subchannels in one communication channel, but are physically taking turns on the single channel.

269
Q

Emphasis: Instant Messaging Spam

A

Instant Messaging SpamInstant messaging spam (SPIM) is a type of spamming that uses instant messengers for this malicious act. Although this kind of spamming is not as common as e-mail spamming, it is certainly increasing over time. The fact that firewalls are unable to block SPIM has made it more attractive for spammers. One way to prevent SPIM is to enable the option of receiving instant messages only from a known list of users.

270
Q

Emphasis: Switched Multimegabit Data Service (SMDS)

A

Switched Multimegabit Data Service (SMDS) is a high-speed packet-switched technology used to enable customers to extend their LANs across MANs and WANs. When a company has an office in one state that needs to communicate with an office in a different state, for example, the two LANs can use this packet-switching protocol to communicate across the already established public network. This protocol is connectionless and can provide bandwidth on demand.

271
Q

Emphasis: IEEE 802.1AR

A

The IEEE 802.1AR standard specifies unique per-device identifiers (DevID) and the management and cryptographic binding of a device (router, switch, access point) to its identifiers. A verifiable unique device identity allows establishment of the trustworthiness of devices, and thus facilitates secure device provisioning.

272
Q

Emphasis: war driving

A

A common attack on wireless networks is war driving, which is when one or more people either walk or drive around with a wireless device equipped with the necessary equipment and software with the intent of identifying APs and breaking into them. Traditionally, this activity has taken place by using a laptop and driving in the proximity of buildings that have WLANs implemented, but today even smart phones can be used for this type of attack.

273
Q

Bullets: Simplex

A

Communication takes place in one direction.

274
Q

Emphasis: Packet filtering

A

Packet filtering is a firewall technology that makes access decisions based upon network-level protocol header values. The device that is carrying out packet filtering processes is configured with ACLs, which dictate the type of traffic that is allowed into and out of specific networks.

275
Q

Bullets: Ports

A

Software construct that allows for application-or service-specific communication between systems on a network. Ports are broken down into categories: well known (0-1023), registered (1024-49151), and dynamic (49152-65535).

276
Q

Emphasis: Point-to-point protocol (PPP)

A

Point-to-point protocol (PPP) is similar to HDLC in that it is a data link protocol that carries out framing and encapsulation for point-to-point connections. A point-to-point connection means there is one connection between one device (point) and another device (point). If the systems on your LAN use the Ethernet protocol, what happens when a system needs to communicate to a server at your ISP for Internet connectivity? This is not an Ethernet connection, so how do the systems know how to communicate with each other if they cannot use Ethernet as their data link protocol? They use a data link protocol they do understand. Telecommunication devices commonly use PPP as their data link protocol.

277
Q

Emphasis: Dual-homed

A

Dual-Homed Firewall Dual-homed refers to a device that has two interfaces: one facing the external network and the other facing the internal network. If firewall software is installed on a dual-homed device, and it usually is, the underlying operating system should have packet forwarding and routing turned off for security reasons. If they are enabled, the computer may not apply the necessary ACLs, rules, or other restrictions required of a firewall. When a packet comes to the external NIC from an un-trusted network on a dual-homed firewall and the operating system has forwarding enabled, the operating system will forward the traffic instead of passing it up to the firewall software for inspection.

278
Q

Bullets: Spanning Tree Protocol (STP)

A

A network protocol that ensures a loop-free topology for any bridged Ethernet LAN and allows redundant links to be available in case connection links go down.

279
Q

Bullets: Dynamic mapping

A

The NAT software has a pool of IP addresses, but instead of statically mapping a public address to a specific private address, it works on a first-come, first-served basis. So if Bob needs to communicate over the Internet, his system makes a request to the NAT server. The NAT server takes the first IP address on the list and maps it to Bob’s private address. The balancing act is to estimate how many computers will most likely need to communicate outside the internal network at one time. This estimate is the number of public addresses the company purchases, instead of purchasing one public address for each computer.

280
Q

Emphasis: Multistation Access Unit (MAU)

A

Like Ethernet, Token Ring is a LAN media access technology that enables the communication and sharing of networking resources. The Token Ring technology was originally developed by IBM and then defined by the IEEE 802.5 standard. It uses a token-passing technology with a star-configured topology. The ring part of the name pertains to how the signals travel, which is in a logical ring. Each computer is connected to a central hub, called a Multistation Access Unit (MAU). Physically, the topology can be a star, but the signals and transmissions are passed in a logical ring.

281
Q

Explanation Bullets: The types of firewalls we will review are

A
  • Packet filtering
  • Stateful
  • Proxy
  • Dynamic packet filtering
  • Kernel proxy
282
Q

Emphasis: Transmission Methods

A

Transmission MethodsA packet may need to be sent to only one workstation, to a set of workstations, or to all workstations on a particular subnet. If a packet needs to go from the source computer to one particular system, a unicast transmission method is used. If the packet needs to go to a specific group of systems, the sending system uses the multicast method. If a system wants all computers on its subnet to receive a message, it will use the broadcast method.

283
Q

Emphasis: Cell phone cloning

A

Cell phone cloning has been around for many years, and this activity won’t stop any time soon. A regular cell phone can be stolen and then reprogrammed with someone else’s access credentials. This is a common activity used by organized crime rings and drug dealers who do not want their information readily available to law enforcement. Global System Mobile (GSM) phones use a Subscriber Identity Module (SIM) chip, which contains authentication data, phone numbers, saved messages, and more. Before a GSM phone can gain access to the cellular network, the SIM must be present in the phone. Attackers are cloning these SIM chips so they can make fraudulent calls on the cell phone owner’s account.

284
Q

Bullets: Dynamic Host Configuration Protocol (DHCP)

A

A network configuration service for hosts on IP networks. It provides IP addressing, DNS server, subnet mask, and other important network configuration data to each host through automation.

285
Q

Bullets: Differentiated service

A

Compared to best-effort service, traffic that is assigned this classification has more bandwidth, shorter delays, and fewer dropped frames.

286
Q

Emphasis: E-mail Threats

A

E-mail ThreatsE-mail spoofing is a technique used by malicious users to forge an e-mail to make it appear to be from a legitimate source. Usually, such e-mails appear to be from known and trusted e-mail addresses when they are actually generated from a malicious source. This technique is widely used by attackers these days for spamming and phishing purposes. An attacker tries to acquire the target’s sensitive information, such as username and password or bank account credentials. Sometimes, the e-mail messages contain a link of a known web site when it is actually a fake web site used to trick the user into revealing his information.

287
Q

Explanation Bullets: One VPN solution is not necessarily better than the other; they just have their own focused purposes:

A
  • PPTP is used when a PPP connection needs to be extended through an IP-based network.
  • L2TP is used when a PPP connection needs to be extended through a non IP-based network.
  • IPSec is used to protect IP-based traffic and is commonly used in gateway-to-gateway connections.
  • SSL VPN is used when a specific application layer traffic type needs protection.
288
Q

Explanation Bullets: The following lists current private IP address ranges:

A
  • 10.0.0.0–10.255.255.255 Class A network
  • 172.16.0.0–172.31.255.255 Class B networks
  • 192.168.0.0–192.168.255.255 Class C networks
289
Q

Emphasis: Application-level proxies

A

Application-level proxies inspect the packet up through the application layer. Where a circuit-level proxy only has insight up to the session layer, an application-level proxy understands the packet as a whole and can make access decisions based on the content of the packets. They understand various services and protocols and the commands that are used by them. An application-level proxy can distinguish between an FTP GET command and an FTP PUT command, for example, and make access decisions based on this granular level of information; on the other hand, packet filtering firewalls and circuit-level proxies can allow or deny FTP requests only as a whole, not by the commands used within the FTP protocol.

290
Q

Emphasis: Frequency division multiple access (FDMA)

A

Frequency division multiple access (FDMA) was the earliest multiple access technology put into practice. The available frequency range is divided into sub-bands (channels), and one channel is assigned to each subscriber (cell phone). The subscriber has exclusive use of that channel while the call is made, or until the call is terminated or handed off; no other calls or conversations can be made on that channel during that call. Using FDMA in this way, multiple users can share the frequency range without the risk of interference between the simultaneous calls. FMDA was used in the first generation (1G) of cellular networks. 1G mobile various implementations, such as Advanced Mobile Phone System (AMPS), Total Access Communication System (TACS), and Nordic Mobile Telephone (NMT), used FDMA.

291
Q

Emphasis: Media Access Technologies

A

Media Access TechnologiesThe physical topology of a network is the lower layer, or foundation, of a network. It determines what type of media will be used and how the media will be connected between different systems. Media access technologies deal with how these systems communicate over this media and are usually represented in protocols, NIC drivers, and interfaces. LAN access technologies set up the rules of how computers will communicate on a network, how errors are handled, the maximum transmission unit (MTU) size of frames, and much more. These rules enable all computers and devices to communicate and recover from problems, and enable users to be productive in accomplishing their networking tasks. Each participating entity needs to know how to communicate properly so all other systems will understand the transmissions, instructions, and requests. This is taken care of by the LAN media access technology.

292
Q

Emphasis: repeater

A

A repeater provides the simplest type of connectivity, because it only repeats electrical signals between cable segments, which enables it to extend a network. Repeaters work at the physical layer and are add-on devices for extending a network connection over a greater distance. The device amplifies signals because signals attenuate the farther they have to travel.

293
Q

Explanation Bullets: Looking at computing as a service that can be purchased, rather than as a physical box, can offer the following advantages:

A
  • Organizations have more flexibility and agility in IT growth and functionality.
  • Cost of computing can be reduced since it is a shared delivery model. (Includes reduction of real-estate, electrical, operational, and personnel costs.)
  • Location independence can be achieved because the computing is not centralized and tied to a physical data center.
  • Applications and functionality can be more easily migrated from one physical server to another because environments are virtualized.
  • Improved reliability can be achieved for business continuity and disaster recovery without the need of dedicated backup site locations.
  • Scalability and elasticity of resources can be accomplished in near real time through automation.
  • Performance can increase as processing is shifted to available systems during peak loads.
294
Q

Emphasis: High-Speed Serial Interface (HSSI)

A

High-Speed Serial Interface (HSSI) is an interface used to connect multiplexers and routers to high-speed communications services such as ATM and frame relay. It supports speeds up to 52 Mbps, as in T3 WAN connections, which are usually integrated with router and multiplex devices to provide serial interfaces to the WAN. These interfaces define the electrical and physical interfaces to be used by DTE/DCE devices; thus, HSSI works at the physical layer.

295
Q

Explanations: Layer 2 Security Standards

A

As frames pass from one network device to another device, attackers can sniff the data; modify the headers; redirect the traffic; spoof traffic; carry out man-in-the-middle attacks, DoS attacks, and replay attacks; and indulge in other malicious activities. It has become necessary to secure network traffic at the frame level, which is layer 2 of the OSI model.

296
Q

Bullets: Asynchronous communication

A

Transmission sequencing technology that uses start and stop bits or similar encoding mechanism. Used in environments that transmit a variable amount of data in a periodic fashion.

297
Q

Bullets: Dual-attachment station (DAS)

A

Has two ports and each port provides a connection for both the primary and the secondary rings

298
Q

Emphasis: Instant messaging spam (SPIM)

A

Instant messaging spam (SPIM) is a type of spamming that uses instant messengers for this malicious act. Although this kind of spamming is not as common as e-mail spamming, it is certainly increasing over time. The fact that firewalls are unable to block SPIM has made it more attractive for spammers. One way to prevent SPIM is to enable the option of receiving instant messages only from a known list of users.

299
Q

Bullets: Value-added network (VAN)

A

A hosted EDI service offering that acts as an intermediary between business partners sharing standards-based or proprietary data via shared business processes.

300
Q

Network : The responsibilities of the network layer protocols include internetworking service, addressing, and routing. The following lists some of the protocols that work at this layer:

A
  • Internet Protocol (IP)
  • Internet Control Message Protocol (ICMP)
  • Internet Group Management Protocol (IGMP)
  • Routing Information Protocol (RIP)
  • Open Shortest Path First (OSPF)
  • Internetwork Packet Exchange (IPX)
301
Q

Emphasis: physical layer

A

The physical layer, layer 1, converts bits into voltage for transmission. Signals and voltage schemes have different meanings for different LAN and WAN technologies, as covered earlier. If a user sends data through his dial-up software and out his modem onto a telephone line, the data format, electrical signals, and control functionality are much different than if that user sends data through the NIC and onto a unshielded twisted pair (UTP) wire for LAN communication. The mechanisms that control this data going onto the telephone line, or the UTP wire, work at the physical layer. This layer controls synchronization, data rates, line noise, and transmission techniques. Specifications for the physical layer include the timing of voltage changes, voltage levels, and the physical connectors for electrical, optical, and mechanical transmission.

302
Q

Bullets: Domain Name System (DNS)

A

A hierarchical distributed naming system for computers, services, or any resource connected to an IP-based network. It associates various pieces of information with domain names assigned to each of the participating entities.

303
Q

Emphasis: Instant messaging (IM)

A

Instant messaging (IM) allows people to communicate with one another through a type of real-time, bidirectional exchange. IM provides instantaneous transmissions of text-based messages between people with shared client software. Most of the communication takes place in text-based format, but some IM software allows for voice and video data to be passed back and forth also. Several instant messaging services offer video calling features, Voice over IP, and web conferencing capabilities. Many instant messaging applications offer functions like file transfer, contact lists, and the ability to maintain several simultaneous conversations.

304
Q

Emphasis: Bootstrap Protocol (BOOTP)

A

The Bootstrap Protocol (BOOTP) was created after RARP to enhance the functionality that RARP provides for diskless workstations. The diskless workstation can receive its IP address, the name server address for future name resolutions, and the default gateway address from the BOOTP server. BOOTP usually provides more functionality to diskless workstations than does RARP.

305
Q

Explanation Bullets: Communication Characteristics

A
  • Synchronous

* Asynchronous

306
Q

Emphasis: Fast Ethernet

A

Fast Ethernet is regular Ethernet, except that it runs at 100 Mbps over twisted-pair wiring instead of at 10 Mbps. Around the same time Fast Ethernet arrived, another 100-Mbps technology was developed: 100-VG-AnyLAN. This technology did not use Ethernet’s traditional CSMA/CD and did not catch on like Fast Ethernet did.

307
Q

Bullets: Ethernet

A

Common LAN media access technology standardized by IEEE 802.3. Uses 48-bit MAC addressing, works in contention-based networks, and has extended outside of just LAN environments.

308
Q

Bullets: High-Bit-Rate DSL (HDSL)

A

Provides T1 (1.544 Mbps) speeds over regular copper phone wire without the use of repeaters. Requires two twisted pairs of wires, which many voice-grade UTP lines do not have.

309
Q

Explanation Bullets: The IPv6 specification, as outlined in RFC 2460, lays out the differences and benefits of IPv6 over IPv4. A few of the differences are as follows:

A
  • IPv6 increases the IP address size from 32 bits to 128 bits to support more levels of addressing hierarchy, a much greater number of addressable nodes, and simpler autoconfiguration of addresses.
310
Q

Bullets: Real-time Transport Protocol (RTP)

A

Used to transmit audio and video over IP-based networks. It is used in conjunction with the RTCP. RTP transmits the media data, and RTCP is used to monitor transmission statistics and QoS, and aids synchronization of multiple data streams.

311
Q

Presentation : The services of the presentation layer handle translation into standard formats, data compression and decompression, and data encryption and decryption. No protocols work at this layer, just services. The following lists some of the presentation layer standards:

A
  • American Standard Code for Information Interchange (ASCII)
  • Extended Binary-Coded Decimal Interchange Mode (EBCDIC)
  • Tagged Image File Format (TIFF)
  • Joint Photographic Experts Group (JPEG)
  • Motion Picture Experts Group (MPEG)
  • Musical Instrument Digital Interface (MIDI)
312
Q

Bullets: Cleanup rule

A

Last rule in rule-base that drops and logs any traffic that does not meet preceding rules.

313
Q

Emphasis: Synchronous Data Link Control (SDLC)

A

Synchronous Data Link Control (SDLC) is a protocol used in networks that use dedicated, leased lines with permanent physical connections. It is used mainly for communications with IBM hosts within a Systems Network Architecture (SNA). Developed by IBM in the 1970s, SDLC is a bit-oriented, synchronous protocol that has evolved into other communication protocols, such as HDLC, Link Access Procedure (LAP), and Link Access Procedure-Balanced (LAPB).

314
Q

Bullets: Plenum cables

A

Cable is jacketed with a fire-retardant plastic cover that does not release toxic chemicals when burned.

315
Q

Bullets: TCP/IP model

A

Standardization of device-based network communication through a modular four-layer architecture. Specific to the IP suite, created in 1970 by an agency of the U.S. Department of Defense (DoD).

316
Q

Emphasis: Attacks at Different Layers

A

Attacks at Different LayersAs we examine the different layers of a common network stack, we will also look at the specific attack types that can take place at each layer. One concept to understand at this point is that a network can be used as a channel for an attack or the network can be the target of an attack. If the network is a channel for an attack, this means the attacker is using the network as a resource. For example, when an attacker sends a virus from one system to another system, the virus travels through the network channel. If an attacker carries out a denial of service (DoS) attack, which sends a large amount of bogus traffic over a network link to bog it down, then the network itself is the target. As you will see throughout this chapter, it is important to understand how attacks take place and where they take place so that the correct countermeasures can be put into place.

317
Q

Bullets: Bus topology

A

Systems are connected to a single transmission channel (i.e., network cable), forming a linear construct.

318
Q

Explanations: Switching

A

Dedicated links have one single path to traverse; thus, there is no complexity when it comes to determining how to get packets to different destinations. Only two points of reference are needed when a packet leaves one network and heads toward the other. It gets much more complicated when thousands of networks are connected to each other, which is often when switching comes into play.

319
Q

Emphasis: War Driving for WLANs

A

War Driving for WLANsA common attack on wireless networks is war driving, which is when one or more people either walk or drive around with a wireless device equipped with the necessary equipment and software with the intent of identifying APs and breaking into them. Traditionally, this activity has taken place by using a laptop and driving in the proximity of buildings that have WLANs implemented, but today even smart phones can be used for this type of attack.

320
Q

Bullets: Single point of failure for traffic

A

Some type of redundancy should be put into place.

321
Q

Bullets: Border Gateway Protocol (BGP)

A

The protocol that carries out core routing decisions on the Internet. It maintains a table of IP networks, or “prefixes,” which designate network reachability among autonomous systems (ASs).

322
Q

Emphasis: emulated

A

A honeypot system is a computer that usually sits in the screened subnet, or DMZ, and attempts to lure attackers to it instead of to actual production computers. To make a honeypot system lure attackers, administrators may enable services and ports that are popular to exploit. Some honeypot systems have services emulated, meaning the actual service is not running but software that acts like those services is available. Honeypot systems can get an attacker’s attention by advertising themselves as easy targets to compromise. They are configured to look like regular company systems so that attackers will be drawn to them like bears are to honey.

323
Q

Emphasis: chipping

A

Direct Sequence Spread Spectrum Direct sequence spread spectrum (DSSS) takes a different approach by applying sub-bits to a message. The sub-bits are used by the sending system to generate a different format of the data before the data are transmitted. The receiving end uses these sub-bits to reassemble the signal into the original data format. The sub-bits are called chips, and the sequence of how the sub-bits are applied is referred to as the chipping code.

324
Q

Bullets: Proxy server

A

A system that acts as an intermediary for requests from clients seeking resources from other sources. A client connects to the proxy server, requesting some service, and the proxy server evaluates the request according to its filtering rules and makes the connection on behalf of the client. Proxies can be open or carry out forwarding or reverse forwarding capabilities.

325
Q

Bullets: Intra-Site Automatic Tunnel Addressing Protocol

A

An IPv6 transition mechanism meant to transmit IPv6 packets between dual-stack nodes on top of an IPv4 network.

326
Q

Emphasis: Bus Topology

A

Bus TopologyIn a simple bus topology, a single cable runs the entire length of the network. Nodes are attached to the network through drop points on this cable. Data communications transmit the length of the medium, and each packet transmitted has the capability of being “looked at” by all nodes. Each node decides to accept or ignore the packet, depending upon the packet’s destination address.

327
Q

Explanations: Media Sharing

A

There are 150 devices on this network. How can they all use this one network wire properly?

328
Q

Bullets: Distance-vector routing protocol

A

A routing protocol that calculates paths based on the distance (or number of hops) and a vector (a direction).

329
Q

Bullets: Statistical time-division multiplexing (STDM)

A

Transmitting several types of data simultaneously across a single transmission line. STDM technologies analyze statistics related to the typical workload of each input device and make real-time decisions on how much time each device should be allocated for data transmission.

330
Q

Bullets: Broadband transmission

A

Divides the bandwidth of a communication channel into many channels, enabling different types of data to be transmitted at one time.

331
Q

Emphasis: token

A

A token-passing technology is one in which a device cannot put data on the network wire without having possession of a token, a control frame that travels in a logical circle and is “picked up” when a system needs to communicate. This is different from Ethernet, in which all the devices attempt to communicate at the same time. This is why Ethernet is referred to as a “chatty protocol” and has collisions. Token Ring does not endure collisions, since only one system can communicate at a time, but this also means communication takes place more slowly compared to Ethernet.

332
Q

Emphasis: Secure Sockets Layer (SSL)

A

A newer VPN technology is Secure Sockets Layer (SSL), which works at even higher layers in the OSI model than the previously covered VPN protocols. SSL works at the transport and session layers of the network stack and is used mainly to protect HTTP traffic. SSL capabilities are already embedded into most web browsers, so the deployment and interoperability issues are minimal.

333
Q

Emphasis: application layer

A

The application layer, layer 7, works closest to the user and provides file transmissions, message exchanges, terminal sessions, and much more. This layer does not include the actual applications, but rather the protocols that support the applications. When an application needs to send data over the network, it passes instructions and the data to the protocols that support it at the application layer. This layer processes and properly formats the data and passes the same down to the next layer within the OSI model. This happens until the data the application layer constructed contain the essential information from each layer necessary to transmit the data over the network. The data are then put on the network cable and are transmitted until they arrive at the destination computer.

334
Q

Bullets: Dual-attached concentrator (DAC)

A

Concentrator that connects DAS, SAS, and SAC devices to both rings

335
Q

Transport : The protocols at the transport layer handle end-to-end transmission and segmentation of a data stream. The following protocols work at this layer:

A
  • Transmission Control Protocol (TCP)
  • User Datagram Protocol (UDP)
  • Secure Sockets Layer (SSL)/Transport Layer Security (TLS)
  • Sequenced Packet Exchange (SPX)
336
Q

Bullets: RJ-45

A

is often used to terminate twisted-pair cables in Ethernet environments.

337
Q

Emphasis: wrap

A

Fiber Distributed Data Interface (FDDI) technology, developed by the American National Standards Institute (ANSI), is a high-speed, token-passing, media access technology. FDDI has a data transmission speed of up to 100 Mbps and is usually used as a backbone network using fiber-optic cabling. FDDI also provides fault tolerance by offering a second counter-rotating fiber ring. The primary ring has data traveling clockwise and is used for regular data transmission. The second ring transmits data in a counterclockwise fashion and is invoked only if the primary ring goes down. Sensors watch the primary ring and, if it goes down, invoke a ring wrap so the data will be diverted to the second ring. Each node on the FDDI network has relays that are connected to both rings, so if a break in the ring occurs, the two rings can be joined.

338
Q

Emphasis: ad hoc WLAN

A

An ad hoc WLAN has no APs; the wireless devices communicate with each other through their wireless NICs instead of going through a centralized device. To construct an ad hoc network, wireless client software is installed on contributing hosts and configured for peer-to-peer operation mode. Then, the user clicks Network Neighborhood in a Windows platform and the software searches for other hosts operating in this similar mode and shows them to the user.

339
Q

Bullets: Intermediate System to Intermediate System (IS-IS)

A

Link-state protocol that allows each router to independently build a database of a network’s topology. Similar to the OSPF protocol, it computes the best path for traffic to travel. It is a classless and hierarchical routing protocol that is vendor neutral.

340
Q

Explanation Bullets: Some of the weaknesses of packet filtering firewalls are as follows:

A
  • They cannot prevent attacks that employ application-specific vulnerabilities or functions.
  • The logging functionality present in packet filtering firewalls is limited.
  • Most packet filtering firewalls do not support advanced user authentication schemes.
  • Many packet filtering firewalls cannot detect spoofed addresses.
  • They may not be able to detect packet fragmentation attacks.
341
Q

Bullets: Stealth rule

A

Disallows access to firewall software from unauthorized systems.

342
Q

Explanation Bullets: Circuit switching:

A
  • Connection-oriented virtual links.
  • Traffic travels in a predictable and constant manner.
  • Fixed delays.
  • Usually carries voice-oriented data.
343
Q

Stateful-Inspection Firewall Characteristics : The following lists some important characteristics of a stateful-inspection firewall:

A
  • Maintains a state table that tracks each and every communication session
  • Provides a high degree of security and does not introduce the performance hit that application proxy firewalls introduce
  • Is scalable and transparent to users
  • Provides data for tracking connectionless protocols such as UDP and ICMP
  • Stores and updates the state and context of the data within the packets
344
Q

Emphasis: Infrastructure as a Service (IaaS)

A

• Infrastructure as a Service (IaaS) Cloud providers offer the infrastructure environment of a traditional data center in an on-demand delivery method. Companies deploy their own operating systems, applications, and software onto this provided infrastructure and are responsible for maintaining them.

345
Q

Explanation Bullets: Third generation (3G):

A
  • Integration of voice and data

* Packet-switched technology, instead of circuit-switched

346
Q

Emphasis: Subnetting

A

Subnetting allows large IP ranges to be divided into smaller, logical, and more tangible network segments. Consider an organization with several divisions, such as IT, Accounting, HR, and so on. Creating subnets for each division breaks the networks into logical partitions that route traffic directly to recipients without dispersing data all over the network. This drastically reduces the traffic load across the network, reducing the possibility of network congestion and excessive broadcast packets in the network. Implementing network security policies is also much more effective across logically categorized subnets with a demarcated perimeter, as compared to a large, cluttered, and complex network.

347
Q

Bullets: Simple Network Management Protocol (SNMP)

A

A protocol within the IP suite that is used for network device management activities through the use of a structure that uses managers, agents, and Management Information Bases.

348
Q

Bullets: Digital Subscriber Line (DSL)

A

A set of technologies that provide Internet access by transmitting digital data over the wires of a local telephone network. DSL is used to digitize the “last mile” and provide fast Internet connectivity.

349
Q

Bullets: Crosstalk

A

A signal on one channel of a transmission creates an undesired effect in another channel by interacting with it. The signal from one cable “spills over” into another cable.