Chapter 8: Routing Flashcards
Router
Any piece of hardware or software that forwards packets based on their destination IP address.
Routing Table
A list of paths to various networks required by routers.
What two fields of a routing table are used to determine the route needed?
Destination LAN IP and Subnet Mask
What two fields of a routing table tell the router what to do with the packet?
Gateway (for IP of next hop)
and
Interface (for port to use)
If the network ID is directly connected, then the gateway field of the routing table gets set to _________
0.0.0.0
or
IP address of port you’re sending to
Command to see your routing table in Linux/OSX
netstat -r
Metric
A relative value that defines the cost of using this route. (Lowest routes win)
Network Address Translation (NAT)
A means of translating a system’s IP address into another IP address before sending it out to a larger network.
Gives individual systems private IPs, and hides them behind the public IP
Port Address Translation (PAT)
Form of NAT that uses port numbers to map traffic from specific machines in the network.
NAT Translation Table
Special database in a NAT router that stores destination IP addresses and ephemeral source ports from outgoing packets and compares them against returning packets.
Static NAT (SNAT)
Maps a single routable (public) IP address to a single machine, allowing you to access that machine from outside the network.
Port Forwarding
Preventing the passage of any IP packets through any ports other than the ones prescribed by the system administrator.
Dynamic NAT (DNAT)
Type of NAT in which many computers can share a pool of routable IP addresses that number fewer than the computers.
Static Route
An entry in a router’s routing table that is not updated by any automatic route discovery protocols.
Hop
Each time a packet goes through a router
Possible Criteria for Determining a Metric
1) Hop
2) Bandwidth
3) Latency
4) Cost
5) Maximum Transmission Unit (MTU)
6) Shortest Path Bridging (SPB)
7) Administrative Distance
Fragmentation
When a packet is too big and it’s broken into pieces.
Distance Vector
Routing protocols that calculate the total cost to get to a particular network ID and compare that cost to the total cost of all other routes to get to that same network. It chooses the route with the lowest cost.
Convergence
When routers using distance vector protocols continue sending their routing tables to each other, but the routing tables don’t change.
What size of network is distance vector good for?
Smaller networks with less than 10 routers or so.
Routing Information Protocol (RIP)
Distance vector routing protocol that dates from the 1980s
Autonomous System (AS)
One or more networks that are governed by a single dynamic routing protocol, which provides routing for the Internet backbone.
AS Number
32 bit number displayed as two 16 bit numbers separated by a dot.
Exterior Gateway Protocols (EGP)
The protocols AS’s use to communicate with each other
Interior Gateway Protocols (IGP)
The protocols that networks within an AS use to communicate
Border Gateway Protocol (BGP)
- An exterior gateway routing protocol that enables groups of routers to share routing information so that efficient, loop-free routes can be established.
- Hybrid or path vector routing protocol
Edge-routers
The routers that handle AS-to-AS routing
Route Aggregation
A way to simplify routing tables into manageable levels. Basically a tiering system, like a tree.
Link State
Type of dynamic routing protocol that announces only changes to routing tables, as opposed to the entire routing tables.
Open Shortest Path First (OSPF)
An interior gateway routing protocol developed for IP networks based on the link state algorithm.
When you first launch OSPF-capable routers, they send out _________ called Hello packets looking for other OSPF routers
Link State Advertisements (LSAs)
What is the routing protocol of choice for most large enterprise networks?
OSPF
Flooding
When a new router is sending a lot of LSAs
Formula for hop cost in OSPF
100,000,000/(bandwidth in bps)
Area
A group of logically associated OSPF routers designed to maximize routing efficiency while keeping the amount of broadcast traffic well managed.
Area ID
Address assigned to routers in an OSPF network to prevent flooding beyond the routers in that particular network.
When you interconnect multiple areas, what is the area id of the backbone?
0 or 0.0.0.0
Route Redistribution
When a multiprotocol router learns route info using on protocol and announces that info using another routing protocol.
Intermediate System to Intermediate System (IS-IS)
A protocol similar to OSPF, but with support for IPv6 since inception.
Enhanced Interior Gateway Routing Protocol (EIGRP)
Cisco’s proprietary hybrid protocol that has elements of both distance vector and link state routing.
Yost Cable
A cable used to interface with a Cisco device
Managed Device
Networking devices, such as routers and advanced switches, that must be configured to use.
Network Management Software (NMS)
Tools that enable you to describe, visualize, and configure an entire network.
Basic Router Configuration Process
1) Set up the WAN side
2) Set up the LAN
3) Establish Routes
4) Configure a Dynamic Protocol
When packets aren’t getting to the places you expect them, check the __________.
routing table
If multiple honeypots are connected to form a larger network, what term is used to describe the network?
a. combolure b. lurenet c. honeycomb d. honeynet
d. honeynet
What feature on some network switches can be used to detect faked arp messages?
a. session monitoring b. dynamic ARP inspection c. DHCP snooping d. dynamic packet inspection
d. dynamic packet inspection
- A type of intrusion detection that protects an entire network and is situated at the edge of the network or in 2. a network’s protective perimeter, known as the DMZ (demilitarized zone). Here, it can detect many types of suspicious traffic patterns.
- A program that runs independently and travels between computers and across networks. Although worms do not alter other programs as viruses do, they can carry viruses.
- A software security flaw that can allow unauthorized users to gain access to a system. Legacy systems are particularly notorious for leaving these kinds of gaps in a network’s overall security net.
5. A type of intrusion prevention that runs on a single computer, such as a client or server, to intercept and help prevent attacks against that one host.
6. A portion of the security policy that explains to users what they can and cannot do, and penalties for violations. It might also describe how these measures protect the network’s security. - A type of intrusion detection that runs on a single computer, such as a client or server, to alert about attacks against that one host.
8. A software application on a network host that acts as an intermediary between the external and internal networks, screening all incoming and outgoing traffic and providing one address to the outside world, instead of revealing the addresses of internal LAN devices. - A program that replicates itself to infect more computers, either through network connections when it piggybacks on other files or through exchange of external storage devices, such as USB drives, passed among users.
- A specification created by the NSA to define protection standards against RF emanation, which when implemented are called EmSec (emission security).
11. A threat to networked hosts in which the host is flooded with broadcast ping messages. A smurf attack is a type of denial-of-service attack.
a. acceptable use policy (AUP)
b. backdoor
c. HIDS (host-based intrusion detection system)
d. HIPS (host-based intrusion prevention system)
e. NIDS (network-based intrusion detection system)
f. proxy service
g. smurf attack
h. TEMPEST
i. virus
j. worm
The simplest type of firewall is a content filtering firewall.
True
False
False
Packet Filtering Firewall
A firewall typically involves a combination of hardware and software.
True
False
True
At what layer of the OSI model do firewalls operate?
a. Network b. Transport c. Application d. Data link
a. Network
Programs that run independently and travel between computers and across networks, such as by e-mail attachment or virtually any kind of file transfer, are known as which option below?
a. network viruses b. file-infector viruses c. worms d. macro viruses
c. worms
A SOHO wireless router typically acts as a firewall and may include packet filtering options.
True
False
True
A system that is capable of collecting and analyzing information generated by firewalls, IDS, and IPS systems is known as which term below?
a. event collector architecture b. log organizer c. SIEM system d. syslog system
c. SIEM system
What mode setting on a firewall makes the firewall transparent to surrounding nodes as if it’s just part of the wire?
a. pass-thru mode b. virtual access mode c. virtual wire mode d. transparent wire mode
a. pass-thru mode
What feature on some network switches can be used to detect faked arp messages?
a. DHCP snooping b. session monitoring c. dynamic ARP inspection d. dynamic packet inspection
c. dynamic ARP inspection
Different types of organizations have similar levels of network security risks.
(A) True
(B) False
(B) False
A firewall typically involves a combination of hardware and software.
(A) True
(B) False
Answer : (A)
The simplest type of firewall is a content filtering firewall.
(A) True
(B) False
Answer : (B)
A SOHO wireless router typically acts as a firewall and may include packet filtering options.
(A) True
(B) False
Answer : (A)
The term malware is derived from a combination of the words malicious and software.
(A) True
(B) False
Answer : (A)
Which software below combines known scanning techniques and exploits to allow for hybrid exploits? (A) Nessus (B) metasploit (C) nmap (D) Sub7
Answer : (B)
What kind of attack involves a flood of broadcast ping messages, with the originating source address being spoofed to appear as a host on the network? (A) amplification attack (B) smurf attack (C) zombie attack (D) SYN attack
Answer : (B)
Botnets often make use of what chat protocol in order to receive commands? (A) XMPP (B) AIM (C) IRC (D) Skype
Answer : (C)
Which virus below combines polymorphism and stealth techniques to create a very destructive virus? (A) Natas (B) Macro (C) Michelangelo (D) Stoned
Answer : (A)
What characteristic of viruses make it possible for a virus to potentially change its
characteristics (such as file size, and internal instructions) to avoid detection?
(A) encryption
(B) stealth
(C) polymorphism
(D) time dependence
Answer : (C)
What type of virus are dormant until a specific condition is met, such as the changing of a file or a match of the current date? (A) encrypted virus (B) logic bomb (C) boot sector virus (D) worm
Answer : (B)
Programs that run independently and travel between computers and across networks, such as by e-mail attachment or virtually any kind of file transfer, are known as which option below? (A) file-infector viruses (B) worms (C) network viruses (D) macro viruses
Answer : (B)
If multiple honeypots are connected to form a larger network, what term is used to describe the network? (A) combolure (B) lurenet (C) honeycomb (D) honeynet
Answer : (D)
A system that is capable of collecting and analyzing information generated by firewalls, IDS, and IPS systems is known as which term below? (A) event collector architecture (B) syslog system (C) SIEM system D) log organizer
Answer : (C)
A proxy that provides Internet clients access to services on its own network is known as what type of proxy? (A) reverse proxy (B) cache proxy (C) service proxy (D) inverse proxy
Answer : (A)
At what layer of the OSI model do firewalls operate? (A) Transport (B) Data link (C) Network (D) Application
Answer : (C)
Which software below serves as the firewall for Linux systems? (A) ZoneAlarm (B) Comodo C) iptables D) ipf
Answer : (C)
A reflective attack can be increased in intensity by combining it with what type of attack? (A) smurf attack (B) SYN attack (C) amplification attack D) friendly attack
Answer : (C)
An attack in which hackers transmit bogus requests for connection to servers or applications in order to harvest useful information to guide their attack efforts is known as what option below? A) banner-grabbing attack B) reflective attack C) friendly attack D) IP spoofing attack
Answer : (A)
An attack that involves a person redirecting or capturing secure transmissions as they occur is known as what type of attack? (A) buffer overflow (B) session hijacking attack (C) man-in-the-middle attack (D) banner-grabbing attack
Answer : (C)
Which option below is a standard created by the NSA that defines protections against radio frequency emanations? (A) EmSec (B) TEMPEST (C) RFGUARD (D) BlockSec
Answer : (B)
The process in which a person attempts to glean access for authentication information by posing
as someone who needs that information is known as what option below?
(A) mining
B) phishing
C) hunting
D) doxing
Answer : (B)
What feature on some network switches can be used to detect faked arp messages? (A) DHCP snooping (B) session monitoring (C) dynamic packet inspection (D) dynamic ARP inspection
Answer : (D)
In ACL statements, the any keyword is equivalent to using which wildcard mask? (A) 255.255.255.255 (B) 0.0.0.0 C) 0.0.255.255 (D) 255.255.0.0
(B) 0.0.0.0
What mode setting on a firewall makes the firewall transparent to surrounding nodes as if it's just part of the wire? (A) transparent wire mode (B) virtual access mode (C) pass-thru mode (D) virtual wire mode
Answer : (D)
What two types of agents are used to check compliance with network security policies? (A) dissolvable agent (B) temporary agent (C) persistent agent (D) permanent agent
Answer :
What two options below are IDS implementations used to provide additional security on a network? (A) IIDS (B) PIDS (C) HIDS (D) NIDS
Answer :
What two terms describe a network of compromised computers that are then used to perform coordinated DDoS attacks without their owners' knowledge or consent? (A) reflectors (B) botnet (C) zombie army (D) repeaters
Answer :
Which two viruses below are examples of boot sector viruses? ( A) Michelangelo (B) Stoned (C) Natas (D) Klez
Answer :
Which two terms can be used to describe a decoy system that is purposely vulnerable for the sake of attracting attackers? (A) honeypot (B) pandora box (C) trap (D) lure
Answer :
The _____________ proxy server software is available for use on the UNIX / Linux platform.
Answer : SQUID
The ________________ utility is a Windows console that is used to control what users do and how the system can be used.
Answer : gpedit.msc
Networks that use ________________, such as T-1 or DSL connections to the Internet, are vulnerable to eavesdropping at a building’ s demarc (demarcation point), at a remote switching facility, or in a central office.
Answer : leased public lines
A ______________ on a device attempts to alter management interfaces within the hardware to the point where the device is irreparable.
Answer : physical attack
A _________________ form is a document that is used to ensure that employees are aware of the fact that their use of company equipment and accounts will be monitored and reviewed as needed for security purposes.
Answer : consent to monitoring
The act of taking advantage of a vulnerability is known as which of the following? a. hacker b. poisoning c. snooping d. exploit
Answer: D
____________________ occurs when a person attempts to glean access or authentication information by posing as someone who needs that information.
Answer: Phishing
Which of the following describes an attack where high volumes of traffic overwhelm a wireless network? a. port scanning b. jamming c. phishing d. man-in-the-middle
Answer: B
