CISSP (Domain 2 - Telecommunications and Network Security) Flashcards
Physical Layer (OSI)
- Bits converted to electrical signal
Data Link Layer (OSI)
- Switching
- MAC Address
- Breaks data into frames for correct technology
- Error detection
- ARP, RARP
802.5
Token Ring, FDDI
802.11
Wireless CSMA/CD
802.3
Ethernet
Carrier Sense Multiple Access with Collision Detection (CSMA/CD)
Sends message, if collision detected, wait random time and resubmit (Ethernet)
Carrier Sense Multiple Access with Collision Avoidance (CSMA/CA)
Sends message out to wire to see if its open, if open, send message (Wireless)
Network Layer (OSI)
- Routing
- IP, ICMP, RIP, OSPF, BGP, IGMP
- Inserts information into the packet header for routing
- Only layer to provide confidentiality, authentication, and integrity with IPsec
Transport Layer (OSI)
- End to End transfer
- Error control and recovery
- Assembled into a stream
- SSL, TCP, UDP, and SPX
Session Layer (OSI)
- E2E communication between applications
- Session setup and tear down
- DNS, NFS, SQL, and RPC
Presentation Layer (OSI)
- Translate message into a standard format
- GIF, TIFF, JPG
- Encoding: ASCII and EBCDIC
- E2E encryption
Application Layer (OSI)
- Closest to users
- Provides message exchange, terminal sessions, …
- Only layer to provide non-repudiation (if encryption is enabled)
- HTTP, FTP, SMTP, POP, IMAP, Telnet, SNMP, TFTP
OSI to DoD TCP/IP
- Application, Presentation, Session: Application
- Transport: Host to Host
- Network: Internet
- Data Link, Physical: Network Interface
TCP Encapsulation
D/SD/PSD/FPSD-FCS
- Data
- Segment, Data
- Packet, Segment, Data
- Frame, Packet, Segment, Data, FCS
How to attack TCP/IP
- SYN flood (fill up buffer) during 3 way handshake
- Guessing TCP sequence number
How to attack UDP
DoS with floods
IPv6 IP Format Rules (3)
- First half is network address, second part is host address
- Can be shortend by eliminating leading zero’s
- Adjacent blocks of zero’s can be replace with ::; but only once
Synchronous Transmission
- Stream of data, no start and stop bits
- Used to transfer large amounts of data
Asynchronous Transmission
- Bits are sent sequentially
- Used to transfer small amounts of data
- Start and stop bits used
- Modems and dial-up connections
Baseband Signal
Cable only uses one channel
- Ethernet
Broadband Signal
Cable uses several channels at once
- T1, T3, DSL, ISDN
Bus Topology
- Single cable where computers are connected to drops
- Each computer sees each packet
- Line is the single point of failure
- If one pc has problem, all other computers impacted
Ring Topology
- Series of computers and devices connected by unidirectional transmission links
- Each computer is dependent on the preceding computer
- If one goes down, it can take down all systems
Star Topology
- All computers connected to a central hub or switch
- Hub is the single point of failure
Mesh Topology (2 types)
- Full Mesh: Every device is connected to every other device, expensive
- Partial Mesh: Enough interconnections to eliminate single points of failure
3 Transmission Methods
UMB
- Unicast: One to one relationship
- Multicast: One to many relationship
- Broadcast: One to all relationship
Address Resolution Protocol (ARP)
- Maps IP address to MAC address
- MAC is only used to forward frames on same network segment
Reverse Address Resolution Protocol (RARP)
- Maps MAC address to IP Address
Hub
- Used to connect multiple LAN devices
- Layer 1
Switch
- Similar to a Bridge but when it receives a frame, it forwards to the correct segment instead of all.
- Layer 2
- 10 ports = 10 CDs and 1 BD
Router
- Routes packets based on IP Address
- Layer 3
3 Routing Protocol types
DV/LS/B
- Algorithms based on distance vector protocols
- Algorithms based on link state protocols
- Border Protocols
Distance Vector Protocols
- RIP/RIP v2
- Small Networks
- List of destination networks with direction and distance in hops
Link State Protocols
- OSPF
- Based on Cost
- Each router keeps a topology map of network and identifies all routers
Gateway
- Software that links two different networks
- IPX/SPX talking to TCP/IP
- Layer 7
3 Types of Firewalls
SSP
- Static Packet Filtering
- Stateful Packet Filtering
- Application Proxy
Proxy Firewall
- Layer 7
- Middleman between communicating computers
- Looks at payload of packet
- Low performance
Static Packet Filter Firewall
- Uses ACL to make access decisions
- Access based on source and destination IP/Port/Protocol
- Layer 3 only
- Screen routers with rules for rejecting or accepting data
- Based on IP Header
- Cant keep track of state
Stateful Firewall
layers/track/syn
- Packets captured by inspection engine and each OSI layer inspected
- All Layer
- Keeps track of state
- Builds state table
- Syn flood detector
Bastion Host
- Most secure state
- AKA Hardened System or Locked Down System
- Limited amount of ports/services/users/software allowed
Screened Host (Firewall) (RouterFW#/FWLoc/DMZLoc/fil)
- Separates trusted and non-trusted networks
- Proxy directly behind a packet-filtering router
- One router and one firewall
- Router filters traffic before it is passed to firewall
Dual-homed Firewall
- Two interfaces, one for each network
- Forwarding and routing turned off so each packet can be inspected
- One firewall
Screened Subnet (Firewall)
- Two routers, one firewall
- Firewall in-between router
- DMZ setup between the two routers
- External router filters traffic before it enters DMZ
Demilitarized Zone (DMZ)
- Network segment between protected internal network and non-trusted external network
- Contains Bastion hosts
5 Things Firewalls Should Do
Deny/BlockB/BlockNon/BlockInt/Reass
- Deny all traffic unless expressly permitted (white list)
- Block directed broadcasts (defense against smurf and fraggle attacks)
- Block traffic leaving network from a non-internal address (possible zombie system)
- Block traffic entering the network from an internal address (possible spoofing attack)
- Packets should be reassembled before forwarding
3 Ways to Secure DNS
Cert/Zone/Queries
- Certificate Validation
- Mutual Zone Transfer
- Prevent Unauthorized Queries
Network Address Translation (NAT)
- Pool of public addresses that get mapped to internal computers
- Limits understanding of internal network to external entities
- Provides address conversion and hides the identity
Static NAT
- Each internal system has a corresponding external routeable IP Address
Hiding NAT - All Systems Share
- All systems share same external routeable IP address
Private IP Addresses (RFC 1918)
- 10.0.0.0/8
- 172.16-31.255.255/12
- 192.168.0.0/16
Socket
IP and port number
4 Wide Area Network (WAN) Technologies
FR/X/A/V
- Frame Relay
- X.25
- ATM
- VOIP
4 Bluetooth Attacks
BJ/BS/BB/BB
- *Bluejack: sends spam anonymously to victims
- *Bluesnarfing: Stealing info up to a mile away
- Bluebof exploit: Overflow of service
- Bluebug: Uses AT commands on victims cell
X.25
- First packet switching technology that uses switched and permanent virtual circuits
- *Protocol used: LAPB for error detection and corrective procedures
- Used in older WAN technologies
Frame relay
- *Faster WAN packet-switching protocol with no error correction
- Data link layer
- Fee Based
Permanent Virtual Circuit (PVC)
Private line for a customer with an agreed upon bandwidth availability
Switched Virtual Circuit (SVC) - Frame Relay
Dynamically built when required
Committed Information Rate (CIR) - Frame Relay
Customer pays for a certain monthly payment to ensure a specific bandwidth availability
Asynchronous Transfer Mode (ATM)
- High bandwidth technology that uses switching and multiplexing
- *53-byte fixed cells instead of various frame lengths over PVC and SVC
Voice Over IP (VOIP)
Technology that can combine different types of data (data, voice, video) into one packet
3 Challenges with VOIP
jitter/seq/latency
- When voice and data are combined, jittering can result
- Connectionless, packets can arrive out of sequence
- Each hop has potential in latency
4 Components Required for VOIP
D/CP/VM/VG
- IP telephony device
- Call-processing manager
- Voicemail system
- Voice gateway
Session Initiation Protocol (SIP) - VOIP
loc/negot/mgmt/change/only
- Allows for establishment of user location (name to network address)
- Negotiation occurs so that features are agreed on and supported
- Call management mechanism (adding, dropping, transferring participants)
- Change features during session
- *Only a signaling protocol (ring, dial, busy)
5 Security Threats for VOIP
TF/DD/S/P/V
- Toll Fraud
- DDos
- SPIT (Spam over Internet Telephony)
- Phishing
- VOMIT (Replacing words in call before received)
Point-To-Point Protocol (PPP)
- Layer 2 service
- Encapsulate data over a serial line for dial-up
- Can encapsulate data that cant route through the internet
3 PPP Authentication Mechanisms
- PAP
- CHAP
- EAP
IPsec
- Works at network layer and provides security on top of IP
2 IPsec Encryption Modes
- Tunnel Mode: Payload and headers
- Transport Mode: Payload protected
Extensible Authentication Protocol (EAP)
- Protocol for authentication that supports multiple authentication methods
- Credentials not protected
Protected Extensible Authentication Protocol (PEAP)
- Makes a secure channel before credentials
- Only server uses digital certificate
6 PEAP Steps to Protect Credentials
- Client makes connection to EAP Server
- Public Key given from EAP Server to client
- Client Authorizes cert
- Session key encrypted with public key
- Private key used to decrypt session key on EAP Server
- AuthN data encrypted with session key
802.11b
- Speed: 11 mb/s
- Freq: 2.4 GHz
- Enc: WEP
802.11a
- Speed: 54 mb/s
- Freq: 5 GHz
- Enc: WEP
802.11g
- Speed: 54 mb/s
- Freq: 2.4 GHz
- Enc: WEP
802.11i
- Speed: N/A
- Freq: N/A
- Enc: WPA/WPA2
802.11n
- Speed: 450 mb/s
- Freq: 2.4 & 5 GHz
- Enc: WPA
- Multiple in multiple out (MiMO) makes connections quick
Why is WPA more secure
- Uses Temporal Key Integrity Protocol (TKIP)
- Uses different session key for each packet
3 AES Encryption Lengths
128, 192, 256 bit
