Communications and Network Security (CNS) Flashcards
Access point
the connection between a wireless and wired network
Access server
Provides dial-in and dial-out connections to the network
Ad hoc Mode
Directly connect two+ clients, no access point Infrastructure Mode – connects endpoints to a central network, not directly to each other, need access point and wireless clients for IM mode wireless
Address Resolution Protocol
Used to match an IP address to a hardware MAC address. ARP sends out broadcast to a network node to reply with its hardware address. It stores the address in a dynamic table for the duration of the session, so ARP requests are only sent the first time
Addressing
IP uses the destination IP to transmit packets thru networks until delivered
ADSL
Asymmetric. More downstream bandwidth up to 18,000 feet over single copper cable pair
Analog signal
Infinite wave form, continuous signal, varied by amplification
Asynchronous communications, broadband connections, and half‐duplex links can be digital or analog.
Application
Layer 4 network
Application OSI
Provides an interface for which applications and end users can utilize networked resources.
Examples: FTP, Telnet
Application level firewall
Second generation: AKA proxy server While transferring data stream to another network, it masks the data origin. operating at Application layer of OSI
Application Proxy firewall
Layer 7: actually 3 through 7, which look at content and can involve authentication and encryption, can be more flexible and secure but also tend to be far slower.
ARCnet
Uses token passing in a star technology on coax
Asymmetric multiproccessing
AMP: used in applications that are dedicated, such as embedded systems, when individual processors can be dedicated to specific tasks at design time
Asynchronous
Sends bits of data sequentially. Same speed on both sides. Modems and dial-up remote access systems
Asynchronous Transfer Mode
ATM: very high bandwidth. It uses 53-byte fixed size cells instead of frames like Ethernet. It can allocate bandwidth up on demand making it a solution for Busty applications. Requires fiber optics
Attenuation
A decrease in amplitude as a signal propagates along a transmission medium
Access port
logical or physical identifier that a computer uses to distinguish different terminal input/output data streams
Active attack
attack on the authentication protocol where the attacker transmits data to the claimant or verifier. Examples of active attacks include a man-in-the-middle, impersonation, and session hijacking.
Active wiretapping
illegal attaching of an unauthorized device for the purpose of obtaining access to data
Bluejacking
When attackers send unsolicited messages via Bluetooth
Bluesnarfing
Targets the data or information on Bluetooth-enabled devices
Bootstrap Protocol
When wireless workstation is on-lined it sends out a BootP request with its MAC address to get an IP address and the file from which it should boot. Replaced by DHCP
Bridge
a layer 2 device that used to connect two network segments and regulate traffic
Bridges
Forwards data to all other network segments if it’s not on the local segment. Operates at level 2 (thus no IP-addressing)
Broadband Technologies
ISDN, cable modems, DSL, and T1/T3 lines that can support multiple simultaneous signals. They are analog and not broadcast technologies.
Broadcast
Source packet is copied and sent to all nodes
Broadcast Domain
Set of systems that can receive a broadcast from each other
Brouter
a device that provides the functions of both a bridge and a router
BUS
All transmissions have to travel the full length of the cable
Callback
User initiates a connection, supplies identifying code, and then the system will call back a predetermined telephone number. Also less useful for travelling users
Caller ID
Checks incoming telephone number against an approval list and then uses Callback. Less useful for travelling users
CAN
Campus area network: multiple building connected to fast backbone on a campus
Carrier Sense Multiple Access
CSMA: for Ethernet. Workstations send out packet. If it doesn’t get an acknowledgement, it resends
Challenge Handshake Authenticate Protocol
CHAP: non-replayable challenge/response dialog
CHAP
Challenge-Handshake Authentication Protocol, used by PPP servers to authenticate remote clients. Encrypts username and PW and performs periodic re authentication while connected using techniques to prevent replay attacks.
CIR
Committed Information Rate: minimum bandwidth guarantee provided by service provider to customers
Circuit Level Proxy
Layer 5: looks at header of packet only, protects wide range of protocols and services than app-level proxy, but as detailed a level of control. Basically once the circuit is allowed all info is tunneled between the parties. Although firewalls are difficult to configure correctly, they are a critical component of network security.
Circuit switched network
There must be a dedicated physical circuit path exist during transmission. The right choice for networks that have to communicate constantly. Typically for a telephone company network Voice oriented. Sensitive to loss of connection
Client SSL Certificates
Used to identify clients to servers via SSL (client authentication)
Coaxial
Many workstations, length. 1000Base-T – 100 M
Twisted pair to long. Cat 5 better than cat3 for interference Fiber optics immune to EMI, can be broken and high cost/expertise Topology failures
Coaxial cable
a cable consisting of a core, inner conductor that is surrounding by an insulator, an outer cylindrical conductor
Codec
used to code/decode a digital data stream
Collision Domain
Set of systems that could cause a collision if they transmitted at the same time, more number of systems in domain increases likelihood of network congestion due to more collisions
Concentrator
layer 1 network device that is used to connect network segments together, but provides no traffic control
Converged Network
Carries multiple types of traffic like voice, video, and data
Converged Protocols
The merging of specialty or proprietary protocols with standard protocols, such as those from the TCP/ IP suite. The primary benefit of converged protocols is the ability to use existing TCP/ IP supporting network infrastructure to host special or proprietary services without the need for unique deployments of alternate networking hardware.
CSMA with Collision Avoidance workstations
z- are attached by 2 coax cables. In one direction only. Wireless 802.11
CSMA with Collision Detection
Only one host can send at the time, using jamming signals for the rest
Data Link Layer 2
z-C
This layer deals with addressing physical hardware. FRAMES
Translates data into bits and formats them into data frames with destination header and source address. Error detection via checksums.
Example: bridge
Data service unit (DSU)
z-also Channel Service Unit (CSU)
Digital interface device, used to terminate the physical interface on a DTE device. They connect to the closest telephone company switch in a central office (CO)
Data Streams
Occur at Application, Presentation, and Session layers.
Demon Dialer
a technique by which a computer is used to repeatedly dial a number (usually to a crowded modem pool) in an attempt to gain access immediately after another user had hung up
DHCP
z-Dynamic Host Configuration Protocol
Digital signal
Saw tooth form, pulses, on-off only, digital signals are a means of transmission that involves the use of a discontinuous electrical signal and a state change or on‐off pulses. Asynchronous communications, broadband connections, and half‐duplex links can be digital or analog.
Digital signature
an asymmetric cryptography mechanism that provides authentication
Direct Sequence Spread Spectrum
DSSS: employs all the available frequencies simultaneously in parallel. This provides a higher rate of data throughput than FHSS. DSSS also uses a special encoding mechanism known as chipping code to allow a receiver to reconstruct data even if parts of the signal were distorted because of interference.
DKIM
Domain Keys Identified Mail, domain validation tool
DNS Poisoning
When an attacker changes the domain name to IP address mappings of a system to redirect traffic to alternative systems
DNS Spoofing
When an attacker sends false replies to a requesting system, beating valid replies from the real DNS server
Dual homed host firewall
Consists of a host with 2 NIC’s. One connected to trusted, one to un-trusted. Can thus be used as translator between 2 network types like Ethernet/token ring. Internal routing capabilities must not be enabled to make it impossible to circumvent inspection of data.
Dynamic Packet Filtering firewall
Fourth generation: Enables modification of the firewall rule. It provides limited support for UDP by remembering UDP packages across the network.
Eavesdropping
a passive network attack involving monitoring of traffic
E-mail spoofing
forgery of the sender’s email address in an email header
Emanations
potentially compromising leakage of electrical or acoustical signals
Encapsulating Security Payload
z-Encrypts IP packets and ensured integrity.
ESP Header – contains information showing which security association to use and the packet sequence number. Like the AH, the ESP sequences every packet to thwart replay attacks.
Ethernet IEEE 802.3
Using CSMA with an BUS-topology
Ethernet twisted pair
More resistant than coaxial Token Ring because a token is passed by every station, a NIC that’s is set to wrong speed or error can take all network down
Extensible Authentication Protocol
EAP: an authentication framework. Allows for new authentication technologies to be compatible with existing wireless or point-to-point connection technologies, extensible was used for PPP connections
Faraday Cage/ Shield
A shield against leakage of electromagnetic signals.
Fiber Channel Over Ethernet
FCoE: allows existing high-speed networks to be used to carry storage traffic
Fiber Distributed Data Interface
Form of token ring that has second ring that activates on error
Leased lines use multiple lines and/or multiple vendors
Fiber optics
bundles of long strands of pure glass that efficiently transmit light pulses over long distances. Interception without detection is difficult.
Fibre Channel over Ethernet
z-FCoE: a form of network data-storage solution (SAN or NAS) that allows for high-speed file transfers at upward of 16 GBps. It was designed to be operated over fiber-optic cables; support for copper cables was added later to offer less-expensive options. (FCoE) can be used to support it over the existing network infrastructure. FCoE is used to encapsulate Fibre Channel communications over Ethernet networks. Fibre Channel operates as a Network layer or OSI layer 3 protocol, replacing IP as the payload of a standard Ethernet network.
File Transfer Protocol
For file transfers. Cannot execute remote files as programs. Authentication. Port 20 and 21
Firewalls
a group of systems that enforces an access control policy between two networks
Fraggle
a denial of service attack initiated by sending spoofed UDP echo request to IP broadcast addresses
Fragmentation
z- DEAN plz note, there is an entry called “IP fragmentation,” but this appears to be a different definition / concept
IP will subdivide a packet if its size is greater than the maximum allowed on a local network
Message routing, error detection and control of node data are managed. IP, IPSEC, ICMP, BGP, OSPF, RIP, BOOTP, DHCP, ZIP, DDP, X.25, NAT and IGMP
Frame Relay
High performance WAN protocol designed for use across ISDN interfaces. Is fast but has no error correction, supports multiple PVCs, unlike X.25, packet switched technology that provides CIR, requires DTE/DCE at each connection point
Frame Relay WAN
Over a public switched network. High Fault tolerance by relaying fault segments to working.
Frequency Hopping Spread Spectrum
FHSS: The entire range of available frequencies is employed, but only one frequency at a time is used.
Gateway
a secure connection to another network
HDSL
High Rate T1 speed over two copper cable pairs up to 12,000 feet
High-level Data Link Control
HDLC: extension to SDLC also for mainframes. Uses data encapsulation on synchronous serial links using frame characters and checksums. Also data link layer High Speed Serial Interface (HSSI) - Defines electrical and physical interfaces to use for DTE/DCE communications. Physical layer of OSI
Hijacking
interception and take over of a communication session by an attacker
Host-to-Host
Layer 3 (Transport)
Hub
layer 1 network device that is used to connect network segments together, but provides no traffic control
HUBS
Connect multiple LAN devices into a concentrator. Is actually a multi-port repeater (physical)
Hypervisor-based Network
May be software defined, but it could also use traditional network devices running as virtual machines
Injection
an attack technique that exploits systems that do not perform input validation by embedding partial SQL queries inside input
Integrated Services Digital Network
ISDN: combination of digital telephony and data transports. Overtaken by xDSL, not all useable due to “D Channel” used for call management not data
Interception
unauthorized access of information (e.g. tapping, sniffing, unsecured wireless communications, emanations)
Internet
Layer 2 (corresponds to OSI network layer) Defines the IP datagram and handles routing of data across networks
Protocols: IP, ARP, RARP, ICMP
Internet control message protocol
Sends messages between network nodes regarding the health of the network. Also informs about rerouting in case of errors. Utility PING uses ICMP messages to check physical connectivity of the network machines
IPX, Appletalk, and NetBEUI are non-IP protocols
Internet intranet and extranet
Internet is global, intranet local for use within companies and extranet can be used e.g. by your customers and clients but is not public.
Internet Protocol
z-All hosts have an IP address. Each data packet has an IP address of sender and recipient. Routing in network is based upon these addresses. Datagram service is considered unreliable because there’s no guarantee that the packet will be delivered, not even that its delivered only once and no guarantee that its delivered in the same sequence that its sent
32 bits long, IPv6 is 128 bits long
Internet Small Computer Interface
iSCI: Converged protocol that allows location-independent file services over traditional network technologies. Cost less than Fiber. Standard for linking data storage sites
Internet Small Computer System Interface
iSCSI: a networking storage standard based on IP. This technology can be used to enable location-independent file storage, transmission, and retrieval over LAN, WAN, or public Internet connections.
It is often viewed as a low-cost alternative to Fibre Channel.
IP address spoofing
forging of an IP address
IP fragmentation
an attack that breaks up malicious code into fragments, in an attempt to elude detection
IPSEC
z-Operates at Network Layer of OSI
Enables multiple and simultaneous tunnels
Encrypt and authenticate
Build into IPv6
Network-to-network use
Creates a private, encrypted network via a public network
Encryption for confidentiality and integrity
IPSEC compatible
Encryption via Tunnel mode (entire data package encrypted) or Transport mode (only datagram encrypted)
Only works with IP at Network layer of OSI NON IP-sec compatible
ISDN
PRI (Primary Rate Interface) bandwidth of 1.544 Mbps, faster than BRI’s 144 Kbps
Kernel Proxy Firewall
Fifth generation: Application level Firewall Runs in windows NT, modular, kernel based, multiplayer session evaluation. Uses dynamic TCP/IP stacks to inspect network packages and enforce security policies.
L2F, Layer 2 Forwarding
z-Cisco developed its own VPN protocol called which is a mutual authentication tunneling mechanism.
L2F does not offer encryption. L2F was not widely deployed and was soon replaced by L2TP. Both operate at layer 2. Both can encapsulate any LAN protocol.