Communications and Network Strategy Flashcards

1
Q

Bluetooth

A

“a low-power technology defined in IEEE 802.15 standard designed to connect devices within 100 meters or less

Bluetooth v2.1 uses weak encryption cipher = E0 which uses a 128-bit key but has the strength of 38-bit key. Bluetooth v4.1 and later are more secure

Other vulnerabilities: bluejacking (unsolicited messages) and BlueBug attacks ( malicious uses can eavesdrop and/or take over the victims phone)

Uses FHSS - technique that intermittently changes the radio channels in a synchronized patter, the patter being a secret shared by transmitter and receiver which prevents the unintended from eavesdropping.

AFH enhances FHSS by applying additional logic to the sequencing patter so that it avoids overly congested channels”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

SLIP (Protocol)

A

“at the Data Link layer, enables basic point-to-point IP-based communication between two network devices.

PRO: lower overhead
CON:It provides neither confidentiality, integrity or authentication”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

PPP (Protocol)

A

“at the data link layer, can transmit multuple Network layer protocols on the same link e.g. PPP can transmit IP, IPX and AppleTalk over the same connection; each network later protocol requires a separate PPP Network Control Protocol (NCP).

Provides confidentiality (PPTP/L2TP), integrity (PPP native error-detection features) and authentication (PAP, CHAP, EAP) and also supports compression”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

ACL Rules

A

“a set of rules that is used to identify and control packet flow across a network that follows a specfic-to-general pattern of matching. The LAST rule in the ACL is typically the most general rule

ACL in Action: When a packet is received by a firewall, each ACL rule is evaluated in order until a match is found, and then allows the traffic with no other rules being checked. If the packet does not match ANY rules, the firewall will apply its default rule.

Implicit Deny/Allow: Most firewalls will use an implicit DENY rule which means any packets that are not explicitly permitted are implicitly DENIED. If a firewall is configured with an implicit ALLOW rule, any packets that are not explicitly denied are implicitly ALLOWED.

Scenario: So, if you want to block a specific domain within a firewall configured with the implicit deny rule - then ““allow all”” (most general rule) must be the last rule so that any traffic that has not already been explicitly denied will be allowed by the firewall.”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

SYN Flood

A

“occurs at the Transport layer; uses TCP which is a connection-oriented Transport layer protocol which provides reliable delivery of data

SYN Flood Attack: a DoS attack where an attacker will begin multuple TCP handshakes by sending several SYN packets that will respond with SYN/ACKs. The victim’s connection table will fill and eventually case the victim’s system to refuse connections, thereby causing a DoS condition”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Teardrop Attack

A

occurs at the Network Layer; uses IP; an attacker sends several large overlapping IP fragments and the victim’s system will attempt to reassemble these packets, sometimes causing the system to crash

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

LAND Attack

A

occurs at the Network Layer; uses IP; an attacker sends an IP packet with the same source and destination address and port. When the victim with that destination address reicieves the packet, it can become confused and crash

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Fraggle Attack

A

occurs at the Transport Layer; uses UDP (unreliable); a type of DoS attack in which an attacker sends UDP echo and chargen? packets with a spoofed source address. Every device that recieves one of these UDP broadcasts will send a response to the spoofed source address, which can overwelm the device at the source address.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Smurf Attack

A

debated to occur in either Network or Transport Layer; uses ICMP; a DoS attack in which an attacker pings a broadcast address by sending ICMP echo request packets with a spoofed source address. Every device that reieves the ICMP ping will send an echo reply to the spoofed source address, which can overwelm the device at the source address.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

TFTP Request/Response

A

“TFTP sever will receive a request from a client on UDP port 69
TFTP will respond to this client request using a UDP port numbered higher than 1023 that is generated by the client

TFTP servers listen on UDP port 69 for incloming client connections BUT responds by using the client’s dynamically generated port number - and would be higher than 1023 because anything below that would be for system ports”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Circuit-Switched WAN

A

require a dedicated circuit that is reserved for the exclusive use of two enpoints which assures a fixed and reliable bandwidth. Has something to do with a T1 line??

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Packet-Switched Technologies

A

data on a link is broken into packets and routed individually to the correct endpoint. Each packet can take a different path across the network, and the packets are reassembled by the recieveing device. Any unused bandwitdth is made available to other connections for transmitting data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Frame Relay

A

“a packet-switched WAN technology that focuses on speed rather than reliability. It relies on higher-level protocols such as TCP to provide reliablity. If an error is detected in a frame as it is sent over a Frame Relay network, the frame is dropped. Endpoints must detect and retransmit dropped frames on their own.

Frame Relay operates at the Data Link layer.”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

X.25

A

older packet-switched WAN tech that has been replaced by frame relay. But unlike Frame Relay, it provides error detection but at the cost of latency

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Cell-Switched Technology

A

“similar to packet-switching, but instead of using variable length packets, it uses fixed length cells.

ATM (Asynchronous Transfer Mode) is an example, and uses cells that are 53 bytes long. ATM is much more predictable than packet-switched tech”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Message Switched Technology

A

“came before packet-switching, an entire message is routed from hop to hop until the message reaches its destination.

Telex and UUCP are examples”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

TLS

A

“used for secure communication between a web browser and web server and extends the security of SSL.

Provides secure transmissions for application protocols by the use encryption algorithms (AES, DES, 3DES) to encrypt traffic at the Transport Layer

To implement TLS/SSL, one must obtain a server certificate from a trusted CA or internal CA and install it on the server. The server must use its server certificate the authenticate to a client computer. “

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

HTTP

A

“used to request a resource from another computer e.g. a web server, on the Internet.

Not a secure communication”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

L2TP

A

“used in VPNS, provides the tunnel by which IP packets encapsulated in UDP packets can travel. Does not offer any security on its own

To secure the data travelling through the tunnel, L2TP is used in conjuction with an encryption protocol like IPSec”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

EAP

A

An authentication standard developed to provide access control for network devices. When implemented, clients must successfully authenticate before the clients will be allowed to access the network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

NAC - Network Admission Control

A

“a feature that prevents hosts from accessing the network if they do not comply with organizational requirements such as AV definition file. Hosts that are unregistered are intercepted and is checked against the authentication server if they are in compliance.

It does not detect DoS attacks, cannot scan hosts for viruses or provide a secure tunnel for communications from a host to a server. “

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

VLAN Hopping

A

When an attacker attempts to inject packets into other VLANS by accessing the VLAN trunk and double-tagging 802.1Q frames. When successful, an attacker can send traffic to other VLANs without using a router. most likely results from hosting a VoIP system on the same switch as a data network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

MITM

A

occurs when an attacker intercepts packets between a source host and a destination host on a network. Attackers can use the intercepted packet to steal info or modify the packet before forwarding it to the destination host.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

PGP - Pretty Good Privacy

A

a software application that can be used to encrypt and digitally sign email messages

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

S/MIME

A

a protocol that provides security for email messages and can also create a digital signature for an email message

26
Q

Digital Signatures

A

created by hashing the body of a message and encrypting the hash by using the sender’s public key, the recipient can trust that the message was created by the owner of the corresponding private key.

27
Q

PPTP

A

used for data transfers across IP-based VPNs and uses other protocols for the security of data transfers

28
Q

NAT

A

“trnaslates private IPs to public IPs. This translation enables hosts on privately addressed internal network to communicate with hosts on a public network, such as the Internet.

Typically, internal networks use private IPs, which are not globally routable. In order to enable communication with hsots on the Internet, which can use Public IPs, NAT translates the private IP to public IP”

29
Q

DMZ

A

“a network segment that is used as a boundary between an internal network an an external network, such as the Internet.

Typically used to contain externally facing servers, such as web servers and procy servers that are accessed by external users. This helps limit the attack surface of a network “

30
Q

WPA

A

“a wireless standard used to encrypt data transmitted over a wireless network and addresses weaknesses in WEP by using more advanced protocol called TKIP.

WPA uses RC4/128-bit encyrption”

31
Q

TKIP

A

provides security features such as dynamic key rotation, key hashing, message integrity checks and long initialization vector (IV)

32
Q

IPSec

A

“a protocol that can be used to ensure security of network comms by authenticating or encrypting each packet transmitted.

It uses a mutual authentication model, which requires that both the sender and receiver verify their identity. It assures the integrity of transmitted packets by adding a hash value to each packet.”

33
Q

Router

A

creates multiple broadcast domains on your company’s network. Broadcast packets from one broadcast domain are not forwarded to other broadcast domains. In a router, each routed network interface creates a separate broadcast domain.

34
Q

Layer 2 switch

A

“all switch ports on Layer 2 belong to the same broadcast domain.

Frames received by a switch are forwarded to the appropriate port based on the destination MAC address. If the destination MAC address is not recornized by the switch, the switch will broadcast the frame out all ports except the port form which the drame was recieved.”

35
Q

Bridges

A

“creates separate collision domains. Each port on a bridge creates a separate collision domain.

All devices connected to a bridge will reside in the same broadcast domain.”

36
Q

Multi-Homed Devices

A

a device that has more than one network connection.

37
Q

Stateful firewall

A

“Operates at the Network and Transport Layers

makes filtering decisions based on the state of each session. When an outbound session is initiated, the stateful firewall will create an entry in the firewall’s state table and dynamically allow the return traffic in the inbound direction.

Inbound traffic from other sources will be blocked unless there is a corresponding outbound session listed in the state table. “

38
Q

Packet Firewall

A

“Operates at the Network and Transport Layers

makes simple filtering decisions based on each individual packet, which makes them not as flexible and not as secure as Stateful FW”

39
Q

Proxy Firewalls

A

“terminates the connection with the source device and initiates a new connection with the destination device, thereby hiding the true source of the traffic. When the reply comes from the destination device, the proxy firewall fowards the reply to the orginal source device

can be configured to hide the source of network connections. “

40
Q

Application-level proxy firewalls

A

“operates at the Application Layer

can make filtering decisions based on the Application layer data, but the firewall must be able to understand the corresponding Application layer protocol. Theyre often designed to filter data for a particular App Layer protocol like HTTP or FTP specifically”

41
Q

SSH

A

“used to transfer files over a network, however unlike FTP that does the same, SSH offers authentication, confidentiality and integrity by encrypting all data, including user names and passwords.

It can also be used to securely tunnel other protocols”

42
Q

rcp

A

used to remotely copy files, and does not provide confidentiality or integrity because it sends all data in cleartext

43
Q

rsh

A

enables users to remotely execute shell commands on another computer, and does not offer confidentiality or integrity because it sends all data in plaintext

44
Q

DNSSEC

A

a set of security extensions that are inteded to make DNS more secure. The overall DNS namespace is organizaed into units of administration known as zones. The use of DNSSEC involves two aspects (1) adding special records to a zone that include digital signatures for the other records in the zone and (2) using those signatures to verify responses to queries of the zone

45
Q

Pharming Attacks

A

DNS cache poisoning attacks that attempt to modify a DNS cache by providing valid information to a DNS server

46
Q

Wireless Standards

A

“802.11n: provides a throughput of 600mbps and its speed is made possible by MIMO (multiple input, multiple output) support which uses multiple antennas to send and receive data using several different frequencies thereby increasing input.

  1. 11a/g: provides throughput up to 54 mbps, and both use OFDM to transmit data. Devices using 802.11a standard transmit in the 5.0GHz frequency range, 802.11g in the 2.4 GHz frequency range
  2. 11b: throuhput up to 11mbs - uses DSSS to transmit data and tranmits at 2.4GHz frequency range”
47
Q

Broadcast Storm

A

“sent to all hosts on a network and occurs when a device repeatedly sends out broadcast packets, resulting in continual broadcast responses from the other hosts on the network. They can lead to network congestion and a potential loss of network connectivity

segmenting a network into multiple broadcast domains reduces the impact of broadcast storms, which can occur on a large layer 2 WANs during periods of network instability. Routers and layer 3 switches can be used to segment a network into multiple broadcast domains because they do not forward broadcast traffic; therefore routers and layer 3 switches can be used to mitgate the effects of a broadcast storm”

48
Q

Botnet

A

a network of compromised computers called zombies that are controlled remotely by another computer called a zombie master, without the knowledge of the compromised computers’ oowners. A botnet could be used in a Dos attack, in which the attacker floods the victim with erroneous requests to that the victim is unable to respond to valid requests.

49
Q

Physical Layer

A

“Defines how bits are passed over a medium. Bits can be passed electrically, mechanically, or optically. Media can include coaxial cable, twister-pair copper cable, and fiber-optic cable.

Devices: Hubs, repeaters and concentrators”

50
Q

Data Link Layer

A

“receives frames from the Physical layer and organizes them into packets.

Defines how devices communicate over a network. Physical addresses, are handled by the Data Link layer

Protocols: ethernet, frame relay, token ring, L2TP, PPP, CDP802/11 wireless standard

Devices: switches and bridges”

51
Q

Network Layer

A

“receives packets from the Data Link layer and sends segments to the Transport layer.

Responsible for logical addressing and routing on a network. Logical addressing methods include those defined by IP, IPv6, IPX

Protocols: IPSec

Devices: Routers, Layer 3 switches”

52
Q

Transport Layer

A

“receives segments from the Network layer and organizes them into smaller segments; packets are disassembled and reassmbled at the Transport later.

Responsible for error detection and correction, flow control and sequencing

Protocols: TCP(connection-oriented, reliable) and UDP (connection-less, unreliable)”

53
Q

Session Layer

A

“establishes and terminates connections between applications. It’s responsible for establishing, maintaining, and terminating data communications between devices.

Protocols that operate at the session layer include PPTP, ZIP, SCP, and SIP”

54
Q

Presentation Layer

A

“receives data from the Session Layer

Responsible for converting and representing data in different formats, including data-based, character-vased, image-based, audio-based and video-based presentation formats

Formats: ASCII, GIF, JPEG, MPEG, QuickTime

Data compression and encryption handled here”

55
Q

Application Layer

A

“receives data from the Presentation layer

responsible for converting data into a format that is usable by applications and directing the data to the proper application window.

Technologies: HTML, HTTP, FTP, TFTP, DHCP, DNS, SMTP, POP3 and SSH”

56
Q

Subnet Mask for Point-to- Point Links

A

/30: used to conserve IP addresses for point-to-point links. It indicates that 30 bits are used for the network portion of the address and that 2 bits remain for the host portion of the address, which allows for 2, 2^2 - 2 addresses.

57
Q

NTP

A

“synchronizes time across a network on network devices such as desktop computers and IP phones.

NTP client listens for NTP broadcasts from an NTP server, which the NTP client uses to adjust its time.

Time synchronization is important to ensure consistency of log files. In addition, time must be synchronized for certain authentication systems like kerberos to work”

58
Q

Dual Stacks

A

enables a host to communicate with both IPv4 hosts and IPv6 hosts because they are configured with one of each address

59
Q

SNMP

A

“used to manage network devices - can be used to remotely monitor and configure a wide variety of network devices such as routers, switches, and network printers

anything below SNMPv3 is insecure because it doesn’t use encryption”

60
Q

Software-Defined Network (SDN)

A

“an intelligent network architecture in which a software controller assumes the control plane functionality for all network devices because the software controller manages the control plane for the enture network, as SDN is more vulnerabile to footprinting than a traditional network Implementation

SND Architecture consists of 3 planes:

Application Plane: consists of SDN applications
Control Plane: SDN controllers, and is responsible for network decision-making in both a controller-based network and a traditional network. Control plane in a traditional network is typically distributed among many devices.
Data Plane: network infrastructure devices

OSPF: routing protocol running on a series of routers on a traditional network is one example of traditional control place. OSPF makes routing deicisons for packets that require routing among layer 3 devices. In controller-based network, the deciison making logic is either moved to a central controller or monitored by a central controller.”

61
Q

Encapsulation

A

takes information from a higer layer and adds headers to it which turns it into its data type e.g. at the Network layer a header is added to the segment and it’s then called a packet