Communications and Network Strategy Flashcards
Bluetooth
“a low-power technology defined in IEEE 802.15 standard designed to connect devices within 100 meters or less
Bluetooth v2.1 uses weak encryption cipher = E0 which uses a 128-bit key but has the strength of 38-bit key. Bluetooth v4.1 and later are more secure
Other vulnerabilities: bluejacking (unsolicited messages) and BlueBug attacks ( malicious uses can eavesdrop and/or take over the victims phone)
Uses FHSS - technique that intermittently changes the radio channels in a synchronized patter, the patter being a secret shared by transmitter and receiver which prevents the unintended from eavesdropping.
AFH enhances FHSS by applying additional logic to the sequencing patter so that it avoids overly congested channels”
SLIP (Protocol)
“at the Data Link layer, enables basic point-to-point IP-based communication between two network devices.
PRO: lower overhead
CON:It provides neither confidentiality, integrity or authentication”
PPP (Protocol)
“at the data link layer, can transmit multuple Network layer protocols on the same link e.g. PPP can transmit IP, IPX and AppleTalk over the same connection; each network later protocol requires a separate PPP Network Control Protocol (NCP).
Provides confidentiality (PPTP/L2TP), integrity (PPP native error-detection features) and authentication (PAP, CHAP, EAP) and also supports compression”
ACL Rules
“a set of rules that is used to identify and control packet flow across a network that follows a specfic-to-general pattern of matching. The LAST rule in the ACL is typically the most general rule
ACL in Action: When a packet is received by a firewall, each ACL rule is evaluated in order until a match is found, and then allows the traffic with no other rules being checked. If the packet does not match ANY rules, the firewall will apply its default rule.
Implicit Deny/Allow: Most firewalls will use an implicit DENY rule which means any packets that are not explicitly permitted are implicitly DENIED. If a firewall is configured with an implicit ALLOW rule, any packets that are not explicitly denied are implicitly ALLOWED.
Scenario: So, if you want to block a specific domain within a firewall configured with the implicit deny rule - then ““allow all”” (most general rule) must be the last rule so that any traffic that has not already been explicitly denied will be allowed by the firewall.”
SYN Flood
“occurs at the Transport layer; uses TCP which is a connection-oriented Transport layer protocol which provides reliable delivery of data
SYN Flood Attack: a DoS attack where an attacker will begin multuple TCP handshakes by sending several SYN packets that will respond with SYN/ACKs. The victim’s connection table will fill and eventually case the victim’s system to refuse connections, thereby causing a DoS condition”
Teardrop Attack
occurs at the Network Layer; uses IP; an attacker sends several large overlapping IP fragments and the victim’s system will attempt to reassemble these packets, sometimes causing the system to crash
LAND Attack
occurs at the Network Layer; uses IP; an attacker sends an IP packet with the same source and destination address and port. When the victim with that destination address reicieves the packet, it can become confused and crash
Fraggle Attack
occurs at the Transport Layer; uses UDP (unreliable); a type of DoS attack in which an attacker sends UDP echo and chargen? packets with a spoofed source address. Every device that recieves one of these UDP broadcasts will send a response to the spoofed source address, which can overwelm the device at the source address.
Smurf Attack
debated to occur in either Network or Transport Layer; uses ICMP; a DoS attack in which an attacker pings a broadcast address by sending ICMP echo request packets with a spoofed source address. Every device that reieves the ICMP ping will send an echo reply to the spoofed source address, which can overwelm the device at the source address.
TFTP Request/Response
“TFTP sever will receive a request from a client on UDP port 69
TFTP will respond to this client request using a UDP port numbered higher than 1023 that is generated by the client
TFTP servers listen on UDP port 69 for incloming client connections BUT responds by using the client’s dynamically generated port number - and would be higher than 1023 because anything below that would be for system ports”
Circuit-Switched WAN
require a dedicated circuit that is reserved for the exclusive use of two enpoints which assures a fixed and reliable bandwidth. Has something to do with a T1 line??
Packet-Switched Technologies
data on a link is broken into packets and routed individually to the correct endpoint. Each packet can take a different path across the network, and the packets are reassembled by the recieveing device. Any unused bandwitdth is made available to other connections for transmitting data
Frame Relay
“a packet-switched WAN technology that focuses on speed rather than reliability. It relies on higher-level protocols such as TCP to provide reliablity. If an error is detected in a frame as it is sent over a Frame Relay network, the frame is dropped. Endpoints must detect and retransmit dropped frames on their own.
Frame Relay operates at the Data Link layer.”
X.25
older packet-switched WAN tech that has been replaced by frame relay. But unlike Frame Relay, it provides error detection but at the cost of latency
Cell-Switched Technology
“similar to packet-switching, but instead of using variable length packets, it uses fixed length cells.
ATM (Asynchronous Transfer Mode) is an example, and uses cells that are 53 bytes long. ATM is much more predictable than packet-switched tech”
Message Switched Technology
“came before packet-switching, an entire message is routed from hop to hop until the message reaches its destination.
Telex and UUCP are examples”
TLS
“used for secure communication between a web browser and web server and extends the security of SSL.
Provides secure transmissions for application protocols by the use encryption algorithms (AES, DES, 3DES) to encrypt traffic at the Transport Layer
To implement TLS/SSL, one must obtain a server certificate from a trusted CA or internal CA and install it on the server. The server must use its server certificate the authenticate to a client computer. “
HTTP
“used to request a resource from another computer e.g. a web server, on the Internet.
Not a secure communication”
L2TP
“used in VPNS, provides the tunnel by which IP packets encapsulated in UDP packets can travel. Does not offer any security on its own
To secure the data travelling through the tunnel, L2TP is used in conjuction with an encryption protocol like IPSec”
EAP
An authentication standard developed to provide access control for network devices. When implemented, clients must successfully authenticate before the clients will be allowed to access the network.
NAC - Network Admission Control
“a feature that prevents hosts from accessing the network if they do not comply with organizational requirements such as AV definition file. Hosts that are unregistered are intercepted and is checked against the authentication server if they are in compliance.
It does not detect DoS attacks, cannot scan hosts for viruses or provide a secure tunnel for communications from a host to a server. “
VLAN Hopping
When an attacker attempts to inject packets into other VLANS by accessing the VLAN trunk and double-tagging 802.1Q frames. When successful, an attacker can send traffic to other VLANs without using a router. most likely results from hosting a VoIP system on the same switch as a data network.
MITM
occurs when an attacker intercepts packets between a source host and a destination host on a network. Attackers can use the intercepted packet to steal info or modify the packet before forwarding it to the destination host.
PGP - Pretty Good Privacy
a software application that can be used to encrypt and digitally sign email messages