Core Technical Skills Flashcards
List 5 IP protocols
IPv4
IPv6
TCP
UDP
ICMP
What is IPv4?
- composed of 32- bit address length
Is the IP address
192.168.10.150
an example of IPv4 or IPv6
IPv4
What is IPv6?
- composed of 128-bit address length
-latest version of IP
Is the IP address
002:0bd6:0000:0000:0000:ee00:0033:6778
an example of IPv4 or IPv6?
IPv6
What are some technical differences between IPv4 and IPv6?
IPv6 has built in QoS (Quality of Service)
IPv6 has built in network security layer (IPSec)
IPv6 eliminates NAT(Network Address Translation) and allows end-to-end connectivity at IP layer
IPv6 has larger packet headers (2x size of IPv4)
Multicasting is part of base spec in IPv6 but optional in IPv4
What is Multicasting?
Multicasting allows for the transmission of a packet to multiple destinations in a single operation
What is TCP?
Transmission Control Protocol
- Transport protocol used on top of IP to ensure reliable transmission of packets
- TCP/IP is a suite of communication protocols used to interconnect network devices on the internet
- Connection-oriented protocol
- Can be thousands of packets
What OSI Layer is TCP?
OSI Layer 4: Transport
What is UDP?
User Datagram Protocol
- Communications protocol that establishes low-latency and loss-tolerating connections between applications on the internet
- UDP speeds up transmissions by not formally establishing a connection before data is transferred
What OSI Layer is UDP?
OSI Layer 4: Transport
What is ICMP?
Internet Control Message Protocol
- Used by devices like routers, to communicate with data packet source about transmission issues.
—- if a datagram isn’t delivered, ICMP will report back to the host with details to find out where the transmission went wrong.
- ICMP gives TCP/IP a way to handle errors
- ICMP is a single packet - never more than one
What OSI Layer is ICMP?
OSI Layer 3: Network
What is 10/100/1000 BaseT?
To break down 10/100/1000 ethernet - we get 10 Megabits, 100 Megabits, and 1000 Megabits
1000BASE-T is Gigabit ethernet. 100BASE-T is Fast ethernet.
What are implications of Cat5, 5e, 6, 7 Ethernet Cables?
Implications: A strong magnet near a cable can interfere communications. We can also do cable splicing on a cable to preform man-in-the-middle attacks.
What is Cat 5/Fibre?
- Category 5 networking cable consisting of four twisted pairs of copper wire terminated with RJ45 connectors.
-Supports frequencies up to 100MHz and speeds up to 1000Mbps - Can be used for ATM, token ring, 10/100/1000Base-T networking
What is CAT5e?
- Category 5 enhanced
- Used for 10/100/1000Base-T networks.
- Four unshielded twisted pairs (UTP) of copper wire terminated by RJ45 connectors
What is CAT6?
- Four unshielded twisted pairs (UTP) of copper wire terminated by RJ45 connectors
- Can be used for ASE-T, 10/100/1000Base-T networks
What is a Token Ring network?
- Used to build LANs
- A data link for a LAN where all devices are connected in a ring or star topology and pass one or more token from host to host
What is a token?
A token is a frame of data transmitted between network points
What is wireless 802.11?
Technical standard for wireless local area network.
IEEE 802.11 uses various frequencies including, but not limited to, 2.4 GHz, 5 >GHz, 6 GHz, and 60 GHz frequency bands.
What is VLAN?
Virtual Local Area Network
- Often used to separate portions of users or servers
- VLAN enables this to be run on a single network hardware, without having geographical limitations.
What are some security implications of shared media, switched media and VLANs?
- We use VLANs for access control. A person from the guest network cannot access any data on the Sales Department
This also means that if the sales department suffers an attack, the executive department is safe, even though they are in the same office.
Advanced settings can allow some cross communication/
What tool and command would be used to analyse the output after mapping the route between engagement point and number of targets?
Nmap
nmap <target_ip></target_ip>
netcat or telnet can talk directly to the port to confirm scan results
3 common network tools
(port scanners, network sniffers and other network enumeration tools)
- nmap
- wireshark
- tcpdump
What is Ingress Filtering?
Monitors, controls and restricts traffic entering a network with the objective of ensuring only legitimate traffic is allowed to enter and unauthorised or malicious traffic is prevented from doing so.
What is Egress Filtering?
Monitors, controls and restricts traffic leaving a network with the objective of ensuring only legitimate traffic is allowed to leave and unauthorised or malicious traffic is prevented from doing so.
This is important to prevent attackers from attaining reverse shells.
What is Active Fingerprinting?
Directly sending packets to find information about a device.
- e.g. nmap is active fingerprinting
- When we see NetBIOS, SMB, MSRPC services running - we can assume it’s a windows machine
- Likely to be caught by intrusion prevention/detection systems
What is Passive Fingerprinting?
Uses sniffing instead as less likely to be detected
- wireshark - good for manual analysis
- NetworkMiner - good for automatic extraction of files, emails, etc.
Determining server types and network application versions from application banners. Evaluation of responsive but unknown network applications.
Netcat, telnet
nc<target_ip><target_port>
telnet <target_ip><target_port></target_port></target_ip></target_port></target_ip>
For SMTP - we send HELO or EHLO and if there’s a response, it’s confirmed it’s an SMTP or ESMTP service
For Web - we can send GET /HTTP/1.1 to see if there’s a HTTP response or not
What is a Network Access Control?
A NAC system can deny network access to non compliant devices, place them in quarantine or give them restricted access to computing resources, keeping insecure nodes from infecting the network.
What is Encoding?
- A command ‘language’ to format data so different devices, services and applications can understand each other.
- ASCII is an encoding format, which can be used to encode alphabets and symbols into HTML format so browsers know how to display them.
- Encoding is not meant for security.
What is encryption?
- Encryption is meant for security.
- Data can be locked with a key or passphrase - the receiver of the data needs the key to decrypt and access the data
What is Symmetric Encryption?
Both sender and receiver use the same key to encrypt data - e.g. caesars cipher
What is Asymmetric Encryption?
- Uses maths to produce public and private key - public-key cryptography
—A has private and public key
—A sends public key to B
—B encrypts data with public key and sends back to A
—A decrypts the ciphertext with the private key
^ This is more secure- even if public key is stolen - data cant be viewed without private key
- If private key is stolen - security of the data is compromised
- Often used in current web technologies such as HTTPS. Encryption algorithms - RSA
What are 10 Encryption Algorithms?
- DES (Data Encryption Standard)
- 3DES (Triple DES)
- AES (Advanced Encryption Standard)
- RSA
- RC4
- Hashing
- MD5
- SHA-1
- SHA-2,3
- HMAC
What does DES stand for? Is is symmetric or asymmetric encryption?
Data Encryption Standard
Symmetric encryption
What is 3DES?
- symmetric or asymmetric encryption?
Triple DES
- Modern and more secure version of DES
- Popular in electronic payment industries
-Symmetric encryption
Advanced Encryption Standards (AES) Key Sizes?
- AES 128 bits
- AES 192 bits
- AES 256 bits
RSA
commonly used for?
symmetric or asymmetric encryption?
SSL, HTTPS web technologies
Asymmetric encryption
What is RC4 encryption?
Insecure
Removed from use in TLS in 2015
Hashing?
Commonly used for?
- Used for error checking in data, amongst other users
- Save passwords as hashed
- When data is hashed it cannot be unhashed.
MD5?
Commonly used for?
- weak hashing
- not recommended for saving passwords
- used for error checking
- turns words into strings
SHA
SHA-1
SHA2,3
- SHA-1 is considered weak
- SHA-2 and 3 are updated versions of SHA
- SHA-256 and SHA-512 from 2021
HMAC
Commonly used for?
- Authenticating messages
Applications of Cryptography
What is:
Secure Sockets Layer (SSL) / Transport Layer Security (TLS)
- SSL 3.0 now vulnerable
- Replaced with TLS
- TLS 1.3 latest version (2018)
- SSL/TLS used to secure web traffic for HTTPS
- SSL/TLS used to generate a certificate for use
Applications of Cryptography
What is:
Internet Protocol Security (IPSec)
- Secure network protocol suite to authenticate and encrypt packets of data to provide secure encrypted communication between computers over IP network
- used in VPNs
- common VPN tunnelling protocol - other one is TLS/SSL
Applications of Cryptography
What is:
Secure-Shell (SSH)
- Used for remote access to a server/computer
Applications of Cryptography
What is:
Pretty Good Privacy (PGP)
- Encryption program to encrypt emails and hard drive disks
- Verifies id of sender
Linux File System Permissions Command
ls -la
—— Lists files with attributes
——Owner-group-others
——-777
Windows File System Permissions Command
lcacls <file_path></file_path>
Audit Techniques (accessing patch levels)
Linux commands:
uname -a
ps-aux
sudo lsof -l -P -n | grep LISTEN
netstat -ano
Audit Techniques (accessing patch levels)
Windows commands:
gen info:
systeminfo
Patch Level:
wmic qfe get Caption, Description, HotFixID, InstalledOn
Services:
wmic service list brief
Network status and services:
Netstat -ano
