Domain 1.5 Flashcards
Describe UDP and TCP
UDP uses Datagrams to move data.
TCP uses segments to move data.
- Both UDP & TCP belong to Layer 4 of the OSI model.
- TCP and UDP data are encapsulated using the Internet Protocol or (IP) in order to be sent across the network
Both protocols support multiplexing, which allows for a single host to make use of both protocols simultaneously with different applications.
Describe TCP
Connection Orientated
3-Way handshake for establishing connections
Has error detection and correction
Has packet sequencing
Makes use of acknowledgement reply from recipient. This allows for packet resubmission due to loss or corruption
Flow control possible with windowing through use of Acknowledgement from recipient.
Descript UDP
Connection-less protocol
No error detection or correction
No flow control
No re-ordering of data
What are the well known ports or Non-Ephemeral ports
Ports: 0-1023
What are the Ephemeral ports, and how is their use determined
Ports: 1024-65,535
Real time use is determined by the clients using the port numbers.
What is ICMP
Internet Control Message Protocol -
“text messaging for network devices”
- Protocol carried by IP, not used for data transfer
-Allows devices to send and reply to administrative requests (ping and response from target)
-Devices can send messages when things do go well.
What is Telnet, and which port(s) does it use
TCP/23
Remote console access for devices
Sends data in the clear
What is SSH, and which port(s) does it use
TCP/22
Used for secure connections to host devices. This allows for a remote CLI session to be established.
Makes use Encryption
What is DNS, and which port(s) does it use
DNS UDP/53
Converts Names to IP addresses
Large transfers may use TCP/53
What is SMTP, and which port(s) does it use
Simple Mail Transfer Protocol TCP/25
Server to Server mail transfer
Also used to send mail from a device to a mail server.
Commonly configured on mobile devices and email clients
Other protocols are uses to receive email (IMAP, POP3)
What is IMAP, and what port does it use
Internet message Access protocol 4
TCP/143
Allows the management of an email inbox from multiple clients
EX: delete email from mailbox on phone, IMAP allows update to be reflected on a desktop email client.
What is POP3 and what port does it use
Post Office Protocol 3 TCP/110
Basic Mail Transfer Functionality
What is SFTP and what port does it use
TCP/22 Secure FTP
Makes use of the SSH protocol to send encrypted file transfer.
Provides File System Functionality:
Resume interrupted file transfers, Directory listings remote file removal
What is FTP and which ports does it use
TCP/20 for Active mode Data
TCP /21 for Control
-Transfers files between systems
-Authenticates with username and password
- Full featured File System functionality (list, add, delete)
What is TFTP? and which ports does it use
Trivial FTP UDP/69
-Very simple file transfer:
Read Write
-No authentication, so not common in production systems
What is DHCP and which ports does it use?
Dynamic Host Configuration Protocol
UDP/67 and UDP/68
Automated configuration of IP address, subnet masks and other options.
IP addresses are assigned real time from a pool of addresses.
Addresses are leased to devices and must be renewed.
Address can also be reserved.
This relies on MAC address entry and are managed from a single location (DHCP server client)
What is SNMP, and which port does it use
Simple Network Management protocol -
UDP/161
Gathers statistics from network devices.
Three versions exist
Describe SNMP v1, v2, and v3
SNMP v1 -
Structured tables of info. Data sent in the clear
SNMP v2 - Data enhancements, bulk transfers of data, but still sent in the clear
SNMP V3 - Message integrity, Message Encryption, and authentication
What is syslog, and what port does it use?
UDP/514 - System logging
Standard for message logging
-Allows for diverse system logging and log collection.
-Consists of centralized log server/collector.
-Typically integrated into SEIMs
-Requires significant disk space as logs move through their lifecycle.
What is RDP, and which port does it use
TCP/3389
RDP allows for an interactive GUI session between a Windows device and many other OSes such as Windows, Unix, or Iphone.
You can use RDP to get access to a Virtualized Desktop, or just a containerized application.
What is NTP and what port does it use
Network Time Protocol udp/123
-Every network device uses a clock. NTP allows for the synchronizing of those clocks.
-Essential for authentication, logging, outage details, event recreation/timeline construction.
Automatic updates, and allows for large amount of flexibility for administrators.
Very accurate.
What is SIP and what port does it use?
Session Initiation Protocol - TCP 5060 & TCP 5061
-Allows for VOiP Signaling
Setup and manage VOiP sessions:
-Call, Ring, Hang up
Also allows for “Extended voice communications”
-Such as Video conferencing, instant messaging, and file transfer.
What is SMB and what port does it use
TCP /445 Server Message Block
Protocol used by Windwows for file and printer sharing.
Modern implementations called CIFS (Common Internet File System)
What is LADP and LDAPs. Which port do they use?
Lightweight Directory Access Protocol -
TCP/389
Store and retrieve information in a network directory - 389 - insecure
LADPs - TCP/636
- Non-standard implementation of LDAP over SSL, which is still in use today
What is MS-SQL and what port does it use?
Microsoft SQL TCP/1433
What is Oracle SQL and what port does it use?
Oracles SQL language TCP/1521
Also called Net8 or Net
What is MySQL and what port does it use?
Open source SQL database. TCP/3306
What is GRE?
Generic Routing Encapsulation -
-Establishes Tunnel between two endpoints.
- Encapsulates traffic inside of IP
Two endpoints appear to be connected directly to one another.
No built in encryption
What are some VPN facts
-Make use of a hardware concentrator in some cases.
-Can also make use of features built into a firewall in the case of an NGFW
- Can require specialized cryptographic hardware, or software
-Used with client software, and in some cases can be built into the OS.
What is IPsec
Internet Protocol Security -
Layer 3 Security
-Authentication and encryption for each packet
- Confidentiality (Encryption) and anti-replay ( packet signing) features.
- very standardized, which allows for multi-vendor implementations into network.
Two core IPsec protocols AH (Authentication Header) and ESP ( Encapsulating Security Payload)
Describe ESP
Encapsulating Security Payload.
A protocol of IPsec.
- Allows for Confidentiality through Encryption
- Limited Traffic Flow Confidentiality
- Anti-Replay Protection
-Data integrity
Describe AH
Authentication Header is a protocol of IPsec.
Allows for:
- Data integrity
- Data Authentication
- Replay Attack Protection
Makes use of Keyed-Hash Mechanism for Integrity (MD5, SHA-1, or SHA-2)
No confidentiality / Encryption
How does ESP secure its datagram
It creates a new IP header which masks the originator of the packet
There is an ESP header and trailer added to the packet.
An integrity Check Value is added at the end of the datagram
The original IP header, data, and ESP trailer are encrypted.
The ESP header, Encrypted IP header, Data, and ESP Trailer are all authenticated
How does AH secure its datagram
There is a new IP header created, and an AH header is added to the original data, and IP header. Then all parts of the datagram are authenticated.
What the two modes of IPsec Trffic and how do they differ?
Tunneling and transport are the two modes.
Tunneling encrypts the original IP header and data, then creates a new IP header. (encrypts entire truck)
Transport mode encrypts the Data and ESP trailer, but uses the original IP header (encrypts payload of truck)