Domain 4 Flashcards

Question 1

Q

What is a protocol?

Answer

A

It is an agreed upon set of rules. It defines the format and order of messages and actions taken upon receipt of the messages

Network protocols:

determine how computers communicate with each other
standards-based approach increase interoperability

Layered Models

Divides networking processes into manageable layers
Can modify one layer without affecting the others
Easier to understand communication functions

Question 2

Q

What is encapsulation?

Answer

A

Encapsulates data into TCP segment into an IP packet, into a frame, into bits, across the wire.

Think 7 layers - encapsulate and decapsulate the message through the 7 layers

Divide the network communications into 7 layers
Divide tasks of communication into pieces for easier implementation
Appending data around the information from on data packet to the data of another packet
Each layer encapsulates information around the packet it received from the layer immediately above it, then sent to the layer below
When the packed is received, the information that pertains to each layer is stripped from the packet as it moves up the protocol stack

Question 3

Q

What are the layers of the OSI model, in order?

Answer

A

The Open systems interconnect (OSI) model is a layered model showing the flow of information from one application on a system to another across a network. There are 7 layers in the model.

Please Do Not Throw Sausage Pizza Away

1) Physical -0’s and 1’s - bits - handles transmission across the physical media - includes such things as electircal pulses on wires, connection specifications between the interface hardware, and the network cable and voltage regulation
2) Data Link - Ethernet address and switches- Connects the physical part of the network (cables, electrical signals) with the abstract part (packets and data streams)
3) Network - IP addresses and routing - interaction with the network address scheme and connectivity over multiple network segments. Describes how systems on different network segments find and communicate with each other
4) Transport - Ports, TCP and UDP headers - interacts with you information and prepares it to be transmitted across the network. It is this layer that ensures reliable connectivity from end to end. The transport layer also handles the sequencing of packets in a transmission
5) Session - Data - hands the establishment and maintenance of connections between systems. It negotiates the connection, sets it up, maintains it and makes sure that information exchanged across the connection is in syn on both sides
6) Presentation - Data - present the data to the application in a way it makes sense - makes sure that the data sent from one side of the connection is received in a format that is useful to the other side (compresses, decompresses)
7) Application - application and its data - interacts with the application to determine which network services will be required. When a program requires access to the network, the application layer will manage requests from the program to the other layers down the stack

Question 4

Q

What are the attributes of the OSI model Layer 7 - Application Layer

Answer

A

This is the layer that is closest to the users and programs.
Identification of communication partners
Determines security aspects of communication
When a program requires access to the network, the Application Layer will manage request from the program to the other layers down the stack
PDF, adobe, browser, etc live here

Question 5

Q

What are the attributes of the OSI model Layer 6 - Presentation Layer

Answer

A

Provides representation of information to be processed by the application
Provides translation services, such as EBCDIC to ASCII
Performs encoding, compression and decompression
makes sure that the data sent from on side of the connection is received in a format that is useful to the other side

Question 6

Q

What are the attributes of the OSI model Layer 5 - Session Layer

Answer

A

Establishment and maintenance of connections between systems.
Organizes and synchronizes communication
Management of data exchange
Establishes lines of communication and initial contact to destination computers
Maintains the session allowing recovery and Restoration
Allows both half-duplex and full-duplex communications

Question 7

Q

What are the attributes of the OSI model Layer 4 - Transport Layer

Answer

A

TCP and UDP
Optimizes network service usage
Uniquely identifies endpoints by transport address
ports live here
Reliable and cost-effective data transfer and connectivity
Maintains communication integrity
Sequence control of packets in transmission, error detection and possible error recovery
Prepares your information to be transmitted across the networ.

Question 8

Q

What are the attributes of the OSI model Layer 3 - Network Layer

Answer

A

IPv4 and IPv6
Routers
Handles interaction with the network address scheme and connectivity over multiple network segments. It describes how systems on different network segments find and communicate with each other
Provides network addressing to identify endpoints
Performs routing and flow control
Establishes network connection allowing transfer of data from one network endpoint to another
Provides network path

Question 9

Q

What are the attributes of the OSI model Layer 2 - Data Link Layer

Answer

A

Ethernet
MAC addresses
Switches
Maps IP addresses to MAC addresses
Connects the physical part of the network with the abstract part
formats messages to allow for transfer of physical media
Provides addressing for physical hardware

Question 10

Q

What are the attributes of the OSI model Layer 1 - Physical Layer

Answer

A

Bits
Cables
Radio Waves
Electrcity
Light (fiber optics)
Handles transmission across the physical media
Provides for mechanical and electrical activation, maintenance and deactivation of physical connections for transmission
Converts bits into electrical signals or light impulses for transmission

Question 11

Q

What are the layers of TCP/IP?

Answer

A

Application = layer 7, 6, 5
Host to Host transport = layer 4
Internet = layer 3
Network Access = Layer 2, 1

Question 12

Q

What is the Internet Protocol (IP)?

Answer

A

Most common Layer 3 protocol

Works at the internet layer of the TCP/IP stack
Deals with transmission of packets between endpoints
The fundamental protocol of the internet

IPv4 - 32 bit source and desitnation addresses

Question 13

Q

What is Classless Inter-Domain Routing (CIDR)?

Answer

A

This is an IPv4 address class that allows for more flexible network sizes than those allowed by classful addresses. It allows for many network sizes beyond the arbitrary classful network sizes.

Slash notation, for example /8 of /20 or /10
Helps conserve IP addresses by allowing flexible subnet sizes

Once networks are in CIDR notation, additional routable network sizes are possible. Need 128 IP addresses? Chop Class C (/24) in half, resulting in two /25 networks. Need 64 IP addresses? Chop a /24 network into quarters resulting in four /26 networks with 64 IP addresses each

Designed to cut networks up more finely

Question 14

Q

What is classful addressing: A through E

Answer

A

Class A: 16.7M addresses – /8
Class B: /16
Class C: /24 - the first 24 bits describe the network and the remaining 8 describe the host
Class D: Multicast
Class E: Reserved (formally experimental)

Question 15

Q

What is IPv4 Broadcast Address and a SMURPH attack?

Answer

A

One to all type of address
- Sender will send ping to all hosts on a given network segment

Two Types:

1) Directed Broadcast - you direct to a specific network and the host portion is set to all 1s (255) which means it will send to all
2) Limited Broadcast - sends to everyone on the internet - all 1s which is 255.255.255.255. Routers block this by default otherwise you will ping the entire internet and if you get responses back its bad

SMURPH ATTACK: When you forge the address a ping is coming from to someone elses address. You ping the whole internet or a very large network. When the responses are received, it creates DOS for the address you forged the ping was coming from

Question 16

Q

What is Private Network Addressing

Answer

A

Maps private addresses to public addresses

Private IP addresses are only used internally, they are not used publically on the internet - your router assignes a private IP

IPv4 address space is scarce
- how do we solve this problem?

Set aside private addresses and marry this with NAT (network address translation). When you cross the firewall, the firewall will map you to a public address through NAT. Many people can use the public address. CIDR also allows smaller networks.

RFC 1918 is the private addresses

Question 17

Q

What is network address translation?

Answer

A

NAT - translates one IP address to another. It maps IPs and ports. It maps public to private and private to public so that not all IPv4 public addresses are used up for every single device. One router will

One to one - one internal maps to one external
Many to one - multiple map to one external
Pool NAT - maps to a set of public addresses. Commonly used in large. If you have too much traffic and you fill the NAT table, new connections will break. Pool NAT throws in something like a firewall to increase the number addresses available to avoid losing connection because of an overflow from too much traffic.

Question 18

Q

What is the Domain Name System (DNS)?

Answer

A

The DNS is the protocol for translating IP addresses to domain names and back again.

Root level servers for top-level domains (.com, .org,, .edu, .gov, etc.).

www.microsoft.com translates to the IP address.

Various networks on the internet are divided up into groups called domains. The domains are structured in a hierarchy like a tree. The top level of the tree is called the root or top level domain. There are a handful of these like .com. EAch level down the hierarchy tree ads another level to the domain. Each level can be another domain or a host computer itself

DNS has security issues:

no built-in security
Attacker can spoof responses by guessing or brute forcing the DNS transaction ID and client source port. Once this is done, the network will cache that website so anyone on the network will automatically be brought to the spoofed website instead. This is a cache poisoning attack.
Domain hijacking. It allows an attacker to take over a domain and redirect communications from a good domain to a bad one

**DNSSEC: Protect against DNS spoofing with DNSSEC (Domain name system security extentions). protect against cache poisoning and DNS spoofing. It uses encryption and PKI to provide origin authority and data integrity. It does not provide confidentiality. It authenticates the DNS server as the sender. Also has denial of existence check proving a DNS record does not exist. It is a digital signature for a packet - it can tell what you requested did not change

Question 19

Q

What are the DNS queries?

Answer

A

1) gethostbyname: when you have the fully qualified domain name or the local name within your private network and need the address
2) gethostbyaddr: When you have the address and need the name

Question 20

Q

What is IPv6?

Answer

A

Designed to meet addressing growth

128 bits = 340 undecillion addresses (7 addresses for each atom of every human)
offers greater flexibility in allocating addresses
Faster than V4 - every packet had to check a check sum in v4. Router would check the check sum at every hop, server would check the checksum at the TCP layer. So the check was done by the server. For v6 - they said drop the layer 3 checksum - routers dont check the check sum so it passes through the router faster.

Features:

Tunnel v6 over v4 - carry the packet right over there TCP goes.
If you tunnel v6 over v4 IDS have a terrible time detecting stuff
You should detect v6 over v4 tunneling in your environment
can support v4 on v6 backbone by translating v4 to v6

Question 21

Q

What is IPv6 addressing

Answer

A

use hexidecimal notation
No more NAT - and no more DHCP - how do systems assign themselves addresses?
Autoconfiguration - use your MAC address which is unique and embed it in your address and assign the network prefix

Network prefix - represented in the first 48 bits (6 bytes)
Subnet ID - configured according to the addressing needs of the org.
Interface identification - uniquely identifies the v6 node. With v6 autoconfiguration, the MAC address of the client populates the interface identification portion of the v6 address.

Take the MAC and split it in half and append the network prefix.

They now added DHCP.

Packet: - The header information has changed to accommodate the v6 protocol:
- Hop Limit - renamed time to live (TTL) - was described as seconds. But now its more a accurate because its not seconds its a hop limit.

Question 22

Q

What is UDP? User datagram protocol

Answer

A

Connectionless communications

sends packets out, doesnt care if they get there
Much less overhead
Good if small amount of packet loss is acceptable
used for things like streaming audio because can afford to lose one or two packets - do less error checking so can move faster

Testable***:

UDP ports:
— DNS (53)
— NTP - Network Time protocol) (123)
— BOOTP/DHCP (dynamic host configuration protocol) (67 and 68)
— SNMP (161)

It has an 8 byte header

source port
destination port
message length
checksum (only for v6)

So simple, build what you want

Faster and less reliable and is often the basis for query-type applications (NTP, DNS, NFS)

Question 23

Q

What is TCP - transmission control protocol?

Answer

A

Connection oriented communications

ensures reliable packet delivery
expensive overhead
3 way handshake
- — SYN
- — SYN-ACK
- — ACK
establishes a virtual connection known as a session between hosts
reliable connection over unreliable networks
you waste 6 packets on every connection sending no data - you have SYN and FIN (which is used for shut down)

Header:

urgent porter is useless (2 bytes)
sequence number makes sure packets stay in sync - so you know if something is missing or out of order
20 bytes total
a lot more in the header than UDP and IPv6
*Key fields you need to know:
Source port
Destination port
sequence number - track packets and provide reliable delivery of information
acknowledgement number - used to acknowledge the receipt of information
SYN bit - establish the connection
ACK bit - system acknowledges the receipt of information

Slower but offers reliable delivery and is the basis for most internet applications

Question 24

Q

Well known TCP protocols memorize

Answer

A

Know that FTP classical uses 2 ports (active FTP)

**Active FTP - clients port connects to server 21. Then download from server 20 to client. Brand new connection. - firewall would break the connection.

Passive FTP works normally - not a backwards connection with a separate session

1) 20 - FTP data - download data from a server source is 20 - active FTP - broke firewalls. second connection. firewall views second connection as an unrelated connection and broke firewalls. Its a separate connection but for the same session you are trying to perform
2) 21 - FTP - connect to a server from port 21

3) 22 - SSH
4) 23 - Telnet
5) 25 - SMTP
6) 53 - Domain Name System (DNS)
7) 79 - Finger
8) 80 - HTTP
9) 443 - HTTPS

you can use any ports you want but if you use your own port assignments, no one will be able to communicate with you.

Question 25

Q

What are the TCP Code Bits

Answer

A

U - URG (urgent) - lets the other end of the connection know that some important data is coming. most applications never use URG flag.

A - ACK (acknowledgement) - indicate that the sender is acknowledging receipt of some data - look in the acknowledgement number field to see which data is being ACKed

P - PSH (push) - TCP stacks usually buffer incoming data until a certain amount has been collected and then pass it in a chunk to the application. The push flag indicates that a packet shouldnt be buffered but instead it should be passed immediately to the remote application for processing.

R - RST (Reset) - upon receipt of a packet with a reset flag, a host should terminate the connection that contained that packet - tear it down, things were out of synch

S - SYN (synchronize) - synchronize flag indicates a connection request

F - FIN (Finish) - indicates that a connection is being shut down in an orderly fashion. gracefully closes down the connection vs. RST terminates it

Question 26

Q

What is TCP Port Scanning?

Answer

A

Attempt to determine all open TCP or UDP ports on a system.

Sending a TCP SYN packet may result in:

SYN / ACK: port is open and unfiltered
RST / ACK: port is closed and unfiltered - host received the packet and said no
no response: unknown
a filter may be blocking the request
cannot determine if the port is actually open or closed in this case

NMAP is a port scanning tool used to conduct a port scan

Question 27

Q

What is a socket pair?

Answer

A

It uniquely identifies a connection so that you can tell the difference between two separate connections.

Consists of the following:

source IP address
source port number
destination IP address
destination port number

If you connect to port 80 for two separate connections, everything above will be the same except for the source port number

Question 28

Q

What is ICMP? Internet control message protocol

Answer

A

It is a helper protocol to help IP run

Two purposes is:

1) to report errors - rather than transfer information - network troubleshooting
2) to provide network information. Ping and traceroute are the best known IMP applications - echo request/echo reply or ping. Ping is used to find whether a given internet host is reachable or not. Traceroute is built on ping and used to plot out the path a packet took through the network

It can also be used for flow control, rerouting packets and collecting network information

Each packet has a code and type field.

Helps troubleshoot errors

Question 29

Q

What is a ping?

Answer

A

A Ping is used to see whether a host is active. It sends an ICMP echo request and waits for an ICMP echo reply.

Question 30

Q

What is a traceroute?

Answer

A

Trace the route across the network hop by hop using ICMP - see the path taken

Shows you the path packets may take to get to a destination. May tell you the external router for a site and therefore, be used to map a network.

Cannot tell if my packets are going through all the hops. Traceroute is what does this. it lists the routers.

traceroute uses combination of TTL and ICMP replies to map out the route packets take from one computer to another. The command works by sending a series of packets all going to the same destination with TTL values starting at 1. They will receive a TTL expire at the first hop so they now know the first router. Then they will do TTL 2 and learn the second router and so on.

Question 31

Q

What is Secure Shell (SSH)?

Answer

A

An application layer security protocol.

It is TCP port 22
supports authentication, compression, confidentiality and integrity
RSA certificate exchange for authentication
Supports a wide variety of ciphers, including Triple DES, AES, Blowfish and many others
SSH version 1 was vulnerable to a man in the middle attack, version 2 is strongly recommended

Question 32

Q

What is Secure Multipurpose Internet Mail Extensions? (S/MIME)

Answer

A

Secure email.

Allows users to easily exchange encrypted and digitally signed messages, even if they use different email programs.

Question 33

Q

What is SSL and TLS?

Answer

A

Secure Socket Layer and Transport Layer Security

They are both application layer protocols

SSL was released by Netscape in 1994
TLS version 1.0 is SSL version 3.1
TLS is an upgrade to SSL 3.0
Retains backward-compatibility with SSL
Current version of TLS is 1.2
TLS may be used as a tunneling protocol - not just encryption for web traffic but also email, chat, etc.

Question 34

Q

What are some other TCP/IP protocols?

Answer

A

1) Telnet - Terminal emulation across a network. Cleartext authentication and data transfer - no confidentiality

2) File Transfer Protocol (FTP) - allows file transfer over network. cleatext authentication and data transfer. No confidentiality - only cleartext. TCP port 21. Extra TCP port for data channel
* *Note that FTP uses two ports.
- — TCP port 21 where commands are sent
- — TCP port 20 where data is transferred - Active

** Many firewalls will block the active FTP data connection. Passive FTP addresses this issue by keeping all communication from client and server

– active gets blocked by firewalls and passive does not

–passive maintains client server order. active changes the client server order

3) Simple Mail Transfer Protocol (SMTP) - used to send and receive email between mail servers. TCP Port 25

4) Trivial File Transfer Protocol (TFTP) - allows file transfer over network. Not authentication or confidentiality - only cleartext
UDP port 69

Question 35

Q

What is SNMP? - Simple Network Management Protocol

Answer

A

Primary use-case involves monitoring of network devices for performance metrics and error conditions

SNMP uses read and write strings to act as passwords.

Version 2 and older use cleartext community strings - allows you to read the device. If you have access to the read string it allows read access to the managed device. Write access allows modification of a device such as changing the router configuration.

Version 3 support encryption - V3 is is strongly recommended

Very dangerous if you dont secure it. especially the write strings

UDP port 161

Question 36

Q

What are multilayer protocols?

Answer

A

1) SMTP
2) TCP/IP
3) DNP3 - distributed network protocol is
- — open protocol that supports the smart grid - used to provide interoperability between various vendors SCADA systems
- — became an IEEE standard in 2010 - IEEE 1815-2010 and allowed pre-shared keys is now deprecated
- — IEEE 1815-2012 is the current standard that supports PKI

Question 37

Q

What is Network Attached Storage? (NAS)

Answer

A

Network attached storage (NAS) provides file and directory access via ethernet and reading and writing entire files over a network.

Uses TCP/IP

Historically, computers used DAS, such as IDE or SATA drives and directly connected disk controllers which provide block level access. NAS does not provide direct access to blocks or clusters

NAS allows reading/writing entire files via a network

Question 38

Q

What is Storage Area Network (SAN)

Answer

A

SAN gives block level access - it acts like a disk that is in your computer but it is over the network.

SAN is block access via the network
NAS is reading and writing entire files

These are the key distinctions.

Common SAN solutions include Fibre channel (FC), FCoE, iSCSI

Storage is called fabric

Question 39

Q

What is iSCSI (Internet Small Computer System Interface

Answer

A

It offers SCSI disk access via the network (TCP/IP)

routed via IP
can span large areas

It is a type of SAN

Question 40

Q

What is FCoE - Fibre Channel over Ethernet?

Answer

A

It expands Fibre Channel (FC) which was designed for high-performance directly attached storage over the internet through ethernet netowrks

Unlike NAS - TCP/IP is not used. It runs directly on top of layer 2 (Ethernet)

It is a type of SAN - forms a network called fabric

Three flavors of Fibre Channel:

1) FC - does not use Ethernet at all. does not scale well uses channels like a telephone circuit which allows high speed with low overhead.
2) FCoE - uses custom cabling and switches. It encapsulates fibre channel frames via ethernet for layer 2 transport. This allows FCoE to use typical networking equipment such as ethernet switches, which typically offer higher speeds for lower costs compared to FC. Does not use TCP/IP - it is not routable through IP. Local subnet only. Cannot route
3) FCIP - fibre channel over IP - allows you to route

Question 41

Q

What is VoIP? Voice over internet protocol

Answer

A

Technology that allows phone calls to be routed and transmitted using a data network (IP).

Voice traffic is digitized before it is sent over IP.

Attributes:

Can be used between any combination of analog telephone adapters, IP phones, and computers
Reduce operating costs
combines data
is cost effective
allows for redundancy (you can have VoIP and telephone lines)
Exposure and Security issues - Private Branch Exchange systems - contain maintenance hooks for providing remote maintenance capabilities over the phone line. If an attacker learns the number for connecting to the back door and is able to authenticate, the attacker may be able to make calls on the company’s account or access sensitive voicemail messages.

Question 42

Q

What is the VoIP architecture? indicating he wishes

Answer

A

What are the ways you can integrate VoIP?

1) PSTN (public switch telephone network) PBX (private branch exchange) / VoIP integration
- — Integrate PBX connected to a public switched telephone network with a VoIP network. This allos for a phased approach to a VoIP network leveraging existing traditional voice services in conjunction with new VoIP deployment.
- — common and phased approach
- — Combines traditional and VoIP networks

2) IB PBX/PSTN integration
- — Use IP PBX and connect to PSTN network directly. All local users utilize VoIP phones to connect to the IP PBX which provides direct connectvity to the PSTN for outbound calls
- — Users must use VoIP phones
- — IP PBX (soft switch) routes call

3) Pure VoIP networks:
- — VoIP peers only
- — Call to PSTN is not available
- — also known as walled garden approach only provides connectivity to other VoIP callers

4) VoIP / PSTN integration provider services
- — cost effective and minimal investment approach
- — IP PBX on a server or workstration using commercial or free software and pay a VoIP integration provider to provide PSTN connectivity with a block of direct inbound dial (DID) phone number. The service is provided over the internet.

Question 43

Q

What are the component you need for VoIP?

Answer

A

1) Media gateways - converts traffic between a packet-switched network and a circuit switched network
2) Registration and location servers
3) proxy servers
4) messaging servers
5) end-user devices (Voip phones, soft phones)

Question 44

Q

What are VoIP traffic patterns?

Answer

A

Call setup involves registration and location servers
Packetized audio travels between two VoIP entities directly - two phones or a VoIP phone and gateway
Traffic patterns may differ

Two data streams are created: a call setup stream and a voice stream.

The call setup stream is where the caller contacts his local registration server indicating he wishes to initiate a call. The registration server contacts the recipients registration server who in turn contacts the call recipient. The callers do not communicate directly in the call setup phase but exchange messages through the registration servers.

Once the call setup phase is completed, the caller create a direct connection to the recipient to establish the voice stream.

Question 45

Q

What are the protocols of VoIP? (note these are all plaintext)

Answer

A

1) Signaling (H.323,SIP) - set up and tear down calls, locate users negotiate protocols (H. anything is old legacy. SIP is modern design, they NAT and firewall nicely) - Signaling is calling, hanging up
- — Signaling protocols are H.323 and SIP
- — H.323 - legacy protocol to handle AV call establishment (call setup) and call tear down functions. Uses TCP or UDP. Supports both voice and video traffic. Does not tolerate NAT or Firewall
- — SIP (session initialization protocol) - Plaintext lightweight protocol using HTTP like expressions. Primarily UDP based but can use TCP. easy debugging with ngrep, tcpdump. This is an alternative to H.323. Allows for new functions to be created but also have backward compatibility.

2) Media (RTP) - the actual voice- transport of packetized voice traffic between two VoIP devices.
- — Media Protocol is RTP - plaintext voice. commonly uses UDP but can use TCP. RTCP is used for statistics reporting. SRTP is a secure real-time transport protocol which is an alternative supporting encryption (AES). transmits voice content between VoIP devices.

3) Supporting protocols - used to support VoIP signaling and media protocols including IP, TCP, UDP, and many others

Note that not all VoIP networks are based on standards based protocols. Sometimes, the supporting signaling and media protocols is proprietary and not open to public scrutiny. While proprietary protocols may boast feature of simplified deployment and use models over open standards, the security of these protocols is always suspect. By using a proprietary protocol, you rely on the vendor offering the protocol as a measure of the quality and security of the implementation

Question 46

Q

What is wireless - 802.11

Answer

A

**What is the fundamental risk with wireless? - you have lost physical control of the network - lost control of the physical network - signal is leaving your four walls. with wires the network is in the building but with wireless it goes out. Also - we used to have little security

11 is the standard that supports two physical layers
- infrared
- radio frequency (FHSS and DSSS)

Types:

802.11b - most common for us on wireless LANs - uses DSSS - 11 mbps at 2.4 GHz
802.11a - 54 mbps at 5 GHz
802.11g - 54 mbps at 2.4 GHz
802.11n - 300 mbps at 2.4 GHz and 5 GHz
802.11ac - 1.3+ Gbps at 5 GHz

Question 47

Q

What are 802.11 network modes?

Answer

A

1) managed mode
- aka client mode
- how wireless clients connect to wireless access points

2) Master mode
- aka infrastructure mode
- How wireless access points operate and communicate

3) Ad hoc
- peer to peer client only mode with no central access point
- also called independent basic service set (IBSS) network configuration

4) Monitor mode
- read only mode that sees the entire wireless frame
- used for passive sniffing

Question 48

Q

What is WEP? Wired equivalent privacy protocol?

Answer

A

WEP was one of the first wireless protocols. Do not use it anymore

This is very insecure. initially it was plain text but the encryption now is not strong

Inability to rotate WEP keys produced stagnant shared secret implementations

Question 49

Q

What is Wi-Fi protected access? WPA

Answer

A

WPA - improvement of WEP. designed for older hardware. simpler version of WPA2 but still has flaws. better than WEP but still not as strong as you would want. Choose WPA2

WPA2 - 802.11i - vast improvement over WEP, requires NIC and AES - this is the best, real deal security - solid solution

Question 50

Q

What is the difference between internet, intranet and extranet?

Answer

A

1) Internet
- runs on TCP/IP
- global network of public networks
- operated either for public access of private data exchange

2) Intranet
- based on organizations internal physical network infrastructure
- TCP/IP and HTTP standards
- Web browsers
- intranet is owned by you - you own the routers and servers

3) Extranet
- private network using internet protocols
- accessible by partners and vendors outside of the organization but not by the general public
- I have an intranet and you have an intranet and we vpn together - this is an extranet - when you link two intranets

Question 51

Q

What are the types of networks

Answer

A

1) PAN - personal area network - one room
2) LAN - local area network - one building
3) CAN - campus area network -
4) MAN - metropolitan area network - office park
5) WAN - wide area network - can be public or private
6) GAN - global area network - internet

Question 52

Q

What are the LAN transmission methods?

Answer

A

Unicast - packet is transmitted from the source to a single network destination - one to one - when you surf to google

Multicast - packet is transmitted from a source to multiple, selected destination network addresses - one to a pre-selected many - voice over IP uses this - streaming server that is sending a stream of hold music to 1,000 phones. you use multicast - it sends one stream and it reaches a router and the router has multicast devices and then splits.

Broadcast - packed is transmitted from from a source to all network addresses - 255.255.255.255

Question 53

Q

What are the types of physical topologies?

Answer

A

Physical: Defines how systems are connected together via cables or wireless devices.

1) Bus - legacy ethernet - all network nodes are connected by a common media bus. Straight line across each device. Any break in the bus breaks connectivity for all systems.
- — Tree - multiple branches with nodes on each branch - used to connect multiple buses togeter

2) Ring - legacy. Data passes through all nodes in a circle. The ring fails when broken. FDDI added a 2nd ring for fault tolerance
3) Star - most common on modern networks - all network nodes are directly connected to a central host. Multiple point to point connections to a central device (hub or switch) with good fault tolerance, traffic isolation provided by certain hardware, scales well, high wiring cost for large installations

4) Mesh
- — Fully connected mesh - all network nodes are connected to every other node
- — Partially connected mesh - not all nodes are directly connected

Question 54

Q

What are the types of logical topologies?

Answer

A

Logical: After the systems have been interconnected by a physical topology, they need to know the rules for sending signals to each other. These rules are specified by media access protocols. The Logical topology defines the rules of communication across the physical topology (media access technology). Makes sure that the signal sent by the system makes it way to the destination.

Types:

1) Ethernet
2) ATM (Asynchronous Trasnfer Mode
3) High-Level Data Link Control (HDLC)
4) Integrated Services Digital Network (ISDN)
5) X.25

Question 55

Q

What is LAN Transmission Protocols?

Answer

A

Carrier Sense Multiple Access (CSMA)
- The computer continously monitors the common transmissionline and transmits when the line appears to be unused.

If the transmission conflicts with another transmission, one of the following two behaviors occur:

1) Persistent carrier sense - If there is no acknowledgment the computer re-sends the frame
2) Non-Persistent carrier sense - The computer waits a random amount of time before resending the frame

Question 56

Q

What is Carrier Sense Multiple Access Collision Detection (CSMA/CD)?

Answer

A

It is used to immediately detect collisions within a network. This is how modern ethernet runs. requires systems that can send and receive simultaneously

It takes the following steps:

1) Monitor the network to see if it is idle
2) If the network is not idle, wait a random amount of time
3) If the network is idle, transmit
4) While transmitting, monitor the network

If more electricity is received than sent, another station is sending: As you are transmitting on the send pair, you are monitoring on the receive pair. You monitor the voltage coming back in. If you get back more than you are sending you Jam (tell the nodes to stop transmitting. Then wait a random amount of time before retransmitting

Question 57

Q

What is Carrier Sense Multiple Access with Collision Avoidance? (CSMA / CA)

Answer

A

11 wireless networks employ CSMA/CA
- avoidance rather than detection of collisions

Transmission occurs only if the communication medium was determined to be available with another node not already transmitting

Use this if you cannot send and receive simultaneously - not as fast as CD

Question 58

Q

What is Polling?

Answer

A

If you have two systems on one cable you have an ethernet network. No need for server, master, primary, etc.

Polling needs a polling server. You only speak when given a slot. You can only send when given permission.

Secondary computers are assigned a specific period of time to transmit by a primary computer

If a secondary computer does not have any data to transmit, the primary computer moves on and provides another secondary computer with the opportunity to transmit

This is legacy on LAN but still used on some WAN

Question 59

Q

What is Ethernet?

Answer

A

Ethernet is a “baseband” or shared media. it is by far the most popular media access protocol used in LANs. A chunk of data transmitted by Ethernet over the wire is called a frame. On an Ethernet network, only a single node should transmit a frame at a time. If multiple systems transmit simultaneously, a collision will occur.

only one station is allowed to transmit at any given time within a single collision domain
All stations are required to monitor their transmission to check for collisions-
data is transmitted using CSMA/CD bus technology

Three cable standards:

Thinnet - 10base2, 10 mbps - bus technology
Thicknet - 10base5, 10 mbps - bus technology
Twisted pair - three types - we twist because electricity creates magnetism - the message would jump from wire to wire. twisting creates magnetic fields so that they dont jump and cancel each other out
— 10baset - 10mbps
— 100baset - 100 mbps
— 10000 baset - 1 gbps

Question 60

Q

What are WAN technologies?

Answer

A

Connections among greater distances comprise and are better served by a Wide area network (WAN).

The following are WAN technologies:

Circuit vs. packet switching
Leased lines
SDLC and HDLC
Integrated Services Digital Networks (ISDN)
DSL and cable modems
X 25
Frame Relay
ATM
MPLS

Question 61

Q

What are circuit switched networks?

Answer

A

Switches establish a dedicated physical circuit between sender and receiver for a communication session.

For communications that need to have a constant connection

Provides a single transmission path

Before packet switch and not as resilient

Question 62

Q

What is a packet switched network?

Answer

A

For bursty communications. Data to be transmitted is partioned into packets, where each packet is assigned sequence numbers as they are transmitted. These packets are sent to the destination through router

fault tolerant

Question 63

Q

What is a virtual circuit?

Answer

A

Path through intermediate devices and bridges to set up communication with a partner station. The path is used for duration of a session. can run virtually over packet switched networks

They are not like bridged networks where forwarding decisions are made on a frame by frame basis and there is no concept of a communication session

Two types:

1) switched virtual circuit - dynamically established as required. disconnected when transmission is complete. Three phases - establishment, transfer, termination
2) permanent virtual circuit
- permanently connected eliminates overhead of establishment and breakdown

Question 64

Q

What are leased lines?

Answer

A

***Memorize the Speeds!

Leased lines are permanent connections established between nodes
- Circuit or channel dedicated for point to point even when not is use

Types:

T1: DS1 formatted data transmitted at 1.544 mbps through the telephone network
T3: DS3 formatted data transmitted at 44.736 mbps through the telephone network
E1: Wide area digital data transmission at 2.048 mbps (used in Euroope)
E3: Wide area digital data transmission at 34.368 mbps

Answer 65

A

SDLC = Synchronous Data Link Control

Operates at Data link layer, Layer 2
Uses a polling media-access method
Primary station controls all communications with secondary stations
speak when given a slot to speak

HDLC = High level data link control

successor to SDLC
Operates at layer 2
Controls data flow and provides error correction
Uses synchronous serial links
Supports point to point multipoint communications. Used by X.25 and Frame Relay to move packets across the WAN cloud.
I designates a primary and secondary station in its communication and can operate in three modes:
— Normal response Mode (NRM) - primary station initiates communications with the secondary. The secondary transmits only as a responder when instructed by the primary - classing polling - what SDLC does , speak when given a slot to speak
— Asynchronous Response Mode (ARM) - secondary can transmit without permission from the primary and can initiate communications itself. Primary retains the responsibility of error recovery, link setup and link term
— Asynchronous Balanced Mode (ABM) -both stations have equal responsibilities and can transmit and receive messages independently over a duplex line

Answer 66

A

Integrated Services Digital Network (ISDN)

Leverage the telephone lines into homes for data rather than just voice. ISDN tied up the phone line

High cost and low speed

DSL later provided broadband speed over existing telephony networks

Wanted to ride at was already built.

First attempt was ISDN - but it was not heavily implemented and DSL came into play which was more advanced

Answer 67

A

Digital subscriber line:

can use the same cable for analog and digital data
came after ISDN and was more successful
high speed broadbadn connectivity over existing phone lines
lower cost and higher speed than ISDN

DSL can be either : Know the numbers

1) Symmetric (upload / download) - uses one cable
- — Symmetric Digital Subscriber Line (SDSL) (one pair and one cable at symmetric speeds)- symmetrical upload and download; 1.544 mbit/s (t1); proprietary technology
- — High bit rate digital subscriber line (HDSL) - Symmetrical upload/download rates including both T1 equivalent and E1 equivalent 2.048 mbit/s
- — Single-pair high speed - digital subscriber line (SHDSL) - standardized version of symmetric DSL that laregely replaced SDSL and HDSL implementations. Higher speeds up to 5.696 mbit/s were possible

2) asymmetric (faster download) - uses two cables and has quicker speeds - more common than SDSL
- — Asymmetric Digital Subscriber Line (ADSL) - 12 mbit/s down; 2.5 mbit/s up
- — ADSL2+ - 24 mbit/s down; 3.5 mbit/s up
- — Very high speed digital subscriber line (VDSL) - 52 mbit/s down; 16 mbit/s up
- — VDSL+ - Interoperable with ADSL2+; 100 mbit/s split across up and down possible at 1,600 ft (distance to central office); performance extremely dependent upon distance to provider

Answer 68

A

Provides broadband internet connection
Cable modems in a geo area share a single coaxial cable to access the internet
Data rate is a function of the number of concurrent users
Operating range: 1,000 - 4,5000 to the powered building/room

Answer 69

A

Packet switched network that is global and not the internet. It is privately controlled by telecom companies.

This is legacy but still exists

You want to send 100 mgb data from london to DC, if you both have internet you can do that. but in 1992 that was unlikely. Try to analog modem call is slow.

X.25 is POP - point of presence - pool of modems. Every city has a POP. Dial into local POP in London and traverse the X.25 network, and then dial out of the local pop in london to call DC

Provides error checking, windowing and re transmission services that are not available in frame relay but is slower

Answer 70

A

ATM - another way of sending signals over the wire.

Uses virtual path identifiers (VPI) to create end-to end connectivity.

Uses fixed data cell size (48 bytes) for better quality of service and fixed header size (5 bytes) coupled with small data cells which result in significant overhead

Used for establishing high speed backbones that interconnect smaller networks and can carry signals over significant distances.

Answer 71

A

common technology for providing WAN access between networks. MPLS networks are often thought of as VPNs, but it is important to note that MPLS does not provide any encryption. This must be done separately (IPsec).

It applies labels to packets

Answer 72

A

‘1) Modem - modulates digital binary data to be carried over analog networks; receiver demodulates analog data to digital binary.

2) CSU/DSU - converts lan protocols to allow transfer over WAN equipment- the demarc equipment - where you hit the ISP cloud.

3) DTE/DCE
- DTE - data terminal equipment associated with customer end of a WAN connection
- DCE - data communications equipment - assocaited with ISP network
These are the two routers that connect across the demarc - DTE is yours and the DCE is the ISPs first router - the cable swings across the demarc

Answer 73

A

Layer 1 device

Signals deteriorate with distance

Repeaters recreate signals before retransmitting

Answer 74

A

Repeats data it receives on on port to its other ports. Data sent by one system is repeated to all other systems on the hub. Does not have traffic monitoring capabilities and cannot control which ports should or should not receive the framd, forming a large collision and sharing data that is destined for someone else

replicate or amplify data
connect multiple LAN devices together
No security

Answer 75

A

Lyer 2 device used to connect two physical segments of a network, When it receives a frame on one of its ports, it decides if the data should be sent to the other port. This allows a bridge to automatically control the flow of data between network segments that it connects

Learns which systems reside on which network segment by recording the MAC address of frames that pass through it to construct a table that maps MAC addresses to network segments.

Splits larger networks into smaller segments.

It does not forward traffic unless necessary

Answer 76

A

Layer 2 device

Learns the MAC address of each system and associates it with its port. It provides physical and logical traffic isolation which makes sniffing ineffective

It re-transmits data to multiple ports but can monitor and control traffic between ports. It forwards information only to its destined location.

Physical and logical traffic isolation

Answer 77

A

Virtual local area network:

defines LANs logically, not physically
provides traffic isolation
each system on a vlan will see other vlan members broadcast traffic
two systems on different vlans will not see the others braodcast traffic

allows multiple lans on one switch

you have to also filter - they cant see each others broadcast but they can talk to each other so to avoid that you need to filter

Answer 78

A

Layer 3 - network layer

basis of the Internet
Examines IP source and destination addresses in packets and forwards packets to the intended network.
Maintain tables with routing information that point to all reachable networks

they are perimeter devices because they interconnect logical networks. A switch or a bridge connects physical segments that reside on the same logical network.

Routers determine which path packets should take to get from one network to another. A router makes decisions where to direct data that passes through it. A router makes decisions by looking at IP addresses to forward packets.

Main focus is that they process IP traffic that originates from or is destined to an Ethernet based network

Answer 79

A

Used for high-speed analog and digital transmission with high immunity to interference
50 ohm cable for digital signaling
75 ohm cable for high speed data and analog signals
can transmit for longer distances without amplification

two types of transmission schemes

baseband - single channel of information
broadband - multiple channels of information

Answer 80

A

two insulated wires twisted in opposing rotations - this provides for cancellation of common mode noise and interference

Two kinds: unshielded twisted pair and shielded twisted pair

Unshielded twisted pair types:

category 1 - standard telephone wiring
category 2 - <4 mbps; EIA/TIA - 586 standard
category 3 - 10 mbps; in 10baset networks
category 4 - 16 mbps; applied in token ring networks
category 5 - 100 mbps; standard for LANs
category 6 / 5e - 1000 mbps; now being specified instead of category

Answer 81

A

Fiber-optic

cable comprising bundles of optical fibers
information transmitted as light signals
resistant to electromagnetic interference

Crossover cable

wire two ethernet devices without hub, swtich or bridge
two and only two devices
cross +TX to +RX o r-TX to -RX

Answer 82

A

data is sent by changes in levels of voltage or current in a sequential fashion

start bit or bits indicate the beginning of the sequence

stop bits indicate the end of the sequence

modems and dial up operate this way. the transmitting and receiving equipment agree upon and operate at the same data rate - start and stop bits help reduce any issues from with clock synchronizations between devices

Answer 83

A

Transmitting and receiving stations are synchronized

each unit of data does not need a start or stop bit

transmission is more efficient

transmits at high data rates and is synchronized with electronic clock signals

Answer 84

A

1) MAC Address
2) IP Address

There is no relationship or direct connection between a MAC or an IP

IP gets the data to the router and MAC gets it to the system.

If you are given one address there would be no way to know what the other address is. If given one address, you can find out the other address by sending out a packet. The protocols to do this are ARP and RARP

Answer 85

A

Media Access Control:

48 bit address written as 12 hexadecimal digits grouped in pairs of two
64 bit now exists
MAC address is hard coded into a Network interface card (NIC) and does not change
Every MAC address is unique
Vendors have a code that is the first 6 digits and the same for all of their products (first 24 bits (organizationally unique identifier (OUI) and then the second 6 digits are assigned by the vendor and unique
They are designed to be globally unique in hardware* *** a hardware MAC is unique across the internet at all times

Answer 86

A

An IP address is

32 bit (IPv4) and 128 bit (IPv6)
Part network and part host (CIDR)
configured by the user
changes based on location

Answer 87

A

1) ARP = Address resolution protocol - Given an IP address, it will find out what the corresponding MAC address is. Broadcast messages are sent to all the machines on a network. The source host sends the aRP request and includes its source MAC and IP address. ARPs will not pass through a router.
* ***IP to MAC

2) RARP = Reverse Address Resolution Protocol - Given a MAC address, it will find out what the corresponding IP address is
* ***MAC to IP

Answer 88

A

Routing protocol learns the best routes, all the routes, fastest routes, low latency, less hops, high bandwidth, the routing protocol should choose the best route. If that route is unavailable, the routing protocol should re-route so quickly and automatically

1) Distance Vector
- — RIP

2) Link State
- — OSPF

3) Border Gateway Protocol (BGP)

Answer 89

A

Each router identifies all of its neighbors or routers to which it has a direct connection. Any router that it is directly connected to has a distance of 0. By using the information it receives from its neighbors, it buils a routing table based on metrics to determine how many hops it would take to get to a destination network.

Figures out distance metrics to each network

Problems - routing loops if convergence problems happen

Solutions (applicable to RIP)

define a maximum hop count
split horizon - never send something back from where you got it - dont argue back. When NYC says down, dont argue up back
poison reserve - variation of split horizon where router entries are not modified until all routers have had a chance to make the update - instead of deleting the route, make it infinite. Dont delete it because you dont want to forget it
hold down timers - tell routers to hold any changes that might impact routes for a period of time - once you decide to make the route infinite, hold it down - I have made a decision and I am not changing it - timer will make you stuck to the decision and then hopefully you re-converge at that time

RIP - a distance vector protocol - **worst protocol

Hop count is used as the metric
Finds the minimum hop count but doesnt mean that is the fastest route
Max hop count is 15
Routing updates are every 30 seconds - waste of energy and time
Can load balance over multiple paths
Native routing protocol on UNIX - got a longer shelflife because UNIX could do it by default
Only knows about its directly connected links, you want a router to know everything in the network, not only what it is near it.
used internally only

Answer 90

A

Shortest Path First algorithm

Software is OSPF - open shortest path first
shortest path - not by hops but shortest in time
event driven updates - not constant updates
it is open source which is favored by the exam**
Maintains topology information
Has full knowledge of all routers and how they connect - each router has a map of the entire network it is routing for - the entire AREA - the area is the network you are routing for - knows entire network and entire routers in it
All routers have similar picture of the entire network
used internally only (IGP) interior gateway protocol

Answer 91

A

Border Gateway Protocol

Specifies routing between autonomous systems or networks that are very large (autonomous is a network or groups of networks that are under the control of a single entity) - the internet is composed of a large number of autonomous systems that are interconnected
**autonomous system means route to the organization, not to the network. Dont treat my network as a network address, treat it as an org. I have multiple entry points, send it to the best one
internal and external and is the routing protocol for the internet
Is an exterior gateway protocol (EGP)
Issue - who can send updates? Need to authenticate the updates but with BGP, this is not done and it is essentially trust based

How to decide on the internet, whose route is best? If you do not own all the routers, it is hard

Performs three types of routing
— interautonomous system routing - occurs between two of more BGP routers in different autonomous systems. Peer routers in these systems use BGP to maintain a consistent view of the internetwork topology. BGP neighbors communicating between autonomous systems must reside on the same physical network - internet public routing
— intra-autonomous system routing - between two or more BGP routers located within the same autonomous system. Peer routers within the same autonomous system use BGP to maintain a consistent view of the system topology. BGP also is used to determine which router will serve as the connection point for specific external autonomous systems - intranet routing, internal
— Pass-through autonomous system routing - between two or more BGP peer routers that exchange traffic across an autonomous system that does not question and run BGP. In a pass-through autonomous system environment, the BGP traffic did not originate within the autonomous system and is not destined for a node in the autonomous system - extranet - between two intranets

Answer 92

A

Distance Vector:
— has information only on neighbors
— Simple metric, such as hop count
— frequent updates
— slow convergence

Link State:

— view of entire network
— calculates shortest path to each router
— event triggered updates
— fast convergence

Answer 93

A

Routers do one of two things:

1) sends packets
2) decides where to route and send packets - each router is an independent agent following a protocol but its the routers decision

SDN - router only forwards packets and the SDN tells it how to route. it makes the decisions centrally - the routers become simpler.

You can centrally control routes and filtering.
separates a routers control plan from the data (forwarding) plane

This leads to 0 trust networks SDN is a building block to this. 0 trust = Network is always assumed to be hostile. Ability to filter and firewall between every connection - everywhere. Encrypt and log all traffic. Google embraces - trust

OpenFlow protocol - used for remote management of the data plane in SDN. TCP that uses TLS encryption

Answer 94

A

Content Distribution Networks

They improve performance and availability by bringing data closer to users
They use a series of distributed caching servers
They determine servers closest to end users
AKA Content Delivery Networks

If you are downloading a video from youtube, your ISP may push the content closer to you. If the content is in the ISPs cloud, they will deliver it to you locally instead of going back over the internet.

Answer 95

A

It is access to the network remotely using data networking technologies.

Protects confidentiality, availability and integrity
Restricted address:
- — authenticates user node (not the user)
- — determines authorized users based on source IP address
- — Allows access to addresses on approved list

Answer 96

A

Virtual private network:

data is encrypted at one end of the VPN from cleartext into ciphertext
ciphertext is transmitted over the internet
Data is decrypted at the other end of the VPN

They are an alternative to costly inflexible private circuits. Set up virtual circuits across public networks such as the internet. Establish secure communication between different remote organization offices and can be used to establish remote access to internal network resources by employees from their homes or while they travel.

Advantages:

improved flexibility
can be set up rapidly
good VPN supports quality of service
lower costs

Disadvantages:

Cannot guarantee bandwidth and latency
Encrypts the stuff you want to protect but also encrypts the bad stuff and is harder to see

Solution
- Multiprotocol Label Switching (MLPS) - alternative over traditional layer 3 routing. allows forwarding of messages across the internet without requiring examination of the message contents.

Answer 97

A

Client to site VPN - laptop dial up connection to remote access server at HQ. Provide remote access from a remote client

Site to site VPN - LA office connection to DC office location. Provide connectivity to networks, such as headquarters and a remote office. gateway Devices are located in front of both networks

Answer 98

A

Standard for establishing VPNs:

It is an Open standard (RFC 2401), promoting multivendor interoperability
Offers CIA and replay attack prevention
Enables encrypted communication between users and devices
Implemented transparently into network infrastrcuture
Scales from small to very large networks
Commonly implemented

IPSEC is a collection of protocols used singly or together to implement its various network security services. Primarily, IP SEC is composed of the Authentication Header (AH) protocol, Encapsulating Security Payload (ESP), and the internet key exchange, protocol. AH provides message integrity, anti replay, and source authentication. ESP is the companion protocol to AH. Like AH, it offers message integrity, anti-replay, and authentication features but it also offers confidentiality by being able to encrypt the contents of the message

Answer 99

A

1) Authentication Header:
- data integrity - no modification of data in transit
- origin authentication: identifies where data originated
- No confidentiality
- adds authentication information into each IP packet which includes: a hash of source destination IP address and length. This is the AH and goes after the source IP address and before the data

2) Encapsulating Security Payload (ESP):
- data integrity: no modification of data in transit
- origin authentication: identifies where data originated
- confidentiality - all data encrypted
- does not pay attention to IP header but only the contents of the packet

Tunnel does not only mean confidentiality. You can have an AH tunnel that is not encrypted. AH protects the header, I know who sent it I know if anything has changed. No confidentiality

ESP protects the payload and gives confidentiality

Answer 100

A

Tunnel - If I sniff IPsec tunnel traffic, I do not know who the sender and receiver is. Sender of the data sends, hits a concentrator and the receiver receives it and two systems act as encrypters and decyrpters (concentrators. If you sniff you know the concentrators but not the senders. Sender encrypts and sends packet and then it goes to a gateway to decrrypt and then send to the receiver.

Outer IP header specifies IP sec processing destination and inner header specifies ultimate packet destination
encrypt the data and the IP header - add a new IP header then IPsec header

Transport mode - between two PCs / hosts - no other concentrators involved. PC talks to PC and no concentrator involved. Get the sender of the data and the encrypter of the data

Header after IP header, before TCP UDP header
encrypt the data

Answer 101

A

AAA services (RADIUS) to ensure the remote client can be appropriately authenticated and determine authorization

Once connected, protocols or technologies for remote access to data or systems using technologies such as RDP or NVC

User and endpoint authentication protocols (EAP, 802.1x)

TACAS
RADIUS
DIAMETER
PAP AND CHAP
PPP
EAP
802.1X
NAC

Answer 102

A

TCP based
Authentication: start, continue, reply
Authorization: request attribute value pairs (AVP), response AVP
Accounting: start, stop, more, watchdog

common way of doing routers - single sign on across many routers.

TACAS+ –> allows dual factor

AAA system

Answer 103

A

UDP based
Authentication: access request, access accept, access reject, accounting request, accounting response, access challenge, status server, status client

AAA system (authentication, authorization, accountability)

Used mainly for authentication

Answer 104

A

True AAA and newer but less supported

draft RFC
overcomes limitations of Radius (strongly recommended over Radius
authentication
authorization
accounting
significant improvement of radius

Answer 105

A

PAP (Password authentication protocol)- answer is that is the wrong answer**

worst thing on the list
sends the actual password plaintext over the wire
vulnerable to a replay attack

CHAP (Challenge handshake authentication protocol) - more secure

password never traverses the network
not vulnerable to replay attack
The client initiates communication with the server, the server sends a challenge back to the client, the user enters the password the client uses the challenge and the password to create a response, the client transmits the response to the server

nonce - a short random string

server can send a new challenge, a new nonce - not the same it has sent before.

Answer 106

A

Route IP through a modem and enter SLIP

Serial Line IP (SLIP)

defacto standard developed in 1984 to support TCP/IP based asynchronous dial up connections
does not have error detection
replaced by point to point protocol

Point to Point (PPP)

used for transmitting over dial up
allows multivendor operability
improves on SLIP
builds on slip by adding login, password and error correction
data link layer protocol
incorporates authentication methods
- — CHAP
- — PAP

Answer 107

A

PPTP - point to point tunneling protocol

tunnels PPP via IP
uses Generic Routing encapsulation (GRE) to pass PPP via IP
provides confidentiality

L2TP (Layer 2 tunneling protocol)j

combines PPTP and L2F (layer 2 forwarding, designed to tunnel PPP)
L2TP focuses on authentication and does not provide confidentiality

Answer 108

A

**very testable

Authentication mechanism
Extension to PPP
Supports a variety of authentication mechanisms
New authentication methods used as desired
Defined in RFC 2284
wireless authentication

TESTABLE DETAILS:

**EAP-MD5: one of the weakest forms of EAP. It offers client to server authentication only. It is vulnerable to man in the middle attacks and password cracking attacks. one of the weakest and only one way authentication. not mutual
LEAP - CIsco proprietary protocol and shouldnt be used
EAP-FAST (EAP-Flexible Authentication via Secure Tunneling): designed by Cisco to replace LEAP. USes Protected Access Credential which acts as a pre shared key
**EAP-TLS (EAP-Transport Layer Security) - uses PKI, requiring both server-side and client side certificates. It establishes a secure TLS tunnel used for authentication. It is very secure due to the use of PKI but is complex and costly for the same reason. Requires certificates - testable point
**EAP-TTLS (EAP-Tunneled Transport Layer Security): developed by Funk Software and Certicome, simplifies EAP TLS by dropping the client side certificate requirement allowing other authentication methods for client side authentication. It is easier to deploy but less secure when omitting the client-side certificate. Can use a password or pre-shared key
**PEAP - Protected EAP - similar to EAP TTLS including not requiring client side certification. Whether it needs a cert or not is a big testable point

Answer 109

A

Addresses layer 2 authentication
unauthorized user plugs an infected laptop into a typical network
- — laptop requests DHCP address and receives IP address, DNS settings and default gateway
- — Lack of layer 2 authentication means the malware on laptop may attach other network devices
An unauthorized user plugs an infected laptop into a switch supporting 802.1x
- — switch requests authentication from client supplicant before granting any layer 3 access
- — Unauthorized user is unable to receive IP address
- — Malware on laptop is unable to attach other network devices

You must authenticate at layer 2 - you are on an isolated VLAN. You enter your user name and password and if you are who you say you are you will move from isolated to production. You do not get an IP until you authenticate and identify yourself

Answer 110

A

It builds on top of 802.1X
- Microsoft uses the term Network Access Protection (NAP)

In addition to authentication:

are patches up to date?
is the antivirus running with current signatures?
is the firewall enabled?

If the client passes tests, access is granted
If the client fails tests, placed on isolated VLAN
- patches and antivirus updates may be provided there

Show a statement of health before you can get on the network as part of your authentication

Brainscape's Knowledge GenomeTM

Domain 4 Flashcards

Brainscape's Knowledge Genome^TM