Domain 4 Flashcards
OSI Model
7 layers APSTNDP
- Application
- Presentation
- Session
- Transport
- Network
- Data link
- Physical
Layer 7 Protocols
Application
SSH, HTTP, FTP, LPD, SMTP, Telnet, TFTP, EDI, POP3, IMAP, SNMP, NNTP, S RPC, and SET
Layer 6 Protocols
Presentation
Encryption protocols and format types, such as ASCII, EBCDICM, TIFF, JPEG, MPEG, MIDI
Layer 5 Protocols
Session
SMB, RPC, NFS, and SQL
Layer 4 Protocols
Transport
SPX, SSL, TLS, TCP, and UDP
Layer 3 Protocols
Network
ICMP, RIP, OSPF, BGP, IGMP, IP, IPSec, IPX, NAT, and SKIP
Layer 2 Protocols
Data link
ARP, SLIP, PPP, L2F, L2TP, PPTP, FDDI, ISDN
Layer 1 Protocols
Physical
EIA/TIA-232, EIA/TIA-449, X.21, HSSI, SONET, V.24, V.35, 802.15 Bluetooth, 802.11 Wifi, and Ethernet
Port TCP 20/21
File Transfer Protocol (FTP)
Port TCP 22
Secure Shell (SSH)
Port TCP 23
Telnet
Port TCP 25
Simple Mail Transfer Protocol (SMTP)
Port TCP/UDP 53
Domain Name System (DNS)
Port UDP 67/68
Dynamic Host Configuration Protocol (DHCP)
Port UDP 69
Trivial File Transfer Protocol (TFTP)
Port TCP 80
Hypertext Transfer Protocol (HTTP)
Port TCP 110
Post Office Protocol (POP3)
Port UDP 123
Network Time Protocol (NTP)
Port TCP/UDP 137/138/139
NetBIOS
Port TCP 143
Internet Message Access Protocol (IMAP)
Port TCP/UDP 161/162
Simple Network Mgmt Protocol (SNMP)
Port TCP 179
Border Gateway Protocol (BGP)
Port TCP/UDP 389
Lightweight Directory Access Protocol (LDAP)
Port TCP 443
HTTP over SSL/TLS (HTTPS)
Port TCP/UDP 636
LDAP over TLS/SSL
Port TCP 989/990
FTP over TLS/SSL
TCP/IP Stack
ATINA
Application
Transport
Internet
Network Access (Link)
OSI/TCP/UDP components
DSPFB
Data Segments Packets Frames Bytes
TCP Characteristics
1 Connection oriented
2 Byte stream
3 No support for multicasting/broadcasting
4 Supports full duplex transmission
5 Reliable service of data transmission
6 TCP packet is called a segment
7 Provides error detection and flow control
UDP Characteristics
1 Connection less protocol
2 Message stream
3 Supports multicasting/broadcasting
4 No support for full duplex transmission
5 Unreliable service of data transmission
6 UDP packet is called a datagram
7 No support for error detection and flow control
UTP
Unshielded Twisted Pair
Cat 5 Cat 5e Cat 6 Cat 6e Fiber optic
100BaseT, 100 Mbps, 100m max length 1000BaseT, 1 Gbps, 100m max length 10 Gbps, 100m max length 10 Gbps, 100m max length up to 2+ Gbps, 2+ kilometers max length
Star Topology
Employs a centralized connection device.
Can be a simple hub or switch.
Each system is connected to the central hub by a dedicated segment
Mesh Topology
Connects systems to all other systems using numerous paths.
A partial mesh topology connects many
systems to many other systems.
Provides redundant connections to
systems, allowing multiple segment failures without seriously affecting connectivity.
Ring Topology
Connects each system as points on a circle.
The connection medium acts as a
unidirectional transmission loop.
Only one system can transmit data at a
time. Traffic management is performed
by a token.
Bus Topology
Connects each system to a trunk or backbone cable.
All systems on the bus can transmit
data simultaneously, which can result in
collisions.
A collision occurs when two systems
transmit data at the same time; the signals interfere with each other.
Synchronous Timing
Example: networking
Communications rely on a timing or clocking mechanism based on either
an independent clock or a time stamp embedded in the data stream.
Are typically able to support very high rates of data transfer.
Asynchronous Timing
Example: example: public switched telephone network (PSTN) modems
Communications rely on a stop and start delimiter bit to manage the transmission of data.
Best suited for smaller amounts of data.
Baseband
Example: ethernet
can support only a single communication channel.
it uses a direct current applied to the cable. A current that is at a higher level
represents the binary signal of 1, and a lower level is binary signal of 0 is a form of digital signal.
Broadband
can support multiple simultaneous signals. uses frequency modulation to support
numerous channels.
each supporting a distinct communication session. suitable for high throughput
rates, especially when several channels are multiplexed.
is a form of analog signal.
TV, cable modem, ISDN, DSL, T1, T3
Broadcast
technology supports communications to all
possible recipients.
Multicast
technology supports communications to
multiple specific recipients.
Unicast
technology supports only a single communication to a specific recipient.
Carrier Sense Multiple Access Collision Avoidance (CSMA/CA)
attempts to avoid collisions by granting only a single permission to communicate at any given time.
802.11 WIFI
effective before a collision
Carrier Sense Multiple Access Collision Detection (CSMA/CD)
responds to collisions by having each member of the collision domain wait
for a short but random period of time before starting the process over.
802.3 Ethernet (token ring)
effective after a collision
Token Passing
Performs communications using a
digital token. Once its transmission is complete, it releases the token to the next system.
prevents collisions in ring networks
Polling
Performs communications using a
master slave configuration . The primary system polls each secondary system in turn whether they have a need to transmit data.
Intranet
a private network that is designed to host the same information services found on the Internet
Extranet
a section of an organization’s network that has been sectioned off to act as an intranet for the private network but also serves information to the public Internet
DMZ
demilitarized zone
an extranet for public consumption is typically labeled a demilitarized zone ( or
perimeter network
Bluetooth
Bluetooth, or IEEE 802.15, personal area
networks (PANs) are another area of
wireless security concern.
Connects headsets for cell phones, mice,
keyboards, GPS, and other devices
Connections are set up using pairing, where primary device scans the 2.4 GHz radio frequencies for available devices
Pairing uses a 4 digit code (often 0000) to reduce accidental pairings but is not actually secure.
Bluejacking
annoyance
Think of it as a high tech version of ding dong ditch, where savvy pranksters push unsolicited messages to engage or annoy other nearby Bluetooth users by taking advantage of a loophole in the technology’s messaging options.
Bluesnarfing
data theft
With bluesnarfing , thieves wirelessly connect to some early Bluetooth enabled mobile devices without the owner’s knowledge to download and/or alter phonebooks, calendars or worse.
Bluebugging
remote control
An attack that grants hackers remote control over the feature and functions of a Bluetooth device. This could include the ability to turn on the microphone to use the phone as an audio bug.
802.11
WIFI
Defines WEP
WIFI Speeds and Frequencies
- 11
- 11a
- 11b
- 11g
- 11n
- 11ac
- 11 - 2 Mbps - 2.4 GHz
- 11a - 54 Mbps - 5 GHz
- 11b - 11 Mbps - 2.4 GHz
- 11g - 54 Mbps - 2.4 GHz
- 11n - 200+ Mbps - 2.4 GHz
- 11ac - 1 Gbps - 5 GHz
TKIP
Temporal Key Integrity Protocol
was designed as the replacement for WEP
without the need to replace legacy hardware
implemented into 802.11 wireless networking under the name WPA (Wi Fi Protected Access).
CCMP
Counter Mode with Cipher Block Chaining
Message Authentication Code Protocol
created to replace WEP and TKIP/WPA
uses AES (Advanced Encryption Standard) with a 128 bit key
used with WPA2, which replaced WEP and WPA
WPA2
a new encryption scheme known as the
Counter Mode with Cipher Block Chaining
Message Authentication Code Protocol (CCMP)
CCMP is based on the AES encryption scheme
Fibre Channel
a form of network data storage solution (i.e., SAN (storage
area network) or NAS (network attached storage)) that
allows for high speed file transfers.
FCoE
Fibre Channel over Ethernet is used to encapsulate Fibre Channel communications over Ethernet networks.
iSCSI
iSCSI (Internet Small Computer System
Interface) is a networking storage standard
based on IP.
Site Survey
The process of investigating the presence,
strength, and reach of wireless access
points deployed in an environment.
LEAP
to address deficiencies in TKIP before the 802.11i/WPA2 system was ratified as a standard.
PEAP
Protected Extensible Authentication Protocol
encapsulates EAP methods within a TLS tunnel that provides authentication and potentially encryption.
EAP
Extensible Authentication Protocol
technologies to be compatible with existing wireless or point to point connection technologies
MAC Filtering
a list of authorized wireless client interface
MAC addresses
used by a wireless access point to block
access to all nonauthorized devices.
Captive Portals
an authentication technique that redirects a newly connected wireless web client to a portal access control page.
Like hotel WIFI
Antenna Types
monopole panel dipole loop cantenna yagi parabolic
Firewalls
Firewalls are essential tools in managing and controlling network traffic. A firewall is a network device used to filter traffic.
Switch
Layer 2 device
repeats traffic only out of the port on which the destination is known to exist. Switches offer greater efficiency for traffic delivery, create separate collision domains, and improve the overall throughput of data.
Routers
Layer 3 device
used to control traffic flow on networks and are often used to connect similar
networks and control traffic flow between the two. They can function using statically
defined routing tables, or they can employ a dynamic routing system.
Gateways
Layer 3 device
a gateway connects networks that are using different network protocols. also known as protocol translators, can be stand alone hardware devices or a software service.
Repeaters, Concentrators, Amplifiers
Layer 1 device
used to strengthen the communication signal over a cable segment as well as
connect network segments that use the same protocol.
Bridges
Layer 2 device
used to connect two networks (even networks of different topologies, cabling types, and speeds) in order to connect network segments that use the same protocol.
Hubs
Layer 1 device
Hubs were used to connect multiple systems and connect network segments that use the same protocol. A hub is a multiport repeater. Hubs operate at OSI layer 1.
LAN Extenders
a remote access, multilayer switch used to connect distant networks over WAN links.
Private Circuit Technologies
use dedicated physical circuits
— dedicated or leased lines — PPP (point to point protocol — SLIP (serial line internet protocol) — ISDN (integrated services digital network) — DSL (digital subscriber line)
Packet-switching Technologies
use virtual circuits (efficient and cost effective)
— X.25, Frame Relay
— Asynchronous transfer mode (ATM),
— Synchronous Data Link Control (SDLC)
— High Level Data Link Control (HDLC)
Static Packet-Filtering Firewalls
filters traffic by examining data from a message header.
Application-Level Gateway Firewalls
a mechanism that copies packets from one network into another; and changes the source and destination addresses to protect identity of internal or private network.
Circuit-Level Gateway Firewalls
used to establish communication sessions between trusted partners. They operate at the Session layer (layer 5) of the OSI model.
Stateful Inspection Firewalls
evaluate the state or the context of network traffic.
Deep Packet Inspection Firewalls
a filtering mechanism that operates typically at the application layer in order to filter the payload contents of a communication rather than only on the header values.
Next-Gen Firewalls
a multifunction device (MFD) composed of several security features in addition to a firewall; such as an IDS, IPS, a TLS/SSL proxy, web filtering, QoS mgmt , bandwidth throttling, NAT, VPN anchoring, and antivirus
Stateless (firewall state)
Watch network traffic and restrict or block packets based on source and destination addresses or other static values.
Not ‘aware’ of traffic patterns or data
flows.
Typically, faster and perform better under heavier traffic
loads.
Stateful (firewall state)
Can watch traffic streams from end to end.
Are aware of communication paths and can implement various IP security functions such as tunnels and encryption.
Better at identifying unauthorized and forged communications.
IDS
Intrusion Detection System
analyzes whole packets, both header and
payload, looking for known events. When a known event is detected, a log message is generated.
IPS
Intrusion Prevention System
analyzes whole packets, both header and
payload, looking for known events. When a known event is detected, packet is rejected
Behavior Based IDS
can detect previously unknown attack methods
creates a baseline of activity to identify
normal behavior and then measures system performance against the baseline to detect abnormal behavior.
Knowledge Based IDS
only effective against known attack methods
uses signatures similar to the signature
definitions used by anti-malware software.
Bastion Host
computer or appliance that is exposed on the Internet and has been hardened by removing all unnecessary elements, such as services, programs, protocols, and ports.
Screened Host
is a firewall protected system logically positioned just inside a private network.
Most secure
Screened Subnet
similar to the screened host in concept, except a subnet is placed between two routers or firewalls and the bastion
host(s) is located within that subnet.
Proxy Server
A proxy server functions on behalf of the client requesting service, masking the true origin of the request to the resource.
Honeypot
Lure bad people into doing bad things. Lets you watch them.
Only ENTICE, not ENTRAP. you are not allowed to let them download items with “Enticement”.
For example, allowing download of a fake
payroll file would be entrapment.
Goal is to distract from real assets and isolate in a padded cell until you can track them down.
Teardrop attack
is a denial of service (DoS) attack that involves sending fragmented packets
to a target machine. Since the machine receiving such packets cannot reassemble them due to a bug in TCP/IP fragmentation reassembly, the packets overlap one another, crashing the target network device.
Fraggle attack
is a denial of service (DoS) attack that involves sending a large amount of spoofed UDP traffic to a router’s broadcast address within a network. It is very similar to a Smurf Attack, which uses spoofed ICMP traffic using a 3rd party network rather than UDP traffic to achieve the same goal.
Land attack
is a Layer 4 Denial of Service (DoS) attack in which, the attacker sets the source and
destination information of a TCP segment to be the same. A vulnerable machine will
crash or freeze due to the packet being repeatedly processed by the TCP stack
SYN Flood attack
is a form of denial-of-service attack in which an attacker sends a succession of SYN requests to a target’s system in an attempt to consume enough server
resources to make the system unresponsive to legitimate traffic.
Ping of Death attack
Employs an oversized ping packet. Max allowed ping packet size is 65,536 bytes. Ping of death sends package 65,537 bytes or larger.
TCP 3-way handshake
- SYN 2. SYN-ACK 3. ACK
a process used in a TCP/IP network to make a connection between the server and client