Domain 4 - Communication and Network Security Flashcards
Defense in depth
Have defenses throughout the network. Not just in perimeter.
Simplex
one way (radio, broadcast tv).
Way to define network comms like full/half duplex.
Baseband
Network has one channel and can only send one signal at a time.
ethernet is baseband
Broadband
Networks have multiple channels and can send multiple signals at a time, like cable TV
Analog comms
comms are a continuous wave of information.
Digital comms
Transfer data in bits, ones and zeros.
PAN
Personal Area Network (bluetooth is best example)
LAN
Local Area network
MAN
Metropolitan area network. Confined to a Zip code or city usually
WAN
Wide Area Network
GAN
Global Area network
Circuit-switched networks
Dedicated circuit or channel is dedicated between two nodes. Circuit is dedicated to data flow.
Not resilient
Packet-switched network
Data is broken up and sent individually. Unused bandwidth is available for other stuff.
Layered Design
OSI, TCP/IP models are an example. Functions in one layer do not directly affect another.
Network Model
description of how a network protocol suite works/operates
Network Stack
Suite of protocols programmed in software or hardware
Protocol
set of rules that end points in telecommunications use dto communicate.
OSI Model
Open System Interconnetion
OSI origin org
ISO
OSI LAyers
Physical - Bits Data Link Network Transport Session Presentation Application
Physical Data unit
bits
Data Link data unit
frames
Network data unit
packet
Transport data unit
segment
Session, presentation, and application data unit
data
Physical layer
Dumb. Encapsulates cable standards, repeaters, electrical signals.
Data Link
Switch, or bridge. ethernet card and MAC address.
Data Linc sub layer 1
MAC Media Access Control, interface.
Data Link sub layer 2
LLC Logical Link Control. Handles LAN comms, touches layer 3.
Network layer
IP addresses and layers. IPV4, IPV6, others. Routers.
Transport Layer
TCP, UDP, GRE. handles packet sequencing, flow control, error detection.
Session
Duplexes live here. Manages sessions, provides maintenance to connections.
Presentation
Presents data to apps and user in comprehensible ways
Application
What user interfaces with. apps live here. Complex protocols live here.
Please Do not Tell Sales People Anything
Physical, Data Link, Network, Transport, Session, presentation, Application
TCP/IP Model creator
Created by DARPA
TCP/IP model
suite of protocls using UDP, icmp, among others.
TCP/IP Layers
Network Access layer (OSI physical and data link) Internet Layer(osi network) Transport Layer (osi transport) Application layer (OSI session, presentation, app)
Encapsulation
takes info from a higher leayer and adds a header to it. One layer’s header is a lower layers’ data.
EUI-64 MAC Addresses
Extends serial portion of MAC from 24 to 40 bits.
IP Header length
20 bytes
Key IP HEader fields
IP Version Type of service time to live protocol tcp/udp, etc source and dest ips
IPV6 routing
Simpler routing
IPV6 header size
40 bytes
IPV6 header contents
IP Version source/dest address traffic class flow label payload length
Stateless Autoconfig ipv6
takes host MAC Address and uses it to config IPV6
Statefull autoconfig ipv6
uses DHCP
IPV6 sec challenges
Deveices can give themselves IP addresses
Many network pros have limited experience.
RFC 1918
defines private addresses and NAT
Static NAT
one to one
Pool Nate (AKA Dynamic NAT)
reserves a number of public IPs in a pool. Addresses can be assigned from pool then returned.
PAT
port address translation, NAT overloading. Many to one translation.
TCP header fields
20 bytes minimum source/dest port sequence and ack numbers. TCP flags window size
DNSSEC
Provides security extensions to DNS to authenticate DNS servers.
PVC
Permanent virutal circuit
dedicated bandwidth
SVC
switched virtual circuit - on demand
DLCI
data link connection identifier
x.25
strong error connection. packet switched WAN protocol
SDLC
layer 2 wan
uses polling to transmit data
HDLC
High-level data link control
3 modes of operation
Converged protocol
multilayer protocol
DNP3 distributed netwrk protocol is most used
Converged protocol
multilayer protocol
DNP3 distributed netwrk protocol is most used
FHSS
Frequency Hopping Spread spectrum
method of sending traffic on radio band
-designed to maximize throughput while minimizing effects of interference
- Hops through frequency channels in random order.
DSSS
Direct Sequence Spread Spectrum. Uses entire breatdh of radio spectrum available.
OFDM
orthogonal frequency division multiplexing. Newer multiplexing method. Allows concurrent transmissions on multiple independent wireless frequencies.
Managed Mode wireless network
clients cannot connect to anyone other than the access point
Master Mode wireless network
can only conect with clients who are in managed mode.
Ad-hoc mode wireless network
peer to peer comms without central access point
monitor mode
read-only for sniffing WLAN traffic.
WEP
wired equivalent privacy protocol. WEAK.
WEP key lengths
40 and 104
802.11i - AKA WPA2
first wireless security standard
provides reasonable security.
Bluetooth speeds
3 Mbps. Version 3 is faster
bluetooth classes
Class 3- under 10 meters
Class 2- 10 meters
Class 1- 100 meters
bluetooth encryption
weak. real world equivalent of about 38 bit skey length.
RFID
radio frequency identification
tech used to create wirelessly readable tags for animals or objects
RFID
radio frequency identification
tech used to create wirelessly readable tags for animals or objects
RFID type Active
has a battery
active tag broadcasts
can operate over larger distances
toll transponders
RFID - type Semi passive
has a batttery
have to get close to reader, relies on readers’ power
RFID - passive type
no battery
relies on RFID reader’s power
Routing, Split Horizon
Avoids routing loops. Means a router won’t send traffic back out a link it initially arrived on.
Hold down timer
avoids flapping
BGP RFC#
RFC4271
Packet filter firewall
simple and fast. Each filtering decision made on a per packet basis. No way to refer to past packets to make current decision.
stateless
Statefull firewall
keeps a state table of connections to better analyze traffic. Slower than packet filter
Proxy firewall
firewalls that act as intermediary servers.
DTE/DCE
Data terminal equipment. Data circuit-terminating equipment
Syncronous, DCE provides clock signal
PAP
clear text auth protocol
CHAP
More secure than PAP.
Password is securely created.
Server stores plaintext passwords.
802.1x
Port based network access control.
Includes EAP - extensible auth protocol.
LEAP
type of EAP - cisco proprietary. Should not be used
EAP TLS
Uses PKI. Dual side authentication. Encrypted
EAP- TTLS
tunneled transport security layer.
Drops client side certificate
PEAP
Protected EAP
SLIP
Serial line internet protocol.
layer 2
PPP
replaced SLIP
PPTP
point to point tunneling protocol. tunnels PPP via IP
L2TP
layer 2 tunneling protocol.
Combines PPTP and L2F (layer 2 forwarding)
No confidentiality
VPN
Necessary because IPV4 isn’t encrypted by default.
ESP
Encapsulating security payload
IP Protocol 50
AH
Auth Header
IP Protocol 51
Extranet
Connection between private intranets, such as between business partner intranets.
BOOTP
bootstrap protocol.
UTP
Unshielded twisted pair
STP
shielded twisted pair
Cat 1
analog voice
Cat 2
ARCNET, up to 4 Mbps
Cat 3
10baseT
Cat 4
Token Ring - 16 Mbps
Cat 5
100 Mbps
Cat 5e
1000 Mbps
Cat 6
1000 Mbps
multimode fiber
uses multiple paths, used for shorter distances
singlemode fiber
uses one path, used for long haul high speed network.
CSMA
Carrier sense multi access. Addresses collisions in ethernet network.
CSMA/CA - collision avoidance
CSMA/CD - Collision detection
ARCNET
Attached resource computer network
ARCNET topology and speed
star. 2.5 Mbps.
Token Ring topo and speed
physical star, 16 mbps,
Physical star - but stations pass the token in a logical ring.
FDDI
Fiber distributed data interface.
another ring technology. Up to 100 Mbps in speed. Uses a backup ring.
ATM
Asyncronous Transfer Mode
WAN tech that uses fixed length cells. Cells are 53 bytes
MPLS
Multiprotocol label switching.
Forwards WAN traffic via labels
Converged protocol
provide services over Ethernet /TCP IP that normally wouldn’t use that.
DNP3
Distributed network protocol
Open standard used primarily in the energy sector for interoperability between various SCADA devices.
FCoE
Fiber channel (over ethernet) - means you can use Ethernet switches instead of requiring fiber channel switches.
WLAN DoS and Availability
WLANs are susceptible to DOS attacks.
Bastion Host
Hardened device, sits directly on internet. Usually provides a single service and has everything else turned off.
Dual-homed host
Two network interfaces. One connectes to a trusted network, another to an untrusted network.
EAP Acronym
Extensible authentication protocol
Wireless Application Protocol (WAP)
provides secure web services to handheld wireless devices. Uses HDML - Handheld Device Markup Language.
Content distribution Network
CDN.
Geographically diverse caching servers to improve performance for all users. I.e. netflix, amazon, cloudflare, etc.
TCP port range
0-65,535
TCP Reserved ports
1023 or lower`
ephemeral ports TCP
1024 tp 65,535
ICMP
Layer 3 protocol. Uses types and codes instead of port numbers.
FTP Ports (Control and Data)
Active:
Control = client port 1025 to server 21
Data flow = Server 20 to 1026
Passive:
Control = client port 1025 to server 21
Data flow = Server 1026 to 1025
Frame Relay
packet-switched, layer 2 WAN tech. No error correction
DNP3
Distributed Network Protocol. Primarily used in energy sector for SCADA Smart grid applications.
802.11 a
First, 2 Mb/s
802.11 b
Second, 11 Mb/s
802.11 g
Third, backwards compatible with 802.11b. 54 Mb/s
802.11 n
First to use both 2.4 and 5 Ghz frequencies. Uses MIMO (multiple input, multiple output) to use more than one antenna.
802.11ac
5Ghz only. Speeds up to 1.3 Ghz
