Domain 4: Communication and Network Security Flashcards
OSI Reference Model
Open Systems Interconnect Model
Promotes interoperability between vendors
Enables standardization
Describes the encapsulation of data to enable it to get from point A to point B
Application has least encapsulation, Physical has most encapsulation
“All People Seem to Need Data Processing”
“People Don’t Need to See Paula Abdul”
OSI Physical Layer (Layer 1)
Least Complex
Concerned with Physical connectivity and sending electric signals over a medium
Cables, Hubs, Network Card (partially), Devices (partially)
Threats: Theft, vandalism, interference, etc.
OSI Data Link Layer (Layer 2)
Has 2 Sublayers, LLC and Media access
Where MAC Address is assigned/utilized (used for internal communication)
Utilizes ARP protocol
Switches are layer 2
OSI Network Layer (Layer 3)
Isolate traffic into broadcast domains and use IP addressing to direct traffic (Router)
VLANs
Protocols: IP, ICMP (ping), IGMP (message), IGRP, IPSEC, IKE, ISAKMP
If a protocol starts with I it is layer 3
OSI Transport Layer (Layer 4)
End to End deliver Provides end-to-end data transport services Adds port info to PDU Protocols used: SSL/TLS (4-7) TCP UDP
OSI Session Layer (Layer 5)
Responsible for establishing a connection between two applications
Dialogue control
Release Connections
OSI Presentation Layer (Layer 6)
present the data in a format that all computers can understand
Does not have any protocols
Concerned with encryption, formatting and compression
OSI Application Layer (Layer 7)
Defines a protocol (way of sending data) that two different programs or applications understand
HTTP, FTP, SMTP, SNMP, etc (a lot of protocols)
Application Proxies
non-repudiation
certificates
Directory services
Time awareness
ARP
Maps an IP address to a MAC Address
ARP
Maps an IP address to a MAC Address
Devices at Layer 1
Hub - send all data out all ports all the time (Obsolete)
Devices at Layer 2
Switch - Uses MAC addressing to address traffic out the appropriate port
Collision Domain Isolation for each port
Devices at Layer 3
Router - Uses IP addressing
Broadcast Domain Isolation for each port
Creates subnets
Devices at Layer 3
Router - Uses IP addressing
Broadcast Domain Isolation for each port
Creates subnets
Switches can Create VLANs to isolate broadcast traffic on a switch
Devices at Layer 3
Router - Uses IP addressing
Broadcast Domain Isolation for each port
Creates subnets
Switches can Create VLANs to isolate broadcast traffic on a switch
Layer 3 Switch to allow inter-VLAN communications
Devices at Layer 3
Router - Uses IP addressing
Broadcast Domain Isolation for each port
Creates subnets
Switches can Create VLANs to isolate broadcast traffic on a switch
Layer 3 Switch to allow inter-VLAN communications
Common Layer 3 attack
ICMP based: Loki, hide messages in ICMP messages PING of death, oversized ping Ping flood, DoS with Ping SMURF, use a spoofed source address to launch a DDoS Fraggles, SMURF but with UDP
TCP Protocol
Connection oriented guaranteed delivery
Advantages; easier to program with, implements a session, adds security
Disadvantages; more overhead/slower, SYN floods (attack)
TCP Handshake
Client -> Server - Synchronize (SYN)
Server -> Client - Synchronize Acknowledge (SYN-ACK)
Client -> Server - Acknowledge (ACK)
UDP Protocol
Connectionless Unreliable No handshaking Desirable when real time transfer is essential Media streaming, gaming, live chat
File Transfer Protocol (FTP) uses what protocol
TCP
Trivial File Transfer Protocol (TFTP) uses what protocol
UDP
TCP vs OSI model
TCP only has 4 layers
TCP Network Layer is Physical and Data Link
TCP Internet is Network
TCP Transport is Transport
TCP Application is Application, Presentation, Session
Firewalls
Isolates traffic/networks into security zones 3 different layers; 3 5 and 7 Software or Hardware Based Provide isolation and separation Create zones based on trust Use rule-based access control (RBAC)
Security Zone
Different security levels in different zones
DMZ
buffer zone between an unprotected network and a protected network that allows for the monitoring and regulation of traffic between the two
Stateless Firewall (Layer 3)
Stateless inspection packet filtering screening routers Inspect Layer 3 and Layer 4 Headers (Source and Destination IP, Port, Protocols)
Stateful Firewall (Layer 5)
Stateful inspection
Awareness of the initiation of the session and the state
Can block unsolicited replies
Can understand syntax of lower layer protocols and can block “misbehaving” traffic
Application Firewall
Called Application proxies/firewalls
Direct access to the data
Deep packet inspection
Forward proxy inspects traffic from inside going out
Reverse proxy inspects traffic from outside going in
Can inspect on content, time, application-awareness, certificates
Specific to the application protocol
Network Address Translation (NAT)
Router function
Translates internal to external IP addresses
Assigns internal IP addresses
1 to 1 translations
Port Address Translation (PAT)
Router Function
Does what a NAT does but appends port numbers to each internal device so traffic can be routed back properly
RFC 1918 Internal IP Address Ranges
- x.x
- 16.x.x-172.31.x.x
- 168.x.x
Firewall best practices
block unnecessary ICMP Keep ACLs Simple Use Implicit deny Block directed IP broadcasts Perform ingress and egress filtering (block traffic leaving from a non-internal address; block all traffic entering from an internal address) Enable logging Drop fragments or re-assemble fragments Firewalls process ACLs in order. The first rule is valid to the access attempt will be applied (no other rules will be applied)
Circuit switching (WAN)
Phone based networks
PSTN - Public Switched Telephone Network
ISDN - Integrated service Domain Network
DSL
T-carriers
Packet switching (WAN)
Packets are created and find their own way to the destination that is fasted X.25 Frame Relay ATM IP Networks* VOIP* MPLS* Cable
Multi Protocol Labeled Switching (MPLS)
Label edge router - entry and exit point of your network
Provider router - routers to the vpn
Label distribution protocol
Voice over IP (VoIP)
Telephony - analog to digital voice transmission Uses RTP (Real-time protocol)
VoIP Security Issues
Eavesdropping, toll fraud, vishing, SPIT (Spam over IT)
Performance issues: Latency (Fixed), jittering (variable)
point to point protocol (PPP)
Provides layer 2 framing for dial-up
needs other protocols for security
PPP Authentication Protocols
Password Access Protocol (PAP) - Clear Text (Dead)
Challenge Handshake Authentication Protocol (CHAP) - Client responds to a challenge from the server; only way the client can answer correctly is if the password has been entered
Extensible Authentication Protocol (EAP) - Extends the capabilities beyond passwords to smart cards, biometrics, tokens, etc.
Tunneling
A function of VPNs - tunnel encapsulates one protocol within another creating a virtual network
Can encrypt original IP headers
Can encrypt data
Allows for routing non-routable protocols and IP addresses
Can provide remote/internal IP addresses
Tunneling Protocols
Point to Point Tunneling Protocol (PPTP)
Layer 2 Tunneling Protocol (L2TP)
IP Security (IPSEC)
Generic Routing Encapsulation (GRE)
PPTP
Point to Point Tunneling Protocol
Still uses PAP, CHAP, or EAP for authentication
Adds Microsoft Point to Point Encryption (MPPE) For encryption
Only works across IP networks
Remote user connects to ISP, gets IP address; Establishes VPN Conncetion to VPN Server gets internal IP address; sends private IP packets encrypted with other IP Packets
L2TP
based on Cisco Proprietary Layer 2 Forwarding (L2F) protocol
Combination of L2F and PPTP
Designed to be implemented in software solutions
THERE IS NO SECURITY, must use IPSEC
IPSec for Tunneling
Can be used on its own in Tunnel mode
Generic Routing Encapsulation (GRE)
point to point link between two networks. Adds extra IP header to original packet. More frequently used the past for AppleTalk, IPX and older protocols
Data Encapsulation
GRE tunnels encapsulate packets that allow protocols to traverse an incompatible network
Simplicity of GRE
lack mechanisms related to flow control and security by default
Multicast traffic forwarding with GRE
GRE tunnels can be used to forward multicast traffic, whereas a VPN cannot
Mobility (wireless)
wireless communication system allows users to conduct business from anywhere
Reachability (wireless)
Wireless communication systems enable people to stay connected and be reachable regardless of location
Simplicity (wireless)
Systems are easy and fast to deploy in comparison to acabled networks
maintainability (wireless)
in a wireless system, you do not have to spend too much cost and time to maintain network
Roaming services (wireless)
Provide service any where any time
Additional Services (wireless)
various smart services like SMS and MMS
Wireless Security Problems
Unauthorized access
Sniffing
War Driving (Driving around looking for vulnerable access points)
Unauthorized access points (MITM)
Wireless Security
Encryption & Authentication
WEP Encryption
Shared authentication passwords Weak Initialization vector transmitted in clear text RC-4 (Stream cipher) Easily crackable Only option for 802.11b (old)
WPA Encryption
Stronger IV
Introduced TKIP (Temporal Key Integrity Protocol)
Still used RC-4
WPA2 Encryption
AES
CCMP (replaced TKIP)
Not backwards compatible
Wireless Authentication
WPA and WPA2 uses 802.1X authentication to have individual passwords for individual users (RADIUS)
802.1x
Remote authentication dial-in user service
Centralized authentication server (RADIUS)
Supplicants (Clients) Authenticators (Server)
Uses EAPoL (Extensible Access Protocol over LAN)
Bluetooth
Personal area network protocol designed to free devices from physical wires
To secure, just turn it off.
