Domain 4: Communication and Network Security

Question 1

OSI Reference Model

Answer 1

Open Systems Interconnect Model
Promotes interoperability between vendors
Enables standardization
Describes the encapsulation of data to enable it to get from point A to point B
Application has least encapsulation, Physical has most encapsulation
“All People Seem to Need Data Processing”
“People Don’t Need to See Paula Abdul”

Question 2

OSI Physical Layer (Layer 1)

Answer 2

Least Complex
Concerned with Physical connectivity and sending electric signals over a medium
Cables, Hubs, Network Card (partially), Devices (partially)
Threats: Theft, vandalism, interference, etc.

Question 3

OSI Data Link Layer (Layer 2)

Answer 3

Has 2 Sublayers, LLC and Media access
Where MAC Address is assigned/utilized (used for internal communication)
Utilizes ARP protocol
Switches are layer 2

Question 4

OSI Network Layer (Layer 3)

Answer 4

Isolate traffic into broadcast domains and use IP addressing to direct traffic (Router)
VLANs
Protocols: IP, ICMP (ping), IGMP (message), IGRP, IPSEC, IKE, ISAKMP
If a protocol starts with I it is layer 3

Question 5

OSI Transport Layer (Layer 4)

Answer 5

End to End deliver
Provides end-to-end data transport services
Adds port info to PDU
Protocols used: 
SSL/TLS (4-7)
TCP 
UDP

Question 6

OSI Session Layer (Layer 5)

Answer 6

Responsible for establishing a connection between two applications
Dialogue control
Release Connections

Question 7

OSI Presentation Layer (Layer 6)

Answer 7

present the data in a format that all computers can understand
Does not have any protocols
Concerned with encryption, formatting and compression

Question 8

OSI Application Layer (Layer 7)

Answer 8

Defines a protocol (way of sending data) that two different programs or applications understand
HTTP, FTP, SMTP, SNMP, etc (a lot of protocols)
Application Proxies
non-repudiation
certificates
Directory services
Time awareness

Question 9

ARP

Answer 9

Maps an IP address to a MAC Address

Question 10

ARP

Answer 10

Maps an IP address to a MAC Address

Question 11

Devices at Layer 1

Answer 11

Hub - send all data out all ports all the time (Obsolete)

Question 12

Devices at Layer 2

Answer 12

Switch - Uses MAC addressing to address traffic out the appropriate port
Collision Domain Isolation for each port

Question 13

Devices at Layer 3

Answer 13

Router - Uses IP addressing
Broadcast Domain Isolation for each port
Creates subnets

Question 14

Devices at Layer 3

Answer 14

Router - Uses IP addressing
Broadcast Domain Isolation for each port
Creates subnets

Switches can Create VLANs to isolate broadcast traffic on a switch

Question 15

Devices at Layer 3

Answer 15

Router - Uses IP addressing
Broadcast Domain Isolation for each port
Creates subnets

Switches can Create VLANs to isolate broadcast traffic on a switch
Layer 3 Switch to allow inter-VLAN communications

Question 16

Devices at Layer 3

Answer 16

Router - Uses IP addressing
Broadcast Domain Isolation for each port
Creates subnets

Switches can Create VLANs to isolate broadcast traffic on a switch
Layer 3 Switch to allow inter-VLAN communications

Question 17

Common Layer 3 attack

Answer 17

ICMP based: 
Loki, hide messages in ICMP messages
PING of death, oversized ping
Ping flood, DoS with Ping
SMURF, use a spoofed source address to launch a DDoS
Fraggles, SMURF but with UDP

Question 18

TCP Protocol

Answer 18

Connection oriented guaranteed delivery
Advantages; easier to program with, implements a session, adds security
Disadvantages; more overhead/slower, SYN floods (attack)

Question 19

TCP Handshake

Answer 19

Client -> Server - Synchronize (SYN)
Server -> Client - Synchronize Acknowledge (SYN-ACK)
Client -> Server - Acknowledge (ACK)

Question 20

UDP Protocol

Answer 20

Connectionless
Unreliable
No handshaking
Desirable when real time transfer is essential
Media streaming, gaming, live chat

Question 21

File Transfer Protocol (FTP) uses what protocol

Answer 21

TCP

Question 22

Trivial File Transfer Protocol (TFTP) uses what protocol

Answer 22

UDP

Question 23

TCP vs OSI model

Answer 23

TCP only has 4 layers
TCP Network Layer is Physical and Data Link
TCP Internet is Network
TCP Transport is Transport
TCP Application is Application, Presentation, Session

Question 24

Firewalls

Answer 24

Isolates traffic/networks into security zones
3 different layers; 3 5 and 7
Software or Hardware Based
Provide isolation and separation
Create zones based on trust
Use rule-based access control (RBAC)

Question 25

Security Zone

Answer 25

Different security levels in different zones

Question 26

DMZ

Answer 26

buffer zone between an unprotected network and a protected network that allows for the monitoring and regulation of traffic between the two

Question 27

Stateless Firewall (Layer 3)

Answer 27

Stateless inspection
packet filtering
screening routers
Inspect Layer 3 and Layer 4 Headers
(Source and Destination IP, Port, Protocols)

Question 28

Stateful Firewall (Layer 5)

Answer 28

Stateful inspection
Awareness of the initiation of the session and the state
Can block unsolicited replies
Can understand syntax of lower layer protocols and can block “misbehaving” traffic

Question 29

Application Firewall

Answer 29

Called Application proxies/firewalls
Direct access to the data
Deep packet inspection
Forward proxy inspects traffic from inside going out
Reverse proxy inspects traffic from outside going in
Can inspect on content, time, application-awareness, certificates
Specific to the application protocol

Question 30

Network Address Translation (NAT)

Answer 30

Router function
Translates internal to external IP addresses
Assigns internal IP addresses
1 to 1 translations

Question 31

Port Address Translation (PAT)

Answer 31

Router Function

Does what a NAT does but appends port numbers to each internal device so traffic can be routed back properly

Question 32

RFC 1918 Internal IP Address Ranges

Answer 32

10. x.x
11. 16.x.x-172.31.x.x
12. 168.x.x

Question 33

Firewall best practices

Answer 33

block unnecessary ICMP
Keep ACLs Simple
Use Implicit deny
Block directed IP broadcasts
Perform ingress and egress filtering (block traffic leaving from a non-internal address; block all traffic entering from an internal address) 
Enable logging
Drop fragments or re-assemble fragments
Firewalls process ACLs in order. The first rule is valid to the access attempt will be applied (no other rules will be applied)

Question 34

Circuit switching (WAN)

Answer 34

Phone based networks
PSTN - Public Switched Telephone Network
ISDN - Integrated service Domain Network
DSL
T-carriers

Question 35

Packet switching (WAN)

Answer 35

Packets are created and find their own way to the destination that is fasted
X.25
Frame Relay
ATM
IP Networks*
VOIP*
MPLS*
Cable

Question 36

Multi Protocol Labeled Switching (MPLS)

Answer 36

Label edge router - entry and exit point of your network
Provider router - routers to the vpn
Label distribution protocol

Question 37

Voice over IP (VoIP)

Answer 37

Telephony - analog to digital voice transmission
Uses RTP (Real-time protocol)

Question 38

VoIP Security Issues

Answer 38

Eavesdropping, toll fraud, vishing, SPIT (Spam over IT)

Performance issues: Latency (Fixed), jittering (variable)

Question 39

point to point protocol (PPP)

Answer 39

Provides layer 2 framing for dial-up

needs other protocols for security

Question 40

PPP Authentication Protocols

Answer 40

Password Access Protocol (PAP) - Clear Text (Dead)
Challenge Handshake Authentication Protocol (CHAP) - Client responds to a challenge from the server; only way the client can answer correctly is if the password has been entered
Extensible Authentication Protocol (EAP) - Extends the capabilities beyond passwords to smart cards, biometrics, tokens, etc.

Question 41

Tunneling

Answer 41

A function of VPNs - tunnel encapsulates one protocol within another creating a virtual network
Can encrypt original IP headers
Can encrypt data
Allows for routing non-routable protocols and IP addresses
Can provide remote/internal IP addresses

Question 42

Tunneling Protocols

Answer 42

Point to Point Tunneling Protocol (PPTP)
Layer 2 Tunneling Protocol (L2TP)
IP Security (IPSEC)
Generic Routing Encapsulation (GRE)

Question 43

PPTP

Answer 43

Point to Point Tunneling Protocol
Still uses PAP, CHAP, or EAP for authentication
Adds Microsoft Point to Point Encryption (MPPE) For encryption
Only works across IP networks
Remote user connects to ISP, gets IP address; Establishes VPN Conncetion to VPN Server gets internal IP address; sends private IP packets encrypted with other IP Packets

Question 44

L2TP

Answer 44

based on Cisco Proprietary Layer 2 Forwarding (L2F) protocol
Combination of L2F and PPTP
Designed to be implemented in software solutions
THERE IS NO SECURITY, must use IPSEC

Question 45

IPSec for Tunneling

Answer 45

Can be used on its own in Tunnel mode

Question 46

Generic Routing Encapsulation (GRE)

Answer 46

point to point link between two networks. Adds extra IP header to original packet. More frequently used the past for AppleTalk, IPX and older protocols

Question 47

Data Encapsulation

Answer 47

GRE tunnels encapsulate packets that allow protocols to traverse an incompatible network

Question 48

Simplicity of GRE

Answer 48

lack mechanisms related to flow control and security by default

Question 49

Multicast traffic forwarding with GRE

Answer 49

GRE tunnels can be used to forward multicast traffic, whereas a VPN cannot

Question 50

Mobility (wireless)

Answer 50

wireless communication system allows users to conduct business from anywhere

Question 51

Reachability (wireless)

Answer 51

Wireless communication systems enable people to stay connected and be reachable regardless of location

Question 52

Simplicity (wireless)

Answer 52

Systems are easy and fast to deploy in comparison to acabled networks

Question 53

maintainability (wireless)

Answer 53

in a wireless system, you do not have to spend too much cost and time to maintain network

Question 54

Roaming services (wireless)

Answer 54

Provide service any where any time

Question 55

Additional Services (wireless)

Answer 55

various smart services like SMS and MMS

Question 56

Wireless Security Problems

Answer 56

Unauthorized access
Sniffing
War Driving (Driving around looking for vulnerable access points)
Unauthorized access points (MITM)

Question 57

Wireless Security

Answer 57

Encryption & Authentication

Question 58

WEP Encryption

Answer 58

Shared authentication passwords
Weak Initialization vector transmitted in clear text
RC-4 (Stream cipher) 
Easily crackable
Only option for 802.11b (old)

Question 59

WPA Encryption

Answer 59

Stronger IV
Introduced TKIP (Temporal Key Integrity Protocol)
Still used RC-4

Question 60

WPA2 Encryption

Answer 60

AES
CCMP (replaced TKIP)
Not backwards compatible

Question 61

Wireless Authentication

Answer 61

WPA and WPA2 uses 802.1X authentication to have individual passwords for individual users (RADIUS)

Question 62

802.1x

Answer 62

Remote authentication dial-in user service
Centralized authentication server (RADIUS)
Supplicants (Clients) Authenticators (Server)
Uses EAPoL (Extensible Access Protocol over LAN)

Question 63

Bluetooth

Answer 63

Personal area network protocol designed to free devices from physical wires
To secure, just turn it off.