Domain 4: Communication and Network Security Flashcards

1
Q

OSI Reference Model

A

Open Systems Interconnect Model
Promotes interoperability between vendors
Enables standardization
Describes the encapsulation of data to enable it to get from point A to point B
Application has least encapsulation, Physical has most encapsulation
“All People Seem to Need Data Processing”
“People Don’t Need to See Paula Abdul”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

OSI Physical Layer (Layer 1)

A

Least Complex
Concerned with Physical connectivity and sending electric signals over a medium
Cables, Hubs, Network Card (partially), Devices (partially)
Threats: Theft, vandalism, interference, etc.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

OSI Data Link Layer (Layer 2)

A

Has 2 Sublayers, LLC and Media access
Where MAC Address is assigned/utilized (used for internal communication)
Utilizes ARP protocol
Switches are layer 2

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

OSI Network Layer (Layer 3)

A

Isolate traffic into broadcast domains and use IP addressing to direct traffic (Router)
VLANs
Protocols: IP, ICMP (ping), IGMP (message), IGRP, IPSEC, IKE, ISAKMP
If a protocol starts with I it is layer 3

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

OSI Transport Layer (Layer 4)

A
End to End deliver
Provides end-to-end data transport services
Adds port info to PDU
Protocols used: 
SSL/TLS (4-7)
TCP 
UDP
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

OSI Session Layer (Layer 5)

A

Responsible for establishing a connection between two applications
Dialogue control
Release Connections

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

OSI Presentation Layer (Layer 6)

A

present the data in a format that all computers can understand
Does not have any protocols
Concerned with encryption, formatting and compression

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

OSI Application Layer (Layer 7)

A

Defines a protocol (way of sending data) that two different programs or applications understand
HTTP, FTP, SMTP, SNMP, etc (a lot of protocols)
Application Proxies
non-repudiation
certificates
Directory services
Time awareness

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

ARP

A

Maps an IP address to a MAC Address

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

ARP

A

Maps an IP address to a MAC Address

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Devices at Layer 1

A

Hub - send all data out all ports all the time (Obsolete)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Devices at Layer 2

A

Switch - Uses MAC addressing to address traffic out the appropriate port
Collision Domain Isolation for each port

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Devices at Layer 3

A

Router - Uses IP addressing
Broadcast Domain Isolation for each port
Creates subnets

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Devices at Layer 3

A

Router - Uses IP addressing
Broadcast Domain Isolation for each port
Creates subnets

Switches can Create VLANs to isolate broadcast traffic on a switch

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Devices at Layer 3

A

Router - Uses IP addressing
Broadcast Domain Isolation for each port
Creates subnets

Switches can Create VLANs to isolate broadcast traffic on a switch
Layer 3 Switch to allow inter-VLAN communications

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Devices at Layer 3

A

Router - Uses IP addressing
Broadcast Domain Isolation for each port
Creates subnets

Switches can Create VLANs to isolate broadcast traffic on a switch
Layer 3 Switch to allow inter-VLAN communications

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Common Layer 3 attack

A
ICMP based: 
Loki, hide messages in ICMP messages
PING of death, oversized ping
Ping flood, DoS with Ping
SMURF, use a spoofed source address to launch a DDoS
Fraggles, SMURF but with UDP
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

TCP Protocol

A

Connection oriented guaranteed delivery
Advantages; easier to program with, implements a session, adds security
Disadvantages; more overhead/slower, SYN floods (attack)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

TCP Handshake

A

Client -> Server - Synchronize (SYN)
Server -> Client - Synchronize Acknowledge (SYN-ACK)
Client -> Server - Acknowledge (ACK)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

UDP Protocol

A
Connectionless
Unreliable
No handshaking
Desirable when real time transfer is essential
Media streaming, gaming, live chat
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

File Transfer Protocol (FTP) uses what protocol

A

TCP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Trivial File Transfer Protocol (TFTP) uses what protocol

A

UDP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

TCP vs OSI model

A

TCP only has 4 layers
TCP Network Layer is Physical and Data Link
TCP Internet is Network
TCP Transport is Transport
TCP Application is Application, Presentation, Session

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Firewalls

A
Isolates traffic/networks into security zones
3 different layers; 3 5 and 7
Software or Hardware Based
Provide isolation and separation
Create zones based on trust
Use rule-based access control (RBAC)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Security Zone

A

Different security levels in different zones

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

DMZ

A

buffer zone between an unprotected network and a protected network that allows for the monitoring and regulation of traffic between the two

27
Q

Stateless Firewall (Layer 3)

A
Stateless inspection
packet filtering
screening routers
Inspect Layer 3 and Layer 4 Headers
(Source and Destination IP, Port, Protocols)
28
Q

Stateful Firewall (Layer 5)

A

Stateful inspection
Awareness of the initiation of the session and the state
Can block unsolicited replies
Can understand syntax of lower layer protocols and can block “misbehaving” traffic

29
Q

Application Firewall

A

Called Application proxies/firewalls
Direct access to the data
Deep packet inspection
Forward proxy inspects traffic from inside going out
Reverse proxy inspects traffic from outside going in
Can inspect on content, time, application-awareness, certificates
Specific to the application protocol

30
Q

Network Address Translation (NAT)

A

Router function
Translates internal to external IP addresses
Assigns internal IP addresses
1 to 1 translations

31
Q

Port Address Translation (PAT)

A

Router Function

Does what a NAT does but appends port numbers to each internal device so traffic can be routed back properly

32
Q

RFC 1918 Internal IP Address Ranges

A
  1. x.x
  2. 16.x.x-172.31.x.x
  3. 168.x.x
33
Q

Firewall best practices

A
block unnecessary ICMP
Keep ACLs Simple
Use Implicit deny
Block directed IP broadcasts
Perform ingress and egress filtering (block traffic leaving from a non-internal address; block all traffic entering from an internal address) 
Enable logging
Drop fragments or re-assemble fragments
Firewalls process ACLs in order. The first rule is valid to the access attempt will be applied (no other rules will be applied)
34
Q

Circuit switching (WAN)

A

Phone based networks
PSTN - Public Switched Telephone Network
ISDN - Integrated service Domain Network
DSL
T-carriers

35
Q

Packet switching (WAN)

A
Packets are created and find their own way to the destination that is fasted
X.25
Frame Relay
ATM
IP Networks*
VOIP*
MPLS*
Cable
36
Q

Multi Protocol Labeled Switching (MPLS)

A

Label edge router - entry and exit point of your network
Provider router - routers to the vpn
Label distribution protocol

37
Q

Voice over IP (VoIP)

A
Telephony - analog to digital voice transmission
Uses RTP (Real-time protocol)
38
Q

VoIP Security Issues

A

Eavesdropping, toll fraud, vishing, SPIT (Spam over IT)

Performance issues: Latency (Fixed), jittering (variable)

39
Q

point to point protocol (PPP)

A

Provides layer 2 framing for dial-up

needs other protocols for security

40
Q

PPP Authentication Protocols

A

Password Access Protocol (PAP) - Clear Text (Dead)
Challenge Handshake Authentication Protocol (CHAP) - Client responds to a challenge from the server; only way the client can answer correctly is if the password has been entered
Extensible Authentication Protocol (EAP) - Extends the capabilities beyond passwords to smart cards, biometrics, tokens, etc.

41
Q

Tunneling

A

A function of VPNs - tunnel encapsulates one protocol within another creating a virtual network
Can encrypt original IP headers
Can encrypt data
Allows for routing non-routable protocols and IP addresses
Can provide remote/internal IP addresses

42
Q

Tunneling Protocols

A

Point to Point Tunneling Protocol (PPTP)
Layer 2 Tunneling Protocol (L2TP)
IP Security (IPSEC)
Generic Routing Encapsulation (GRE)

43
Q

PPTP

A

Point to Point Tunneling Protocol
Still uses PAP, CHAP, or EAP for authentication
Adds Microsoft Point to Point Encryption (MPPE) For encryption
Only works across IP networks
Remote user connects to ISP, gets IP address; Establishes VPN Conncetion to VPN Server gets internal IP address; sends private IP packets encrypted with other IP Packets

44
Q

L2TP

A

based on Cisco Proprietary Layer 2 Forwarding (L2F) protocol
Combination of L2F and PPTP
Designed to be implemented in software solutions
THERE IS NO SECURITY, must use IPSEC

45
Q

IPSec for Tunneling

A

Can be used on its own in Tunnel mode

46
Q

Generic Routing Encapsulation (GRE)

A

point to point link between two networks. Adds extra IP header to original packet. More frequently used the past for AppleTalk, IPX and older protocols

47
Q

Data Encapsulation

A

GRE tunnels encapsulate packets that allow protocols to traverse an incompatible network

48
Q

Simplicity of GRE

A

lack mechanisms related to flow control and security by default

49
Q

Multicast traffic forwarding with GRE

A

GRE tunnels can be used to forward multicast traffic, whereas a VPN cannot

50
Q

Mobility (wireless)

A

wireless communication system allows users to conduct business from anywhere

51
Q

Reachability (wireless)

A

Wireless communication systems enable people to stay connected and be reachable regardless of location

52
Q

Simplicity (wireless)

A

Systems are easy and fast to deploy in comparison to acabled networks

53
Q

maintainability (wireless)

A

in a wireless system, you do not have to spend too much cost and time to maintain network

54
Q

Roaming services (wireless)

A

Provide service any where any time

55
Q

Additional Services (wireless)

A

various smart services like SMS and MMS

56
Q

Wireless Security Problems

A

Unauthorized access
Sniffing
War Driving (Driving around looking for vulnerable access points)
Unauthorized access points (MITM)

57
Q

Wireless Security

A

Encryption & Authentication

58
Q

WEP Encryption

A
Shared authentication passwords
Weak Initialization vector transmitted in clear text
RC-4 (Stream cipher) 
Easily crackable
Only option for 802.11b (old)
59
Q

WPA Encryption

A

Stronger IV
Introduced TKIP (Temporal Key Integrity Protocol)
Still used RC-4

60
Q

WPA2 Encryption

A

AES
CCMP (replaced TKIP)
Not backwards compatible

61
Q

Wireless Authentication

A

WPA and WPA2 uses 802.1X authentication to have individual passwords for individual users (RADIUS)

62
Q

802.1x

A

Remote authentication dial-in user service
Centralized authentication server (RADIUS)
Supplicants (Clients) Authenticators (Server)
Uses EAPoL (Extensible Access Protocol over LAN)

63
Q

Bluetooth

A

Personal area network protocol designed to free devices from physical wires
To secure, just turn it off.