Domain 4 - Communication and Network Security

Question 1

_{<strong>OSI Model</strong>}

Answer 1

International Organization for Standardization (ISO) developed the Open Systems Interconnection (OSI) Reference Model for protocols in the early 1980s.

Specifically, ISO 7498 defines the OSI Reference Model (more commonly called the OSI model).

Question 2

Encapsulation

Answer 2

Encapsulation is the addition of a header, and possibly a footer, to the data received by each layer from the layer above before it’s handed off to the layer below.

Question 3

Physical Layer

Answer 3

The Physical layer (layer 1) accepts the frame from the Data Link layer and converts the frame into bits for transmission over the physical connection medium.

The Physical layer is also responsible for receiving bits from the physical connection medium and converting them into a frame to be used by the Data Link layer.

Question 4

Data Link Layer

Answer 4

The Data Link layer (layer 2) is responsible for formatting the packet from the Network layer into the proper format for transmission.

The proper format is determined by the hardware and the technology of the network.

SLIP, PPP, ARP, RARP, L2F, L2TP, PPTP, ISDN are examples

Question 5

Network Layer

Answer 5

The Network layer (layer 3) is responsible for adding routing and addressing information to the data.

The Network layer accepts the segment from the Transport layer and adds information to it to create a packet.

The packet includes the source and destination IP
addresses.

Question 6

Distance Vector Protocols

Answer 6

Distance vector routing protocols maintain a list of destination networks along with metrics of direction and distance as measured in hops.

RIP, IGRP,BGP

Question 7

Link State Routing Protocols

Answer 7

Link state routing protocols maintain a topography map of all connected networks and use this map to determine the shortest path to the destination.

OSPF

Question 8

Transport Layer

Answer 8

The Transport layer (layer 4) is responsible for managing the integrity of a connection and controlling the session. It accepts a PDU from the Session layer and converts it into a segment.

The Transport layer controls how devices on the network are addressed or referenced, establishes communication connections between nodes (also known as devices), and defines the rules of a session.

Question 9

Session Layer

Answer 9

The Session layer (layer 5) is responsible for establishing, maintaining, and terminating communication sessions between two computers. It manages dialogue discipline or dialogue control (simplex, half-duplex, full-duplex), establishes checkpoints for grouping and recovery, and retransmits PDUs that have failed or been lost since the last verified
checkpoint.

NFS, SQL, RPC

Question 10

Presentation Layer

Answer 10

The Presentation layer (layer 6) is responsible for transforming data received from the Application layer into a format that any system following the OSI model can understand.

It imposes common or standardized structure and formatting rules onto the data

Repsonsible for Encyprtion and Compression

Question 11

Application Layer

Answer 11

The Application layer (layer 7) is responsible for interfacing user applications, network services, or the operating system with the protocol stack. It allows applications to communicate with the protocol stack.

The Application layer determines whether a remotecommunication partner is available and accessible. It also ensures that sufficient resources are available to support the requested communications.

EDI, NNTP, S-RPC, SET

Question 12

Port Numbers

Answer 12

The IANA recommends that ports 49152 to 65535 be used as dynamic and/or private ports.

1. Berkeley Software Distribution (BSD) uses ports 1024 through 4999.
2. Many Linux kernels use 32768 to 61000.
3. Microsoft, up to and including Windows Server 2003, uses the range 1025 to 5000.
4. Windows 7, and Windows Server 2008 use the IANA range.
5. FreeBSD, since version 4.6, has used the IANA suggested port range.

Question 13

TCP 3-Way Handshake

Answer 13

1. The client sends a SYN (synchronize) flagged packet to the server.
2. The server responds with a SYN/ACK (synchronize and acknowledge) flagged packet back to the client.
3. The client responds with an ACK (acknowledge) flagged packet back to the server.

Question 14

UDP

Answer 14

Best Effort

header is 8 bytes long

4 sections (SP,DP,ML,CS)

Question 15

IP Classes

Answer 15

Class A 1-126

Class B 128-191

Class C 192-223

Class D 224-239

Class E 240-255

Question 16

ICMP

Answer 16

Internet Control Message Protocol (ICMP) is used to determine the health of a network or a specific link. ICMP is utilized by ping, traceroute, pathping, and other network management tools.

First, the IP header protocol field value for ICMP is 1 (0x01).

Question 17

Ping of Death

Answer 17

Ping of death sends a malformed ping larger than 65,535 bytes (larger than the maximum IPv4 packet size) to a computer to attempt to crash it.

Question 18

Smurf Attack

Answer 18

Smurf attacks generate enormous amounts of traffic on a target network by spoofing broadcast pings, and ping floods are a basic denial of service
(DoS) attack relying on consuming all of the bandwidth that a target has available.

Question 19

IGMP

Answer 19

IGMP Internet Group Management Protocol (IGMP) allows systems to support multicasting. IGMP is used by IP hosts to register their dynamic multicast group membership.

It is also used by connected routers to discover these groups.

The IP header protocol field value for IGMP is 2 (0x02).

Question 20

Telnet

Answer 20

Port 23

No transfer of files

Execuate commands

Question 21

FTP

Answer 21

Port 20, 21

Anonymous or Specific Auth

Question 22

TFTP

Answer 22

UDP port 69

No Auth

Question 23

SMTP

Answer 23

Port 25

Email messages from client to server and other servers

Question 24

POP3

Answer 24

Post Office Protocol 3

Port 110

Pull email down

Question 25

IMAP

Answer 25

Internet Message Access Protocol

Port 143

Delete emails directly without downloading them to client

Question 26

DHCP

Answer 26

UDP Ports 67 and 68

67 for server point-to-point

68 for client request broadcasts

Question 27

LPD

Answer 27

Line Print Daemon

Port 515

Spool and Send Print Jobs

Question 28

NFS

Answer 28

Port 2049

This is a network service used to
support file sharing between dissimilar systems.

Question 29

SNMP

Answer 29

UDP Ports 161 and 162

Port 162 for Trap messages

This is a network service used to collect network health and status
information by polling monitoring devices from a central monitoring station.

Question 30

VLAN Hopping

Answer 30

VLAN hopping is performed by creating a double-encapsulated
IEEE 802.1Q VLAN tag:

[Ethernet [ VLAN1 [ VLAN2 [ IP [ TCP [ HTTP] ] ] ] ] ]

With this double encapsulation, the first encountered switch will strip away the first VLAN tag, and then the next switch will be fooled by the interior VLAN tag and move the traffic into the other VLAN.

Question 31

Multi Layer Protocol Benefits

Answer 31

1. A wide range of protocols can be used at higher layers.
2. Encryption can be incorporated at various layers.
3. Flexibility and resiliency in complex network structures is supported.

Question 32

Multi Layer Protocol Drawbacks

Answer 32

1. Covert channels are allowed.
2. Filters can be bypassed.
3. Logically imposed network segment boundaries can be overstepped.

Question 33

DNP3

Answer 33

DNP3 (Distributed Network Protocol) is primarily used in the electric and water utility and management industries.

It is used to support communications between data acquisition systems and the system control equipment.

This includes substation computers, RTUs (remote terminal units), IEDs and SCADA master stations.

Question 34

FCoE

Answer 34

Fibre Channel is a form of network datastorage solution (storage area network [SAN]) or network-attached storage [NAS]) that allows for high-speed file transfers at upward of 16 Gbps.

Question 35

MPLS

Answer 35

MPLS (Multiprotocol Label Switching) is a high-throughput high-performance network technology that directs data across a network based on short path labels rather than longer network addresses

Question 36

iSCSI

Answer 36

Internet Small Computer System Interface (iSCSI) is a networking storage standard based on IP. This technology can be used to enable location-independent file storage, transmission, and retrieval over
LAN, WAN, or public Internet connections

Question 37

VOIP

Answer 37

Voice over IP (VoIP) is a tunneling mechanism used to transport
voice and/or data over a TCP/IP network.

VoIP has the potential to replace or supplant PSTN because it’s often less expensive and offers a wider variety of options and features.

VoIP can be used as a direct telephone replacement on computer networks as well as mobile devices

Question 38

SDN

Answer 38

SDN aims at separating the infrastructure layer (i.e., hardware and hardware-based settings) from the control layer (i.e., network services of data transmission management).

Furthermore, this also removes the traditional networking concepts of IP addressing, subnets, routing, and so on from needing to be programmed into or be deciphered by hosted applications.

Question 39

Data Emanation

Answer 39

Data emanation is the transmission of data across electromagnetic signals. Almost all activities within a computer or across a network are performed using some form of data emanation.

However, this term is often used to focus on emanations that are unwanted or on data that is at risk due to the emanations.

Question 40

Securing Wireless Access Points

Answer 40

1. ) Adhoc Mode - means that any two wireless networking devices, including two wireless network interface cards (NICs), can communicate without a centralized control authority.
2. ) Infrastructure Mode - means that a wireless access point is required, wireless NICs on systems can’t interact directly.

Question 41

Standalone mode

Answer 41

Occurs when there is a wireless access point connecting wireless clients to each other but not to any wired resources. The wireless access point serves as a wireless hub exclusively.

Question 42

Wired Extension mode

Answer 42

Occurs when the wireless access point acts as a connection point to link the wireless clients to the wired network

Question 43

Site Survey

Answer 43

A site survey is the process of investigating the presence, strength, and reach of wireless access points deployed in an environment.

Question 44

Beacon Frame

Answer 44

The SSID is broadcast by the WAP via a special transmission called a beacon frame. This allows any wireless NIC within range to see the wireless network and make connecting as simple as possible.

Question 45

WEP

Answer 45

Wired Equivalent Privacy is defined by the IEEE 802.11 standard. It was designed to provide the same level of security and encryption on wireless networks as is found on wired or cabled networks.

WEP provides protection from packet sniffing and eavesdropping against wireless transmissions.

WEP encryption employs Rivest Cipher 4 (RC4), a symmetric stream cipher

Question 46

WPA

Answer 46

WPA (Wi-Fi Protected Access) was designed as the replacement for WEP; it was a temporary fix until the new 802.11i amendment was completed.

Wi-Fi Protected Access is based on the LEAP and TKIP cryptosystems and often employs a secret passphrase for authentication. Unfortunately, the use of a single static passphrase is the downfall of WPA

Question 47

WPA2

Answer 47

It is a new encryption scheme known as the Counter Mode Cipher Block Chaining Message Authentication Code Protocol (CCMP), which is based on the AES encryption scheme.

WPA2 implements concepts similar to IPSec.

Question 48

802.1X/EAP

Answer 48

802.1X/EAP is a standard port-based network access control that ensures clients cannot communicate with a resource until proper authentication has taken place. It is a frame work.

Through the use of 802.1X, other techniques and solutions such as RADIUS, TACACS, certificates, smart cards, token devices, and biometrics can be integrated into wireless networks providing techniques for both mutual and multi-factor authentication.

Question 49

PEAP

Answer 49

PEAP (Protected Extensible Authentication Protocol) encapsulates EAP methods within a TLS tunnel that provides authentication and potentially encryption.

Since EAP was originally designed for use over physically isolated channels and hence assumed secured pathways, EAP is usually not encrypted. So, PEAP can provide encryption for EAP methods.

Question 50

LEAP

Answer 50

LEAP (Lightweight Extensible Authentication Protocol) is a Cisco proprietary alternative to TKIP for WPA. This was developed to address deficiencies in TKIP before the 802.11i/WPA2 system was ratified as a standard.

Can be broken with Asleap. EAP-TLS is the recommended alternative. Strong password for LEAP

Question 51

MAC Filter

Answer 51

A MAC filter is a list of authorized wireless client interface MAC addresses that is used by a wireless access point to block access to all non-authorized devices.

Question 52

CCMP

Answer 52

CCMP (Counter Mode with Cipher Block Chaining Message Authentication Code Protocol) was created to replace WEP and TKIP/WPA. CCMP uses AES with a 128-bit key.

CCMP is the preferred standard security protocol of 802.11 wireless networking indicated by 802.11i. To date, no attacks have yet been
successful against the AES/CCMP encryption.

Question 53

Optimal Antenna Placement

Answer 53

1. Use a central location.
2. Avoid solid physical obstructions.
3. Avoid reflective or other flat metal surfaces.
4. Avoid electrical equipment.

Question 54

Network Access Control

Answer 54

Network Access Control (NAC) is a concept of controlling access to an environment through strict adherence to and implementation of security policy. The goals of NAC are as follows:

1. Prevent/reduce zero-day attacks
2. Enforce security policy throughout the network
3. Use identities to perform access control

Question 55

Static packet Filtering Firewalls

Answer 55

filters traffic by examining data from a message header. Usually, the rules are concerned with source, destination, and port addresses.

Using static filtering, a firewall is unable to provide user authentication or to tell whether a packet originated from inside or outside the private network, and it is easily fooled with spoofed packets.

First Gen, Screening or Common Routers

Question 56

Application-Level Gateway Firewalls

Answer 56

Also called a proxy firewall. A proxy is a mechanism that copies packets from one network into another; the copy process also changes the source and destination addresses to protect the identity of the internal or private network.

This type of firewall negatively affects network performance because each packet must be examined and processed as it passes through the firewall.

2ndGen firewalls, and operate at the L7 of the OSI model.

Question 57

Circuit-Level Gateway Firewalls

Answer 57

Circuit-level gateway firewalls are used to establish communication sessions between trusted partners. They operate at the Session layer
(layer 5) of the OSI model.

SOCKS (from Socket Secure, as in TCP/IP ports) is a common implementation of a circuit-level gateway firewall

Question 58

Stateful Inspection Firewalls

Answer 58

Also known as dynamic packet filtering firewalls, these evaluate the state or the context of network traffic. By examining source and destination addresses, application usage, source of origin, and relationship between current packets and the previous packets of the same session, stateful inspection firewalls are able to grant or deny a broader range of access.

They are known as 3rd generation firewalls, and they operate at the
Network and Transport layers (layers 3 and 4) of the OSI model.

Question 59

BASTION Host

Answer 59

A bastion host or a screened host is just a firewall system logically positioned between a private network and an untrusted network.

It is responsible for filtering traffic coming into the private network as well as for protecting the identity of the internal client.

Question 60

FW Deployment Architectures

Answer 60

There are three commonly recognized firewall deployment architectures: 1.) Single Tier - places the private network behind a firewall, which is then connected through a router to the Internet.

2. ) Two tier - Two-tier I and Two-tier II.
3. ) Three tier - Three-tier I and Three tier II.

Question 61

Endpoint Security

Answer 61

Endpoint security is the concept that each individual device must maintain local security whether or not its network or telecommunications channels also provide or offer security.

Sometimes this is expressed as “the end device is responsible for its own security.”

Question 62

Plenum cable

Answer 62

Is a type of cabling sheathed with a special material that does not
release toxic fumes when burned, as does traditional PVC coated wiring. Often plenum-grade cable must be used to comply with building codes, especially if the building has enclosed spaces that could trap gases.

Question 63

Modems

Answer 63

A traditional land-line modem (modulator-demodulator) is a communications device that covers or modulates between an analog carrier signal and digital information in order to support computer communications of public switched telephone network (PSTN) lines.