Domain 4: Communication and Network Security Flashcards

Question

Circuit-level firewall

Answer 1

Circuit-level firewalls also use proxies but at a lower layer. Circuit-level firewalls do not look as deep within the packet as application proxies do.

Answer 2

A proxy firewall is the middleman in communication. It does not allow anyone to connect directly to a protected host within the internal network. Proxy firewalls are second-generation firewalls.

Answer 3

* Advantages * Provide high security * Full application-layer awareness * Disadvantages * Poor performance * Limited application support * Poor scalability

Answer 4

Stateful inspection keeps track of each communication session. It must maintain a state table that contains data about each connection. It is a third-generation firewall.

Answer 5

* PPTP * L2TP * TLS * IPSec

Answer 6

PPTP works at the data link layer and can only handle one connection. IPSec works at the network layer and can handle multiple tunnels at the same time.

Answer 7

* WAN * Usually the most expensive type of WAN connectivity method * Fee is based on the distance between the two destinations rather than on the amount of bandwidth used. * T1 and T3 are examples of dedicated links.

Answer 8

* Frame relay * X.25 They use virtual circuits instead of dedicated ones.

Answer 9

A switch in star topologies serves as the central meeting place for all cables from computers and devices.

Answer 10

A switch is a device with combined repeater and bridge technology. It works at the data link layer and understands MAC addresses.

Answer 11

Routers link two or more network segments, where each segment can function as an independent network. * Works at the network layer * Works with IP addresses * Has more network knowledge than bridges, switches, or repeaters

Answer 12

A bridge filters by MAC addresses and forwards broadcast traffic. A router filters by IP addresses and does not forward broadcast traffic.

Answer 13

Layer 3 switching combines switching and routing technology.

Answer 14

Attenuation is the loss of signal strength when a cable exceeds its maximum length.

Answer 15

STP and UTP are twisted-pair cabling types that are the most popular, cheapest, and easiest to work with. However, they are the easiest to tap into, have crosstalk issues, and are vulnerable to EMI and RFI.

Answer 16

* Carries data as light waves * Expensive * Can transmit data at high speeds * Difficult to tap into * Resistant to EMI and RFI. If security is extremely important, fiber-optic cabling should be used.

Answer 17

* WAN technology * Transfers data in fixed cells * Transmits data at very high rates * Supports voice, data, and video applications

Answer 18

* LAN and MAN technology * Usually used for backbones * Uses token-passing technology * Has redundant rings in case the primary ring goes down

Answer 19

Token Ring, 802.5, is an older LAN implementation that uses a token-passing technology.

Answer 20

Ethernet uses CSMA/CD, which means all computers compete for the shared network cable, listen to learn when they can transmit data, and are susceptible to data collisions.

Answer 21

Circuit-switching technologies set up a circuit that will be used during a data transmission session. Packet-switching technologies do not set up circuits — instead, packets can travel along many different routes to arrive at the same destination.

Answer 22

ISDN has a BRI (Basic Rate Interface) rate that uses two B channels and one D channel, and a PRI (Primary Rate Interface) rate that uses up to 23 B channels and one D channel. They support voice, data, and video.

Answer 23

PPP (Point-to-Point Protocol) is an encapsulation protocol for telecommunication connections. It replaced SLIP and is ideal for connecting different types of devices over serial lines.

Answer 24

PAP (Password Authentication Protocol) sends credentials in cleartext CHAP (Challenge Handshake Authentication Protocol) authenticates using a challenge/response mechanism and therefore does not send passwords over the network.

Answer 25

SOCKS is a proxy-based firewall solution. It is a circuit-based proxy firewall and does not use application-based proxies.

Answer 26

IPSec tunnel mode protects the payload and header information of a packet, while IPSec transport mode protects only the payload.

Answer 27

A screened-host firewall lies between the perimeter router and the LAN, and a screened subnet is a DMZ created by two physical firewalls.

Answer 28

NAT is used when companies do not want systems to know internal hosts ’ addresses, and it enables companies to use private, nonroutable IP addresses.

Answer 29

The 802.15 standard outlines wireless personal area network (WPAN) technologies.

Answer 30

Environments can be segmented into different WLANs by using different SSIDs.

Answer 31

802. 11b works in the 2.4-GHz range at 11 Mbps 802. 11a works in the 5-GHz range at 54 Mbps

Answer 32

IPv4 uses 32 bits for its addresses, whereas IPv6 uses 128 bits; thus, IPv6 provides more possible addresses with which to work.

Answer 33

Subnetting allows large IP ranges to be divided into smaller, logical, and easier-to-maintain network segments.

Answer 34

SIP (Session Initiation Protocol) is a signaling protocol widely used for VoIP communications sessions.

Answer 35

Open relay is an SMTP server that is configured in such a way that it can transmit e-mail messages from any source to any destination.

Answer 36

SNMP uses agents and managers. Agents collect and maintain device-oriented data, which is held in management information bases. Managers poll the agents using community string values for authentication purposes.

Answer 37

* Statistical time division * Frequency division * Wave division.

Answer 38

Real-time Transport Protocol (RTP) provides a standardized packet format for delivering audio and video over IP networks. It works with RTP Control Protocol, which provides out-of-band statistics and control information to provide feedback on QoS levels.

Answer 39

* 802.1AR provides a unique ID for a device. * 802.1AE provides data encryption, integrity, and origin authentication functionality at the data link level. * 802.1AF carries out key agreement functions for the session keys used for data encryption. Each of these standards provides specific parameters to work within an 802.1X EAP-TLS framework.

Answer 40

Lightweight EAP was developed by Cisco and was the first implementation of EAP and 802.1X for wireless networks. It uses preshared keys and MS-CHAP to authenticate client and server to each other.

Answer 41

In EAP-TLS (Extensible Authentication Protocol - Transport Layer Security) the client and server authenticate to each other using digital certificates. The client generates a pre-master secret key by encrypting a random number with the server’s public key and sends it to the server.

Answer 42

EAP-TTLS is similar to EAP-TLS, but only the server must use a digital certification for authentication to the client. The client can use any other EAP authentication method or legacy PAP or CHAP methods.

Answer 43

Network convergence means the combining of server, storage, and network capabilities into a single framework.

Answer 44

* 1G (FDMA) * 2G (TDMA) * 3G (CDMA) * 4G (OFDM).

Answer 45

Link encryption is limited to two directly connected devices, so the message must be decrypted (and potentially re-encrypted) at each hop.

Answer 46

End-to-end encryption involves the source and destination nodes, so the message is not decrypted by intermediate nodes.

Answer 47

Transport Layer Security (TLS) is an example of an end-to-end encryption technology.

Answer 48

Multipurpose Internet Mail Extensions (MIME) is a technical specification indicating how multimedia data and e-mail binary attachments are to be transferred.

Answer 49

Secure MIME (S/MIME) is a standard for encrypting and digitally signing e-mail and for providing secure data transmissions using public key infrastructure (PKI).

Answer 50

Pretty Good Privacy (PGP) is a freeware e-mail security program that uses PKI based on a web of trust.

Answer 51

* S/MIME uses centralized, hierarchical Certificate Authorities (CAs) * PGP uses a distributed web of trust

Answer 52

HTTP Secure (HTTPS) is HTTP running over Secure Sockets Layer (SSL) or Transport Layer Security (TLS).

Answer 53

SSL was formally deprecated in June of 2015.

Answer 54

Cookies are text files that a browser maintains on a user’s hard drive or memory segment in order to remember the user or maintain the state of a web application.

Answer 55

Secure Shell (SSH) functions as a type of tunneling mechanism that provides terminal-like access to remote computers.

Answer 56

A denial-of-service (DoS) attack results in a service or resource being degraded or made unavailable to legitimate users.

Answer 57

DNS hijacking is an attack that forces the victim to use a malicious DNS server instead of the legitimate one.

Answer 58

1. Unicast: The packet is sent from a single source to a single destination address. 2. Multicast: The source packet is copied and sent to specific multiple destinations on the network. 3. Broadcast: The packet is copied and sent to all the nodes on a network or segment of a network.

Answer 59

* Transport adjacency * Iterated tunneling Transport adjacency means that more than one security protocol (ESP and AH) is applied to a packet. Iterated tunneling means an IPSec tunnel is tunneled through another IPSec tunnel. Iterated tunneling would be used if the traffic needed different levels of protection at different junctions of its path.

Answer 60

* Baseband transmission: Uses the full bandwidth for only one channel and has a low data transfer rate. * Broadband transmission: Divides the bandwidth into many channels, enabling different types of data to be transmitted, and provides a high data transfer rate

Answer 61

* Circuit-level firewalls * Application proxy firewalls

Answer 62

SOCKS firewalls can: * Screen * Filter * Audit * Log * Control data flowing in and out of a protected network. SOCKS-based firewalls are circuit-level firewalls. This means they look only at packet header information (address and port numbers) to make access decisions. When a SOCKS-enabled client sends a request to access a computer on the Internet, this request actually goes to the network’s SOCKS proxy firewall, which inspects the packets for malicious information and checks its policy rules to see whether this type of connection is allowed.

Answer 63

* Works in the 5GHz range * Uses the OFMD spread spectrum technology * Provides 52 Mbps in bandwidth

Answer 64

An intranet is a firm’s internal, physical network infrastructure. It may contain many interconnected LANs. The main purpose of an intranet is to share company information and computing resources among employees. When a company uses the Internet and web-based technologies inside its networks, it is using an intranet, a private network that uses Internet technologies, such as TCP/IP. The company has web servers and client machines using web browsers, and it uses the TCP/IP protocol suite. The web pages are written in HTML or XML and are accessed via HTTP.

Answer 65

A socket is the combination of: * Node address * Port number When a connection is made between two systems, the packets will need to contain the IP address and port address of the sending and receiving system. This is so the packet can be properly routed to the receiving system and so that the receiving system knows whom to reply to. The IP address acts as the doorway to a computer, and the port acts as the doorway to the actual protocol or service.

Answer 66

* Must be extremely secure * No unnecessary services should be running * Unused subsystems must be disabled * Vulnerabilities must be patched * Unnecessary user accounts must be disabled * Unneeded ports must be closed A bastion host is a locked-down (or hardened) system. A bastion host is usually a highly exposed device, because it is the front line in a network’s security and its existence is known on the Internet. As such, bastion hosts have the configuration requirements outlined in the answer field.

Answer 67

It provides encapsulation, which means it repackages the original frame and encrypts it. This encapsulation allows for secure communication to take place via an untrusted network, such as the Internet. When using PPTP, the payload is encrypted with Microsoft Point-to-Point Encryption (MPPE) using MS-CHAP or EAP-TLS. Along with encryption, the frame must be encapsulated as well. A series of encapsulations takes place in this technology. The user’s data is encapsulated within the Point-to-Point Protocol (PPP), and then this frame is encapsulated by PPTP with a Generic Routing Encapsulation (GRE) header and IP header.

Answer 68

A wide area network (WAN) can be thought of as a network of subnetworks that physically or logically interconnect LANs over a large geographic area.

Answer 69

The 802.1X standard is a port-based network access control that ensures a user cannot make a full network connection until he is properly authenticated. This means a user cannot access network resources and no traffic is allowed to pass, other than authentication traffic, from the wireless device to the network until the user is properly authenticated.

Answer 70

Transmission Control Protocol/Internet Protocol (TCP/IP) is a suite of protocols that governs the way data travels from one device to another. TCP/IP uses a four layer model: * Link Layer * Internet Layer * Transport Layer * Application Layer

Answer 71

* Coaxial cable * Twisted pair * Fiber Coaxial cable: Consists of a single, solid copper wire. The copper core is surrounded by a shielding layer and grounding wire. While used widely in early network deployments, it is rarely used today. Twisted pair: The most commonly used deployment in office LANs today. The common connector for Ethernet twisted pair is the RJ-45. Unshielded twisted pair (UTP) is a common variety due to its cheap cost and workability. A drawback to twisted pair is its vulnerability of being tapped and the electrical emanation. If the cable has an outer foil shielding, it is referred to as shielded twisted pair (STP), which adds protection from radio frequency interference and electromagnetic interference. Fiber: Fiber uses a type of glass as the physical media. The data is carried over light waves in the form of photons. There are two types of fiber modes: multi-mode (powered by LEDs) and single-mode (powered by laser light). Fiber is difficult to tap and does not have electrical emanations; therefore, it has a security advantage over twisted pair.

Answer 72

SONET is a standard for fiber-optic cabling and uses self-healing network rings. SONET describes the interfaces that can be used over fiber lines and the signaling that must be employed. SONET works at the physical layer of the OSI model. All SONET lines and rings are fully redundant. The redundant line waits in the wings in case anything happens to the primary ring.

Answer 73

CIR is a premium service offered by service providers in frame relay networks that guarantees a company a specified amount of bandwidth. Frame relay is bursty in nature, meaning that a company may have access to a larger amount of bandwidth until the network gets busy. If a company needs to ensure it will have a certain amount of bandwidth always available, it will have to pay this extra rate.

Answer 74

The OSI model is an attempt to describe conceptually where the different functionalities of different protocols take place in a networking stack. The model attempts to draw boxes around reality to help people better understand the stack. Each layer has a specific functionality and has several different protocols that can live at that layer and carry out that specific functionality.

Answer 75

* Circuit switching * Packet switching Circuit switching establishes a virtual connection that acts like a dedicated link, or circuit, between two systems. Examples: * ISDN * Telephone calls Packet switching does not set up a dedicated virtual link. It allows packets to pass through a number of different individual devices rather than being forced to follow the same path as preceding packets. Examples: * Internet * X.25 * Frame relay

Answer 76

A local area network (LAN) is composed of: * One or more computers * Communication protocol * Network topology * Cabling or a wireless network to connect the systems that communicate over a small geographical area such as a building floor.

Answer 77

An extranet extends outside the bounds of the company’s network to enable two or more companies to share common information and resources. Business partners commonly set up extranets to accommodate business-to-business communication. An extranet enables business partners to work on projects together, share marketing information, communicate and work collaboratively on issues, post orders, and share catalogs, pricing structures, and information on upcoming events.

Answer 78

* Bus * Star * Ring * Tree * Mesh Bus: A single cable runs the entire length of the network, and systems, or nodes, are attached to the network through drop points connected to this cable. Star: Connects all the nodes through a central device such as a switch. Each of the nodes has its own dedicated link to the central networking device. Ring: A series of devices connect by unidirectional transmissions links. These links form a closed loop and do not connect to a central system. Each node is dependent on the preceding nodes, and in a single node failure, all other systems might be negatively affected due to their interdependence. Tree: Similar to a bus topology except that rather than single nodes branching off of the bus line, additional bus lines with their own connected nodes branch off of the main bus line like branches on a tree. Mesh: Interconnects all systems and resources to each other in a way that does not follow the uniformity of the other topologies. Typically there are redundant interconnections providing resiliency and fault tolerance if any system or network link goes down.

Answer 79

War driving is the practice of walking or driving around with a wireless device equipped with the necessary equipment and software to identify and break into access points (AP). Wireless APs may be misconfigured, which allows hackers to exploit these configurations and break into the wired network. Wireless APs are commonly easy ways to enter networks because of their weak security.

Answer 80

* Network File System (NFS) * NetBIOS * Structured Query Language (SQL) The session layer protocols: * Set up connections between applications * Maintain dialog control * Negotiate, establish, maintain, and tear down the communication channel

Answer 81

* Allows companies to use a limited number of registered Internet addresses * Saves on funds * Provides an amount of security * External entities can see only the address of the router (or the public address the NAT device is using) and not the true addresses of the internal hosts * The company can use private address schemes instead of having to pay for public addresses

Answer 82

The Internet is a network of networks—in other words, a system of interconnected networks spread all over the world using TCP/IP as the standard protocol for sharing data. The term “Internet” was first used to refer to the Advanced Research Projects Agency Network (ARPANET), conceived by the U.S. Department of Defense in 1969. Today, the Internet is a public, cooperative, and self-sustaining facility accessible to hundreds of millions of people worldwide.

Answer 83

The protocols at the data link layer: * Convert data into LAN or WAN frames for transmission * Convert messages into bits * Define how a computer accesses a network This layer is divided into: * Logical Link Control (LLC) sublayer * Media Access Control (MAC) sublayer

Answer 84

* CSMA/CD * CSMA/CA A transmission is called a carrier, so if a computer is transmitting frames, it is performing a carrier activity. When computers use the Carrier Sense Multiple Access with Collision Detection (CSMA/CD) protocol, they monitor the transmission activity, or carrier activity, on the wire so they can determine when would be the best time to transmit data. Carrier Sense Multiple Access with Collision Avoidance (CSMA/CA) is an access method in which each computer signals its intent to transmit data before it actually does so. This tells all other computers on the network not to transmit data right now because doing so could cause a collision.

Answer 85

Encapsulation is the process of adding headers and trailers to user data as it is handed from each layer to the next lower layer. As data is passed to the application layer from a program and sent down through the protocol stack, each protocol at each layer adds its own information to the message and passes it down to the next level. The headers and trailers are added so that the receiving system knows how to interpret and process the data as it goes up the network stack.

Answer 86

Plenum-grade cable is cable that is coated with a fire retardant designed for use in crawlspaces, false ceilings, and below raised floors. The coating is designed to not give off toxic fumes as it burns.

Answer 87

* American Standard Code for Information Interchange (ASCII) * Extended Binary-Coded Decimal Interchange Mode (EBCDIC) * Tagged Image File Format (TIFF) * Joint Photographic Experts Group (JPEG) * Motion Picture Experts Group (MPEG) The services of the presentation layer handle translation into standard formats, data compression and decompression, and data encryption and decryption.

Answer 88

In an ARP attack, an attacker manipulates the ARP table so that traffic with the correct IP address goes to an incorrect MAC address. ARP (Address Resolution Protocol) finds MAC (Media Access Control) addresses for IP addresses. It broadcasts a request and only the system with the IP address within the broadcast domain responds. ARP takes the MAC address from this response and places it in its ARP table. An attacker can manipulate this ARP table so that traffic with the correct IP address goes to an incorrect MAC address. The traffic goes to the attacker's MAC address instead of the intended receiver.

Answer 89

802.16 addresses wireless MAN technologies.