Domain 4: Communication and Network Security 14% Flashcards

Question

The higher up the layers

Answer 1

the slower it is, speed traded for intelligence

Answer 2

virus, worms, trojans, buffer overflow, app or OS vulner

Answer 3

A conceptual model that provides end-to-end data comm. It has four layers which are used to sort all related protocols according to the scope of networking involved.

Answer 4

equals OSI Layers 1/2

Answer 5

equals OSI Layer 3

Answer 6

equals OSI Layer 4, TCP/UDP. port number

Answer 7

equals OSI Layers 5-7

Answer 8

modified into 64-bit MAC's by adding FF:FE to the device identifier

Answer 9

1st deployed for production in the ARPANet in 1984, ARPANet later became the Internet. IP was developed in 1970's for secure closed networks DARPA. Security was not built in, but was bolted on later. It is a connectionless protocol for use on packet-switched networks. It operates on a best effort delivery model, it does not guarantee delivery, it also does not assure proper sequencing or avoidance of duplicate delivery. We have added protocols (TCP) on top of IP to ensure those.

Answer 10

moving here mainly because we are running out of IPv4 address

Answer 11

1 set of IP and Port. UDP only uses 1 socket (connectionless), TCP uses 2 in a pair

Answer 12

2 sets of IP and Port (Source and Destination)

Answer 13

governs the IP's address allocation. Is a department of ICANN (Internet Corporation for Assigned Names and Numbers)

Answer 14

1-1 traffic (Client to Server) we can capture all unicast traffic on a network by using promiscuous mode on a NIC (Network IDS'/IPS')

Answer 15

one to many (predefined)

Answer 16

one to all (on a LAN Network) The traffic is sent to everyone

Answer 17

Use the 255.255.255.255 broadcast IP address, router do not pass

Answer 18

Uses FF:FF:FF:FF:FF:FF broadcast MAC address, routers do not pass.

Answer 19

Sent to anyone logically connected to the same network, regardless if it is physically behind the same router or not.

Answer 20

RFC 1918 - Not routable on the Internet 10. 0.0.0 10.255.255.255 172. 16.0.0 172.31.255.255 192. 168.0.0 192.168.255.255 127. 0.0.0/8 Loopback IP's 169. 254.0.0/16 Link-Local 255. 255.255.255 Broadcast

Answer 21

Static NAT Translates 1-1, not practical. | Pool NAT Also still 1-1, but a pool was available to all clients not assigned to specific clients

Answer 22

It uses IP and Port number. Also called One-to-Many or NAT Overload since it translates One public IP to Many private IP's. This is what is used today.

Answer 23

were used early on the Internet for public address networks were very large. It was very inefficient use of IP Addresses.

Answer 24

it breaks our addresses into smaller logical segments, thus saving addresses.

Answer 25

``` Version: IP v4 IHL: Length of the IP header QoS (Quality of Service) Id, Flags, Offset: used for IP fragmentation TTL (Time to live): to prevent routing loops. Protocol: Protocol number for TCP/UDP Source/Destination IP Addresses Optional: Options and padding ```

Answer 26

normally 1500 bytes in Ethernet usage. If packet exceeds that size a router along the path may fragment into smaller packets.

Answer 27

is 128bit in hexadecimal numbers (uses 0-9 and a-f). IPSec is built in, not bolted on like with IPv4.

Answer 28

It is a EUI-48 address we add "ffee" to convert for EUI-64. This is added to the middle of the EUI-48 address.

Answer 29

``` Version: IP v6 (4bits) Traffic Class/Priority (8bits) Flow label/QoS management (20bits) Payload length in bytes (16bits) Next Header (8bits) Time to live (TTL)/Hop Limit Source IP add Destination IP address ```

Answer 30

translates IP address into MAC addresses. OSI 2/3 layer. Is simple and trusting protocol, anyone can respond to an ARP request.

Answer 31

an attacker sends fake responses to ARP requests, often done repeatedly for critical AP entries (default gateway)

Answer 32

is used by diskless workstations to get IP's.

Answer 33

used to help IP, often used for troubleshooting. If we do not get a ping response it does not mean that it is down. Firewalls and routers can block ICMP replies.

Answer 34

Uses ICMP to trace a network route. Sends message with TTL until it reaches the destination. Max 30 hops.

Answer 35

remote access over a network. Uses TCP port 23 everything is transmitted in plaintext so it is easy to sniff

Answer 36

Designed to replace or add security to unsecure protocols Telnet, FTP, HTTP. CIA and NSA can decrypt SSH and SSL traffic/data. No longer secure.

Answer 37

Transfer files to and from servers. No confidentiality or Integrity checks. Should not be used. Uses TCP port 21 for sending command/ control collection. Uses TCP port 20 for sending the data

Answer 38

Uses SSH to add security to FTP

Answer 39

Uses TLS and SSL to add security to FTP

Answer 40

uses UDP port 69. No authentication or directory structure, files are written and read from one directory /tftpboot. Used for "Bootstrapping" - Downloading an OS over the network for diskless workstations. Used for saving router configuration.

Answer 41

Translates server names into IP Address, uses TCP/UDP port 53. Uses UDP for most requests and natively has no authentication

Answer 42

The authority for a given name space

Answer 43

Tries to resolve names it does not already know

Answer 44

Keeps previously resolved names in a temporary cache

Answer 45

is similar to ARP poisoning, an attacker sends a fake address/name combo to another DNS server when asked and the server keeps it in its DNS record until it expires

Answer 46

Provides Authentication and Integrity using PKI Encryption

Answer 47

Mostly used to monitor devices on our network (routers, switches, servers, HVAC, UPS) An SNMP client agent is enabled or installed on the client. SNMPv1/v2 send data in cleartext and should be avoided.

Answer 48

uses encryption to provide CIA. This should be the standard across any organization.

Answer 49

Uses TCP port 80 (8008, 8080) unencrypted website data sent across the Internet

Answer 50

Uses TCP Port 443 (8443), encrypted data sent over the Internet

Answer 51

The actual language webpages are written in.

Answer 52

Used for diskless workstations, used to determine OS (downloaded with tftp) and IP address

Answer 53

The common protocol we use to assign IP's. DHCP process: Discovery, Offer, Request, Acknowledge

Answer 54

use UDP Port 67 for the BOOTP/DHCP Server and UDP 68 for the Client.

Answer 55

Magnetism that can disrupt data availability and integrity.

Answer 56

is the signal crossing from one cable to another, this can be an confidentiality issue

Answer 57

is the signal getting weaker the farther it travels.

Answer 58

Pairs of twisted pairs of cable.

Answer 59

Has extra metal mesh shielding around each pair of cables, making them less susceptible to EMI, but also making the cables thicket and more expensive.

Answer 60

for cable TV and ISP

Answer 61

uses light to carry data. Distance has no attenuation like copper. Not susceptible to EMI.

Answer 62

a single strand of fiber carries a single mode of light, used for long distance cables (Often used in IP-bakbones)

Answer 63

uses multiple modes (light colors) to carry multiple data streams simultaneously, this is done with WDM (Wavelength Division Multiplexing)

Answer 64

``` 1Kbps (10^3) 1Mbps (10^6 1Gbps (10^9) 1Tbps (10^12) 1Pbps (10^15) ```

Answer 65

Clients on a network check to see if the shared line is in use, if not they will not send their data.

Answer 66

Used for systems that can send and receive at the same time like Ethernet. If the line is clear the client sends and then waits a random amount of time while monitoring the network. They send a Jam signal to tell the other nodes to stop sending. Each switch port is its own collision domain.

Answer 67

Used for systems that can either send or receive like wireless. On wireless clients are not aware that there is other wireless clients, only the Access Points is aware of other clients. If a lot of congestion the client can send a RTS (Request to Send), and if the AP replies with a CTS (Clear to Send), similar to a token, the client will transmit. The AP only issues a CTS to one node at a time.

Answer 68

All nodes are connected to a central device. This is what we normally use for the ethernet, or nodes are connected to a switch.

Answer 69

nodes are directly connected to all other nodes.

Answer 70

All nodes are directly connected to all other nodes. Often used in High Availability enviroments, with cluster servers for keepalives.

Answer 71

T1 (US): Dedicated 1,544 Mbps circuit. Often also called DS1 T3 (US): 28 bundled T1 lines, dedicated 44,736 circuit E1 (EU): Dedicated 2,048 circuit E3 (EU): 16 bundled E1 lines, dedicated 34,368 Mbps circuit.

Answer 72

Often used to connect geographical distant locations of an org. w/MPLS VPN connections. Seems like one continuous seamless network. Directs data from one node to the next based on short path labels and not IP address. The labels id. virtual links/paths between distant nodes and not the endpoint. Encapsulates packets for other protocols/tech (T1/E1, ATM, Frame Relay, DSL). Can create end-to-end circuits across any type of transport medium, using any protocol. Operates in OSI "2.5"

Answer 73

A synchronous L2 WAN protocol that uses polling (token passing) to transmit data. Uses NRM transmission only.

Answer 74

The successor to SDLC. Adds error correction and flow control, and two additional modes (ARM/ABM)

Answer 75

Secondary nodes transmit when given permission by the primary only.

Answer 76

Secondary nodes my initiate communication with the primary node.

Answer 77

Most commonly used mode. When nodes act as primary or secondary, initiating transmission without receiving permission.

Answer 78

A set of light weight comm protocols used btw components in process automation systems. Mainly used in utilitiessuch as elec/wtr companies. Used by SCADA for comm btw a Master Station (Cntrl Cntr) and Remote Terminal Units and Intelligent Electronic Devices.

Answer 79

protocols provide a cost-effective way to use existing network infra tech and protoc to connect servers to storage. A SAN allows block-level file access across a network, it acts liek an attached hard drive.

Answer 80

Uses Ethernet, not TCP/IP, and because of that it is not routable.

Answer 81

Encapsulates fiber channel frames via TCP/IP

Answer 82

A collection of ports from a set of connected fiber channel switches, that form a virtual fabric.

Answer 83

Leverages existing networking infrastructure and protocols to interface with storage. Uses higher layers TCP/IP for comm and can be routed. Can be used for storage across a WAN. Uses LUNS to provide addressing storage across the network.

Answer 84

A group of technologies for the delivery of voice comm and multimedia sessions over IP networks. The digital info is packetized, and transmitted using UDP IP packets over a packet-switched network. Audio/Video encoded with codecs. VoIP is used for VoIP phones, smartphoes, PC's calls/texts can be sent over 3/4G or Wi-Fi. Needs real time error free connections.

Answer 85

SIP (Session Initiation Protocol), H.323. If you see a transport protocol or control protocol its a safe bet its VoIP protocol.

Answer 86

Allows network administrators via software to initialize, cntrl, chg, mng network behavior dynamically.

Answer 87

Are based on IEEE 802.11 standards. Usually referred to WiFi

Answer 88

An unauthorized access point that has been added to our network without our knowledge.

Answer 89

Jamming is DOS attack. Interference can be addressed by changing channels or frequencies.

Answer 90

rogue access point used to gain access to the network information that is being put through a network. Can compromise confidentiality and integrity.

Answer 91

802. 11-1997: 2.4 GHz, 1,2 Mbits/s, 20m 802. 11a: 3.7 GHz, 6,9,12,18,24,36,48,54 Mbits/s, 35m 802. 11b: 2.4 GHz, 1,2,5.5,11 Mbits/s, 35m 802. 11g: 2.4 GHz, 6,9,12,18,24,36,48,54 Mbits/s, 35m 802. 11n: 2.4/5 GHz, Up to 150 Mbits/s, 70m 802. 11ac: 5 GHz, Up to 866.7 Mbits/s, 35m

Answer 92

Commonly used. Clients connect to an access point in managed mode, once connected, clients communicate with the access point only.

Answer 93

The mode used by wireless access points.

Answer 94

WNIC can interface with all other wireless nodes directly as long as they are on the same channel and SSID. A comp connected to the Internetvia a wired NIC my advertise an ad-hoc WLAN to allow Internet sharing.

Answer 95

WNIC can capture all traffic without having to be associated with the AP or Ad-hoc network first.

Answer 96

name of the wireless AP you see when you connect.

Answer 97

No longer secure, should not be used.

Answer 98

Vulnerable so should not be used unless WPA2 is not feasible. Uses RC4 and TKIP neither of which are secure.

Answer 99

Current standard, the most secure form of WPA2 is WPA2-PSK using AES. Was found to have a vulnerability, but with a patch it is good to go.

Answer 100

wireless data exchanging over short distances using 2.4 GHz from fixed and mobiles devices, and building personal area networks (PANs). Class 1: 100m, 2: 10 m, 3: under 10m. Bluetooh implements confidentiality, authentication and key derivation with custom algorithms based on teh SAFER+block cipher. Bluetooth key generation is generally based on a Bluettoh PIN, which must be entered on one or both devices.

Answer 101

Bluejacking: Sending unsolicited messages over Bluetooh, most often harmless but annoying. Bluesnarking: Unauthorized access of info from a Bluetooth device phones, desktop, laptops Bluebugging: The attacker gain total access and cntrl of your device, it can happen when your device is left in discoverable mode. Only happens on old devices with old OS.

Answer 102

Repeaters, Hubs

Answer 103

Bridges are 2 port switches used to separate collision domains. Switches are bridges with more than 2 ports. Each port is it's own collision domain.

Answer 104

command to only allow that # of MAC to use the port.

Answer 105

enable this command on ports between switches.

Answer 106

VLAN Trunks ports connecting two switches to span VLAN's across them.

Answer 107

Forward traffic based on source and destination IP's and ports.

Answer 108

a preconfigured route, always, send traffic there for a certain subnet.

Answer 109

sends all non-local traffic to an ISP for instance

Answer 110

is learned from another routing via a routing protocol (OSPF, EIGRP, BGP, IS-IS)

Answer 111

is used to determine the best route to a destination. Hop count

Answer 112

the routing table that lists which route should be used to forwared a data packet, and through which physical interface connection

Answer 113

The router forwards data packets between incoming and outgoing interface connections. It routes them to the correct network type using information that the packet header contains.

Answer 114

rely on covergence to function right.

Answer 115

typcially never converges because the Internet is too big for the changes to be communicated fast enough.

Answer 116

only focus on how far the dest is in Hops

Answer 117

Uses UDP 520 for its transport protocol. HOP is the only metric it uses. No longer really used.

Answer 118

Each node independetnly runs an algorithm over the map to determine the shortest path from itself to every other node in the network.

Answer 119

Used within a single routing domain, which is logically divided into areas. Converges on a new loop-free routing tables within seconds. Does not use UDP/TCP, but encapsulates the data directly in IP packets with protocol # 89.

Answer 120

What the Internet uses. BGP routes between AS (Autonomous Systems) which are networks with multiple Internet connections. Considered a path vector routing protocol. Makes rouring decisions based on paths, network, policies, or rule-sets.

Answer 121

Packet filters act by inspecting the "packets" which are transferred between clients. Any packet that matches one of the Permits, is allowed to pass. If a packet does not match the packet filter set of filtering rules, the packet filter will drop the packet or reject it and send error responses to the source.

Answer 122

Records all cxn passing through and determines whether a packet is the start of a new connection, a part of an existing cxn, or not a part of any cxn. Static rules are still used, these rules can now contain cxn state as one of their criteria. DOS attacks try to fill the cxn state memory by bombarding it with thousands of fake cxns.

Answer 123

These firewalls can understand certain applications and protocols. They see the entire packer, the packet isn't decrypted until layer 6, any other firewall can only inspect the packet, but not the payload.

Answer 124

filter traffic btw 2 or more networks, either software appliances running on general purpose hardware, or hardware-based firewall

Answer 125

can act as a firewall by responding to input packets in the manner of an app, while blocking other packets. A proxy server is a gateway from one network to another for a specific application.

Answer 126

provide a layer of software security on one host that controls network traffic in and out of that single machine.

Answer 127

is a special purpose hardened host desinged and configured to withstand attacks. Normally hosts a single app, all other services are removed or limited to reduce the threat to the host. It is placed either on the outside of the firewall or in the DMZ.

Answer 128

host w/ two NICs, one connected to a trusted network, and the other connected to an untrusted network (Internet). It doesn't route. No longer used, mostly used pre modern firewalls.

Answer 129

still used today

Answer 130

TP telephone cable can carry signals with higher frequencies than the cable's normal frequency rating. The signal drops the longer the cable (attenuation)

Answer 131

use infrastructure originally inteded to carry television signals and therefore designed from teh outset to carry higher frequencies.

Answer 132

An end devicde often a desktop or server. Not really used any longer.

Answer 133

is often a modem, it sits between the data terminal equipment (DTE) and a data transmission circuit. Not really used any longer.

Answer 134

Sends credentials in clear text. No longer used.

Answer 135

802.1x auth involves 3 parites: a supplicant (client), an authenticator (network device, eg switch/AP), Authentication server (AS, RADIUS)

Answer 136

it was adopted with 100+ EAP Types as the official authentication mechanisms

Answer 137

A protocol that encaps EAP within a encrypted and authenticated TLS (Transport Layer Security) tunnel

Answer 138

Very weak form of EAP. It offers server authn only not mutual authn. Vulnerable to man in the middle/pwd attck

Answer 139

Cisco distr the protocol through the CCX as part of getting 802.1x and dynamic WEP adoption into the industry in the absence of a standard. No native support for LEAP in Win OS

Answer 140

Uses PKI, requiring both server/client certs. Establishes secure TLS tunnel for authn. Secure,e expensive and complex

Answer 141

Simpler than EAP-TLS by dropping the client-side cert req, allowing other authn methods for client-side authentication.

Answer 142

Allows a device to authenticate itself with a network to be granted access. EAP will be used for authn protocol, key dist, key agreement, key derivation protocols.

Answer 143

An encap of IP designed to work over serial ports and modem cxns. On PCs it has been replaced by PPP. On microcontrollers, SLIP is still the preferred way of encapsulating IP packets because of the very small overhead.

Answer 144

Used over many types of Physical networks including serial cable, phone line, turnk line, cell. PPP is also used over Internet access connections. ISPs have used PPP for customer dial-up access to the Internet.

Answer 145

Extends a private network across a public network, and users can send and recieve data across shared or public networks as if they were on the private network. Created by est a virt point to point cxn through the use of dedicated cxns, virtual tunneling proto, traffic encryption. Get around geo-restrictions and censorship

Answer 146

Obsolete method for implementing VPN. Not used no built in encryp or authn

Answer 147

Tunneling protocol used to support VPNs or as part of the delivery of services by ISPs. No built in encryp or confid, it relies on an encryp proto that it passes within the tunnel to provide priv.

Answer 148

Simplex one-way comm, can be used to negotiate ESP or AH parameters. If 2 sys use ESP to comm they need 2 total SA and ESP 4 total.

Answer 149

manages the SA creation process.

Answer 150

encrypts and authn the entire package (inc hdrs)

Answer 151

only encryp and authn the payload, used for systems that speak ITSEC.

Answer 152

negotiates the algorithm selection proc to pick the highest and fastest level of security.

Answer 153

Non proprietary and can run on most OS' for RDP, Helpdesk access.

Answer 154

MS proprietary proto server listens on TCP/UDP 3389.

Answer 155

Diskless workstation Thin Client Apps use web browser.

Answer 156

slimmer and more cost-effective than thin clients. Require no config and nothing is stored on them.

Answer 157

used in early 2000's when mobile devices could not handle full broswer w/HTML. WAP uses microbrowser instead and WML instead of XML.

Answer 158

Are geographically dispered network of proxy srvrs and data centers.