Domain 4 - Communications and Network Security Flashcards
What is the OSI model?
The OSI model is an abstract framework which most OSs and protocols adhere to.
Based off an open network architecture, which enables easy integration of various technologies and vendors.
7 layers where each layer defines have specific functions and controls. Protocols are a standard set of rules that determine how systems will communicate.
Each layer must communicate with the layer above, layer below and the same layer at the target host.
During encapsulation, each layer builds a protocol data unit (PDU) by adding a header (and sometimes trailer) containing control information to the PDU from thelayer above
What function does the Application layer provide in the OSI model?
- This layer works closest to the user, and handles file transfers, network management
- When an application needs to send data, passes instructions and data to the protocols that support it at the application layer.
- Processes and properly formats the data, and passes it down to the layer below
- Protocols include
- FTP, SMTP, SNMP, telnet, HTTP
What function does the Presentation layer provide in the OSI model?
- Presentation layer receives data from the application layer, and puts it in a standard format.
- Not concerned with the meaning of the data, just the syntax and format, and adds information in the header so that the destination knows how to process and present the data.
- Handles compression and encryption issues.
- No protocols work at this layer, just standards:
- ASCII, JPEG, MPEG
What function does the Session layer provide in the OSI model?
- Responsible for establishing and maintaining a connection between two applications for data transfer
- Works in three phases: connection establishment, data transfer, and connection release.
- Communication between applications occur in simplex, half duplex and full duplex.
- Allows software on one system to make calls on another system, without knowing the specifics on the system.
- Protocols typically operating at this layer include Netbios, PPP, RPC, PPTP.
- Security issues protocols at this layer are the lack of authentication, and should not be allowed on a network segment. Firewalls should deny traffic exiting a network.
What function does the Transport layer provide in the OSI model?
- Provides end-end data transport services and establishes a connection between two communicating computers, different to session layer which is connection between applications.
- Receives data from many different applications, and segments data into a stream to be sent.
- Before connection, handshaking process defines reliable data, flow control, error detection.
- Protocols at this layer:
- TCP, UDP
What function does the Network layer provide in the OSI model?
- Insert information into packet headers, so it can be properly addressed and routed, and then actually route the packets to the destination.
- Routing protocols build and maintain routing tables, which are maps of the network.
- Main protocols at this layer include:
- IP, ICMP RIP, OSPF, BGP.
What function does the Data link layer provide in the OSI model?
- Converts packets into a LAN/WAN frames for transmission, and how computers access a network.
- Two sub functional layers:
- Logical link control (LLC): takes care of flow control and error checking
- Media Access control (MAC): knows what type of network e.g Ethernet or token ring, and puts the header and trailer before it hits the wire.
- Protocols at this layer:
- Token ring, Ethernet, FDDI, ARP, PPP,
What function does the physical layer provide in the OSI model?
- Converts bits into voltage for transmission, Signals and voltages have different interpretation depending on the LAN/WAN technology.
- Layer controls synchronisation, data rates, line noise, and transmission techniques.
- Specifications for the physical layer include the timing voltage changes, voltage levels, and physical connectors for electrical, optical, and mechnical transmission.
- Interface standards defined at this layer:
- 1000 BaseT, DSL, SONET, ISDN.
What are the properties of TCP?
- Connection-oriented protocol, that uses handshaking between two systems.
- Syn, Syn-ack, Ack packets complete a handshake. The use of a Syn cache ensures resources are only allocated upon a complete handshake.
- Sequence numbers are used to re-order messages and ensure
- Ports are used to communicate with upper layers, combination of protocol (TCP/UDP), IP address, port is called socket.
- Ports 0-1023 is considered well known, eg. ssh 22
- Ports 1024-49151 can be registered with ICANN.
- Ports 49152-65535 can be used as needed.
- If messages being sent over TCP are segments, and datagrams over UDP
What are the properties of IPv4?
- 32bit IP address
- Subnetting allows larger ip ranges to be divided into smaller, logical, and more tangible network segments. Reduces the traffic load across the network.
- Class A, 0.0.0.0 to 127.255.255.255, 1st byte is network
- B: 128.0.0.0 to 191.255.255.255, 2 bytes are for network
- C: 192.255.255.255 to 223.255.255.255, 3 bytes for network
- D: 224.0.0.0 to 239.255.255.255, multicast
- E: 240.0.0.0 to 255.255.255.255, Reserved to research
- Classless interdomain routing was created for greater flexibility as Class B is often to large and class C is too small.
- IP provides addressing, packet fragmentation and timeouts and also Type of Service (ToS) for time sensitive applications
What are the properties of IPv6?
- IPv6 addresses are 128 bits
- Header fields have been dropped in IPv6 to reduce the processing cost of the packet.
- Extensions to support authentication, integrity, and data confidentiality.
- Interoperate IPv6 and IPv4:
- 6to4 intersite tunneling method embeds ipv4 data within IPv6.
- Terdo automatic intersite tunnelling technqiue that uses UDP encapsulation so NAT isnt affected.
- ISATAP treats IPv4 network as a virtual IPv6 local link, mappings from each IPv4 address to a link local IPv6
- IPv6 should be disabled if not needed, and security appliances need to be configured to monitor all traffic types.
What is MACSec and how does it provide security at layer 2?
- 802.1AE defines MACSec, provides data confidentiality, integrity, origin authentication.
- Provides hop-hop protection at layer2, and only allows authenticated and trusted devices to communicate.
- 802.1AR defines a globally unique per-device secure identifier cryptographically bound to the device through the use of public cryptography and digital certificates
- Each device is intended to be used with authentication protocols such as EAP, supported by 802.1X. Authentication data is usually hardware identity (802.AR).
- Once authenticated 802.1AF carries out key agreement for the session keys used for data encryption.
What are transmission media considerations?
Three different types of transmission media - a physical thing through which data is moved:
- Electrical wires encode information as changes in the voltage level of an electric current.
- Optical fibres transmit data that is encoded in the wavelength
- Free space is the medium for wireless
Signal is just some way of moving information in a physical format from one point to another point:
- Analog: Singals are measured in amplitude and frequency, which loose form over time.
- Digital: signals represent binary digits as electrical pulses, and more reliable than analog, because values are clear cut
Bandwidth refers to the number of electrical pulses that can be transmitted over a link within a second. Data throughput is the actual amount of data that can be carried over this connection.
Asynchronous and synchronous network technologies provide rules to govern how systems communicate to each other
- Asychronous: No timing component, surrounds each byte with processing bits, parity bit used for error control, each byte requires 3 bits (Start, stop, parity)
- Synchronous: Timing components for data, robust error checking (CRC), used for high-speed, high volume, minimal overhead
Baseband technology uses the entire communication channel for its transmission
Broadband divides the channel into individual and independant subchannels, e.g coaxial cable
What are some of the types of cables?
- Coaxial Cable has a copper core that is surrounded by a shielding layer and grounding wire. More resistant to the EMI, higher bandwidth and longer cables
-
Twisted pair cable is an insulated copper wire surrounded by an outer protective jacket.
- The tighter the twisting of the wires, the more resistant the cable is to interference.
- Shielded twisted pair (STP) has an outer foil shielding and has protection from RFI and EMI. No outer foil is UTP
- Copper causes a signal to degrade and also radiates energy which can be monitored - least secure networking cable.
- The UTP ratings indicate the type of insulation, and quality of conductive material. e.g CAT 3,4,5,6
-
Fibre Optic uses a type of glass that carries light waves (data).
- Has higher transmission speeds
- Not affected by attenuation and EMI, and does not radiate signals like UTP.
- Used in the backbone networks and environments.
- Light sources: Converts electrical signals into light signals e.g Leds, and diode lasers
-
Optical Fibre cable:
- Single mode: Small glass core used for high speed data over long distances
- Multimode: large glass cores and carrys more data than single code but for shorter distances.
- Light detector: Converts light signal back to electrical signal
What are some of the cabling problems?
- Attenuation: loss of signal strength as it travels, and the longer the wire the more attenuation. Effects of attenuation increase with higher frequencies.
- Cross talk: Phenomenon that occurs when electrical signals of one wire spill over to another wire.
- Fire rating of cables: Network cabling placed in plenum space (area above lowered ceilings and raised floors), must meet a specific fire rating to ensure it will not release harmful chemicals.
- In environments where extensive security, wires can be encapsulated within pressurized conduits so if someone attempts to access a wire the pressure of the conduit will change and raise an alarm. Using fibre optic cable is more secure.
What are the wireless communication techniques?
Wireless communication is the transmission of information via radio waves, and is described using frequency and amplitude.
- Frequency indicates the amount of information, the higher it is the more data signal can carry but the more susceptible to interference.
- Uses CSMA/CD (Collision avoidance) to avoid collisions. Wireless devices send out a broadcast indicating that its going to transmit, ensuring other devices hold off on transmitting data.
Wireless devices share a medium using spread spectrum: Sender spreads data across the available frequencies which allows for more effective use of bandwidth.
- Frequencry Hoping Spread spectrum (FHSS): Takes the total amount of bandwidth splits into smaller subchannels. Algorithim determines the individual frequencies that will be used and in what order. Sender and reciever hope from one frequency to another based on a predefined hop sequence.
- Direct Sequence Spread Spectrum (DSSS): Applies a sub-bits are used by the sending system to generate a different format to the data. Uses all frequencies at once - high data throughput.
- Orthongonal Frequency-Division Multiplexing (OFDM): Modulation technique that compacts mutliple carriers tightly together, reducing the required bandwidth, and because they are modulated perpendicular they dont interfere and enhance performance in high frequencry bands.
- Multiplexing technology. used in wireless networks, 4G.
What are the components of a WLAN?
- WLAN uses an access point to link a wireless devices use to access resources.
- Signals transmitted from the AP are received by the wireless NIC and converted into a digial format.
- Infrastructure WLAN is referred to when an AP connects wireless and wired networks
- Stand-alone mode is when an AP is not connected to a wired LAN.
- Ad hoc WLAN has no APs, and wireless devices communicate with each other through wireless NICs instead of centralised device
- Wireless device and AP communicate over the same channel is a certain frequency within a given frequency band.
- Hosts can be segmented into different WLANs by using different SSIDs - based on business functions, levels of trust, and resource requirements.
How did WLAN security evolve through its security standards?
- 802.11 introduced WEP which has a number of flaws.
- Three deficiencies with WEP:
- static encryption keys:
- RC4 symmetric keys are not changed out
- ineffective use of IVs
- same IV values are used over and over.
- lack of packet integrity
- Attacker can change data within the wireless packets by flipping specific bits by altering (ICV)
- static encryption keys:
- 802.11i implemented WPA using TKIP which provides the ability to rotate encryption keys. Increases the length of the IV value and ensures each frame has a different IV value. Changing the IV values make the resulting key stream less predictable
- Uses MIC instead of ICV and ensures reciever will be properly alerted if changes to the frame takes place
- Full 802.11i implements WPA2 providing encryption AES CCMP
How does 802.1X implement authentication in wireless?
- Access control protocol for both wired and wireless networks
- Provides an authentication framework method of dynamically distributing keys.
- EAP allows for mutal authenticaion to take place.
- EAP-TLS is the most secure, auth server and wireless device exchange digital certificates. Once the wireless device validates the server cert, it creates a master key and encrypts it with the servers public key and sends it over to the auth server.
- PEAP requires the user of the wireless device sends the server a password, and the server authenticates to the wireless device with its digital certificate.
What are some of the wireless standards?
- 802.11b: Standard that uses DSS and transfers up to 11 Mbps @ 2.4 Gz
- 802.11a: Standard that uses OFDM, and works @ 5 Ghz
- 802.11e: Provided QoS and support for multimedia traffic
- 802.11f: Handles a user moving around a WLAN, by APs picking up and maintaining a signal when devices move out of range.
- 802.11g: Provides faster data rates at 54 Mbps at 2.4 Ghz
- 802.11h: Builds upon 802.11a and works at 5 Ghz
- 802.11j: working on bringing together many different standards
- 802.11n: throughput at 100 mbs and works at 5Ghz, and uses multiple input, multiple output (MIMO) to increase the throughput.
- 802.11ac: extension of 802.11n and increases to 1.3 Gbps and provides beamforming which is the shaping of radio signals to improve performance.
- 802.16: a MAN wireless standard allows traffic to cover wider geographical area and is a broadband wireless access.
- 802.15.4: is a wireless personal area network (WPAN) allows for connectivity for local devices such as keyboards. works at 2.4 Ghz
What are the security risks of Bluetooth technology?
- Technology has 1-3 Mbps transfer rate, and a range of 1,10, 100 metre
- Bluejacking is when someone sends an unsolicited message to a device that is bluetooth enabled, and bluejackers look for devices to send messages.
- Countermeasure is to put the device into nondiscoverable mode
- Bluesnarfing is the unauthorised access from a wireless device through bluetooth connection.
What are the best practices for securing WLANs?
- Change default SSID
- Implement WPA2 and 802.1X to provide centralised user auth
- Use seperate VLANs for each user class
- Support unauthenticated users (visitors) via an untrused VLAN
- Put APs in the centre of the building, to minimise exposure
- Logically put the AP in a DMZ with a firewall between the DMZ and internal network
- Implement VPN for wireless devices to use
- Configure the AP to allow only known MAC addresses into the network
- Carry out pentests on the WLAN.