Domain 4 - Communications and Network Security Flashcards

1
Q

What is the OSI model?

A

The OSI model is an abstract framework which most OSs and protocols adhere to.

Based off an open network architecture, which enables easy integration of various technologies and vendors.

7 layers where each layer defines have specific functions and controls. Protocols are a standard set of rules that determine how systems will communicate.

Each layer must communicate with the layer above, layer below and the same layer at the target host.

During encapsulation, each layer builds a protocol data unit (PDU) by adding a header (and sometimes trailer) containing control information to the PDU from thelayer above

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What function does the Application layer provide in the OSI model?

A
  • This layer works closest to the user, and handles file transfers, network management
  • When an application needs to send data, passes instructions and data to the protocols that support it at the application layer.
  • Processes and properly formats the data, and passes it down to the layer below
  • Protocols include
    • FTP, SMTP, SNMP, telnet, HTTP
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What function does the Presentation layer provide in the OSI model?

A
  • Presentation layer receives data from the application layer, and puts it in a standard format.
  • Not concerned with the meaning of the data, just the syntax and format, and adds information in the header so that the destination knows how to process and present the data.
  • Handles compression and encryption issues.
  • No protocols work at this layer, just standards:
    • ASCII, JPEG, MPEG
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What function does the Session layer provide in the OSI model?

A
  • Responsible for establishing and maintaining a connection between two applications for data transfer
  • Works in three phases: connection establishment, data transfer, and connection release.
  • Communication between applications occur in simplex, half duplex and full duplex.
  • Allows software on one system to make calls on another system, without knowing the specifics on the system.
  • Protocols typically operating at this layer include Netbios, PPP, RPC, PPTP.
  • Security issues protocols at this layer are the lack of authentication, and should not be allowed on a network segment. Firewalls should deny traffic exiting a network.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What function does the Transport layer provide in the OSI model?

A
  • Provides end-end data transport services and establishes a connection between two communicating computers, different to session layer which is connection between applications.
  • Receives data from many different applications, and segments data into a stream to be sent.
  • Before connection, handshaking process defines reliable data, flow control, error detection.
  • Protocols at this layer:
    • TCP, UDP
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What function does the Network layer provide in the OSI model?

A
  • Insert information into packet headers, so it can be properly addressed and routed, and then actually route the packets to the destination.
  • Routing protocols build and maintain routing tables, which are maps of the network.
  • Main protocols at this layer include:
    • IP, ICMP RIP, OSPF, BGP.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What function does the Data link layer provide in the OSI model?

A
  • Converts packets into a LAN/WAN frames for transmission, and how computers access a network.
  • Two sub functional layers:
    • Logical link control (LLC): takes care of flow control and error checking
    • Media Access control (MAC): knows what type of network e.g Ethernet or token ring, and puts the header and trailer before it hits the wire.
  • Protocols at this layer:
    • Token ring, Ethernet, FDDI, ARP, PPP,
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What function does the physical layer provide in the OSI model?

A
  • Converts bits into voltage for transmission, Signals and voltages have different interpretation depending on the LAN/WAN technology.
  • Layer controls synchronisation, data rates, line noise, and transmission techniques.
  • Specifications for the physical layer include the timing voltage changes, voltage levels, and physical connectors for electrical, optical, and mechnical transmission.
  • Interface standards defined at this layer:
    • 1000 BaseT, DSL, SONET, ISDN.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What are the properties of TCP?

A
  • Connection-oriented protocol, that uses handshaking between two systems.
    • Syn, Syn-ack, Ack packets complete a handshake. The use of a Syn cache ensures resources are only allocated upon a complete handshake.
    • Sequence numbers are used to re-order messages and ensure
  • Ports are used to communicate with upper layers, combination of protocol (TCP/UDP), IP address, port is called socket.
    • Ports 0-1023 is considered well known, eg. ssh 22
    • Ports 1024-49151 can be registered with ICANN.
    • Ports 49152-65535 can be used as needed.
  • If messages being sent over TCP are segments, and datagrams over UDP
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What are the properties of IPv4?

A
  • 32bit IP address
  • Subnetting allows larger ip ranges to be divided into smaller, logical, and more tangible network segments. Reduces the traffic load across the network.
  • Class A, 0.0.0.0 to 127.255.255.255, 1st byte is network
  • B: 128.0.0.0 to 191.255.255.255, 2 bytes are for network
  • C: 192.255.255.255 to 223.255.255.255, 3 bytes for network
  • D: 224.0.0.0 to 239.255.255.255, multicast
  • E: 240.0.0.0 to 255.255.255.255, Reserved to research
  • Classless interdomain routing was created for greater flexibility as Class B is often to large and class C is too small.
  • IP provides addressing, packet fragmentation and timeouts and also Type of Service (ToS) for time sensitive applications
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What are the properties of IPv6?

A
  • IPv6 addresses are 128 bits
  • Header fields have been dropped in IPv6 to reduce the processing cost of the packet.
  • Extensions to support authentication, integrity, and data confidentiality.
  • Interoperate IPv6 and IPv4:
    • 6to4 intersite tunneling method embeds ipv4 data within IPv6.
    • Terdo automatic intersite tunnelling technqiue that uses UDP encapsulation so NAT isnt affected.
    • ISATAP treats IPv4 network as a virtual IPv6 local link, mappings from each IPv4 address to a link local IPv6
  • IPv6 should be disabled if not needed, and security appliances need to be configured to monitor all traffic types.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is MACSec and how does it provide security at layer 2?

A
  • 802.1AE defines MACSec, provides data confidentiality, integrity, origin authentication.
  • Provides hop-hop protection at layer2, and only allows authenticated and trusted devices to communicate.
  • 802.1AR defines a globally unique per-device secure identifier cryptographically bound to the device through the use of public cryptography and digital certificates
  • Each device is intended to be used with authentication protocols such as EAP, supported by 802.1X. Authentication data is usually hardware identity (802.AR).
  • Once authenticated 802.1AF carries out key agreement for the session keys used for data encryption.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What are transmission media considerations?

A

Three different types of transmission media - a physical thing through which data is moved:

  • Electrical wires encode information as changes in the voltage level of an electric current.
  • Optical fibres transmit data that is encoded in the wavelength
  • Free space is the medium for wireless

Signal is just some way of moving information in a physical format from one point to another point:

  • Analog: Singals are measured in amplitude and frequency, which loose form over time.
  • Digital: signals represent binary digits as electrical pulses, and more reliable than analog, because values are clear cut

Bandwidth refers to the number of electrical pulses that can be transmitted over a link within a second. Data throughput is the actual amount of data that can be carried over this connection.

Asynchronous and synchronous network technologies provide rules to govern how systems communicate to each other

  • Asychronous: No timing component, surrounds each byte with processing bits, parity bit used for error control, each byte requires 3 bits (Start, stop, parity)
  • Synchronous: Timing components for data, robust error checking (CRC), used for high-speed, high volume, minimal overhead

Baseband technology uses the entire communication channel for its transmission

Broadband divides the channel into individual and independant subchannels, e.g coaxial cable

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What are some of the types of cables?

A
  • Coaxial Cable has a copper core that is surrounded by a shielding layer and grounding wire. More resistant to the EMI, higher bandwidth and longer cables
  • Twisted pair cable is an insulated copper wire surrounded by an outer protective jacket.
    • The tighter the twisting of the wires, the more resistant the cable is to interference.
    • Shielded twisted pair (STP) has an outer foil shielding and has protection from RFI and EMI. No outer foil is UTP
    • Copper causes a signal to degrade and also radiates energy which can be monitored - least secure networking cable.
    • The UTP ratings indicate the type of insulation, and quality of conductive material. e.g CAT 3,4,5,6
  • Fibre Optic uses a type of glass that carries light waves (data).
    • Has higher transmission speeds
    • Not affected by attenuation and EMI, and does not radiate signals like UTP.
    • Used in the backbone networks and environments.
    • Light sources: Converts electrical signals into light signals e.g Leds, and diode lasers
    • Optical Fibre cable:
      • Single mode: Small glass core used for high speed data over long distances
      • Multimode: large glass cores and carrys more data than single code but for shorter distances.
    • Light detector: Converts light signal back to electrical signal
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What are some of the cabling problems?

A
  • Attenuation: loss of signal strength as it travels, and the longer the wire the more attenuation. Effects of attenuation increase with higher frequencies.
  • Cross talk: Phenomenon that occurs when electrical signals of one wire spill over to another wire.
  • Fire rating of cables: Network cabling placed in plenum space (area above lowered ceilings and raised floors), must meet a specific fire rating to ensure it will not release harmful chemicals.
  • In environments where extensive security, wires can be encapsulated within pressurized conduits so if someone attempts to access a wire the pressure of the conduit will change and raise an alarm. Using fibre optic cable is more secure.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What are the wireless communication techniques?

A

Wireless communication is the transmission of information via radio waves, and is described using frequency and amplitude.

  • Frequency indicates the amount of information, the higher it is the more data signal can carry but the more susceptible to interference.
  • Uses CSMA/CD (Collision avoidance) to avoid collisions. Wireless devices send out a broadcast indicating that its going to transmit, ensuring other devices hold off on transmitting data.

Wireless devices share a medium using spread spectrum: Sender spreads data across the available frequencies which allows for more effective use of bandwidth.

  • Frequencry Hoping Spread spectrum (FHSS): Takes the total amount of bandwidth splits into smaller subchannels. Algorithim determines the individual frequencies that will be used and in what order. Sender and reciever hope from one frequency to another based on a predefined hop sequence.
  • Direct Sequence Spread Spectrum (DSSS): Applies a sub-bits are used by the sending system to generate a different format to the data. Uses all frequencies at once - high data throughput.
  • Orthongonal Frequency-Division Multiplexing (OFDM): Modulation technique that compacts mutliple carriers tightly together, reducing the required bandwidth, and because they are modulated perpendicular they dont interfere and enhance performance in high frequencry bands.
    • Multiplexing technology. used in wireless networks, 4G.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What are the components of a WLAN?

A
  • WLAN uses an access point to link a wireless devices use to access resources.
  • Signals transmitted from the AP are received by the wireless NIC and converted into a digial format.
  • Infrastructure WLAN is referred to when an AP connects wireless and wired networks
  • Stand-alone mode is when an AP is not connected to a wired LAN.
  • Ad hoc WLAN has no APs, and wireless devices communicate with each other through wireless NICs instead of centralised device
  • Wireless device and AP communicate over the same channel is a certain frequency within a given frequency band.
  • Hosts can be segmented into different WLANs by using different SSIDs - based on business functions, levels of trust, and resource requirements.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

How did WLAN security evolve through its security standards?

A
  • 802.11 introduced WEP which has a number of flaws.
  • Three deficiencies with WEP:
    • static encryption keys:
      • RC4 symmetric keys are not changed out
    • ineffective use of IVs
      • same IV values are used over and over.
    • lack of packet integrity
      • Attacker can change data within the wireless packets by flipping specific bits by altering (ICV)
  • 802.11i implemented WPA using TKIP which provides the ability to rotate encryption keys. Increases the length of the IV value and ensures each frame has a different IV value. Changing the IV values make the resulting key stream less predictable
    • Uses MIC instead of ICV and ensures reciever will be properly alerted if changes to the frame takes place
  • Full 802.11i implements WPA2 providing encryption AES CCMP
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

How does 802.1X implement authentication in wireless?

A
  • Access control protocol for both wired and wireless networks
  • Provides an authentication framework method of dynamically distributing keys.
  • EAP allows for mutal authenticaion to take place.
  • EAP-TLS is the most secure, auth server and wireless device exchange digital certificates. Once the wireless device validates the server cert, it creates a master key and encrypts it with the servers public key and sends it over to the auth server.
  • PEAP requires the user of the wireless device sends the server a password, and the server authenticates to the wireless device with its digital certificate.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What are some of the wireless standards?

A
  • 802.11b: Standard that uses DSS and transfers up to 11 Mbps @ 2.4 Gz
  • 802.11a: Standard that uses OFDM, and works @ 5 Ghz
  • 802.11e: Provided QoS and support for multimedia traffic
  • 802.11f: Handles a user moving around a WLAN, by APs picking up and maintaining a signal when devices move out of range.
  • 802.11g: Provides faster data rates at 54 Mbps at 2.4 Ghz
  • 802.11h: Builds upon 802.11a and works at 5 Ghz
  • 802.11j: working on bringing together many different standards
  • 802.11n: throughput at 100 mbs and works at 5Ghz, and uses multiple input, multiple output (MIMO) to increase the throughput.
  • 802.11ac: extension of 802.11n and increases to 1.3 Gbps and provides beamforming which is the shaping of radio signals to improve performance.
  • 802.16: a MAN wireless standard allows traffic to cover wider geographical area and is a broadband wireless access.
  • 802.15.4: is a wireless personal area network (WPAN) allows for connectivity for local devices such as keyboards. works at 2.4 Ghz
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What are the security risks of Bluetooth technology?

A
  • Technology has 1-3 Mbps transfer rate, and a range of 1,10, 100 metre
  • Bluejacking is when someone sends an unsolicited message to a device that is bluetooth enabled, and bluejackers look for devices to send messages.
    • Countermeasure is to put the device into nondiscoverable mode
  • Bluesnarfing is the unauthorised access from a wireless device through bluetooth connection.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

What are the best practices for securing WLANs?

A
  • Change default SSID
  • Implement WPA2 and 802.1X to provide centralised user auth
  • Use seperate VLANs for each user class
  • Support unauthenticated users (visitors) via an untrused VLAN
  • Put APs in the centre of the building, to minimise exposure
  • Logically put the AP in a DMZ with a firewall between the DMZ and internal network
  • Implement VPN for wireless devices to use
  • Configure the AP to allow only known MAC addresses into the network
  • Carry out pentests on the WLAN.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

How do Mobile wireless communicate?

A

Connects a cellular network connected to the PSTN, cellular network distributes radio signals over delineated areas called cells. Each cell has at least one fixed-location transceiver (base station) and is joined to other cells to provide connections over a large area.

Uses multiple access technologies:

  • Frequencry division multiple access (FDMA): frequency range is divided into sub-bands. One channel mapped to each cell phone.
  • Time division multiple access (TDMA): Dividing the radio-frequency spectrum and dividing into time slots where multiple users can share the same channel.
  • Code division multiple access (CDMA): assins a unique code to each voice call, and permits every user of the network to simultaneously use every channel
  • Orthogonal frequencry division multiple access (OFDMA): channels are subdivided into a set of closely spaced orthogonal frequencies with narrow bandwidths. Subchannels can be transmitted in MIMO

Mobile technology Generations:

  • 1G: Analog services and voice services
  • 2G: Primarily voice and some low speed data, lacks the ability to authenticate towers to phones. can be intercepted, and current mobile technology can be forced to downgrade.
  • 2.5G: higher bandwidth, always on tech for email
  • 3g: integration of voice and data, packet switched technology
  • 3.5 G: Higher data rates, and uses OFDMA
  • 4G: Based on all IP packet switched network, data 100 Mbps to 1GB
24
Q

What are some network topoglogies?

A
  • Ring: All computers are connected by unidirectional transmission link, and the cable is in a closed loop
    • If one station experiences a problem, it can negatively affect surrounding computers on the same ring
  • Bus: Uses a linera, single cable for all computers attached. All traffic travels the full cable and can be viewed by all other computers.
    • If one station experiences a problem, it can negatively affect surrounding computers
  • Star: All computers are connected to a central device, which provides more resilience for the network.
    • The central device is a single point of failure
  • Mesh: Computers are connected to each other, which provides redundancy
    • Requires more expense in cabling and extra effort to track down cable faults
25
Q

What are media access technologies and what the main types?

A

Deal with how systems communicate over media and are usually represented as protocols, NIC drivers, and interfaces.

LAN access technologies set up the rules of how computers will communicate on a network, how errors are handled, MTU size of a frames.

Ethernet:

  • Contention based technology
  • Uses broadcast & collision domains
  • Uses CSMA/CD for media access
  • Full duplex
  • Can use co-axial, twisted pair, or fibre optices
  • Primarily a LAN technology but also used in WANs

Token ring is a LAN media access technology, configured in a start topology, but signal travels in a ring fashion. Devices cannot send data with possession of the token, and thus also there arent collisions since there is only one token. Active monitor mechanisms removes frams from constantly circling the network. Beaconing mechanism is sent if there is a problem on the network.

FDDI usually used as a backbone network using fibre optics and connecting several different networks. Uses a secondary ring counterclockwise if the primary fails. Enables several tokens to be present on the ring concurrently. There exists a copper version, CDDI. Devices that connect to FDDI rings:

  • Single attachement station (SAS): Attaches to only one ring (Primary)
  • Dual attachment station (DAS): Connection for both rings
  • Single attached concentrator (SAC): connects an SAS device to the primary
  • Dual attachement concentrator: connects DAS, SAS, and SAC.
26
Q

What are some media sharing Technologies?

A

Technologies:

Token passing: A token is 24 bit control frame used to control which computers communicate at which intervals. Tokens contain the data, source & dest address, and each computer on the ring will check the token to see if it is addressed to it. Computers must wait to receive the token before it can send data. Used in: Token ring and FDDI technologies

CSMA: Two distinct types: CSMA/CA (collision avoidance) or CSMA/CD (collision detection), and are faster than token-passing.

  • CSMA/CD access method listens for the absense of a carrier tone on the cable. If there is a collision, then abort its transmission and alert all other stations that there was a colloision. All stations execute a random timer before attempting again.
  • CSMA/CA is medium sharing method in which each computer signals its intent to transmit before doing so, preventing collisions.

Polling: Method of monitoring multiple devices and controlling network devices and controlling. Primary device asks secondary device at an interval if it has something to communicate, and is the only time secondary device can.

27
Q

What is Address Resolution Protocol (ARP)?

A
  • ARP maps the hardware (MAC) address and associated IP address and stores this mapping in its table for a predefined amount of time.
  • ARP broadcasts a frame requesting the MAC address that corresponds with the destination IP address.
  • Each computer on the broadcast domain receives this and the computer with the corresponding IP address responds with its MAC address.
  • Attackers are able to alter a systems ARP so it contains incorrect information. Using ARP table cache posioning. If the attacker wants to ensure that the victim’s table is posined, then attacker will continue to send ARP replies. The victim usually accepts the most recent response.
  • Network IDS should be inplace to mitigate against arp posining attacks, and should be easy to identify since attacker needs to constantly send arp replies.
28
Q

What is Dynamic Host Configuration Protocol (DHCP)?

A
  • DHCP is a UDP based protocol that allows servers to assign IP address to network clients in real time.
  • client computer broadcasts DHCP discover message.
  • DHCP server responds with DHCP offer packet with an IP address
  • Client sends DHCPRequest confirming its acceptance.
  • Server acknowledges with DHCPACK
  • Attackers are able to create rougue DHCP server,
  • DHCP Snooping shields networks from unauthenticated DHCP clients
  • Advanced network switches direct clients towards legitimtate DHCP servers to get IP addresses and restrict rogue systems.
29
Q

How does Internet Control Message Protocol (ICMP) work?

A
  • Delivers status messages, reports errors and replies to certain requests.
  • Routers use ICMP to send messages in response to packets not delivered.
  • ICMP is used by connectionless protocols, and because of that they have no way of detecting or reacting to transmission errors
  • ICMP permitted may enable attackers to use it for tunneling similar to client/server model.
  • ICMP may allow traceroute to map out a victims networks.
  • Use of an IDS to monitor the excessive use of these tools and suspicious activites, as well as firewall rules to only allow ICMP packets.
30
Q

How does Simple Network Management Protocol (SNMP) work?

A

View the status of a network, traffic flows, and hosts within the network.

Two main components within SNMP are managers and agents:

  • Manager is the server portion polls different devices to check status information. Receives trap messages from agents.
  • Agent is a piece of software that runs on network device. Has a list of objects that needs to tracked in a database like structure called MIB, which is a logical grouping of managed objects that contain data. Traps enable an agent to inform the manager instead of waiting to be polled.

Neccessary to restrict which managers can request information. Use of community strings provides authentication, but is in cleartext for SNMPv1 and v2. Version 3 has cryptographic functions - provides encryption, message integrity and authentication security.

31
Q

What is Domain Name Service (DNS)?

A
  • Method of resolving hostnames to IP addresses
  • Companies have own DNS servers to resolve internal hostnames.
  • Within DNS servers, DNS namespaces are split up administratively into zones. One zone may contain all hostnames for the marketing and account department
  • Primary and secondary DNS servers synchronize information via zone transfers, and must be configured to only authorised DNS servers otherwise attackers can map out the network.
  • If a DNS server does not know which DNS server holds the information, passes the request up to the DNS server above it. Naming scheme of the Internet resembles an inverted tree with the root servers at the top. Lower branches divided into top level domains, with second level domains under.
  • DNS resolver on the computer, responsible for sending out requests to DNS servers. Non-recursive query means DNS server either has the answer or not. Recursive query means the request is passed from one DNS server to another. DNS resolvers first check the local hosts file.
  • Migitate DNS threats, DNSSEC (DNS Security), implements PKI and signatures, allows DNS servers to validate the origin of a message to ensure that it is not spoofed and potentially malicious.
  • Organisations should implement split DNS, one DNS server internally, and one DNS server sits in the DMZ and handles external resolutions.
  • To prevent modifications to host file, must set it to read-only file and implement a host-based IDS to watch for any modification attempts.
  • Domain name registration issues include domain grabbing are those who watch for top used businesses and purchase the domain name before the legitimate business can renew and cyber squatters who register prominient or established names
32
Q

What are the protocols that provide email services?

A
  • In email clients, SMTP works as a message transfter agent. Client application passes the message to SMTP application level.
  • POP, ensures messages are held on the mail server until users are ready to download their messages, instead of trying to push messages right to a persons’s computer. POP commonly used for internet bases email accounts. POP3 uses SASL, which includes a command for identifying and authenticating a user
  • IMAP, provides all the functionality of POP. Messages are automatically downloaded to computers. Commonly used for corporate email accounts.
  • Email relaying: Companies have public mail servers in their DMZ, and have internal mail servers. Mail servers use a relay agent to send a message from one mail server to another.
  • Email threats: Email spoofing is done by modifying the fields of email heards, such as the from, return-path so the email appears to be from a trusted source.
    • Mitigation: SMTP authentication was developed to provide access control. Allows the clients to authenticate the mail server.
    • Sender Policy Framework(SPF): email validation system verifying senders IP address. Specify which hosts are allowed to send email from a given domain.
    • Domainkeys identified Mail (DKIM) allows email servers to digitally sign messages to provide a measure of confidence.
33
Q

What is Network Address Translation and what are some implementations?

A

Enable a company that uses private IP addresses and still be able to communicate transparently with computers on the internet. Stateful

Three basic implementations:

  • Static mapping: Each private address is statically mapped to a specific public address.
  • Dynamic mapping: Pool of IP addresses, instead of statically mapping a public address to a specific private address. Works on a first come, first served.
  • Port address translation: uses only one public IP address. NAT device document each private ip address and source port number and changes it to public ip address with a different port number.
34
Q

How do routing protocols work?

A
  • Individual networks on the internet, Autonomous systems (AS), which are made up of routers, and use common interior gateway protocol (IGP) within its boarders. ASs communicate with each other via Exterior Gateway protocols (EGP)s.
  • Static routing protocol: requires administrators to manually configure the routing table, cannot respond to disruptions.
  • Dynamic routing protocol: Can discover routers and build routing tables automatically:
    • Distance vector: makes routing decisions based on the distance or hop count. e.g RIP, RIPv2 provides authentication with MD5. IGRP, EIGRP developed by Cisco.
    • Link state: build a more accurate routing table because they look at more variables: packet size, link speed, delay and etc. E.g OSPF provides authentication with hashed passwords. OSPFv3 uses IPSec.
  • Exterior routing protocols: BGP enables routers on different ASs to share routing information to ensure effetive and efficient routing between different AS. Used by Internet service providers, and is a combination of link-state and distance-vector.
  • Routing protocols attacks: Attacker can masquerated as another router. DoS attacks include flooding a router port, buffer overflows. Most coutermeasures invlove authentication and encryption of routing information through the use of shared keys or IPSec. Wormhole attacks enable attackers to capture a packet at one location and tunnel it another locationl Countermeasure is to use leash which restricts the maximum allowed distance.
35
Q

What are repeaters, bridges and routers?

A

Repeaters provides the simplest type of connectivity because it only reapeats electrical signals between cable segments, at the physical layer. Also works as line conditioners, and hubs are multi port repeaters.

Bridges: Segments large networks into manageable pieces, filtering based on MAC addresses, joins different types of network links, isolates domains, bridging functionality can take place within a LAN.

Uses forwarding tables, to learn abou the network environment, examining frames and making entries in its forwarding entries, and associates new source addresses and teh port on which it arrived. STA ensures frames dont circle networks forever.

Routers connect similar or different networks. Is a device that has two or more interfaces. Routers discover information about routes and changes via protocols RIP, OSPF, BGP.

  • External devices, should not accept packets with source routing.
36
Q

What are switches?

A
  • Combine the functionality of a repeater and functionality of bridge.
  • When a frame comes to a switch, the switch sends the frame directly to the destination computer or a network.
  • Uses a hardware based processing power, enables them to look deeped within the packet using an ASIC
  • Layer 3 and 4 switches basically a router on steroids, because it moves the route lookup functionality to the efficient hardware level.
  • Uses tags, which are assigned to each destination network. Switch appends tags to packets and sends it to the next switch. Uses MPLS
  • Switching makes it more difficult for intruders to sniff and monitor network traffic.
  • VLANs: Computers that are physically located next to each other and grouped logically into different VLANs.
    • VLAN hoping attacks allow attackers to gain access to traffic. Attacker can also insert VLAN tags (double tagging) to control traffic. Mitigation is via proper configuration of all switches.
37
Q

What are Gateways?

A
  • General term of software running on a device that connects two different environments and can also act as a translator.
  • Perform much more complex tasks than connection devices e.g routers.
  • Popular type of gateway is email gateway, which converts messages between different email software, by converting into a standard that all mail servers understand x.400.
  • Seperate the combined voice and data information and put it into a form
  • Private Branch Exchange (PBX): is a private telephone switch that is located on a company’s property. Has a dedicated connection to the local telephone company’s central office.
    • Voice data is multiplexed onto a dedicated line connected to the telephone company’s office.
    • Switches devices that can control analog and digital signals.
    • Companies PBX’s usually have modems hanging off them, enabling the vendor to dial in and do maintence.
    • PBX systems have admin passwords that are never changed and are exploited by phreakers.
38
Q

What are the different types of Firewalls?

A
  • Packet filtering (Network): Looks at the destination and source addresses, ports, and services requested. Routers using ACLs to monitor network traffic
  • Stateful (Network): Looks at the state and context of packets. Keeps track of each conversation using a state table
  • Application-level proxy (Application Layer): Looks deep into packets and makes granular access control decisions. Requires one proxy per protocol.
  • Circuit-level proxy (Session): Looks only at the header packet information. It protects a wider range of protocols and services than an application-level proxy, but does not provide the detailed level of control available to an application-level proxy.
  • Dynamic packet filtering (Network): Allows any permitted type of traffic outbound and only response traffic inbound.
  • Kernel proxy (Application): Faster because processing is performed in the kernel. One network stack is created for each packet.
  • Next-generation firewall (Multiple): Very fast and supportive of high bandwidth. Built-in IPS. Able to connect to external services like Active Directory.
39
Q

What are some Firewall architectures?

A
  • Dual Homed: Single computer with seperate NICs connected to each network. Divide an internally trusted network from an external untrusted network.
  • Screened host: A router filters screens traffic before it is passed to the firewall.
  • Screened subnet: An external router filters traffic before it enters the subnet. Traffic headed toward the internal network then goes through two firewalls.
40
Q

What are the best practices for Firewalls?

A
  • Implicitly deny any packets not explictly allowed.
  • Packets with source address of an internal network should be denied
  • Packets with source routing should be denied.
  • Firewalls should reassemble fragmented packets before sending them on to the destination.
    • Fragments contain only a part of the full packet, Firewall is making a decision without having all the facts.
  • Fragmentation attacks:
    • IP Fragmentation: Fragmentation and reassembly flaws causes DoS
    • Teardrop attack: Malformed fragments are created by the attacker, and upon reassembly casuses system to crash
    • Overlapping fragmented attack: Subvert packet filters that do not reassemble packet fragments before inspection.
  • Common firewall rules:
    • Silent rule: Drop noisy traffic without logging it.
    • Stealth rule: Disallows access to firewall software.
    • Cleanup rule: Last rule in the rule base, and drops and logs traffic.
    • Negative rule: Used instead of the broad and permissive “any rules”.
41
Q

What is a proxy server?

A

Acts as an intermediary between the clients that want access to certain services and the servers. Dont want internal systems to directly connect to external servers.

Proxy server validates that the request is safe and then sends and independent request to the website on behalf of the user.

Different types of proxies:

  • Open proxy: forwarding proxy that is open for anyone to use. allows users to conceal their IP address while browsing.
  • Forwarding proxy: allows the client to specify the server it wants to communicate. Commonly on the internal network controlling traffic that is exiting the network.
  • Reverse proxy: appears to the client as the original server. Commonly sits on the network that fulfills client requests, handling traffic entering the network. Carry out load balancing, encryption.
42
Q

What is software defined Networking?

A
  • Approach to networking that relies on distributed software to provide agility and efficieny, means a server can be quickly provisioned and the underlying network adapt.
  • SDN centralises the configuration and control of devices.
  • Control and forwarding planes:
    • Control plane is where the internetwork routing decisions are being made. Responsible for discovering the topology of neighbouring networks and maintaining a table of routes.
    • Forwarding plane: where traffic forwarding decisions are made. Control plane is the strategic and methodical planner, forwarding plane is the tactical, fast executioner.
  • Approaches to SDN: Three common approaches
    • Open: relies on open-source code and standards. Allows the devices implementing the forwarding plane to provide information to the controller, while allowing the controller to update the flow tables.
    • API: leverages a rich API on propietary switches. correct the inability of overflow to go deep packet inspection and manipulation, and its reliance on a cerntralised control pane.
    • Overlays: SDN exists simply as a virtual overlay on top of a physical (underlay) network.
43
Q

How does Network Access Control (NAC)?

A

Set of policies and controls for network acess, simplest level is user authentication.

802.1X standard which allows devices to connect in a very limited manner until user credentials are verified.

Should provide endpoint/device authentication, which requires certificate installed on client device. Can also use a TPM.

Ensure endpoint is properly configured prior to being allowed to connect to the network, check OS, signature, AV updates of the endpoint.

44
Q

How do Virtual Networks work?

A
  • Routers and switches can be virtualised.
  • VMs, whether they implement endpoints or networking equipment, communicate with each other over virual networks that behave much like their real counterparts
  • Hypervisor has complete visibility over all the data transversing its virtualised networks, whether or not it touches the physical NIC
  • Comprimises to the hypervisor could gain access to all virtualised devices.
  • Countermeasures include security patches, restrict third-party add-ons. Ensure third party addons are well test and acquired from reputable vendors.
45
Q

What are the types of networks?

A

Web based clients are different from workstations that log into a network and have their own desktop. Limit a users ability to access the computers files.

  • Intranet: Private network
  • Extranet: extends outside the bounds of the company’s network to enable two or more companies to share common information and resources.
  • Metropolitan Area Networks (MAN): usually a backbone that connects LAN’s to each other and LANs to WANs. Majority of todays MANs are SONETs or FDDI rings. MANs can be made of wireless infrastrucure, optical or ethernet. Uses layer 2,3 switches to connect to optical fibres constructed in a ring, star, partial or mesh
  • Metro Ethernet: Ethernet LAN can be extended over a metropolitatin area. can be pure Ethernet, or ethernet integrated with MPLS which is highly reliable and scalable.
  • Wide Area Networks (WAN): used when communication needs to travel over a larger geographical area. Network must have some avenue to other networks, which is most likely a router that communicates with the company’s service providers switches.
46
Q

What are the components of telecommunications evolution?

A

Multiplexing is a method of combining multiple channels of data over a single transmission path.

  • Copper lines carry purely analog signals.
  • T1 lines carry up to 24 conversations.
  • T3 lines carry up to 28 T1 lines.
  • Fiber optics and the SONET network.
  • ATM over SONET.

Dedicated links: leased line or point-to-point link is pre-established for the purpose of a WAN communications between two destinations.

T-Carriers: Lines that can carry voice and data information over trunk lines like dedicated, point-point, high-capacity. Can be multiplexed over time-divison.

E-carriers: Similar to T-carrier, 30 channels interleave 8 bits of data.

Optical carrier: measure in optical carreir (OC) transmission rates.

Multiplexing:

Statistical time-divis multiplexing (STDM): Severals types of data simulataneously across a single line (T1,T3). Analyses statistics related to the workload of each input device, determines how much time each device should be allocated.

Frequency division multiplexing (FDM): Available wireless spectrum is used to move data, frequency band is divided into narrow bands and used to move multiple parallel channels for data transfer.

Wave-division Multiplexing: Used in Fibre optic communication, multiplexes a number of optical carrier signals onto a single optical fibre.

47
Q

What are some WAN technologies?

A
  • CSU/DSU: required when digital equipment is used to connect a LAN to a WAN. DSU device converts digital signals from routers, switches into signals that can be transmitted over the service providers digital lines. CSU provides digital interface for data terminal equipment (DTE) such as terminals, multiplexers and an interface to the Data circuit terminating equipment (DCE) device - carriers switch
    *
48
Q

What are some WAN technologies?

A

Dedicated line: Dedicated, leased line that connects two locations, expensive compared to other WAN options. Secure because only two locations are using the same medium.

Frame relay: High performance WAN protocol that uses packet-switching technology which works over public networks. Shared media among companies. Uses Switching Virtual Circuits (SVCs) and Permanent Virtual Circuits (PVC), and fees are based on bandwidth used.

X25 First packet switching technology developed to work over public networks. Lower speed than frame relay because of its extra overhead. Uses SVCs and PVCs and basically obsolete and replaced with other WAN protocols.

ATM high-speed bandwidth switching and multiplexing technology that has a low delay, uses 53 byte fixed size cells and very fast because of the low overhead.

SDLC enables mainframes to communicate with remote offices. Provides a polling mechanism to allow primary and secondary stations to communicate.

HDLC Data encapsulation method for synchronous serial links. Point-to-point and multipoint communication.

PPP Data encapsulation method for synchronous and asynchronous links. Point-to-point and multipoint communication.

HSSI DTE/DCE interface to enable high speed communication over WAN links.

49
Q

What are multiservice access technologies?

A
  • Combine server types of communication categories (data, voice, and video) over transmission line.
  • When a phone call is made, the connection has to be set up, signaling has to be controlled, and the session has to be torn down. Protocols voip, SIP, SS7.
  • High quality compression is used with VoIP technology, and the identification numbers (phone numbers) are IP addresses.
  • Four main components needed for VOIP are:
    • IP telephony device: is just a phone that has the necessary software
    • Voicemail system: storage place for messages and provides user directory lookups.
    • Voice gateway: carries out packet routing and provides access to legacy voice systems.
    • Call processing manager: indicates a call needs to be set up. Notifies both the sending and receiving phones that the channel is active, and voice data is sent back and forth.
50
Q

What are some multimedia protocols?

A

H.323 Gateways: Cover a wide variety of multimedia communication services. Deals with video, real-time audio and data packet-based. Connect different types of systems and devices and provide the necessary translation functionality. Terminals are connected to these gateways, which in turn can be connected to the PSTN.

SIP: Signalling protocol widely used for VoIP communications sessions, video conferencing, multimedia, instant messaging.

Two major components:

  • User Agent Client (UAC) are generally messaging tools and soft phone applications
  • User Agent Server (UAS) is the SIP server, which is responsible for handling all routing signaling involved in VoIP calls.

SIP relies on a 3way handshake process to initiate a session. For two people trying to communicate Bill and John:

  • Bill sends an invite packet to SIP server, which looks up john’s address
  • Invite packet is then forwarded to John
  • Sip server informs Bill of progress by a trying packet.
  • Once the invite packet reaches john’s system it starts ringing.
  • While John’s system is rining and waiting, it sends a ringing packet to bill
  • As soon as John answers call, Ok packet is sent to Bill
  • Bill’s system issues an ACK packet to begin call setup.
  • Actual voice stream, is carried on media protocols such as RTP
  • Once the call is finished, system terminating the call sends a BYE message.
  • Other party then acknowledges the end of the call with an OK.

Architecutre consistes of theree different types of servers:

  • Proxy server is used to relay packets within a network between the UACs and the UAS
  • Registar server keeps a centralised record of the updated locations of all the users on the network.
  • Redirect servers allows clients to remain within reach while they move through numerous network coverage zones.
51
Q

What are some IP telephony issues?

A
  • SIP based signaling suffers from the lack of encrypted call channels and authentication of control signals
  • VoIP devices are also vulnerable to DoS attacks
  • These systems can then be used to carry out intrusions and DoS attacks.
  • Intercept RTP packets containing the media stream of a communication session to inject arbitary audio/video data
  • Attackers can also impersonate a server and issue commands such as BYE, CHECKSYNC, adn reset to VoIP clients
  • Measures:
  • Identify unidentified or rouge telephony devices: implement authentication
  • Install and maintain: stateful firewalls, VPN for senstive voice data, IDS
  • Disable unnecessary ports and servers on routers, switches, PCs
  • Employ real-time monitoring that looks for attacks, tunneling, abusive call paterns through IDS/IPS:
    • Use encryption when data (voice, fax, video) cross an untrused network, use a two factor authentication technology
52
Q

What are the remote access methods?

A
  • Dial-up: A modem(modulator-demodulator) is a device that modulates an outgoing digital signal into an analog signal that will be carried over an analog carrier, and demodualtes the incoming analog signal into digital signals that can be processed by a computer. Dial up connections can take place over PPP, before users are allowed access to network resolurces:
    • Measures: Configure remote access server to call back the initiating phone to ensure its valid, disable or remove modems if not in use. Consolidate all modems into one location and manage them centrally. Implement use of two-factor authentication.
  • ISDN: technology provided by telephone companies and ISPs, and was developed to replace telephone analog systems. Provides digital, point-to-point, circuit-swtiched medium and establishes a circuit between two communicating devices. Three different implementations.
  • DSL: another type of high-speed connection technology used to connect a home or business. Provides much higher bandwidth speed than ISDN. Used within a 2.5 mile radius. Different flavors of DSL:
    • Symmetric DSL (SDSL): Data travels upstream and downstream at the same rate.
    • Asymmetric DSL (ADSL): Data travels downstream faster than upstream
    • High-bit-rate DSL (HDSL): Provides T1 speeds over regular copper wire
    • Very High Data rate Digital Subscriber (VDSL): Basically ASDL at much higher data rate.
    • Rate Adaptive Digital Subscribter Line (RADSL): Adjust the transmission speed to match the quality and the length of the line.
  • Cable modems: Provide high speed access to the internet through existing cable coaxial and fibre lines. Bandwidth is shared between the users. Most providers comply with international standards including MAC layer security. Major security concerns include sniffers.
53
Q

What are the types of VPN?

A

Point-to-Point Tunneling Protocol (PPTP):

  • Works in a client/server model
  • Extends and protects PPP connections
  • Works at the data link layer
  • Transmits over IP networks only

Layer 2 Tunneling protocol (L2TP):

  • Hybrid of L2F and PPTP
  • Extends and protects PPP connections
  • Works at the data link layer
  • Transmits over multiple types of networks, not just IP
  • combined with IPSec for Security

IPSec:

  • Handles multiple VPN connections at the same time
  • Provides secure authentication and encryption
  • Supports only IP networks
  • Focuses on LAN-to-LAN communication rather than user-to-user communication.
  • Works at the network layer

TLS:

  • Works at the session layer
  • Granular access control and configuration
  • Easy deployment since TLS is already embeded into browsers
  • Protect a small number of protocol types
54
Q

What are some Authentication Protocols?

A

Password Authentication Protocol (PAP):

  • Used by remote users to authenticate over PPP connections, and requires a user to be authenticated before accessing a network.
  • Least secure methods, crentials are sent in cleartext

Challenged Handshake Authentication Protocol (CHAP):

  • Uses a challenge/response mechanism to authenticate the user.
  • Server sends the user a challenge (nounce) - random value. Challenge is encrypted with a preshared key and is returned to the server.
  • Not vulnerable to man-in-the middle attacks because it continues this challenge/response activity throughout the connection to ensure the authentication server is still communicating with a user.

Extensible Authentication Protocol (EAP):

  • Not a specific authentication protocol
  • Used for a variety of PPP, PPTP, L2TP, 802 wired networks, wireless network
  • Extends authentication possibilities from the norm such as one-time passwords, biometrics, kerberos, digital certificates
55
Q

What is the different between link encryption and end-end Encryption?

A

Link Encryption: Encrypts all the data along a specific communication path. Only traffic not encrypted is the data link control messaging information. Link encryption has to decrypt the packets at every device between the two ends.

  • Provides protection against packet sniffers and eavesdroppers.

End-End Encryption: the packets do not need to be decrypted and then encrypted again at each hop because the headers and trailer are not encrypted.

Encryption at each layer:

  • End-End encryption happens within the application
  • TLS encryption takes place at the session layer
  • PPTP encryption takes place at the data link layer
  • link encryption takes data link and physical layer
56
Q

What are the email Encryption standards?

A

Multipurpose Internet Mail extensions (MIME): Technical specification indicating how multipedia data and email binary attachments are to be transferred. Is a specification that dictates how certain file types should be transmitted and handled.

SMIME: standard for encrypting and digitally signing email and for providing secre data transmissions. Encryption of email and attachments.

PGP: Uses digital certificates rather than what is used in PKI. Passphrase is used to encrypt the user’s private key stored on her hard drive. Relies on a web of trust in its key management approach. Each user generates and distributes public key, users sign each others public keys, which creates a community of users who trust each other.

57
Q

What are the protocols and methods secure the internet?

A

HTTP: Send a request to the web server hosting that website. TCP controls the handshaking and maintains the connection between the user and the server. HTTP is a stateless protocol. Web server never “remembers” the users that ask for different web pages.

HTTPS: Secure Socket Layer works at encrypting traffic

SSL: When a client accesses a website, that website may have both secured and public portions. Secured portion require the user to be authenticated. Server authenticates to the client by sending it a digital certificate. Client generates a session key and encrypts it with the servers public key. SSL works at the transport layer.

TLS: Poodle attack in 2014 was the death of SSL to downgrade TLS to SSL.

Cookies: Text files that a browser maintains on a users hard drive or memory segment. As a user travels from site to site, sites write data to the cookies soted on users systemm. Servers determine how cookies are actually used. HTTP is a stateless protocol, meaning a web server has no memory of any prior connections. Should not be used to store any sensitive information.

  • Important to ensure that secure connections time out, this is why cookies have timestamps within them.
  • Cookies can sometimes can contain usernames and passwords, and should be encrypted.

SSH: Provides authentication and secure transmission over vulnerable channels like the internet. functions as a type of tunneling mechanism. Two computers go through a handshaking process and exchange (via Diffie Hellman) a session key.