Domain 4 - Communications and Networking Flashcards
Simplex
one-way communication (one system transmits, the other listens)
Half-duplex
communication sends or receives one at a time (only one can transmit at a time) like a Walkie Talkie
full-duplex
communication is cable of sending and receiving simultaneously (both system talking at the same time)
baseband
one channel, one signal at a time. ethernet is baseband
broadband
multiple channels and all channels can send and receive multiple signals at a time
Internet
a global connection of peered WAN networks (patchwork of ISPs)
intranet
an organizations privately owned network, houses companies specific information. Example: how do I contact HR, what are policies and procedures.
extranet
Private intranets that are connected. maybe these are business partners or in very large companies, all the child companies intranets connect to the extranet
circuit switching
expensive
used less often
always available
guaranteed bandwidth
always takes the same path
packet switching
cheap
ISP oversubscribes lines
people very seldom use what they pay for
packets take multiple different paths to destination
packets are reassembled at destination
QOS
(Quality of service) give specific traffic priority over other traffic
most commonly used for VOIP or other UDP (connection less) traffic needing close to real time communication
TCP
connection oriented
sequential - each packet is reassembled in the order it was sent
even with packets tacking different paths, this still happens
we use TCP for things that requires data integrity and can handle less delivery time
PAN
personal area network — your personal area
LAN
local area network - devices are nodes and are geographically constrained
MAN
metropolitan area network - usually spans a city or large campus
WAN
wide area network – covers a large geographic network area such as a city, country or even intercontinental distances. combines many types of media, telephone, cables and air waves.
VPN
virtual private network
GAN
global area network -
used for supporting mobile users across a number of wireless LANs, satellite coverage area. The transition from one to the next can be seamless
uses different technologies and protocols to make sure that user can continue to use their phone
OSI model Layers 1-7
1 - Physical
2 - Data Link
3 - Network
4 - Transport
5 - Session
6 - Presentation
7 - Application
We are blocking unused ports on our servers as part of our server hardening, when we block TCP/UDP port 138. Which protocol are we blocking?
Netbios datagram service
We are using the OSI model to categorize attacks and threats. Which of these are COMMON layer 2 threats?
A: Ping of death
B: syn floods
C: arp spoofing
D: eavesdropping
C: arp spoofing
Explanation
ARP spoofing is an attack where an attacker sends a fake ARP (Address Resolution Protocol) messages over a local area network. This results in associating the attacker’s MAC address with the IP address of an authorized computer or server on our network.
In a new data center implementation, we are wanting to use IPv6 addresses. Which of these statements are TRUE about IPv6 addresses? (Select all that apply).
A: they can use EUI/MAC48 addresses by adding ffe in the midle of the mac address
B: they use broadcast addresses
C: they are 32-bit binary
D: they are 128 bit binary
A and D
Explanation
IPv6 is 128-bit binary, often expressed in hexadecimal numbers (using 0-9 and a-f); for Link Local addresses we add the fe80: prefix to an address, and for EUI/MAC48 addresses we add “fffe” to make it an EUI/MAC64 address.
Which layer of the Open Systems Interconnect (OSI) model isolates traffic into broadcast domains?
Explanation
Layer 3: Network Layer: Expands to many different nodes (IP) – The Internet is IP based. Isolates traffic into broadcast domains.
know the IPV4 private addresses
- 0.0.0 - 10.255.255.255.
- 16.0.0 - 172.31.255.255
- 168.0.0 - 192.168.255.255
which port is used by our DHCP servers to communicate with the clients
Explanation
DHCP uses UDP Port 67 for the DHCP Server and UDP Port 68 for the Client.
A system is requesting an IP address using DHCP. how would the traffic flow look
- Discovery
- offer
- request
- acknowledge
Which of the following proxies cannot make access decisions based upon protocol commands?
A. Application
B. Packet filtering
C. Circuit
D. Stateful
answer is C.
Application and circuit are the only types of proxy-based firewall solutions listed here. The others do not use proxies. Circuit-based firewalls make decisions based on header information, not the protocol’s command structure. Application-based proxies are the only ones that understand this level of granularity about the individual protocols.
Alice wants to send a message to Bob, who is several network hops away from her. What is the best approach to protecting the confidentiality of the message?
A. PPTP
B. S/MIME
C. Link encryption
D. SSH
Answer is B.
Secure Multipurpose Internet Mail Extensions (S/MIME) is a standard for encrypting and digitally signing e-mail and for providing secure data transmissions using public key infrastructure (PKI).
what does TCP stand for in TCP/IP
- Transmission control protocol
- part of a suite of communication protocols
- defines how applications create communication
- manages how messages are broken down into packets to be transmitted and reassembled at the destination
what does IP stand for in TCP/IP
- Internet Protocol
- part of a suite of protocols
- defines how to address and route packets for delivery
how many layers are in TCP/IP and what are they in order (bottom to top)
• 4 (Link or Physical, network, transport, application)
what does PDU stand for
• protocol data units
Name the PDU and layer it is associated with in the OSI model
- data - session, presentation and application layer
- segments - transport layer
- packets - network layer
- frames - data link layer
- bits - physical layer
what two things were behind the design of TCP/IP
- network reliability
- auto recovery from failure
what layers does the link layer in TCP/IP map to in OSI
• link/physical in tcp/ip maps to (physical and data layers in the OSI model)
what does network layer in TCP/IP map to in OSI
• same -network layer in OSI
what does transport layer in TCP/IP map to in OSI
• same - transport layer in OSI
what does the application layer in TCP/IP map to in OSI
TCP/IP application layer maps to (session, presentation and application in the OSI model)
Tables which included subjects, objects, and access controls / privileges
Capability Tables
- Each row of an access control matrix is a capability list. A capability list is tied to the subject; it lists valid actions that can be taken on each object.
- List access controls and privileges assigned to a subject.
• ACLs focus on objects whereas capability lists focus on subjects.
access control matrix, capabilities, ACL diagram
diagram
TCB flow
reference monitor
- (at a theoretical level) that all subject to object access should be controlled.
- It establishes an access control security policy around a computing device.
what is the core of TCB
explain TCB
- The trusted computer base (TCB) is the sum of all the protection mechanisms within a computer and is responsible for enforcing the security policy.
- this includes hardware, software, controls, and processes
- the TCB is responsible for confidentiality and integrity
- TCB is the only portion of a system that operates at a high level of trust
what encryptions use discrete logarithms
- DSA
- Diffie-Hellman
- ElGamal
- if it is implemented by itself it is vulnerable to a man-in-the-middle attack
- digital certificates and PKI
what are the key components of digital signature
- information about the use requesting the certification - used for proof of identity by the RA
- requesting users public key
- both of these pieces (user information the users public key) encrypted with the CAs private key
so when Alice sends a message to Bob with her digital signature, Bob uses the CA’s public key to decrypt the information. Bob knows the CAs public key because his browser has that information
why would we need Diffie_Hellman if we are using asymmetric encryption
- asymmetric encryption is super slow but a better form of original communication since we are using public/private keys for encryption and decryption
- Diffie_Hellman helps us to determine a shared key over an unsecure media (internet) so that we can use symmetric encryption (faster)
what is a caveat of RSA
- RSA needs to be appropriately padded to be secure
As the length of plaintext messages is variable, the last block of a message is typically padded (expanded) per a certain padding scheme to be at the same size as the underlying cipher block. Which of the following block cipher modes of operation is most likely subject to padding oracle attack or POODLE attack? (Wentz QOTD)
A. Counter (CTR)
B. Cipher block chaining (CBC)
C. Cipher feedback (CFB)
D. Output feedback (OFB)
https://wentzwu.com/2022/01/03/cissp-practice-questions-20220103/
My suggested answer is B. Cipher block chaining (CBC).
explanation: A block cipher is a cryptographic algorithm operating on fixed-length blocks of bits. As a block has a fixed length and messages are variable in length, padding is required which adds data to the beginning, middle, or end of a message prior to encryption.
- “In cryptography, a padding oracle attack is an attack which uses the padding validation of a cryptographic message to decrypt the ciphertext.” (Wikipedia)
- “The POODLE attack (which stands for “Padding Oracle On Downgraded Legacy Encryption”) is a man-in-the-middle exploit which takes advantage of Internet and security software clients’ fallback to SSL 3.0.” (Wikipedia)
elliptic curve Diffie_Hellman - what is the benefit
- Diffie_Hellman key exchange plus elliptic curve cryptography
- (all of the math aside) it uses the structure of curves to reduce the size of keys while still providing the equivalent level of security as non-elliptic curve cryptography
- a 224 bit elliptic curve key proves roughly the same level of security as 2048 bit RSA key
for diffie-hellman key exchange to work properly what is needed with generated numbers
- both parties have to use cryptographically secure pseudo random number generators to generate the numbers they use in the Diffie_Hellman key exchange
- if numbers are somewhat predictable, it can make it much easier for a eavesdropping attacker to figure out the shared secret or either of Alice or Bob’s secret integers
common ports to remember
- 21 (FTP) file transport protocol - TCP
- 22 (SSH) secure shell -TCP
- 23 Telnet -TCP
- 25 (SMTP) simple mail transport protocol - TCP
- 53 (DNS) domain name system - both TCP/UDP
- 67/68 (DHCP) dynamic host configuration protocol - UDP
- 80 (HTTP) hypertext transport protocol
- 110 (POP3) post office protocol - TCP
- 138 netbios datagram service both TCP/UDP
- 143 (IMAP) internet message access protocol - TCP
- 443 (HTTPS) hypertext transport protocol secure
- 3389 (RDP) remote desktop server both TCP/UDP
what are the ports listed below and are they udp or tcp
- 21
- 22
- 23
- 25
- 21 (FTP control) file transport protocol - TCP
- 22 (SSH) secure shell -TCP
- 23 Telnet -TCP
- 25 (SMTP) simple mail transport protocol - TCP
what are the ports listed below and are they tcp or udp
- 53
- 67/68
- 80
- 110
- 53 (DNS TCP/UDP) domain name system - both TCP/UDP
- 67/68 (DHCP- UDP) dynamic host configuration protocol
- 80 (HTTP) hypertext transport protocol
- 110 (POP3) post office protocol - TCP
what are the ports below and are they tcp or udp
- 138
- 143
- 443
- 3389
- 138 netbios datagram service both TCP/UDP
- 143 (IMAP - TCP) internet message access protocol
- 443 (HTTPS -TCP/UDP) hypertext transport protocol secure
- 3389 (RDP - TCP) remote desktop server both TCP
common wireless speeds
wireless speeds
what are the ports below and tcp or udp
- 20
- 88
- 389
- 49
- 1812/1813
- 20 (FTP data transport) file transfer protocol domain name system - both TCP/UDP
- 88 (Kerberos)
- 389 (LDAP TCP/UDP) Lightweight Directory access
- 49 (TACACS+)
- 1812/1813 Radius TCP
ephemeral port range
49152-65535
WPA2 attributes
- (CCMP) counter mode with cipher block chaining message authentication code protocol
- AES
IPV6 local address
- fe80::b8:20fa:22ff:fe52:888a
gateway attributes
- a gateway connects networks that are using different network protocols. also known as protocol translators, can be stand-alone hardware devices or a software service.
- primarily layer 3
- could be any layer
- PGP (pretty good privacy)
- Used for signing, encrypting, and decrypting texts, e-mails, files, directories, and whole disk partitions and to increase the security of e-mail communications.
what is layer 6 in OSI and what function does it serve
- presentation
- coding and conversation functions on application layer data
what is layer 6 in OSI and what function does it serve
- responsible for “presentation” character conversion, codecs, compression and decompression for streaming audio and video, image conversion, formatting (TIFF, JPEG, MPEG)
- establishes, manages, and terminates communication sessions between presentation layer entities
what is layer 5 in the OSI and what function does it serve
- session
- circuit proxy firewall
- session management capabilities between hosts
- assists in synchronization, remember session information like passwords, so verification does not need to repeat, dialog control
what is layer 4 in the OSI and what function does it serve and what ports
- transport
- responsible for end to end connection with error correction and detection
- data transport services transparent to upper layers
- TLS/SSL, TCP/UDP
what is layer 3 in the OSI and what function does it serve
- Network
- IP addresses
- responsible for logical addressing, routing and datagram
- routers and packet filtering firewalls (simplest and fastest firewall)
what is layer 2 of OSI and what function does it serve
- data link
- MAC address
- provides reliable transit of data across a physical network link
what is layer 1 of OSI and what function does is server and what devices
- physical
- hubs, repeaters, concentrators
- bit level transmission between different devices, electrical or mechanical interfaces
network class range of IPS
- Class A -
- 127 networks
- 16,777,214 hosts per network
- Class B -
- 16,384 network
- 65,534 hosts per network
- Class C -
- 2,097,152 networks
- 254 hosts per network
which of the following best describes all the components of a system that are responsible for system security
- the international common criteria
- TCSEC
- TCB
- ITSEC
- TCB (trusted computing base)
The purpose of key escrow is to enable a trusted third party to do which of the following? (Select the best answer.)
- access sensitive data if the need arises
Which of the following types of obfuscation deals with making a program obscure to computers?
prevention obfuscation
which of the following security standards recommends security controls based on industry best practices?
A. International Organization for Standardization (ISO) 27002
B. International Organization for Standardization (ISO) 27001
C. Information Technology Infrastructure Library (ITIL)
D. Control Objects for Information and Related Technology (COBIT)
Explanation:
ISO 27002 is a security standard that recommends security controls based on industry best practices. ISO 27002, which was renumbered from ISO 17799 in 2005, is based on British Standard 7799 (BS 7799); it defines security objectives and provides a list of security controls that are based on industry best practices. ISO 17799, and subsequently ISO 27002, was based on the first part of BS 7799. ISO 27002 includes the following 14 objectives:
- Security Policy
- Organization of Information Security
- Human Resources Security
- Asset Management
- Access Control
- Cryptography
- Physical and Environmental Security
- Operations security
- Communications Security
- Information Systems Acquisition, Development, Maintenance
- Supplier Relationships
- Information Security Incident management
- Information Security Aspects of Business Continuity
- Compliance
what physical device is at layer 5 of OSI and what protocols
- circuit proxy firewall
- Socks is an example of proxy firewall
- Netbios, SMB, RPC, NFS, and SQL
- RPC - remote procudure protocol
- enables clients to send a request to a remote server to execute a specific procudure with supplied parameters
what law prevents government agencies from disclosing personal information that an individual supplies to the government under protected circumstances
- privacy act
NOTE: it is not electronic communications privacy act
what is layer 7 of OSI what works there, devices and protocols
- application layer
- greatest intelligence to make decisions
- human computer interaction and where applications can access network services
- application firewalls (very intelligent, very advanced decisions like deep packet inspection, slow)
- HTTP/S, DNS, SSH, SNMP, LDAP, DHCP, Telnet, POP3 IMAP,
what is layer 6 of OSI, what works there, devices and protocols
- Presentation layer
- encryption/decryption
- responsible for “presentation” character conversion, codecs, compression and decompression for streaming audio and video, image conversion, formatting (TIFF, JPEG, MPEG)
what is layer 4 of OSI model, what works there, what devices, what ports
- Transport layer
- responsible for end to end connection with error correction and detection
- Ports - 65,535 total (know some common ports)
- TCP/UDP and SSL/TLS(used to encrypt http and other data traffic) (makes sure to know tcp/udp nuances)
what is layer 3 in OSI, what works here, what devices, what protocols
- nework
- IP addresses
- responsible for logical addressing, routing and datagram
- routers and packet filtering firewalls (simplest and fastest firewall)
- IP, ICMP(ping), IPSEC, IKE, ISAKMP, PING, IGMP IGMP, NAT, SKIP, OSPF (routing protocols)
what is layer 2 of OSI, what works there, what devices and what prototocols
- Data Link
- MAC address
- switches (L2) and Bridges
- 802.1x (protocol used for authenticating network devices to a network – (Port based NAC/ISE))
- arp, rarp, PPTP, L2TP(vpn tunnels) , ppp (encapsulates IP traffice over analog, provides authentication, encryption (poor) and compression))
- authentication protocols pap, chap and eap
- FDDI, ISDN,
what is arp and what OSI level does it operate at
- address resolution protocol
- converts a IP address at layer 3 (network)to a MAC address at layer 2 (data link)
what do bridges do and what layer on OSI
- layer 2
- connect 2 physical network segments together
other than SAML what other protocols enable single sign-on/federated access
- OpenID - provides authentication
- is an open standard, It provides decentralized authentication, allowing users to log into multiple unrelated websites with one set of credentials maintained by a third-party service referred to as an OpenID provide
- OAuth - provides authorization
- is an open standard for authorization, commonly used as a way for Internet users to log into third party websites using their Microsoft, Google, Facebook, Twitter, One Network etc. accounts without exposing their password.
vulnerability and pen testing stages
- reconnaissance - gathering information about target
- enumeration/scanning - open ports and check network traffic
- vulnerability analysis/assessment - using tools to find vulnerabilities to exploit
- execute/exploitation - a vulnerability assessment moves to reporting. a pen tester attemps to exploit the vulnerabilities looking to verify if they are false positives or not
- reporting - prepare and deliver the documentation (CVEs and CVSS scores)
Candidate Keys
- one or more per table
- a subset of attributes that can be used to uniquely identify any record in a table. No two records in the same table will ever contain the same values for all attributes composing a candidate key.
- example: first name last name would work as a good candidate key until you have two employees with the same name. another column something like employee # might work better
collisions on the network are handled how and what OSI layer do they happen at
- carrier sense multi access Collision Detection (csma/cd) (ethernet)
- carrier sense multi access Collision Avoidance (CSMA/CA) (wireless 802.11)
- layer 1 of OSI (physical layer)
cryptographic algorithms convert plaintext to ciphertext with two methods
- substitution
- transposition
Event:
- An observable change in state, this is neither negative nor positive, it is just something has changed.
- A system powered on, traffic from one segment to another, an application started.
- mac spoofing
- mac flooding
layer 1 of OSI what protocols
- 802.11 (wireless family) radio frequency, infrared, microwave, bluetooth
- ethernet, wired (twisted, pair, coax, fiber optics, SONET
security domain
- establishing the access control security policy by grouping the objects a user can access into a security domain.
what OSI layer do these belong to
- Netbios, SMB, RPC, NFS, and SQL
layer 5
