Domain 4. Networking Flashcards
What is the function of ARP (Address Resolution Protocol)?
MAC to IP translation
What is the function of IGMP (Internet Group Messaging Protocol)?
Used for multicasting
What is the function of ICMP (Internet Control Messaging Protocol)?
Used for troubleshooting and error messaging - ping, tracert
What is the function of IP (Internet Protocol)?
Used for addressing and routing
How many bits is IPv4?
32-bit, 4-octet identifier
How many bits in IPv6?
128-bit HEX identifier
What is the function of UDP (User Datagram Protocol)?
Connection-less delivery, no handshaking
What is the function of TCP?
Connection guaranteed delivery. Three-way handshake
What is the port?
A port is an identifier for an application within a computer. Port is associated with either UDP or TCP.
How many ports do we have?
65,535
“Well known ports” are…
1 - 1023
Dynamic ports (private ports) are …
49, 151 - 65,535
Registered ports are…
1024 - 49,151
DNSSEC
all responses from DNSSEC are digitally signed using public key encryption
What is MPLS?
Multiprotocol Label Switching - used to create cost effective, private Wide Area Networks (WANs) faster and more secure than regular routed “public” IP networks like the internet
More secure than the public internet, because a “virtual” private network (end-to-end circuit)can be built just for your organization
Layer 3 technology
Name 4 wireless network sizes
WPAN -> WLAN -> WMAN -> WWAN WPAN - personal area network WLAN - 802.11x network WMAN - connectst 802.11 network using 802.16 WWAN - point to point microwave links
What is Bluejacking?
Sending spam to nearby bluetooth devices
What is Bluesnarfing?
Copes information off remote device
Name 802.11 Access Modes?
WEP, WPA, WPA2
Name Wireless Attack Vectors
Passive:Sniffing, Eavesdropping, packet capture
MitM: Rogue Access Point, MAC impersonation, Replay Attack
DoS: Bogus requests, signal jamming, packet injection
WEP
broken ecryption, no integrity
WPA2
uses 801.11, EAP, AES and CBC-MAC
Encryption can be used to ensure … ?
Confidentiality
Hashing can be used to ensure … ?
Integrity
Digital signature can be used to ensure … ?
non-repudiation
Digital certificates can be used to ensure … ?
authentication
How S/MIME can be used?
digitally sign and encrypt emails
Eavesdropping
Violation of confidentiality
Tampering
Violation of integrity
Spoofing
violation of authenticity
Digital signature
Message Digest (MD) encrypted with the private key
DMZ
Semi-trusted network
Enclave network
Segment within a trusted network
NAT
used to translate internal IP
bridge
connects same protocol LANs
TEMPEST
Emanation certification network
What is the goal of CDN
Server content to end users with high availability and high performance
Name 4 VPN technologie
PPTP - point to point Tunneling Protocol
L2TP Layer 2 Tunneling Protocol
IPsec - internet protocol security
SSL - secure Socket Layer
IPsec two different modes
Transport mode - used for end-2-end protection between client and server. IP payload is encrypted. Headers are not encrypted
Tunnel mode - server to server, gateway-gateway. Everything is encrypted.
Name IPsec securitry services
Authentication - Kerberos or preshared key or digital cert
Integrity - HMAC - hash messaged auth code
Confidentiality - 3DES, AES
Non-repudiation - digital signature
IPsec Authentication Header (AH)
provide data integrity, data origin authentication, replay protection. Can be used as standalone IPsec protocol if confidentiality is not required
IPsec Encapsulating Security Payload (ESP)
All features of AH + symmetric encryption for payload
IPsec IKE
provides mechanism for device authentication and establishing security association
IPsec SPI
Security Parameter Index (SPI)
includes algo that will be used (hashing encryption), key length and key information
What is the difference between IPsec transport mode and tunnel mode?
In transport mode only payload is encrypted, but in tunnel mode - entire packet is encrypted
What PDU (Protocol Data Unit) and protocols is used in Layer 7 Application?
Application layer, Datastream
FTP, TFTP, SSH, IMAP, POP, HTTP, HTTPS
What PDU (Protocol Data Unit) and protocols is used at level 6 Presentation?
Presentation layer, Datastream
What PDU (Protocol Data Unit) and protocols is used at level 5 Session?
Session layer, Datastream
SQL, RPC
What PDU (Protocol Data Unit) and protocols is used at level 4?
Transport layer, Segment
TCP
UDP
SSL/TLS
What PDU (Protocol Data Unit) and protocols is used at level 3?
Network layer, Packets
IP, IPv6, IP NAT, ICMP, BGP
What PDU (Protocol Data Unit) and protocols is used at level 2?
Data link layer, Frames
Token ring, PPTP, L2TP, WLAN, Wi-Fi
What PDU (Protocol Data Unit)and protocols is used at level 1?
Physical layer, Bits
What is encapsulation?
Takes information from higher network layer and adds a header to it, treating the higher-layer information as data
What layer 1 device provides basic physical connectivity?
Hub, modem, Wireless Access Point, cable, physical interface of NIC, repeater
Name 3 different types of cables
Coaxial, Twisted Pair, FiberOpitc
Name 4 Layer 1 network topolgies
Bus, Ring, Star, Mesh
What is the most fault tolerant and redundant topology?
Mesh
What threats exists in Physical Layer 1?
Sniffing, Interference, Data Emanation
Name 2 sub-layers of Data Link layer
LLC - Logical link Control - error detection
MAC - Media Access Control
ARP
Address Resolution Protocol. Takes known IP address and maps it to unknown MAC address. IP to MAC resolution. Broadcast base.
RARP
Reverse Address Resolution Protocol.
Takes known MAC address and provides IP (basis for DHCP)
ARP Poisoning, Cash Poisoning
Layer 2 attack. Uses unsolicited replies.
MAC (Media Access Control) Mechanisms - collision control
CSMA/CD - Collision Detection
CSMA/CA - Collision Avoidance
Token passing
How HUB works?
Sends all data out for all ports
Name Layer 2 device
Switch, Switch doesn’t isolate broadcast, isolate collision domain
What layer has IP address?
Layer 3
What is Router?
Layer 3 device, router isolate broadcast domains
Ping flood
Lots of ping traffic
LOKI
sending data in ICMP messages - Covert Channel
Which layer uses following protocols: icmp, ipsec, igmp, igrp
Layer 3. All protocols starting from i - are layer 3 protocol. Except imap!
SMURF attack
uses spoofed source address (target) and direct broadcast to launch a DDoS
Ingreess
Incomming traffic
Egress
Outcomming address
What is the goal of Layer 4 (Transport)
Provides End to End data transportation services
Which protocols are used in Layer 4 (transport)?
SSL/TLS, TCP, UDP
Across which layers SSL/TLS operates?
Layer 4-7
What is the advantage of TCP?
Adds security
Easier to program with
Truly implements a sessio
What is the disadvantage of TCP?
SYN Floods
Slower then UDP
Describe TCP handshake
SYN
SYN/ACK
ACK
Has a guaranteed delivery based on handshake process
Which protocol is used by TFTP
UDP
Which protocol is used by FTP
TCP
What is the function of Layer 5 (Session)?
Responsible for establishing a connection between two APPLICATIONS! (either on the same computer of two different coputers)
Create connection
Transfer data
Release connection
What is the function of Layer 6 (Presentation)?
Present data in a format that all computers can understand..
What OSI layer that doesn’t have any protocols?
Layer 6, Presentation layer
What is the concern of Layer 6?
Concerned with encryption, compression and formatting
What is the function of Layer 7?
Defines a protocol that two different programs or applications understand
Name Layer 7 protocols
HTTP, HTTPS, FTP, TFTP, SMTP, SNMP,
What is the disadvantage of the deep packet inspection?
Performance and expensive
What is the key responsibility of Application layer?
User application service
What is the key responsibility of Presentation layer?
Data translation, Compression and encryption
What is the key responsibility of Session layer?
Session establishment, management and termination
What is the key responsibility of Transport layer?
End to end connection, segmentation and reassembly
What is the key responsibility of Network layer?
Logical Addressing, Routing, Datagram encapsulation, error handling
What is the key responsibility of Data Link layer?
Logical Link Control (LLC), MAC Media Access Control, Data framing, Addressing, Error Detection
What is the key responsibility of Physical layer?
Encoding & signaling, Physical data transfer, Topology and design
Salami attack
Many small attacks add up to equal a large attack
Data Diddling
Altering/Manipulation data, usually before entry
Session Hijacking
Attacker steps in between
Tear Drop
Sending Malformed packets which the Operating System does not know how to reassemble. Layer 3 attack
Buffer Overflow
Attacks that overwhelm a specific type of memory on a system—the buffers. Is best avoided with input validation
Bonk attack
Similar to the Teardrop attack. Manipulates how a PC reassembles a packet and allows it to accept a packet much too large.
Land Attack
Creates a “circular reference” on a machine. Sends a packet where source and destination are the same.
Syn Flood Attack
Type of attack that exploits the three way handshake of TCP. Layer 4 attack. Stateful firewall is needed to prevent
Smurf attack
Uses an ICMP directed broadcast. Layer 3 attack. Block distributed broadcasts on routers
Fraggle attck
Similar to Smurf, but uses UDP instead of ICMP. Layer 4 attack. Block distributed broadcasts on routers
At which layer of OSI proxy operates
Layer 7 Application
State full firewall
Keeps tracks of connections
What is DMZ?
A buffer zone between an unprotected network and a protected network that allows for the monitoring and regulation of traffic between the two.
What is multi-homed firewall
Multi-homed firewalls may be used to setup a DMZ with a single firewall.
Internal Private Addresses (RFC1918)
- x.x.x
- 16.xx-172.31.x.x
- 168.x.x
Name circuit switching technologies
DSL, ISDN, PSTN, t-carriers
Name packet switching technologies
X.25, Frame relay, ATM, VOIP, MPLS, Cable modem
What is the greatest security threat to VOIP
Eavesdropping
Latency
Fixed Dely
Jittering
Variable delay
PPP description? What OSI layer?
Point to Point. Layer 2
PPTP
Point to Point Tunneling Protocol
Uses EAP for authentication
Work only with IP networks
L2TP
Layer 2 Tunneling Protocol
There is no security in L2TP
Describe WEP Problems
Weak IV (24 bits) IV transmitted in clear text RC4 stream cipher Easy crackable No backward compatible
Describe WPA Problems
Stronger IV
Introduced TKIP (temporary key integrity protocol)
Still used RC4
Describe WPA2
AES
CCMP - key protection
Not backwards compatible
Blue bugging
Allows use of the phone
Allows one to make calls
Can eavesdrop on calls
WAP GAP
As the gateway decrypts from WTLS and encrypts as SSL/TLS, the data is plaintext. If someone could access the gateway, they could capture the communications
TCP/IP model
Application
Transport
Internet
Link
Common-mode noise (EMI)
Common-Mode noise occurs between hot and ground wires
Traverse-mode noise (EMI)
Traverse-mode noise occurs between hot and neutral wires.
