Exam Essentials Chap 11 & 12 Flashcards
What makes up the fours layers of the TCP/IP model?
Application, Transport(Host-to-Host), Internet(Internetworking), and Link(Network Interface or Network Access)
How can TCP/IP be secured?
It can be secured using VPN links between systems. VPN links are encrypted to add privacy, confidentiality, and authentication and to maintain data integrity. You can also use TCP Wrappers.
What are the protocols used to establish VPNs?
Point-to-Point Tunneling Protocol (PPTP), Layer 2 Tunneling Protocol (L2TP), and Internet Protocol Security (IPsec).
What is the difference between TCP and UDP?
TCP
- Supports Full-duplex communications
- Connection oriented
- Uses a handshake process(SYN, SYN/ACK, ACK)
UDP
- Simplex connectionless protocol
- Connectionless ‘best effort’
- Low overhead
What is Telnet? What port does it operate at?
This is a terminal emulation network application that supports remote connectivity for executing commands and running applications but does not support transfer of files. TCP Port 23
What is the File Transfer Protocol(FTP)? What port does it operate at?
This is a network application that
supports an exchange of files that requires anonymous or specific authentication. TCP Ports 20 and 21
What is the Trivial File Transfer Protocol(TFTP)? What port does it operate at?
This is a network application that
supports an exchange of files that does not require authentication. UDP Port 69
What is the Simple Mail Transfer Protocol(SMTP)? What port does it operate at?
This is a protocol used to transmit
email messages from a client to an email server and from one email server to another. TCP Port 25
What is the Post Office Protocol(POP3)? What port does it operate at?
This is a protocol used to pull email messages
from an inbox on an email server down to an email client. TCP Port 110
What is the Internet Message Access Protocol(IMAP)? What port does it operate at?
This is a protocol used to pull email messages from an inbox on an email server down to an email client. IMAP is more secure than POP3 and offers the ability to pull headers down from the email server as well as to delete messages directly off the email server without having to download to the local client first. TCP Port 143
What is the Dynamic Host Configuration Protocol(DHCP)? What port does it operate at?
DHCP uses port
67 for server point-to-point response and port 68 for client request broadcasts. It is used to
assign TCP/IP configuration settings to systems upon bootup. DHCP enables centralized
control of network addressing. UDP Ports 67 and 68
What is the Hypertext Transport Protocol(HTTP)? What port does it operate at?
This is the protocol used to transmit
web page elements from a web server to web browsers. TCP Port 80
What is the Secure Sockets Layer(SSL)? What port does it operate at?
This is a VPN-like
security protocol that operates at the Transport layer. SSL was originally designed to support
secured web communications (HTTPS) but is capable of securing any Application
layer protocol communications. TCP Port 443 (for HTTP Encryption)
What is Line Print Daemon(LPD)? What port does it operate at?
This is a network service that is used to spool
print jobs and to send print jobs to printers. TCP Port 515
What is X Window? What port does it operate at?
This is a GUI API for command-line operating
systems. TCP Ports 6000–6063
What is the Bootstrap Protocol(BootP)? What port does it operate at?
This is a protocol used to connect diskless workstations to a network through auto assignment of IP configuration and download of basic OS elements. BootP is the forerunner to Dynamic Host Configuration Protocol (DHCP). UDP Ports
67 and 68
What is Network File System(NFS)? What port does it operate at?
This is a network service used to support file
sharing between dissimilar systems. TCP Port 2049
What is the Simple Network Management Protocol(SNMP)? What port does it operate at?
This is a network service used to collect network health and status information
by polling monitoring devices from a central monitoring station. UDP Port 161 (UDP Port 162 for Trap
Messages)
What are some benefits of Multilayer protocols? What are some drawbacks?
Benefits
-A wide range of protocols can be used at higher layers.
-Encryption can be incorporated at various layers.
-Flexibility and resiliency in complex network structures is supported.
Drawbacks
-Covert channels are allowed.
-Filters can be bypassed.
-Logically imposed network segment boundaries can be overstepped.
What is Distributed Network Protocol(DNP3)?
It is used to support communications between data
acquisition systems and the system control equipment. This includes substation computers,
RTUs (remote terminal units) (devices controlled by an embedded microprocessor),
IEDs (Intelligent Electronic Devices), and SCADA master stations (i.e., control centers). DNP3 is an open and public standard. DNP3 is a multilayer protocol that functions similarly
to that of TCP/IP, in that it has link, transport, and transportation layers.
What are some vulnerabilities of TCP/IP?
Improperly implemented TCP/IP stacks in various operating systems are vulnerable to buffer overflows, SYN flood attacks, various DoS attacks, fragment attacks, oversized packet attacks, spoofing attacks, man-in-the-middle attacks, hijack attacks, and coding error attacks. TCP/IP (as well as most protocols) is also subject to passive attacks via monitoring or sniffing.
What are the three layers from top to bottom of addressing and naming when in use with TCP/IP networks?
Domain name, IP address, & MAC address
What are the characteristics of 10Base2(Thinnet)?
Max Speed: 10 Mbps Distance: 185 meters Difficulty of Installation: Medium Susceptibility to EMI: Medium Cost: Medium
What are the characteristics of 10Base5(Thicknet)?
Max Speed: 10 Mbps Distance: 500 meters Difficulty of Installation: High Susceptibility to EMI: Low Cost: High
What are the characteristics of 10Base-T(UTP)?
Max Speed: 10 Mbps Distance: 100 meters Difficulty of Installation: Low Susceptibility to EMI: High Cost: Very low
What are the characteristics of STP?
Max Speed: 155 Mbps Distance: 100 meters Difficulty of Installation: Medium Susceptibility to EMI: Medium Cost: High
What are the characteristics of 100Base-T/100Base-TX?
Max Speed: 100 Mbps Distance: 100 meters Difficulty of Installation: Low Susceptibility to EMI: High Cost: Low
What are the characteristics of 1000Base-T?
Max Speed: 1 Gbps Distance: 100 meters Difficulty of Installation: Low Susceptibility to EMI: High Cost: Medium
What are the characteristics of Fiber-optic?
Max Speed: 2+ Gbps Distance: 2+ kilometers Difficulty of Installation: Very high Susceptibility to EMI: None Cost: Very high
What are the Cat 1 characteristics of UTP?
Throughput: Voice only
Notes: Not suitable for networks but usable by modems
What are the Cat 2 characteristics of UTP?
Throughput: 4 Mbps
Notes: Not suitable for most networks; often employed for host-to-terminal connections on mainframes
What are the Cat 3 characteristics of UTP?
Throughput: 10 Mbps
Notes: Primarily used in 10Base-T Ethernet networks (offers only 4 Mbps when used on Token Ring networks) and as telephone cables
What are the Cat 4 characteristics of UTP?
Throughput: 16 Mbps
Notes: Primarily used in Token Ring networks
What are the Cat 5 characteristics of UTP?
Throughput: 100 Mbps
Notes: Used in 100Base-TX, FDDI, and ATM networks
What are the Cat 6 characteristics of UTP?
Throughput: 1,000 Mbps
Notes: Used in high-speed networks
What are the Cat 7 characteristics of UTP?
Throughput: 10 Gbps
Notes: Used on 10 gigabit-speed networks
What is the last six of the eight TCP header flags in the correct order?
URG, ACK, PHS, RST, SYN, FIN
What are the three main types of LAN technologies?
Ethernet, Token Ring, and FDDI
What are the two types of mechanisms to transmit signals over a physical medium, such as a cable?
Analog & Digital
What is the difference between Analog and Digital communication?
Analog communication is measured in frequency and becomes more unreliable the longer the distance due to signal interference and degradation.
Digital communication is measured in direct current voltage(on-off pulses or 1-0) resulting in a stream of binary data. Digital is more reliable over long distances or when interference is present.
What is the difference between Synchronous and Asynchronous communication?
Synchronous communications
- Uses a timing or clocking based on an independent clock or a time stamp embedded in the data stream
- Typically able to support very high rates of data transfer
Asynchronous communications
- relies on a stop and start delimiter bit to manage the transmission of data
- best suited for smaller amounts of data
- Public switched telephone networks(PSTN) modems are a good example
What are the sub technology characteristic’s that describe how networks communicate?
- Mechanisms to transmit signals over a physical medium(Analog/Digital)
- Mechanisms to sync with some sort of clock or timing activity(Sync/Async)
- How many communications can occur over a cable segment(Base/Broadband)
- Technologies that determine how many destinations a single transmission can reach(Broadcast/Multicast/Unicast)
- LAN media access technologies that are used to avoid or prevent transmission collisions and define how multiple systems within a collision domain are to communicate(CSMA/CSMA-CD/CSMA-CA/Token Passing/Polling)
What is the difference between Baseband and Broadband communication?
Baseband
- Supports a single communication channel
- Uses a direct current applied to the cable
- Higher level current equals 1, lower level equals 0
- Digital signal
- Ethernet is a baseband technology
Broadband
- Supports multiple simultaneous signals
- Uses frequency modulation supporting numerous channels, each supporting a distinct communication session
- Suitable for high throughput rates, especially when several channels are multiplexed
- Analog signal
- Cable television & modems, ISDN, DSL, T1, & T3 are broadband technologies
What are the characteristics of Broadcast, Multicast, and Unicast technologies?
Broadcast technology supports communications to all possible recipients.
Multicast technology supports communications to multiple specific recipients.
Unicast technology supports only a single communication to a specific recipient.
What are the five LAN media access technologies that are used to avoid or prevent transmission collisions?
CSMA, CSMA-CA, CSMA-CD, Token Passing, Polling
What are the characteristics of Carrier-Sense Multiple Access (CSMA)?
- Does not directly address collisions
- Just listens, if no response sends again
What are the characteristics of Carrier-Sense Multiple Access with Collision Avoidance (CSMA/CA)?
- Avoids collisions by granting only a single permission to communicate at any given time
- Requires designation of master/primary system
- Appletalk and 802.11 wireless networking
What are the characteristics of Carrier-Sense Multiple Access with Collision Detection (CSMA/CD)?
- Allows a collision to occur but responds to it
- Makes each member wait for a random but short period of time before communicating again
- Results in a 40% loss in potential throughput
- Ethernet
What are the characteristics of Token Passing?
- Uses a digital token to perform communications
- Used by Token Ring networks, such as FDDI
- Prevents collisions since only the system possessing the token is allowed to transmit data
What are the characteristics of Polling?
- Attempts to prevent collisions through a permission system
- Uses master/primary like CSMA/CA but allows clients to request permissions
- Allows one system higher priority over others
What are some important considerations when designing and building a secure network?
Consideration of factors such as the topology and placement of hosts within the network, the selection of hardware and software technologies, and the careful configuration of each component. Applying secure design principles such as segmentation, evaluation of networking devices, conducting site surveys, etc.
What should network security take into account?
- IP and non-IP protocols
- Network access control
- Using security services and devices
- Managing multilayer protocols
- Implementing endpoint security
What are some examples of network segments or sub networks?
Intranet
Extranet
DMZ
What is a Intranet?
Private network that is designed to host the same information services found on the Internet. Intranets provide users with access to the Web, email, and other services on internal servers that are not accessible to anyone outside the private network.
What is a Extranet?
An Extranet is a cross between the Internet and an intranet. An extranet is a section of an
organization’s network that has been sectioned off so that it acts as an intranet for the private
network but also serves information to the public Internet. An extranet is often reserved for
use by specific partners or customers. It is rarely on a public network.
What is a DMZ?
An Extranet for public consumption
What are some benefits of Network segmentation?
Improve performance, Manage traffic, enforce security
How can Network segmentation be created?
They can be created individually or in combination by:
Switched-based VLANs
Routers
Firewall
What are the characteristics of Cell phone wireless communications?
- Uses a portable device over a specific set of radio wave frequencies to interact with the carrier network, other cell phone devices, or the Internet
- Uses numerous technologies sorted by generation(1G, 2G, 3G, etc)
- Uses the Wireless Application Protocol(WAP) protocol suite
What are some key issues with cell phone wireless transmissions?
- Not all cell phone traffic is voice
- Communications over a carrier network are not necessarily secure
- Subject to sniffing through MITM attacks with the cell towers
- Connectivity to the Internet provides attackers another avenue of attack
What is the Wireless Application Protocol? What are some concerns with it?
It is a Industry driven protocol stack to allow users to communicate with the company network. WAP is a suite of protocols that includes Wireless Transport Layer Security (WTLS) which is similar to SSL/TLS.
One very important issue is that you are unable to obtain true end-to-end encryption from your carrier using the protocol. Data must be returned to clear text before being resecured somewhere in the route using WTLS. If possible, feed pre-encrypted data into the link before using WTLS.
What are some common Bluetooth attacks?
Bluesnarfing: allows hackers to connect with your Bluetooth devices without your knowledge and extract information from them
Bluejacking: allows an attacker to transmit SMS-like messages to your device
Bluebugging: An attack that grants hackers remote control over the
feature and functions of a Bluetooth device
