Final Exam Flashcards
Network Layers
- Application layer
- Transport layer
- IP layer
- Data link layer
Application layer
The application layer is a layer in the Open Systems Interconnection (OSI) seven-layer model and in the TCP/IP protocol suite. It consists of protocols that focus on process-to-process communication across an IP network and provides a firm communication interface and end-user services.
Transport layer
The transport layer is the layer in the open system interconnection (OSI) model responsible for end-to-end communication over a network. It provides logical communication between application processes running on different hosts within a layered architecture of protocols and other network components.
IP layer
Data traffic divided into packets – Each packet contains a header (with address) • Packets travel separately through network – Packet forwarding based on the header – Network nodes may store packets temporarily • Destination reconstructs the message – IP prefix, e.g., 12.34.158.0/24 – Classful Addressing (Class A, B, C) – Classless Inter-Domain Routing (CIDR) – Private networks • 10.0.0.0/8 (255.0.0.0) • 172.16.0.0/12 (255.240.0.0) • 192.168.0.0/16 (255.255.0.0)
TCP vs UDP
TCP is reliable
• Acknowledgement, retransmission, discard duplicates, …
– TCP 3-way handshake
• SYN, ACK, FIN
TCP
Communication service (socket)
– Ordered, reliable byte stream
– Simultaneous transmission in both directions
• Key mechanisms at end hosts
– Retransmit lost and corrupted packets
– Discard duplicate packets and put packets in order
– Flow control to avoid overloading the receiver buffer
– Congestion control to adapt sending rate to network
load
UDP
User Datagram Protocol (UDP)
– IP plus port numbers
– Optional error checking on the packet contents
• Lightweight communication between processes
– Avoid overhead and delays of ordered, reliable delivery
• For example: VoIP, video conferencing, gaming
SSH
Secure Shell (SSH) is a cryptographic network protocol for operating network services securely over an unsecured network.
HTTP
HTTP is the underlying protocol used by the World Wide Web and this protocol defines how messages are formatted and transmitted, and what actions Web servers and browsers should take in response to various commands.
Certification: Threats
Eavesdropping
– Password guessing
– Server database reading (compromised)
• Certification Typical solution:
Use a trusted node as a certification authority (CA)
• E.g., VeriSign, GoDaddy
– Everybody needs to know the CA public key
– The CA generates certificates: Signed(A, public-key, validity
information)
– Certificates can be stored in a directory service or exchanged
during the authentication process
DNS
– Local DNS server / caching
– Hierarchical name space divided into zones
– Translation of names to/from IP addresses
– Distributed over a collection of DNS servers
true/false
192.168.x.x is not globally accessible.
True
• Not globally delegated
– 10.0.0.0/8 (255.0.0.0)
– 172.16.0.0/12 (255.240.0.0)
– 192.168.0.0/16 (255.255.0.0)
Which of the following header may not contain destination’s
information:
A. TCP header B. IP header
C. Ethernet header D. All of above
A. TCP header
Compare TCP and UDP, and briefly describe their difference.
TCP is more secure
Why do we need SSL
– Think about https
Main properties of SSL
– Negotiate cipher suites
– Authenticate servers
– Verify certificates
Firewall / IDS
• What are their roles
– Prevent vs. detect
Firewall
– Packet filtering (stateless) vs. session filtering
(stateful)
– iptables
– True or false
In secret key encryption, the encrypted file’s size may be smaller
than the original file’s.
False
Encryption makes files larger
Which of the following gives the desired properties of hash
functions?
• a. One-way property, that is, it’s easy to reverse the hash
computation, but computationally infeasible to compute the hash
function itself.
• b. Collision free, that is, it’s computationally infeasible to find two
messages that have the same hash value.
• c. Only authorized parties can perform hash functions.
• b. Collision free, that is, it’s computationally infeasible to find two
What’s a CA?
A CA is a trusted node that maintains the public keys for
all nodes (Each node maintains its own private key)
1
2
3
4
5
6
CA
If a new node is inserted in the network, only that new node and the CA need
to be configured with the public key for that node
• What is a certificate?
A certificate is a signed message vouching that a
particular name goes with a particular public key
• Example:
1. [Alice’s public key is 876234]carol
2. [Carol’s public key is 676554]Ted & [Alice’s public key is
876234]carol
– true/false
A longer password/key is always more secure than a shorter
one.
True
• Which layer is IPsec
IP layer
Which layer is SSL
Application
True or false
Applying IPsec and SSL on the same data packet is redundant
False
Compare IPsec and SSL, and briefly describe their differences.
SSL:
– Avoids modifying “TCP stack” and requires minimum changes to
the application
– Mostly used to authenticate servers
• IPsec
– Transparent to the application and requires modification of the
network stack
– Authenticates network nodes and establishes a secure channel
between nodes
– Application still needs to authenticate the users
Describe the goal of the following firewall rule:
iptables -A INPUT -p icmp -j DROP
This firewall rule blocks incoming ping requests
Explain the following snort rule and describe how to trigger the alert:
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80
(msg:“Test attack”; content:”test_attack”; … … )
This snort rule checks HTTP requests for a specific message and alerts when it’s found
you would trigger this alert by making an http request containing the string “Test attack”
Compare host-based and network-based IDS, and briefly
describe the difference.
• Host-based intrusion detection
– monitor activity on a single host
• Network-based intrusion detection (NIDS)
– monitor traffic, examine packet headers and payloads
