GCGA Ch. 3 Exploring Network Technologies and Tools

Question 1

OSI Model

Answer 1

OSI Model ->

Please Do Not Throw Sausage Pizza Away

Physical Data Link Network Transport Session Presentation Application

Question 2

TLS & SSL

Answer 2

Transport Layer Security - updated, more secure version of Secure Sockets Layer (SSL); both of these technologies use certificates to establish an encrypted session between client/server.

Question 3

FTP & SFTP

Answer 3

File Transfer Protocol - used to send files over networks; SSH encrypts Secure Copy (SCP) and Secure FTP (SFTP). TLS encrypts FTPS.

Question 4

SMTP & SMTPS

Answer 4

Simple Mail Transfer Protocol/Secure - uses TCP port 25 (original) and 587 (encrypted over TLS)

Question 5

POP3

Answer 5

Post Office Protocol - uses TCP port 110 (original) and TCP port 995 (encrypted)

Question 6

IMAP4

Answer 6

Internet Messaging Access Protocol - uses TCP port 143 (original) and TCP port 993 (encrypted)

Question 7

HTTP & HTTPS

Answer 7

Hypertext Transfer Protocol/HTTP Secure - HTTP uses TCP port 80, HTTPS uses TCP port 443, encrypting browser-based traffic.

Question 8

LDAP & LDAPS

Answer 8

Lightweight Directory Access Protocol/LDAP Secure - LDAP runs over TCP port 389; LDAPS runs over TCP port 636

Question 9

RDP

Answer 9

Remote Desktop Protocol - connects graphically to remote systems over TCP 3389

Question 10

NTP

Answer 10

Network Time Protocol - provides time synchronization services

Question 11

DNS

Answer 11

Domain Name System - provides domain name resolution; includes A records for IPv4 addresses and AAAA records for IPv6. MX -> mail servers, MX w/ lowest preference is primary mail server; DNS uses TCP 53 -> zone transfers & UDP 53 -> client queries

Question 12

DNSSEC

Answer 12

Domain Name Security Extensions - provides validation for DNS responses by adding a Resource Record Signature (RRSIG)

Question 13

RRSIG

Answer 13

Resource Record Signature - provides data integrity & authentication; helps prevent DNS poisoning attacks

Question 14

Switch

Answer 14

connects computer on local network; map MAC addresses to physical ports

Question 15

Port security

Answer 15

limits access to switch ports; includes limiting # of MAC addresses per port and disabling unused ports

Question 16

Router

Answer 16

connect networks to each other; direct traffic based on destination IP address; routers (and firewalls) use rules w/in access control lists (ACLs) to allow or block traffic

Question 17

Route command

Answer 17

used to view/manipulate routing table

Question 18

Implicit deny

Answer 18

indicates that unless explicitly allowed, it is denied; last rule in an ACL

Question 19

Host-based firewalls

Answer 19

filter traffic in/out of individual hosts

Question 20

Network-based firewalls

Answer 20

filter traffic in/out of network, such as between Internet/internal network

Question 21

Stateless firewall

Answer 21

controls traffic between networks using rules within ACL; ACL can block traffic based on ports, IP addresses, subnets, and some protocols. Stateful firewalls, additionally, filter traffic based on state of a packet w/in session

Question 22

WAF

Answer 22

web application firewall - protects a web server against web application attacks; typically placed in screened subnet, will alert administrators of suspicious events; works @ application layer (7)

Question 23

NGFW

Answer 23

next generation firewall - perform deep packet inspection, analyzing traffic @ application layer (7)

Question 24

Stateful inspection firewall

Answer 24

In computing, a stateful firewall is a network-based firewall that individually tracks sessions of network connections traversing it; also known as layer 4 firewalls

Question 25

Fail-open vs fail-closed

Answer 25

fail-open devices allow all traffic to pass when device fails; fail-closed devices allow no traffic to pass when device fails; fail-closed provide greater security

Question 26

Screened subnet

Answer 26

provides layer of protection for servers accessible from Internet

Question 27

Intranet vs extranet

Answer 27

intranet -> internal network. extranet -> part of a network that can be accessed by authorized entities outside network

Question 28

NAT

Answer 28

network address translation - translates public IP addresses to private IP addresses; private back to public; hides IP addresses on internal network from users on internet; NAT gateway is device that implements NAT

Question 29

Air gap

Answer 29

provides physical isolation for systems/networks; completely isolated with a gap of air

Question 30

Forward proxy server

Answer 30

forwards requests for services from a client; can cache content and record users' internet activities

Question 31

Reverse proxy server

Answer 31

accept traffic from internet and forward it to one or more internal web servers; placed in screened subnet and web servers can be in internal network

Question 32

UTM security appliance

Answer 32

unified threat management - includes mult. layers of protection, such as URL filters, content inspection, malware, DDoS mitigator; UTMs raise alerts sends them to to admins to implement

Question 33

Jump server

Answer 33

placed between diff. security zones, provide secure access from devices in one zone to devices in another zone; often used to manage devices in screened subnet from internal network