Intro to IP and Ports

Question 1

IP is like a series of moving vans

Answer 1

• Network topology is the road (ethernet, DSL, cabling)
• the trucks are IP (roads designed for this truck)
• the boxes inside hold your data (TCP/UDP)
• inside the boxes are also application info

Question 2

What is multiplexing?

Answer 2

sending may different applications across the network simultaneously between the same devices.

Question 3

TCP is connection oriented, what does that mean?

Answer 3

there is a formal set up and tear down process.

Question 4

TCP can acknowledge that the recipient has received data, which UDP cannot. what is this called?

Answer 4

Reliable Delivery

Question 5

What is a TCP acknowledgement?

Answer 5

TCP ACK

Question 6

What does a sending device do if it does not receive a TCP ACK?

Answer 6

resend the data

Question 7

UDP is connectionless, meaning…?

Answer 7

there is no formal open or close, no acknowledgement. no warning that data is coming or when it will stop.

Question 8

Can TCP or UDP use flow control?

Answer 8

TCP can because it is a connection oriented protocol which allows the recipient to perform flow control.

Question 9

what range is non ephemeral port numbers?

Answer 9

0 - 1,024

Question 10

What range are ephemeral ports?

Answer 10

1,024 - 65,535

Question 11

Port numbers are for communication, not security

Answer 11

service port numbers need to be well known

Question 12

TCP and UDP port numbers are not the same, but ranges are

Answer 12

TCP and UDP use port 80 for different things

Question 13

FTP use and port number?

Answer 13

tcp/20 (active mode data)
tcp/21 (control)
file transfer between systems. generic and not specific to an OS

Question 14

SSH / Secure Shell use and port number?

Answer 14

tcp/22, text based console communication. Encrpyted communication link, also allows for encrypted file communication

Question 15

STFP use and port

Answer 15

tcp/22, generic file transfer with security alone an encrypted network.

Question 16

telnet

Answer 16

tcp/23, non encrpted communication, looks identical to SSH but telnet is sent in the clear (non encrpyted).

Question 17

SMTP using plaintext
SMTP using TLS encryption

Answer 17

tcp/25 (SMTP using plaintext)
tcp/587 (SMTP using TLS)

Simple Mail Transfer Protocol, server to server email transfer. Also used from client devices sending to mail server.

Other protocols are used for clients to receive email, IMAP or POP3

Question 18

DNS (fqdn)

Answer 18

udp/53, larger transfers may use tcp/53

Question 19

DHCP

Answer 19

udp/67 and udp/68
dynamic host configuration protocol, automatically configures IP address, subnet mask, etc. requires DHCP server.

Question 20

What are pooled addresses on DHCP?

Answer 20

Anyone who connects to a network will be given an IP from the pool of available addresses. Each system is given a lease that lasts a set amount of time.

Question 21

What is a DHCP reservation?

Answer 21

reserving a particular IP address for a particular device on a network. This is done by associating an IP address with the devices MAC address.

Question 22

TFTP

Answer 22

udp/69
Trivial File Transfer Protocol
For sending a small bit of information quickly to another device.

Question 23

HTTP and HTTPS

Answer 23

tcp/80 (in the clear)
tcp/443 (encrypted)
If encrypted, using SSL or TLS

Question 24

NTP

Answer 24

udp/123
Network Time Protocol
every device on the network has it’s own clock and uses NTP to stay synchronized. Critical for logging files, authentication or outage details

Question 25

SNMP

Answer 25

udp/161
Simple Network Management Protocol
query devices about how that device may be performing
v3 has encryption, unlike v1 and v2

Question 26

What are SNMP Traps?

Answer 26

When SNMP queries a device about how it’s performing, traps allow alerts from the network devices to be sent from the devices using udp/162

Question 27

LDAP/LDAPS

Answer 27

tcp/389
lightweight directory access protocol
store and retrieve information in a network directory.

Question 28

LDAP Secure

Answer 28

tcp/636 LDAP over SSL

Question 29

SMB

Answer 29

tcp/445
server message block
allows for file sharing, locking, sometimes calles CIFS
integrated into windows OS

Question 30

Syslog

Answer 30

udp/514
standard for message logging
often used in conjunction with a SIEM

Question 31

How should you log messages on a network?

Answer 31

using a log collector like syslog, used on a SIEM (Security Information and Event Manager)

Question 32

What is SQL

Answer 32

a standard language across database servers

Question 33

what port is Microsoft SQL server on?

Answer 33

tcp/1433

Question 34

RDP

Answer 34

tcp/3389
allows helpdesk to connect to a desktop or just an application

Question 35

SIP

Answer 35

tcp/5060 and tcp/5061
Session Initiation Protocol
control protocol for VoIP

Question 36

ICMP

Answer 36

it’s own protocol, doesn’t use TCP or IP.
internet control message protocol, like text messaging with a device

Question 37

GRE

Answer 37

generic routing ecapsulation
tunnelling between endpoints, like a VPN
No built in encryption but can be added

Question 38

What is a VPN Concentrator

Answer 38

purpose built device to encrypt/decrypt data at a central point in VPN tunnel
Commonly found on firewalls

Question 39

IPSec

Answer 39

internet protocol security
Security for OSI layer 3
Very standardized
anti-replay
TWO common protocols
AH authentication header
ESP encapsulation security payload

Question 40

IKE

Answer 40

Internet Key Exchange
agree on encryption/decryption keys without sending keys across the network, builds a security association (SA)

Question 41

IKE Phase 1

Answer 41

Uses diffie-hellman to create a shared secret key using udp/500

Question 42

IKE Phase 2

Answer 42

Coordinate ciphers and key sizes, negotiate inbound and outbound SA for IPsec

Question 43

What is the purpose of an AH

Answer 43

Authentication Header is to validate the information you’re receiving over an IPSec tunnel. If using AH mode, you’re sending info in the clear, but the AH mode includes hashing.

Question 44

What is the purpose of ESP

Answer 44

Encapsulation Security Payload (ESP) encrypts the packet. Adds a header, trailer, and integrity check value