ISC2 - Study Notes 9 Flashcards
??? (host) record Resolves a host name to an IPv4 address.
??? (host) record Resolves a host name to an IPv6 address.
??? record Resolves an IP address to a host name.
DNS (A / AAAA / PTR)
is used for IPv4 multicasting, where data is sent from one computer to multiple computers at the same time. Unicast : systems sends traffic from 1 PC to 1 other PC. Broadcast : systems send traffic from 1 PC to all other PC’s on the subnet. Multicast : systems send traffic from 1 PC to multiple PC’s in the network.
The Internet Group Message Protocol (IGMP)
Transport layer TLS creates the initial connection on the Transport layer (layer 4). With the name Transport Layer Security, it’s implied that TLS operates on the Transport layer.
Session layer The Handshake Protocol within TLS operates on the Session layer (layer 5) when negotiating details for the TLS session. This includes details such as what specific encryption algorithm to use.
Application layer The TLS Record Protocol within TLS operates on the Application layer (layer 7). It provides confidentiality with an encryption algorithm and integrity with a hashing algorithm.
Info
??? provides authentication between the systems and verifies the integrity of the packets, but it does not encrypt the data. The header content is created from a hash of the packet with additional authentication data, and this hash is then encrypted to prevent tampering. The hash provides integrity. Systems identify ??? packets with protocol number 51.
??? encrypts the data and includes the same authentication services provided from AH. Data encrypted with ??? cannot be read if captured with a sniffer. Systems identify ??? packets with protocol number 50.
IPSec (Authentication Header - AH / ESP)
Intranet An organization’s internal network is an intranet. From a risk perspective, an intranet presents the least amount of risk. An organization controls the resources on the internal network.
Info
When an organization wants to host resources on the Internet (such as with a web server, an e-mail server, or an FTP server), a common practice is to place these Internet-facing servers within a ???.
DMZ
It shows an intranet with private IP addresses as well as the Internet with public IP addresses, separated by a proxy server with NAT installed. Internal clients connect to the Internet via the proxy server, and NAT translates the IP addresses from public to private and from private back to public.
Info
Static NAT uses a one-to-one mapping with a single IP address, but dynamic NAT uses a one-to-many mapping with multiple IP addresses. PAT is an extension of NAT that uses a many-to-many mapping using port numbers.
Info
WPA-Personal and WPA2-Personal use a preshared key (PSK). WPA/WPA2 then uses this PSK to create an encryption key, which wireless devices use to encrypt and decrypt wireless traffic.
An organization can increase security with wireless networks by adding an 802.1x authentication server and using Enterprise mode. A Remote Authentication Dial-In User Service (RADIUS) is commonly implemented as the 802.1x authentication server. Both WPA and WPA2 support Enterprise mode.
WPA2 with CCMP is recommended over WPA2 with TKIP.
Info
A hacker that is able to pair with a Bluetooth-enabled smartphone can access data on the device. The attacker can access information on the user’s phone such as e-mail, contact lists, calendars, and text messages. The attacker must be close to the phone (usually within 30 feet).
Bluesnarfing
