Lesson 6: Objectives Flashcards
What is a fileshare?
a server disk configured to allow clients to access it over the network.
What is a file-server?
a central machine provides dedicated file and print services to workstations.
A file server could be implemented using what kind of TCP/IP protocol?
FTP
(File Transfer Protocol)
Name a proprietary protocol that may be used to implement fileshare and print server roles.
File and Print Services for Windows Networks
What application protocol underpins file and printer sharing on Windows networks?
SMB
(Server Message Block)
The functionality of HTTP servers is often extended by support for:
(2)
- scripting
- programmable features (web applications).
SMB is sometimes referred to as what?
CIFS
(Common Internet File System)
How is the host location usually represented in a URL?
FQDN
(Fully Qualified Domain Name)
What are the steps involved in clients using HTTP to request resources from a HTTP server?
(3)
- Client connects to HTTP server using port 80
- Client submits a request for a resource (GET)
- Server either returns the requested data if it’s available or responds with an error code.
Which has more security TLS or SSL?
TLS is the upgraded version of SSL that fixes existing vulnerabilities.
When does FTP use TCP/21
(File Transfer Protocol)
to establish a connection
What is the current version of SMB?
SMB3
why does plain FTP pose a security risk?
because it’s unencrypted.
passwords are submitted in plaintext.
When does FTP use TCP/20?
(File Transfer Protocol)
to transfer data in active mode
What information might a URL (Uniform Resource Locator) include? (3)
- Protocol describing the access method or service type being used.
- Host Location/FQDN or IPv6 address (enclosed in brackets)
- File path specifying the directory and file name location of the resource (If necessary).
How are resources on the Internet are accessed?
Using an addressing scheme known as a URL (Uniform Resource Locator).
How would you encrypt a FTP session?
FTP-Secure (FTPS)
Secure Shell FTP (SFTP)
How do organizations typically acquire a web server or space on a server?
they will lease them from an ISP.
What is a web server?
provides client access using HTTP/HTTPS.
HTTP usually serves what?
HTML web pages.
What contributes to a lack of security for HTTP?
(2)
- all data is sent unencrypted
- there is no authentication of client or server
What 2 methods of security are provided by TLS (Transport Layer Security)
- certificates for authentication
- encryption to protect web communications and other app protocols.
what 2 types of mail servers and protocols are used to process email?
- mail transfer
- mailbox access protocols
To implement HTTPS:
(3)
- web server is installed with a digital certificate issued by a trusted CA
- certificate uses encrypted data to prove identity of server to client, assuming client trusts CA
- server + client use key pair in certificate and a chosen cipher suite within TLS protocol to set up encrypted tunnel.
CA Certificate Authority
What two things makes up HTTPS?
- HTTP
- TLS
mail transfer and mailbox access protocols:
What happens during step 4: remote IMAP server and Remote Mail Client?
- remote users mail client connects to its IMAP server (port 993) to download message
Name 5 application protocols secured by TLS?
- FTP
- POP3
- IMAP
- SMTP
- LDAP
mail transfer and mailbox access protocols:
What happens during step 1: local mail client?
(2)
- client submits new message to local SMTP server. (Port 587)
- message is copied to sent items folder on local IMAP server (port 993)
mail transfer and mailbox access protocols:
What happens during step 2: local SMTP Server
(2)
- local SMTP uses DNS to lookup MX record listing an IP address for the remote recipient domain
- establishes a session with remote SMTP server (port 25)
mail transfer and mailbox access protocols:
What happens during step 3: remote SMTP server?
(1)
- if remote server accepts the message, it copies it to the inbox folder of the users mailbox hosted on an IMAP server
how does SMTP discover the IP address of the recipient?
by using the domain name part of the recipients email address. the SMTP servers for the domain are registered in DNS using MX and host A/AAAA records.
mail exchanger
AAAA=maps IPv6 IP to domain name.
A=domain name to find the IP of a computer connected to the internet.
What is DTLS and where is it used most often?
Datagram transport layer security
1.TLS + UDP
2. Most often used in VPN solutions
What are the 4 steps of mail transfer and mailbox access protocols?
- Local Mail Client
2.Local SMTP Server and Local IMAP server - Remote SMTP server
- Remote IMAP Server and Remote Mail Client
SMTP specifies what?
how email is delivered from one mail domain to another.
what features does IMAP have that POP/POP3 doesn’t have?
(4)
- IMAP supports permanent connections to a server
- connects multiple clients to the same mailbox simultaneously.
- allows a client to manage the mailbox on the server (organize messages in folders and to control when they are deleted)
- create multiple mailboxes
Port TCP/587 is used for what?
mail clients to submit messages for delivery by a SMTP server.
Most (LDAP) directories are based on what standard?
(lightweight directory access protocol)
X.500 standard
What is LDAP?
(lightweight directory access protocol)
a TCP/IP protocol used to query and update an X.500 directory.
(Uses TCP and UDP)
AAA is often implemented using a protocol called what?
authentication, authorization, and accounting
RADIUS
remote authentication dial-in user service
What is a AAA server?
authentication
authorization
accounting
consolidates authentication services across multiple access devices.
what are the 3 components of a AAA server?
authentication, authorization, and accounting
- Supplicant: the device requesting access
- NAS or NAP: network access appliances such as switches, AP’s, & VPN gateways. aka AAA clients or authenticators
- AAA server: authentication server, positioned within the local network.
Network access server
network access point
a remote terminal server allows a host to accept connections to what?
its command shell or graphical desktop from across the network.
what’s the most widely used version of SSH?
OpenSSH (opensssh.com)
Telnet is both a protocol and what?
a terminal emulation software tool that transmits shell commands and output between a client and the remote host.
terminal emulation is the process of duplicating the functionality and behavior of a physical computer terminal on a different device or platform.
SSH is the principal means of obtaining what?
secure shell
secure remote access to UNIX and Linux servers and to most types of network appliances.
there are SSH servers and terminal emulation clients available for all the major platforms. (UNIX, Linux, Windows, macOS)
network appliances = switches, routers, firewalls.
Remote terminal access servers:
if the TTY (terminal) accepts input and displays output, what performs the actual processing?
the shell
what protocols allow administrators to log on and manage hosts and switches/routers/firewalls remotely?
2
SSH and RDP
a Telnet interface can be password protected, but with what caveat?
the password and other communications aren’t encrypted and therefore can be vulnerable to packet sniffing and replay.
Telnet and SSH both provide terminal emulation for command line shells, but what would you use to work with a graphical interface?
RDP
remote desk protocol
What does a proxy server do?
5
- takes a whole HTTP request from a client
- checks it
- forwards it to the destination server on the internet
- when the reply comes, it’s checked
- and shuttled back to the LAN computer.
what is SNMP?
simple network management protocol
a framework for management and monitoring network devices.
SNMP consists of what?
simple network management protocol
2
- management system
- agents
agent = a process running on a switch, router, server, or other SNMP compatible network device.
what does a SNMP management system do?
monitors all agents by polling them at regular intervals for information from their MIBs and displays the information for review.
Many enterprise networks use some sort of NAT, but another option is to deploy a what?
proxy server.
what is a SNMP trap?
it’s where the agent is capable of informing management system of notable events such as port failure. the threshold for triggering traps can be set for each value.
what is the agent of a SNMP?
agent = a process running on a switch, router, server, or other SNMP compatible network device.
this agent maintains a database called MIB that holds statistics relating to the activity of the device.
MIB=management information base
example of MIB = the number of frames per second handled by a switch.
what is syslog?
- forwarding messages to a remote log collector
- provides an open format for event data
application protocol and event-logging format enabling different appliances and software applications to send logs or event records to a central server. this makes reviewing logs more efficient than reviewing every device/appliance separately.
On a SOHO network, devices on the LAN access the internet via the router using what? (2)
NAT, specifically,
- port-based NAT
- overloaded NAT
NAT=enables private IP networks to use the internet and cloud.
an embedded system network is usually referred to as what?
OT operational technology
What kinds of purpose-built internet security appliances might an enterprise network use?
- Firewalls
- IDS
- IPS
- Antivirus / Antimalware
- Spam gateways use: SPF, DKIM, DMARC
- Content Filters
- DLP
intrusion detection system
intrusion prevention system
data leak/loss prevention
output and configuration of a PLC is performed by what?
a HMI
human machine interface.
a syslog message comprises:
- a pri code = priority value
- a header containing a timestamp and host name
- a message part. contains a source tag + content
IDS work how?
intrusion detection system
they have scripts that identify known malicious traffic patterns. can raise an alert when a match is made.
what is the difference between an IDS and an IPS?
intrusion detection system
intrusion prevention system
IPS detects malicious traffic patters, but it goes a step further and takes action to block the source of the malicious packets instead of just notifying of their existence.
What is a load balancer?
type of switch, router, or software that distributes client requests between different resources such as communications links or similarly configured servers.
provides fault tolerance and improves thoroughput.
a load balancer can be deployed to do what?
distribute client requests across server nodes in a farm or pool.
can be used in any situation where you have multiple servers providing the same function.
Where in a network would a load balancer be placed?
between the client (and virtual server) and the firewall (with the web servers with the information on the other side of the firewall)
What kind of connectivity is usually / typically found in SCADA systems?
supervisory control and data acquisition.
WAN communications such as cellular or satellite to link the SCADA server to the field devices.
SCADA relating to ICD’s and PLC’s
Embedded systems have typically been designed to operate within what kind of network?
closed networks, where the elements of the network are all known to the system vendor and there’s no wider connectivity to computer data networks.
ICS comprises plant devices and equipment embedded with what?
industrial control system
PLC’s.
programmable logic controllers.
How are PLC’s connected?
PLC=programmable logic controller (embedded in ICS)
ICS-industrial control systems
connected within a control loop
the whole process automation system can be governed by a control server.
Where is all of the information generated by the control loop (of PLC’s embedded in ICS) stored?
ICS = industrial control system
PLC = programmable logic controller
the data historian
data historian = a database where all the information generated by the control loop is stored.
IoT smart device network will generally use what 2 types of components?
- Hub / control system: Communications hub for wireless networking. Control system, many IoT cannot be operated directly using I/O devices.
- Smart Devices: IoT endpoints implement the function, such as a smart lightbulb, refrigerator, thermostat, or doorbell/video entry.
Where would a SCADA be used?
supervisory control and data acquisition
takes the place of a control server in large-scale, multiple site ICS
ICS = industrial control systems
SCADA = type of industrial control system that manages large-scale, multiple-site devices and equipment spread over geographically large areas from a host computer.
A typical ethernet link for an office workstation includes what 5 components?
- NIC port on host
- RJ45 terminated patch cord b/w host & wall port.
- Structured cable b/w wall port & patch panel. terminated to IDC block. (permanent link)
- RJ45 terminated patch cord between the patch panel port & a switch port.
- Network transceiver in the switch port.
IDC - insulation displacement connector
What type of OS do most IoT use?
2
Linux
Android
what 5 steps would you take to troubleshoot wired network connectivity?
- Are patch cords properly terminated & connected to network ports. known good / cable tester
- test the transceivers use loopback tool to test for bad port
- if no loopback available substitute known working hosts (different computer to link or swap ports at switch.)
- use a cable tester to verify structured cabling. solution may involve installing new permanent link or could be termination / external interference.
- verify ethernet speed/duplex configuration on switch interface and NIC. should be set to autonegotiate. update NIC device driver software.
intermittent connectivity (wired network) might manifest as what?
port flapping.
what often causes port flapping? (3)
(NIC / Switch interface transitions continually between up and down states.)
bad cabling
external interference
faulty NIC at the host end.
When troubleshooting port flapping, what would you use to see how long a port remains in the up state?
port flapping = port transitions rapidly between up and down states.
switch configuration interface
the transfer speed on a cabled link is most likely to be reduced because of what?
- mismatched duplex settings on a network adapted and switch port
if there’s no configuration issue and slow network speeds persist, a variety of other problems are difficult to diagnose:
what steps should you take?
- establish what network activity they’re performing check the nominal link speed and use a utility to measure transfer rate independent of specific apps / network services.
- if issues isolated to single cable segment, cabling could be affected by external interference. check ends of cable for excessive untwisting of wire pairs or improper termination.
- could be a problem with network adapter driver. install update. if latest driver is installed, check whether the issue affects other hosts using the same NIC & driver version.
- Could be malware or faulty software remove the host from the network for scanning.
- establish scope of problem: are network speeds only an issue for a single user, for everyone on the same switch, or for all users connecting to the internet.
what typically causes external interference? (regarding cabling affecting ethernet speeds.)
4
- nearby power lines
- fluorescent lighting
- motors
- generators.
poorly installed cabling and connector termination can also cause a type of interference called what?
crosstalk
If you have access to a network tap and cabling interference is a problem, what kind of information might you see from the network tap?
high numbers of damaged frames.
Troubleshooting Wireless connectivity:
If the user is looking for a network name that is not shown in the list of available wireless networks SSID not found, what might be the cause?
2
- User is out of range
- SSID broadcast might be suppressed. (Connection must be configured manually on the client)
Troubleshooting Wireless connectivity:
Why might an access point not be able to communicate with devices that only support older TCP/IP standards?
if the access point isn’t operating in compatibility mode.
this can cause a lack of wifi connectivity.
Troubleshooting Wireless connectivity:
if the RSSI is too low, what will the adapter do?
received signal strength indicator
drop the connection entirely and try to use a different network.
Troubleshooting Wireless connectivity:
if a device is within the supported range but the signal is weak or you can only get an intermittent connection, what is likely the problem?
(3)
- likely getting interference from another radio source broadcasting at the same frequency.
- interference from a powerful electromagnetic source such as a motor or microwave oven.
- something blocking the signal
Troubleshooting Wireless connectivity:
radio waves do not pass easily through what kind of objects that can block or degrade signals?
metal
dense objects
concrete
mirrors
Troubleshooting VOIP Issues:
Problems with the timing and sequence of packet delivery are defined as:
2
- latency
- jitter
Troubleshooting VOIP Issues:
what typically causes jitter?
amount of variation in delay over time
network congestion
which affects packet processing on routers and switches.
Troubleshooting VOIP Issues:
VOIP calls can only be established using what kind of mechanism across the network?
QoS
quality of service
Troubleshooting Limited Connectivity:
what 3 steps should you take in the event of limited connectivity
physical connection without IP lease from DHCP server
- establish scope of the issue
- check configuration of patch cords
- check VLAN configuration
Troubleshooting Limited Connectivity:
Establish Scope of the Issue: If the issue is affecting multiple users, what is likely the issue?
the problem is likely to be the DHCP server itself.
DHCP leases may take a few hours to expire, so a problem with the DHCP server may take a few hours to manifest as different clients try to renew their leases over time.
Troubleshooting Limited Connectivity:
Establish the scope of the issue: If the DHCP server is down, what are the 3 most likely causes?
- The server could be offline
- Server could have run out of available leases
- forwarding between the server and clients could be improperly configured.
Troubleshooting Limited Connectivity:
check configuration of patch cords: what should you check for?
ensure the wall port is connected to an appropriate port on a switch via the patch panel.
if not connected to an appropriate switch port, it’s unlikely to connect to expected services such as default gateway, DHCP and DNS
Troubleshooting Limited Connectivity:
VLAN configuration: what should you look for?
Check the VLAN ID, it can have the same effect as connecting the host to the wrong switch port.
