Misc Terms Flashcards
SCADA / ICS
Supervisory Control and Data Acquisition system
- large scale, multisite Industrial Control System
distributed control systems for equipment managed by a PC
- power generation, refining, manufacturing equipment, etc.
Must be segmented so no access from outside
RIP
Routing Information Protocol
-distance vector routing
-decides how many ‘hop’ away another network is
EIGRP
Enhanced Interior Gateway Routing Protocol
-distance vector routing
-decides how many ‘hops’ away another network is
OSPF
Open Shortest Path First
-link state routing
-info passed between routers is related to the current connectivity
(if its up you can get there. If its down you cant)
BGP
Border Gateway Protocol
-determines route based on paths, network policies, or configured pre-set rules
CSMA / CD
CS - Carrier Sense
-is there a carrier? is anyone communicating?
MA - Multiple Access
-more than one device on the network
CD - Collision Detection
-collision - two stations talking at once
-identify when data gets garbled
CSMA / CD operation
Listen for an opening (dont transmit if the network is busy)
Send a frame of data (send data whenever you can, no queue)
If a collision occurs, transmit a jam signal letting everyone know a collision occurred and wait a random amount of time then resend
NDP
Neighbor Discovery Protocol
-operated using multicast with ICMPv6
-neighbor MAC discovery (replaces IPv4 ARP)
-SLAAC (Stateless Address AutoConfig) congifs IP without DHCP server
802.3af
PoE
15 watts of DC power
max current of 350 mA
802.3at
PoE+
25.5 watts of DC power
max current of 600 mA
802.1Q
trunking
adding a VLAN header to an Ethernet frame
VLAN IDs are 12 bits long
STP
Spanning Tree Protocol
-loop protection with switches
STP port states
blocking - not forwarding to prevent loop
listening - not forwarding and cleaning the MAC table
learning - not forwarding and adding to the MAC table
forwarding - data passes through and is fully operational
disabled - admin has turned off the port
LAG
Link AGgregation
-multiple interfaces act like one big interface
LACP
Link Aggregation Control Protocol
- adds additional automation and management
jumbo frames
ethernet frames with more than 1500 bytes of payload
- up to 9216 bytes
-ethernet devices must support jumbo frames
MDI
Media Dependent Interface
- network interface card
MDI-X
Media Dependent Interface Crossover
-network switch
Antenna performance is measured in ___
dB
- double power every 3dB of gain
Yagi antenna
very directional and high gain
Parabolic antenna
focus the signal to a single point
Route Poisoning
-method to prevent a router from sending packets through a route that has become invalid with computer networks
-achieved through changing the route’s metric to a value that exceeds the max allowable hop count so that the route is advertised as unavailable
Split Horizon
-route advertisement
-method of preventing routing loops in distance vector routing protocols by prohibiting a router from advertising a route back onto the interface from which it learned
Can browsers have group policy block lists?
yes
they can block access to a domain via a given URL
not the whole domain because other parts might be fine - like a particular repository on GitHub may be bad, but the entirety of GitHub is not bad
CPP
Control Plane Policing
- feature allows users to configure quality of service (QoS) filter that manages the traffic flow of control plane packets to protect the control plane of Cisco IOS routers and switches against recon and DoS attacks
System Logging Protocol
Syslog
uses port 514
SIP
Session Initiation Protocol
- signaling protocol for initiating, maintaining and terminating real time sessions that include voice, video and messaging apps
- uses port 5060 and 5061
VRRP
Virtual Router Redundancy Protocol
- Protocol used for automatic assignment of available IP routers to participating hosts in order to increase availability and reliability of routing paths via automatic default gateway selections
- uses port 112
You are configuring a point-to-point link and want to ensure it is configured for the most efficient use of your limited pool of available public IP addresses. Which of the following subnet masks would be best in this scenario?
- /30
- /24
- /28
- /29
- /30
- the most efficient subnet mask would actual be /31 which only provides 2 addresses\
- /30 consists of 4 IPs, the first being the network IP, the last the broadcast address, and the other two IPs can be assigned to the routers on either end of the point-to-point network
Unmanaged switches
only have one broadcast domain
- routers and managed switches can break up broadcast domains
LACP
Link Aggregation Control Protocol
- provides a method of bonding several physical ports to form a single logical channel
- defined in the 802.3ad standard
LLDP
Link Layer Discovery Protocol
- vendor-neutral link layer protocol used by network devices for advertising their identity, capabilities, and neighbors
L2TP
Layer 2 Tunneling Protocol
- tunneling protocol used to support VPNs or as part of delivery services by ISPs
IaC
Infrastructure as Code
- designed w/ idea that a well coded description of the server or network operating environment will produce consistent results across an enterprise
Convergence
convergence on a routed network occurs when all routers learn the route to all connected networks
- when all routers “agree” on what the network typology looks like
CRC
Cyclic Redundancy Checksum
- an error detecting code to detect changes in raw data as it transits the network
- CRC number is the number of packets that failed the chekcsum and the packets are rejected
BGP
- used to route data between autonomous systems (AS)
- AS are a collection of networks w/in the same admin domain
- the routers within an AS use an interior gateway protocol such as RIP or OSPF
- AS are layer 3
Patch antenna
low profile antennas
Whip antennas
vertical and onmidirectional usually used indoors
Defense in Depth
Multiple mode of protection
- IPS, NGFW, etc.
Rollover Cable
- Cisco console cable
- used to connect to management interfaces
- serial cable “standard” proposed by David Yost
- used in conjunction with serial port connectors
–newer switches and routers use USB
– serial (DB9) connectors are also used
EIGRP
routing protocol commonly used with Cisco
CSMA/CD
carrier sense multiple access / collision detection
FCoE
Fiber Channel over Ethernet
WDM
Wavelength-Division Multiplexing
- bidirectional communication over a single strand of fiber
CWDM
Course Wavelength Division Multiplexing
- 10GBASE-LX4 use 4 3.125 Gbit/sec carriers at 4 different wavelengths
DWDM
Dense Wavelength Division Multiplexing
- Multiplex multiple OC carriers into a single fiber
- adds 160 signals, increases to 1.6 Tb/sec
ARP
Address Resolution Protocol
- determines a MAC address based on IP via a table
- command “arp -a” views local ARP table
IP Class A
leading bits 0xxx
1-127
IP Class B
leading bits 10xx
128-191
IP Class C
leading bits 110x
192-223
IP Class D
multicast
leading bits 1110
224-239
IP Class E
Reserved
leading bits 1111
240-254
IBSS
Independent Basic Server Set
- two devices communicate directly using 802.11
- no AP required
- Ad hoc (created for a particular purpose w/o any previous planning)
- temporary or long term communication
A net admin is trying to power off a Cisco switch, but it is not working. The admin needs to be in which mode to perform this task?
- Global configuration
- User
- Auto-negotiate
- Enable
Enable
- privilege or enable mode allows the user to reboot, shutdown, backup and restore
______________________________________________________
Global configuration
- allows users to write config updates
User
- read only mode, commands can report config, show sys stats, or run basic troubleshooting tools
Autonegotiate
- has to do with with port speed and duplex
When a switch needs to connect to another switch, communication would fail if both interfaces use _________
Media Interface Crosser (MDI-X)
Ethernet frames, excluding the preamble, is __________ bits
1518 bits
- the payload can normally be between 46 and 1500 bytes
Active Tap
A powered device that performs signal regeneration
- it “taps” the network to allow the admin to troubleshoot frames
SPAN
Switched Port ANalyzer / mirror port
- refers to a sensor, attached to a specifically configured port on the switch, that receives copies of frames
- this method is not completely reliable
Passive Tap
- box with ports for incoming and outgoing network cable and an inductor or optical splitter that physically copies the signaling from the cabling to the mirror port
I/G
- bit of MAC address that determines whether the frame addresses an individual node (0) or a group (1)
- the latter is for broadcast and multicast traffic
Stackable switches
- can be connected together and operate as a group
- can be managed as a single unit
OUI
Organizationally Unique Identifier
- the first six hex digits (3 bytes or octets) of a MAC
- identifies the manufacturer
– the last six of the MAC are the serial number
Default Route
- a route when no other routes match
– the “gateway of last resort” - a remote site may have only one route
– go that way -> rest of world
*destination of 0.0.0.0 /0
- can simplify the routing process
– works in conjunction with other routing protocols
MOU
Memorandum of Understanding
- both sides agree on the contents
- usually includes statements of confidentiality
- informal letters of intent; not a signed contract
DAI
Dynamic ARP Inspection
- ARP has no built in security
- prevents on-path attacks
- relies on DHCP snooping for intel
–knowing every devices’ IP is valuable info
-intercepts all ARP requests and responses
– invalid IP-to-MAC bindings are dropped
– only valid requests make it through
Out of Band Management
?
BPDU Guard
Bridge Protocol Data Units
a “portfast” feature that protects switches using STP
prevents attacks by blocking BPDUs sent by unauth. devices bc these could these could force the network into constant state of reconvergence
For CISCO switches
Flood Guard
Used to guard against DoS/DDoS attacks
-common type is SYN floods (SYN is the first packet sent in the 3-way TCP handshake)
What would commonly be labeled on a CSU/DSU?
(Channel Service Unit/Data Service Unit - a piece of hardware that converts a digital data frame from LAN communication technology into a frame appropriate for a WAN and vice versa)
Circuit ID
Get more info about function and use cases