N10-009-Section_3 Flashcards
IPAM
IP Address Management. IPAM software us used to track and manage IP Addresses
SLA
Service Level Agreement - defines the scope and the quality of the service provided
Production Configuration
The most current config that is running, the config that will be deployed to new devices
Backup Configuration
A backup of the configuration in case an update or config change goes wrong. A VM snapshot
Baseline/Golden Configuration
A baseline for creating and testing production configurations
SNMP
Simple Network Management Protocol - Tool that allows us to manage network devices - Requires an agent on the device
Managed Device
A device setup for SNMP - UPD 161, Encrypted TSL 10161 Listening ports
SNMP Manager
Software to manage SNMP devices - UDP 162 and TLS 10162
MIB
Management Information Base - A device will keep a database of information ready for requests from a management device
Get (SNMP)
The NMS sending a “Get” request to the device
Trap (SNMP)
Setup on the device itself. A trigger that will report to the manager if a certain criteria is met
Walk (SNMPWalk)
Batch process of Get - Asking several requests
SNMP v1
First, Structured tables, in-the-clear, no encryption, limited commands, no encryption
SNMP Community
Organization of Managed Devices
NMS
In networking, an NMS (Network Management System) is a software or hardware solution designed to monitor, manage, and maintain computer networks. It provides tools and functionalities that help administrators oversee the performance, health, and configuration of network devices such as routers, switches, servers, and other IT infrastructure components.
SNMP v2c
SNMPv2c (Simple Network Management Protocol version 2c) is an enhancement over SNMPv1, providing improvements such as better performance and more efficient error handling, but it still has security limitations. The “c” in SNMPv2c stands for community-based security, which means that it uses community strings (like in SNMPv1) for authentication, rather than more advanced methods like those introduced in SNMPv3. Not Encrypted like V3
SNMP v3
SNMPv3 (Simple Network Management Protocol version 3) is the latest version of SNMP and addresses many of the security vulnerabilities found in earlier versions (SNMPv1 and SNMPv2c). While SNMPv1 and SNMPv2c rely on community strings for authentication, SNMPv3 introduces features for enhanced security, including authentication, encryption, and access control.
OID (SNMP)
Object ID - A MIB will contain a database of information with OIDs so a query knows how to ask for certain data. Looks like 1.3.6.1.2.11.23 - each number refers to a category of data
Community Strings (SNMP)
In SNMP (Simple Network Management Protocol), community strings act as passwords for controlling access to network devices. They are used to authenticate and authorize management stations (like network monitoring tools) to interact with network devices such as routers, switches, and servers. These community strings are sent in plaintext (in SNMP versions 1 and 2c), which makes them vulnerable to interception.
Authentication (SNMP)
Authentication (SNMP) refers to the methods used to verify and secure the identity of users or devices communicating via the Simple Network Management Protocol (SNMP). Authentication ensures that only authorized entities can access or manage network devices such as routers, switches, and servers through SNMP.
NetFlow
Summary of stats based on the flows of traffic traversing the network. Works with a probe and collector, the probes are placed somewhere in the network and report back to the collector. Software then queries the collector for data
SIEM
System Information and Event Management - Takes all kinds of network data and puts them in a management console that can be used to view and analyze.
List the 2 important parts of SIEM
Aggregation: we can grab data from different places and are storing, Correlation: checking for patterns in the data that might reveal issues or other occurences
Syslog
Syslog (System Logging Protocol) is a standardized protocol used for collecting, forwarding, and storing log messages from various devices within a network, such as routers, switches, firewalls, and servers. It provides a way for devices to log events and send those logs to a centralized server, known as a Syslog server, for monitoring, analysis, and troubleshooting.
Port Mirroring
You can duplicate all data coming through a port on another port so you can monitor what data is going in an out
SPAN
Switched Port Analyzer. Another name for a Port Mirror
DRP
Disaster Recovery Plan
Backup Plan Assessment
Records how much data might be lost and how much can be restored
RPO
Recovery Point Objective - state of the backup when the data is recovered - how much data will be lost after the recovery
RTO
Recovery Time Objective - The amount of time needed to recovery full functionality from when the org ceases to function
List the 2 types of data when it comes to backups
Configuration Data and State
Configuration Data (Disaster Recovery)
Router settings, configurations
State Data (Disaster Recovery)
Example would be convergence between routers, user data from an AD server
Full Backup
Backup of everything, takes a long time
Differential Backup
Backup all changes since the last full backup - Only need 2 backups to restore - the last full backup and the most recent differential backup - Fewer backups, but larger backups
Incremental Backup
Only backs up changes from the last backup of any type - To retore, you need the full backup and all other incremental backups - More backups, but smaller
Local Backups
Separate backups stored locally on hard drives
Offsite Backup
Backups stored offsite - for safety
Cloud Backup
Work great - but takes a while to run - Many cloud providers will do a continuous incremental backup after the initial backup is made
MTTF (Disaster Recovery)
Mean Time to Failure - The time between the last and the next failure
MTTR (Disaster Recovery)
Mean Time to Recovery/Repair - Downtime, average time to repaire, time from the point of failure to the point of recovery
MTBF (Disaster Recovery)
Mean Time Between Failure - Time between the start of the last failure and the start of the next failure - This time will include MTTF and MTTR
BCP (Disaster Recovery)
Business Continuity/Contengency Plan - Plan to keep the business going in times of disaster
Cold Backup Site
Takes weeks to bring online - just another office space with no operational equipment - pretty much have to set the whole thing up. Cheapest
Warm Backup Site
Takes a few days to bring online - some operational equipment/computers but limited
Hot Backup Site
Ready to go - maybe take a few hours - the Hot site syncs with the main office so everything is ready - expensive to maintain
Cloud Site
Data is in the cloud
Backup Site requirements
Make sure its far enough away so that the disaster that effected the main site doesn�t also affect the backup site - needs sufficient internet
Order of Restoration (Disaster Recovery)
Sample: Power restored and working, Wired LAN, ISP link, AD/DNS/DHCP, Accounting Servers, Sales and accounting workstations, video production servers, video production workstations, wireless AP
Failover
The process of making a backup site happen
Alternative Processing Sites (Disaster Recovery)
Larger orgs might have different sites to host certain data - orgs might make deals with other orgs to use resources in time of need
Alternative Business Practices (Disaster Recovery)
How to use different accounting software, or how to take credit card payments in the event our main method goes down
After Action Reports (Disaster Recovery)
Documentation of everything that happened in a disaster
Site Resiliency
The process of moving from site to site to avoid/prevent disaster
Active-Passive
Network Redundancy. 2 devices are installed and configured, one is working and the other just waits for the first one to fail then it will take over
HA
High Availability - What can and is done to make sure data is always available to access - Load Balancing,
Active-Active (HA)
An Active-Active configuration in server or data center environments refers to a setup where multiple servers, typically at least two, are simultaneously active and processing requests. This design aims to increase both availability and load balancing, ensuring that even if one server fails, the other(s) can continue to handle the workload without downtime.
VRRP (HA)
VRRP (Virtual Router Redundancy Protocol): A standards-based protocol similar to HSRP, designed to allow multiple routers to share a virtual IP address and provide failover in case one router becomes unavailable.
HSRP (HA)
HSRP (Hot Standby Router Protocol): A Cisco proprietary protocol that allows multiple routers to work together to present the appearance of a single virtual router to end devices.
GLBP (HA)
GLBP (Gateway Load Balancing Protocol): Another Cisco proprietary protocol that provides both redundancy and load balancing by distributing traffic across multiple routers while still maintaining a single virtual gateway IP address.
DORA
Steps of DHCP, Discover=Find a DHCP server, Offer=Get an offer, Request=Lock in the offer, Acknowledge=DHCP server confirmation
DHCP options
IP address/Subnet/DNS arent the only thing that can be configured using DHCP. There are 256 values that can be configured by DHCP
SLAAC (DHCP)
SLAAC (Stateless Address Autoconfiguration) Used in IPv6. Self-Configuration: Devices independently configure their IPv6 addresses using information provided by router advertisements (RAs). These RAs are sent by routers on the network. Stateless: There is no central server keeping track of which devices are assigned which addresses. The router sends a prefix in an RA message and devices combine this prefix with their interface identifier (often derived from the MAC address) to create a unique IPv6 address.
Stateless Addressing
Assigning an IPv6 address to yourself, automatically. No separate server, no tracking of IP or MAC addresses, no lease time.
NDP
Neighbor Discovery Protocol. Replaces ARP, NDP uses multicast instead of broadcasts.
SLAAC
Stateless Address AutoConfiguration. Automatically configures an IP address without a DHCP server for IPv6
DAD
Duplicate Address Detection. A process in IPv6 that checks for duplicate IPv6 addresses on the network.
RS
Part of NDP. Router Solicitation. An IPv6 device can send out a packet to ask if there are any routers on the network. Sent to ff02::2
RA
RA (Router Advertisement) is a message sent by routers in an IPv6 network to inform hosts about network parameters and facilitate automatic configuration. It is part of the Neighbor Discovery Protocol (NDP), which operates in IPv6 (replacing functions previously handled by ARP and DHCP in IPv4). Routers can send unsolicited RAs
IPv6 bits
128 address
Aggregation (IPv4-6)
Where all networks and subnetworks are layed out logically. 1.x.x.x is the top of the internet, 1.25.x.x and 1.43.x.x are subnetworks connected to it, and 1.25.23.x, 1.43.76.x are sub-subnetworks connected to those. This way, routing can be done quickly and logically. But this doesn�t actually work in practice cause of complexities. IPv6 can properly use aggregation and therefore is faster
IPv6 Self-configuration
IPv6 addresses auto configure themselves - No ARP, no NAT, no DCHP (although there is some backwards compatibility)
Fe80::
The first section of a link local IPv6 address - fe80:0000:0000:0000
Link Local IPv6 Address
The IP address self-generated by each host - The first section of a link local IPv6 address - fe80:0000:0000:0000 - second part is generated from the MAC address through EUI-64
EUI-64
An algorithm that turns a MAC address into the last portion of a Link Local IPv6 Address - ff-fe is added to the middle of the MAC address - Some hosts will use a Randomizer to generate the last 4 sections for security reasons
List shorthands for IPv6
- You can drop the leading 0s. 2. You can reduce any long string of 0000s to just “::” but only once in the address
List the 2 IPv6 Address for each Host
Link Local Address: Generated by the host - Internet Address: Generated and given by the gateway
Subnetmask for IPv6
Is almost always /64 - Everything is CIDR with IPv6
Dual Stack (IPv6)
Means you’re running IPv4 and IPv6
Neighbor solicitation (IPv6)
A message sent from a client to all clients on an IPv6 network using ICMP v6 to give their MAC and IPv6 Address. The clients will respond and send out neighbor advertisements
Neighbor advertisement (IPv6)
Response from clients on an IPv6 network - clients send out their addresses and MAC to everyone else on the network
ICMP v6 (IPv6)
ICMP but for IPv6 - Internet Control Message Protocol - Works on the Internet layer of the TCP/IP model. No Port numbers in ICMP. Really isn’t any data - Ping is ICMP, doesn�t really send data, just want to check if someone is there and responding. ARP is also ICMP.
Temporary IPv6 Address
Clients will spin up several IPv6 addresses and can alternate using them for more security
Router Prefix (IPv6)
Networks up the tree will generate IPv6 prefixs and info for routers via DHCP v6
gTLD/TLD
Generic Top Level Domains. .com .org .edu
ccTLD/TLD
Country Code Top Level Domains. .us, .ca, .uk
Local Name Resolution
When you might need to override the DNS server, to access a test server, or if the DNS server is misconfigured. Your computer has a hosts file, and it contains a list of IP addresses and host names. The entries in the Hosts file are preferred. Not all apps look to the Hosts file
Forward Lookup
Device sends an FQDN to the DNS server, the server responds with an IP address
Reverse Lookup
Device sends and IP address to the DNS server, the server responds with an FQDN
Recursive DNS Queries
Describes the phenomenon of a DNS server discovering a record. The server will first ask the root DNS server where www.professormesser.com is, the root server will respond with the location of the .com TDL server. The requesting server can then ask the .com server, then the .com server will respond with the location of the professormesser.com nameserver, which will in turn tell the requesting server the IP of www.professormesser.com
Resolver (DNS)
The device making a DNS request
DNSSEC
DNSSEC (Domain Name System Security Extensions) is a set of extensions to the DNS (Domain Name System) that adds security to prevent certain types of attacks, such as DNS spoofing or cache poisoning. It ensures the authenticity and integrity of DNS responses, protecting against malicious actors who may try to inject fake DNS records into the network.
DoH
DoH (DNS over HTTPS) is a protocol that encrypts DNS queries and responses by sending them over HTTPS (the same protocol used for secure web traffic). It enhances privacy and security by preventing third parties from intercepting or tampering with DNS requests.
DoT
DoT (DNS over TLS) is another protocol designed to enhance the privacy and security of DNS queries by encrypting them. Similar to DNS over HTTPS (DoH), DoT ensures that DNS queries and responses are transmitted securely, but it uses TLS (Transport Layer Security), the same encryption protocol used to secure other internet communications like HTTPS, instead of HTTPS itself.
Secondary Domain Name
Google / totalsem / starpt
WWW
As opposed to mail.totalsem.com or ftp.totalsem.com. WWW can indicate the webserver of the domain. WWW is the host (A record) for the website. As ‘totalsem.com’ is the domain, not necessarily the website.
Authoritative Server
A kind of DNS server that has final authority within a domain. It�s the server that knows the IP addresses for the domain
Root Hints
The list of root servers and their IP addresses. The Root servers are the highest authority in DNS.
Interior DNS
A local DNS server that uses an internal domain that isnt out on the internet
Lookup zones
Classification of DNS records - Forward lookup, Reverse Lookup
Forward Lookup
Forward Lookup Zone - can resolve a name to an IP address - A record, mx record, cname
Reverse Lookup
Can resolve IP address back to domain name - a way mail servers can check if the mail came from the place it says it is coming from - the name is the network ID backwards followed by .in-addr.arpa - 50.168.192.in-addr.arpa
SOA
Start of Authority - The primary DNS server for the domain
Name Server
(NS) - Other DNS servers in the domain
A Record
DNS - a host address and name - IPv4 only
AAAA Record
DNS - a host address and name - but for IPv6
CNAME
Canonical Name - so you don�t have to type www. This is a DNS record that points totalsem.com to www.totalsem.com
MX Record
Mail Exchange Record - a special host record for mail.
SVR Record
Server Record - Service location record - Points to a server that has a service -
TXT Record
Just some text - used to be just like a notes sections in the DNS software - but now SPF and DKIM use the text records
PTR
Reverse of an A record - Maps IP address to FQDN. Used to perform Reverse Lookups
SPF
SPF (Sender Policy Framework) is a DNS record type used to prevent email spoofing by specifying which mail servers are authorized to send emails on behalf of a domain.
DKIM
DKIM (DomainKeys Identified Mail) is an email authentication method that allows the recipient to verify that an email was sent by the legitimate owner of the domain and that it hasn’t been tampered with during transit. It does this by adding a digital signature to the email. Public Key goes in the DKIM TXT record
NS Record
NameServer records. Points to the NameServers
NTP
Network Time Protocol - Uses UDP to synchronize time - Uses Port 123 - synchronizes time through time zones
PTP
PTP (Precision Time Protocol) is a network protocol used to synchronize clocks across a computer network with high accuracy. It is defined in IEEE 1588 and is widely used in applications requiring precise timing, such as telecommunications, industrial automation, financial systems, and scientific experiments. Usually runs on a separate piece of hardware
NTS
NTS (Network Time Security) is a security extension to the Network Time Protocol (NTP), designed to enhance the security of time synchronization over the internet. It was introduced to address vulnerabilities in NTP that could be exploited by attackers, such as man-in-the-middle attacks, time spoofing, and denial-of-service (DoS) attacks.
NTS-KE
Network Time Security Key Exchange. Another server that authenticates the NTP requests and responses via TLS. The client will ask the NTS-KE server for an authentication cookie, it will then take that cookie to the NTP server for a valid timestamp
VPN Concentrator
An Encryption/Decryption access device, often integrated into a firewall.
Endpoint 1 (VPN)
The virtual NIC a VPN creates on your laptop
Endpoint 2 (VPN)
The VPN server at the location you are connecting to
VPN Tunnel
The connection of endpoint 1 to endpoint 2
PPTP
Point to Point Tunneling Protocol - A kind of VPN Protocol used by Microsoft
L2TP/IPsec
Layer 2 Tunneling Protocol Over IPSec - Used mostly by Cisco
SSTP
SSL Tunneling Protocol - More common
IKEv2
IKEv2, or Internet Key Exchange version 2, is a protocol used to set up secure, authenticated communications for virtual private networks (VPNs). Developed by the Internet Engineering Task Force (IETF), IKEv2 is part of the IPsec (Internet Protocol Security) suite, which provides a framework for secure communications over IP networks.
Client-to-Site VPN
Model of VPN - Traditional Office use VPN - Connects a computer to the office
Site-to-Site VPN
Always on, a VPN tunnel from two sites where all data is always encrypted while travelling through the tunnel
Clientless VPN
Usually runs inside of a browser running HTML5. Doesn�t require any client.
Split Tunnel
Only some (work) traffic goes through the VPN Concentrator
Full Tunnel
All traffic coming from your machine goes to the VPN Concentrator
TightVNC
Tight Virtual Network Computing - a kind of RDP - VNC is cross platform, Windows to Mac
TightVNC Port
5900
Jump box/Server
A single server through which you can connect to many servers. SSH/VPN to the jump server