N10-009-Section_6_Bonus Flashcards
List the 4 layers of the TCP/IP Stack
Application, Transport, Internet, Link
Describe the Application layer (TCP/IP)
Represents data users, encode and controls the dialog (Maps to the Application, Presentation, and Session layers of the OSI)
Describe the Transport layer (TCP/IP)
Supports communication between end devices across a diverse network (Maps to the Transport layers of the OSI)
Describe the Internet layer (TCP/IP)
Provides logical addressing and determines the best path through the network (Maps to the Internet layer of the OSI)
Describe the Link layer (TCP/IP)
Controls the hardware devices and media that make up the network (Maps to the Data-Link and physical layers of the OSI)
SONET
Backbone of the internet, as opposed to Ethernet as a standard, SONET works with higher level systems / Tier 1 internet
Define ARP
Address Resolution Protocol - If a computer has an IP address for another computer but doesn�t have the MAC, it will send out a broadcast to ask for the MAC associated with that IP so it can send frames to that computer. ARP resolves MAC addresses from IP addresses
What command can you run to see the stored ARP data on a computer (Windows)
arp -a
Whats the Broadcast Address for ARP
FF:FF:FF:FF:FF:FF
Define IANA
Internet Assigned Numbers Authority - They made up the classes of IP addresses and hand IP ranges out to RIR (Regional Internet Registries)
Define RIR
Regional Internet Registries - organizations in charge of managing internet/ip standards for large sections of the world (North America, Asia, etc,,,) - RIRs give IP addresses to ISPs
What is ::1
Loopback address for IPv6
Static NAT (SNAT)
Static NAT is a one-to-one mapping between a private IP address and a public IP address. This means that each private IP address is permanently mapped to a specific public IP address. One-to-One Mapping: Each private IP is always mapped to the same public IP, regardless of when or how many times the private device communicates with external networks.
Dynamic NAT (DNAT) (pooled NAT)
Dynamic NAT automatically maps a private IP address to a public IP address from a pool of available public IPs. Unlike Static NAT, the mapping is not fixed and can change every time the private device sends traffic.
Port Triggering
Can trigger a different port to forward when receiving on a defined port. Example: FTP, you can set port forwarding to trigger ports 20 and 21 when a request is sent on port 20. Conditional Port Forwarding. Closes the forwarded port after the session is finished
Cisco IOS
Cisco CLI
What is IGMP?
Internet Group Management Protocol - Works on the Internet layer of the TCP/IP model. Used in Multicast, a video server will assign the data to a multicast address. 1 video stream can enter a network and the router will propagate the data to all computers who are requesting the stream.
What is in the IGMP Packet?
Source Address, Group Address, Checksum, Type - The group address is a multicast address that all computers on a network, who are requesting the video, can use to receive the stream.
What is tracert (Windows) or traceroute (Linux)
Command that allows you to check all the hops from your router to another
What is Pathping
Same as tracert but it uses a different protocol so it can succeed where tracert might fail
What is Wireshark
A protocol analyzer
Netstat
Command that will show the active connections on your computer
Netstat -n
Presents the results numerically (no dns names, just IP addresses)
Netstat -b
Shows the executable for each connection
Netstat -bn
Netstat with b and n switches
Netstat -a
Shows all active ports, even those without connections
Netstat -r
Shows the local routing table - nothing to do with netstat - same as route print
Microsoft IIS
Internet Information Service
Apache
Open source web server software (vs IIS)
What is the purpose of the Anonymous account on an FTP Server
This account allows public access to the FPT server
Traditional TLS (In Email Encryption)
Used the standard unencrypted ports to start the connection then switched over to the encrypted ports. IMAP 143 -> 993, POP 110 -> 995, SMTP 25 -> 465 (or 587)
TLS
TLS (Transport Layer Security) is a cryptographic protocol designed to provide secure communication over a computer network. It ensures:
STARTTLS
Still TLS, but at no time was it in an unencrypted state - All 3 protocols worked on 587 (although you may find questions that state it uses 465)
SSH uses an authentication key
SSH uses an authentication key
What is SNTP?
Simple Network Time Protocol - Uses UDP to synchronize time - Uses Port 123
What is Stratum 0 (Network Time)
A level of time keeping devices that keep near perfect time - Atomic clocks, GPS, Radio Waves
What is Stratum 1-15 Server/Clients (Network Time)
Servers that synchronize within a few milliseconds of the stratum 0 devices, and so on and so forth
Exhausted DHCP scope
You’ve run out of addresses in the set scope (192.168.1.2-254) - Sometimes this can be because the lease time is set for too long and a bunch of devices still have leases that are no longer connected to the network
Net view
Lists what computers your computer can see within the workgroup
Net user
Lists who you are in terms of the network - what computer you are on and what the account name is
Net view \<computer_name></computer_name>
Lists the shares that the designated computer has available
Net use
Can map a drive - net use w: \server\share
Net share
Share a resource - net share nickname=C:\users\zach.lee\myfolder
Net accounts
Lists settings for account - password expiration and length info
Net start
Lists the network based services that are running on the system - can also start a stopped service
Net stop
Turn off a service - net stop “world wide Web Publishing Service”
NetBIOS
NetBIOS (Network Basic Input/Output System) is a software interface and networking protocol that allows applications on separate computers to communicate over a local area network (LAN). It was developed in the 1980s and is often used in Windows networks. This service also resolves names across a network, computers can communicate by name
LLMNR
The new NetBIOS - Linked Local Multicast Name Resolution
Windows Name Resolution
On a domain, its done through DNS, but off domain, there are options like NetBIOS and LLMNR
Nbtstat -n
Lists what the computer’s name is and if it is registered under said name
Registered Names
Windows systems keeps track if its name and propagates it through the network
Nbtstat -c
Lists the cache of names your computer knows about - doesn�t keep the cache for long
Nbtstat -a (system_name)
Like running nbtstat on another computer - shows its name information
Nbtstat -r
Lists stats on what the computers been doing on the network - what computers it’s been talking to
Nbtstat -R
Uppercase R - clears remote cache table
Nbtstat -RR
Uppercase RR - Rebroadcasts your registered information out on the network
Dynamic DNS (DDNS)
A service that automatically updates DNS records. If you have a device or server with a DHCP address, its difficult to map this to a domain name cause it might change. DDNS will keep track of these changes so its not an issue. There is a DDNS client on the device or router that will update the DDNS server if its IP address changes.
Ipconfig /displaydns
Lists the DNS cache on a computer
Nslookup
Name saver lookup - Most DNS servers are locked down and wont respond - You can get the answer to “Is this a DNS server?” and “is it running”? - Know what the output of this command looks like
DIG
Domain information groper - doesn�t come with windows - Needs software like EzDig - Can test DNS servers and query them for information - Most DNS servers are locked down and won’t respond - You can get the answer to “Is this a DNS server?” and “is it running”?
CIA of security
Confidentiality, Integrity, Availability
Non-repudiation
Non-repudiation in network security is a method to ensure that a user or a system cannot deny the authenticity of their actions or communications. It provides proof of data integrity and authenticity, typically through mechanisms like digital signatures and encryption, making it possible to verify the origin and integrity of data.
Symmetric Encryption
A method of encryption in which data can be encrypted and decrypted with the same key - To decrypt you need an algorithm and the key
Asymmetric Encryption
Uses a public key and a private key - Public key to encrypt, private key to decrypt. (Key pair) - An algorithm is used to create a private and public key pair. The two are tied together mathematically, but cannot be derived from each other. Each side of the encryption has their own pair. Each side gives the other a copy of their public key. When sending info to side B, Side A can use Side B’s public key to encrypt the data, then send it to side B, then B can decrypt with its private key
Hash
An algorithm that will transform a chunk of data to a fixed size value (no matter the length of the original data) - This can be used to verify that data has not changed or is the same. Take the input data and run it through the Hash, then match the output of the hash
List types of common Hashes
MD5, SHA1 and SHA2 (SHA2 = SHA256, and more)
Authentication Attributes (AAA)
Something you do (Signature), Something you exhibit (typing speed), Someone you know (Signed Cert from a trusted source), Someone you are (Location)
MAC (AAA)
Mandatory Access Control - Label is put on the resource and that defines what you can do with the resource
DAC (AAA)
Discretionary Access Control - Owner can be added to the resource - other people can be readers and writers
Radius provides AAA (Just a note)
Radius provides AAA
Radius Supplicant
The device - Computer / phone
Radius Client
The Access Point that has been setup for Radius
Radius Server
The server through which authentication is done
Radius Database
Part of the radius server but might not be the radius server itself. Could be a domain controller the radius server checks
TACACS+ User
The person signing in
TACACS+ Client
A router / switch
TACACS+ Server
The server through which authentication is done
Kerberos
Designed to do Authentication for local area networks. Kerberos is a Microsoft Product and a copy of Windows Server must be bought to use it.
Key Distribution Center
When a computer is setup to be Domain Controller it automatically becomes a Kerberos KDC. KDC consists of 2 services, Authentication service and Ticket Granting Service
TGT
Ticket Granting Ticket - Given to a computer after authentication by the Authentication Service (Computer is now authenticated, but not authorized), the computer then timestamps the TGT and gives it back to the Ticket Granting Service, TGS timestamps it again and sends a Token back to the computer. The token can be used to authenticate to other computers on the network
EAP
Extensible Authentication Protocol - Allows multiple authentication methods to interplay with each other. Kerberos is mostly used over wired networks, PPP is used over wireless.
EAP PSK
EAP Pre-shared key - Common key everyone uses to login
PEAP
Protected Extensible Authentication Protocol - uses standard username and password
EAP MD5
EAP-MD5 (Extensible Authentication Protocol - Message Digest 5) is an authentication method used in network security, particularly in wireless and PPP (Point-to-Point Protocol) environments. It employs the MD5 hashing algorithm to provide authentication for a user or device attempting to connect to a network.
EAP TLS
EAP-TLS (Extensible Authentication Protocol - Transport Layer Security) is a highly secure EAP authentication method widely used in wireless networks and VPNs. It leverages TLS (the same protocol used for HTTPS) to provide strong mutual authentication between clients and servers.
EAP TTLS
EAP-TTLS (Extensible Authentication Protocol - Tunneled Transport Layer Security) is an EAP authentication method that enhances security by encapsulating client authentication within a secure TLS tunnel. It provides flexibility in how user credentials are transmitted while maintaining robust encryption.
Single Sign On
Single password and username used to authenticate through multiple devices and resources - Managed by AD (or something else)
Federated Systems
Systems on the same domain - the same domain means they have a trust relationship with each other
Unsigned Cert
No third party vouching for the cert - it�s a cert created in house - Can be used if there is another level of trust somewhere, like “you work for me” so you trust the cert I generated is legit
Web of Trust
Multiple users who trust each other. Over time, there is a bunch of people who trust other people who trust other people etc� Difficult to maintain
Change the default password on switches (just a note)
Change the default password on switches
Data VLAN
Traditional VLAN
Voice VLAN
Prioritizing Voice traffic to improve Qos for voice
InterVLAN Routing
Virtualization of a Router so VLANs on the same switch can talk to each other without a separate router
You can use a router to connect between 2 VLANs (just a note)
You can use a router to connect between 2 VLANs
802.1Q
Protocol that allows trunking to happen across switches from different manufacturers - Needs to be enabled
VTP
VLAN Trunking Protocol - Cisco Proprietary - Used to automate the updating of multiple VLAN switches
Consol/Rollover/Yost Cable
Cable used to connect a computer to a switch or device. Uses the console port
Enable (Cisco IOS)
To enter privileged mode
> (Cisco IOS)
Regular mode
(Cisco IOS)
Privileged mode
Show running-config (Cisco IOS)
Gives information about the switch configuration
Show interface fa 0/1 (Cisco IOS)
Shows the information for Fast Ethernet port 1
Runts (Cisco IOS)
Packets that are underneath the required Ethernet standard amount of bytes
Giants (Cisco IOS)
Packets that are over the required Ethernet standard amount of bytes
Show route
Command that could be on a layer 2 switch or router - displays the routing table
Copy run start (Cisco IOS)
To save your configuration changes - copys the altered configuration to the running configuration
Switch Port
Cisco coined the term - a port with no IP address - to differentiate it from router ports or network card ports - Don�t work on layer 3
Root Bridge
Root switch - when switches are plugged in they negotiate based on distance to each switch which switch should be the boss
Root Guard
Solution to prevent malicious switches from being plugged in and designating themselves as the root bridge. Once the Root Bridge is established, the MAC address is cached so that all switches know if there is an imposter trying to act as the Root Bridge
BPDU Guard
Bridge Protocol Data Units Guard - Ports can be configured to only work for computers and not for other switches. This guards against another switch being plugged in. When switches are plugged in they send out BPDUs and the ports with BPDU Guard enabled, will disable themselves
DHCP Snooping
You can designate ports on a switch to know that they are connected to a DHCP server, that way if another DHCP server is plugged in the switch can detect and ignore/disable
Port Bonding / Port Aggregation
Combining 2 ports on a switch to increase bandwidth. If you have a trunk port that is overwhelmed, you can bond another port to it to help with the load
Port Bonding Setup
Create a group first, then add the ports to that group
Port-Channel
A group in a cisco switch for port bonding
Bonded ports active vs passive
One port needs to be active on one of the 2 devices (or both ports active). If both are passive it won’t work
Round Robin via DNS
A DNS server that can load balance to multiple servers hosting the same information - All servers will be in a lookup zone
DNS Delegation (Load Balancing)
The DNS server will have reverse lookup zones to see where the client is coming from, then it can delegate that traffic to the closest server
Server-side load balancing
Requires some software that is in the same location as the server - This software/box can manage the load for a group of servers
Clustering
Servers can have a separate network they can talk to each other on, this way they can verify data and make sure they all are the same
Interior Firewall
A Robust firewall that sits between our computers and a DMZ - Or another section of your network that needs to be blocked
DNS and IPv6
DNS can be a little difficult on IPv6 cause addresses are aggregated and distributed from on high by DHCPv6, your clients will often get DNS server info from the router<ISP. Most of the time this is fine, but if you need to use an internal DNS server it can mess things up
VNC
Remote Desktop Client - Unencrypted
Tunnel
Tunnel is when you create a secure connection between two networks or devices, then run an app through the secure connection - SSH creates a secure connection, then VNC runs on the SSH connection so it is secure - Tunning is to provide encryption where there normally isnt
BWDM or BWM
Bidirectional Wavelength Division Multiplexing - Fiber technology - Allows a single fiber connection to carry multiple signals by using a different wavelength and/or color
DWDM
Dense Wavelength Division Multiplexing - More popular than BWDM, Allows a single fiber connection to carry multiple signals by using a different wavelength and/or color - Supports 150 signals
CWDM
Coarse Wavelength Division Multiplexing - Simpler than DWDM but cheaper
Private WANs
Private WANs (Wide Area Networks) are networks that connect geographically dispersed locations using private, dedicated connections instead of public infrastructure like the internet. These networks are typically used by organizations to securely connect their various sites (such as branch offices, data centers, and remote locations) over long distances.
MPLS
Private WAN technology - Multiprotocol Label Switching - Provides more efficient connections - Uses a label system within packets to direct
Metro-Ethernet/optical
Private WAN technology - Metropolitan Area Network (MAN) Secure Private Network within a city that doesn�t use the internet, so doesn�t need to be as secure. Cheaper
Symmetric DSL
Download and upload are the same
Asymmetric DSL
Higher speed download than upload
DSL Filter
Would plug into a telephone and filter out the DSL noise
VDSL
Very High bit rate DSL - Same tech but uses fiber
MAC Address Clone
Cable modems don’t like when the MAC address of what they are plugged into changes. MAC Address Clone is how a router can grab and use the MAC address from a computer to make the cable modem happy
ICA
The company Citrix used Independent Computing Architecture for the first remote desktops
CSMA/CA
Carrier-Sense Multiple Access with Collision Avoidance - Part of 802.11 - Wireless clients don�t send anything unless the coast is clear to avoid collisions
DSSS
Digital Sequence Spread-Spectrum - Old - One form of the actual transmission of data - the Singal is spread across the sub frequencies of a single channel so that if one copy gets stopped the others get through
OFDM
Orthogonal frequency-driven multiplexing - Newer - One form of the actual transmission of data - Wider range of spread than DSSS - used on 5Ghz spectrum
DHCP issue limiting
You can limit the amount of DHCP leases that can be distributed for security reasons
Remote Management (Access Points)
Allows you to connect wirelessly to the AP instead of plugging straight in
Client Isolation
Means clients can connect to the AP, but not to each other, even though they are on the same broadcast domain
Deauthentication Attack
When software is used on a network to trick clients into thinking they need to re-connect (re-authenticate) to the wifi so they can connect to the Evil Twin
List 4 environmental interference for WiFi
Reflection (Metal), Refraction (Glass), Absorption (Concrete), and Attenuation (Distance)
Mesh Network (Wireless)
Uses Mesh WAPs - Uses 1 main WAP - other nodes communicate among each other and transmit back to the WAP
Changes to the network (wifi-profile) can cause slowness
Forget and re-connect
Over capacity (Wireless)
Causes slowness - not enough WAPs for the clients
List the 4 parts of Virtualization
- Computer, 2. Hypervisor, 3. Virtual Machine, 4. VDHX
Type 2 Hypervisor
Hypervisor that runs ontop of the OS (Hyper-V)
Type 1 Hypervisor
Hypervisor that boots up as the computer - VMWare?
Scalability (Cloud)
Benefit of virtualization - the ability to take a VM and add more system resources
Security Implications (Cloud)
Cloud providers can setup different accounts with different permissions to hold to the principle of least privilege
VDI
Virtual Desktop Interface - Not the same as DaaS - more in-house servers that provide a windows (or other) desktop and apps - Like how a student can login with a chromebook
Automation (IaC)
Automation in IT is the process of using scripts or tools to perform repetitive tasks without human intervention. It covers a wide range of tasks, from installing software and deploying applications to testing code and monitoring systems.
Orchestration (IaC)
Orchestration involves coordinating and managing a series of automated tasks across multiple systems or services to achieve a goal. It�s typically used to manage more complex workflows where multiple automated tasks need to interact in a specific order.
Orchestration goes beyond individual task automation to handle the entire process or workflow, which might involve multiple services, environments, or dependencies.
Distributed Switching
Centralized configuration of multiple switches on a network
SAN Controller
Device that manages the SAN storage - connects with a special connection - Fiber Channel or iSCSI or Fiber Channel over Ethernet (FCoE)
Multipathing (SAN)
Several Network Cards/Paths to connect the SAN. For redundancy
HBA
Host Bus Adapter - connects a computer to a Fiber Channel connection
Pod (Classic DC)
A group of racks served by a single top of rack switch (or 2 for redundancy)
Infrastructure Plane/Layer
Infrastructure Plane: SDN - This plane consists of the physical and virtual networking devices (switches, routers, etc.) that make up the network�s hardware layer. It underpins all other planes, as it includes the tangible elements through which data flows.
Application Plane/Layer
Application Plane: The application plane in SDN contains network applications and services that can request resources from the control plane. These applications can include things like security, load balancing, or network monitoring tools, providing functionality based on network insights and control policies.
PDU
Power Distribution Unit - Takes AC from the grid and usually converts to DC (but not always) distributes the power to the devices in a rack -
Logical Network Diagram
Diagram of IP addresses and how stuff connects - not concerned with how stuff is laid out physically
Baseline Configurations
Documentation of the baseline CPU/Power and other usages so it can be compared against times of high usage or issues
CAN
Campus Area Network - several buildings connected together
PAN
Personal Area Network - bluetooth devices that are connected
Unified Communications
Voip on steroids - Phones/systems with cameras/mics and screens for video conferencing/real time - Has devices and servers that support
Video Conferencing vs Real Time video
Video Conferencing is one way, everyone can hear/see the speaker - with Real Time everyone can talk at once (Teams)
UC Device
Unified Communications Device - Camera Phone
UC Gateway
Unified Communications Gateway - Device to connect UC devices to other UC devices across networks
Medianet (UC)
A bunch of UC Gateways that work together to promote QoS for UC traffic
RTP (UC)
Realtime Transfer Protocol - used in Unified Communications - UDP port 5004, 5005
SIP (UC)
Session Initiation Protocol - used in Unified Communications - TCP ports 5060, 5061
H.323 (UC)
International Telecommunication Union protocol - controls and switches how audio/video travel over a network TCP port 1720
MGGP (UC)
Media Gateway Control Protocol - UDP/TCP ports 2427, 2727
ICS
Industrial Control Systems - Where automation is used to control processes
Controller / ICS Server (ICS)
A PC that controls some part of an industry machine - can be sensors or actuators
Interface (ICS)
The place where a human can interact with the ICS server and monitor or make changes
DCS (ICS)
Distributed Computer/Control Systems - Extension of ICS - Several systems each controlled by an ICS server, then a main DCS server to control them all
SCADA (ICS)
Supervisory Control and Data Acquisition - Designed for long distance stuff like Oil piplines or railways - ICS systems need to be more ready to control cause it may take time before a human can get onsite and interact - SCADA has a remote terminal unit (not used in traditional ICS)
PLC (ICS)
Programmable Logic Controller - A computer (no monitor/keyboard) to run a system, usually has a special OS that is for the machine
HMI (ICS)
Human Machine Interface - a computer with an interface specific to the machine being monitored
Security Risks
Dangers that can expose a network to attacks
Business Risks
Dangers that can interfere will daily operations and productions
AUP
Acceptable Use Policy - Document that states the limits of use on a device, defines ownership of the device, defines what websites you can access or what software you can use
RAP
Remote Access Policy - Defines how you can connect to a network from outsite the network, you have to use a VPN, or an Ipsec VPN
Password Policy
Defines the password requirements
IT Safety Policy
How to lift heavy objects, equipment handling and safety
NDA
Nondisclosure Agreement - binds you to silence about certain things
License Restriction
Any ruleset that controls how you handle licensing for certain products, usage, transfer of licenses (to another entity) License renewal
International Export Control
Restrictions on information that is sent outside the US, military info, nuclear info, license keys
Strategic Change
Strategic Change: This type of change involves long-term goals and typically affects the organization’s overall direction or objectives. Strategic changes might include adopting new technologies to stay competitive, aligning network design with business goals, or implementing wide-scale security policies. They are often high-level, planned changes that require significant resources and planning because they impact the organization�s future path.
Infrastructure Change
Infrastructure Change: This is more focused on modifying the network�s physical or virtual infrastructure to improve performance, scalability, or reliability. Infrastructure changes might include upgrades to network hardware (like routers, switches), introducing more bandwidth, or making adjustments to support new software applications. These changes are generally operational and are often performed as part of routine network maintenance.
List the steps of a Change Request
- Type of Change, 2. Configuration Process, 3. Rollback Process, 4. Potential Impact, 5. Notification (of the org, to the change)
Last step of change management
Documentation
List the 2 types of Threat Assessments
External Threats, Internal Threats
External Threats
Malware, hackers, social engineers
Internal Threats
Employees - bad actors or accidents
Vulnerability Assessment
Old computer, unpatched software
Posture assessment
Posture Assessment refers to the evaluation of an organization�s overall security status. This process involves examining the network, devices, software, policies, and user behavior to determine how well they align with security best practices and regulatory requirements. A posture assessment aims to identify vulnerabilities, assess potential threats, and determine the level of risk the organization faces.
List the 2 types of Business Risk Assessments
Vendor Assessment, Process Assessment
VIP
Single IP address that several servers in a cluster use. So from the outside it only looks like one server, but the inside has redundancy and load balancing
Fault Tolerance
The ability of a system to withstand disruptive events or component failure
Single Point of Failure
Artosis Pylon
MOU
Memorandum of Understanding - Defines an agreement between two parties, used where a legally binding contract is inappropriate - All hospitals in a city make an MOU to take each others patients in case of a disaster
MSA
Multi-Source Agreement - Serves in lou of a standard - Two companies can agree to make parts for their proprietary equipment that work with each other. Might eventually become a standard
SOW
Statement of Work - Legal contract between two parties (vendor and customer) - Defines services to be performed, time frame/deliverables, defines milestones/progress
List the 4 steps of the first responder (Incident Response and Forensics)
- Secure the area, 2. Document the Scene, 3. Collect Evidence, 4. Interface with Authorities
Chain of Custody
Paper trail of who has what access to what evidence as it progresses through authorities
Legal hold
Process of an organization preserving and organizing data in anticipation of a pending legal case
Electronic Discovery (e-discovery)
The process of requesting the data and providing it in a legal way
BYOD Policy
Allows user to bring their own device for work purposes. The policy can define how the device is used and what may be wiped in the offboarding process.
COBO
Corporate-owned, Business only - Business owns all devices
COPE
Corporate-owned, personally Enabled - Business owned, but the user will receive some guidelines on how they can use the device for personal stuff
CYOD
Choose your own device - Users can
Defense In Depth
A layered system of security measures. 1. Perimeter, 2. Network, 3. Host/Endpoint, 4. Application, 5. Data
Perimeter Layer (Defense In Depth)
Doors/locks
Network Layer (Defense In Depth)
Security can be implemented using network segmentation enforcement (VLANs) and network access control
Host/Endpoint Layer (Defense In Depth)
Endpoint security, updates
Application Layer (Defense In Depth)
Apps can be tested on a VM to make sure they don�t create vulnerabilities on the network
Data Layer (Defense In Depth)
Separation of duties - no user has access to every part of a system or process, encryption probably
Volume Attack
A type of DoS attack, just a ton of nonsense to deny service, ping flood, UDP flood
Protocol Attack
A type of DoS attack, does something unusual with the underlying protocol (DNS, HTTPS) that causes the server to do weird things and keep it from answering quickly. Syn Flood, or SYN/TCP attack. Client will continuously send SYNs to the server and never wait for a SYN ACK response.
Application Attack
A type of DoS attack, attacks the application directly that keeps the app on the server from resolving quickly. Slow Loris Attack - client will initiate the session with the server, and never respond making the server wait for responses that never come
Amplification Attack
Smurf attack - Attacker spoofs the websites IP address so everyone on the network starts talking back to the target
C&C
Command and Control - when malware is propagated from a single computer throughout a network to create a botnet
Typosquatting
URL highjacking - www.googel.com
Domain Highjacking
When an org doesn�t update their domain and someone else grabbed it first
Replay Attack
A Replay Attack is a type of network attack where an attacker intercepts valid data transmissions and re-sends them to deceive the recipient into thinking it�s legitimate communication. In essence, the attacker “replays” or duplicates a previously captured message to gain unauthorized access or perform an action on behalf of the sender.
Downgrade Attack
Makes a server provide a downgraded level of security (for a webpage) so it can be exploited
Session Highjacking
Two people are already talking, and someone gets in the middle of the session and injects information
DoD 5220.22-M
Department of Defense standard for wiping data - drive has to face at least 3 passes of reformatting
Adware
Not exactly malicious, but annoying
Spyware
Keyloggers, hides and tracks data
RAT
A Remote Access Trojan (RAT) is a type of malware that provides an attacker with unauthorized remote access to a victim’s computer. Once a RAT is installed on a target system, it allows the attacker to monitor user behavior, access sensitive information, activate the webcam or microphone, capture keystrokes, and control files and applications remotely.
Ransomware/Crypto-malware
Locks a computer/files until you pay
Backdoor (malware)
Opening in a software for maintenance
List kinds of Social Engineering
Dumpster Diving, Phishing/Whaling, Shoulder Surfing, Eavesdropping, Tailgating/piggypacking, Access Control Vestibule (Mantrap), Masquerading (impersonating)
CVE
Common Vulnerabilities and Exposure - A list of common vulnerabilities. Each vulnerability has an ID number
CAN
CVE Numbering Authority
Zero-day vulnerability
The unknown flaw that a hacker finds
Zero-day exploit
The method the hacker uses to attack the vulnerability
Zero-day Attack
An attack with no known vulnerability, the attack itself (in the 3 steps)
Deterrent Physical Control
Outside Lighting, Signage (warning sign), Security Guards
Preventative Physical Control
Fence, Mantrap, Air gaps (separates important cables from everything else), Safe/Cabinets, Locks, Cable Locks, Screen Filters
K Ratings
Strong Fences that can stop vehicles (15,000lb). K4=30mph, K8=40, K12=50
Detective Physical Tools
Alarms, Cameras, Motion Detectors, Log FIles
Compensating and Corrective Controls
Security Guard Guarding a broken fence
DAI
Dynamic ARP Inspection - Cisco - Compiles a list of known-good MACs and Ips
Switch Port Protection
Term for port security
Disable Unused Switch Ports
Or unneeded network services such as ICMP
RA Guard
RA is unsecure, RA guard protects from rogue RA messages
CoPP
Control Plane Policing (CoPP) is a feature used in networking devices (such as routers and switches) to protect the control plane by regulating and controlling traffic destined for it. The control plane is responsible for processing network control traffic (like routing updates, management protocols, and ICMP messages). If left unprotected, it can be overwhelmed by malicious or excessive traffic, leading to degraded performance or even denial of service.
Bastion Host
The router on the internet side of a DMZ
Network Firewall (Hardware Firewall)
The firewall at the edge of a network
UTM
Unified Threat Management - Firewall/VPN Endpoint/Proxy/Anti-Malware - Threat Management at every level
Stateless Firewalling
Original Firewall - Filters based primarily on IPs and MAC - Weakness is that you have to identify and tell the firewall literally what to block - it�s a dumb firewall
Stateful Firewalling
Smart Firewall - Creates a State Table - Keeps track of what is going out so that it expects what will be coming back in
DPI (Firewalling)
Deep Packet Inspection - Firewalls can look and block based on application and context - Application or Context Aware (runs at Layer 7 of OSI)
Network Monitoring
Link State, Temperature, Electrical Load, Duplex and Speed, Send and receive traffic, CRC errors, Giants and Runts, Encapsulation Errors
Error Rate
Frames or Packets that are malformed or fractured
Packet Drops
Measure the amount of packets a device can’t handle
FIM
File Integrity Monitoring (FIM) is a security control that tracks and detects changes to files and directories in a system. It helps ensure the integrity of critical system and configuration files by monitoring for unauthorized or suspicious modifications, additions, or deletions.
Normalization
The act of a database creating different tables to subset data in smaller chunks (Clinic_Location_Information, Clinic_ISP_Info, instead of all in the same row)
WORM
Write Once, Read Many
Splunk
Software - system Monitoring software/graphs
ArcSight
Software - system Monitoring software/graphs
ELK
Elasticsearch, Logstash, Kibana - Software - system Monitoring software/graphs
Transmitter (TX)/Receiver (RX) transposed
Transmitter (TX)/Receiver (RX) Transposed refers to a common connectivity issue where the transmit (TX) and receive (RX) connections are swapped between two devices during cable setup. This miswiring prevents proper communication because the transmitting signal from one device fails to align with the receiving signal of the other device.
Mismatch (Transceivers)
Mismatch (Transceivers) refers to an incompatibility or misalignment between the specifications or operational parameters of transceivers, which can lead to communication errors, degraded performance, or failure to establish a connection.
Signal Strength (Transceivers)
Signal Strength (Transceivers) refers to the power level of a transmitted or received signal in a transceiver system. A transceiver, which combines both a transmitter and receiver, relies on signal strength to determine the quality and reliability of communication.
IIoT
Industrial Internet of Things - IoT but for industry
Jump Box/Host
Jump Box/Jump Host in the context of CompTIA Network+ refers to a secure, controlled system that acts as an intermediary or “gateway” for accessing and managing devices or systems within a network, typically in a secured or isolated environment (e.g., DMZ or internal network).
In-Band vs Out-of-Band management
In-Band vs Out-of-Band Management refers to two methods of accessing and managing network devices like routers, switches, and servers for configuration, troubleshooting, and maintenance.
Prefix Length
In networking, prefix length refers to the number of bits used to represent the network portion of an IP address. It is commonly expressed in CIDR (Classless Inter-Domain Routing) notation, where the prefix length is written after the IP address, separated by a slash (e.g., 192.168.1.0/24). The prefix length determines how many bits of the IP address are used to identify the network, and the remaining bits identify hosts within that network.
VIP
VIP (Virtual IP Address) is an IP address that is not tied to a specific physical network interface or device but instead represents an abstracted address used in various networking scenarios. A VIP allows for better management, load balancing, and redundancy across a network.
VLAN Database
A VLAN Database is a configuration on network devices (such as switches or routers) that contains the list of VLANs (Virtual Local Area Networks) configured within the network. This database is used to manage VLAN IDs, their associated names, and sometimes the VLAN-specific settings like ports, IP addresses, and routing configurations. It helps network devices understand the structure of VLANs in the network and how to handle traffic accordingly.
OWE
In wireless networking, OWE stands for Opportunistic Wireless Encryption. It is a security feature introduced as part of the Wi-Fi Alliance’s WPA3 standard to enhance the security of open Wi-Fi networks (those without a password). This connection blocks connection to other devices on the network.
CAPWAP
Control and provisioning of WAPs - Manages multiple WAPs from one place
Port-side Exhaust/Intake
In the context of networking, rack or server management, the terms port-side exhaust and port-side intake typically refer to the airflow direction and positioning of cooling systems in data centers or server racks. These terms are especially relevant for managing server cooling and optimizing airflow to prevent overheating and ensure the efficient operation of networking equipment and servers.
Direct Connect (Cloud)
Direct Connect (often referred to as AWS Direct Connect, but also applicable in other cloud environments) is a cloud service offering that provides a dedicated, private network connection between a user�s on-premises infrastructure and a cloud service provider (such as Amazon Web Services - AWS, Microsoft Azure, or Google Cloud). The primary goal of Direct Connect is to provide a more reliable, consistent, and secure network connection compared to using the public internet.
Network Security Groups (Cloud)
Network Security Groups (NSGs) are a key component of cloud security, particularly in services like Microsoft Azure and other cloud platforms. NSGs act as virtual firewalls that control inbound and outbound traffic to and from network interfaces (NICs), virtual machines (VMs), subnets, or other cloud resources within a Virtual Network (VNet).
Network Security Lists (Cloud)
Network Security Lists (NSLs) are a security feature in cloud environments, specifically in services like Oracle Cloud Infrastructure (OCI), that allow you to define security rules to control traffic flow to and from resources within a Virtual Cloud Network (VCN).
TFTP
Port 69 - TFTP (Trivial File Transfer Protocol) is a simple, connectionless file transfer protocol that is primarily used for transferring small files over a local network. TFTP is based on UDP (User Datagram Protocol), which makes it faster than protocols like FTP or SFTP but also less reliable because it does not have built-in error recovery mechanisms or connection management.
NTP (Port)
Port 123
Syslog (port)
Port 514 - Syslog (System Logging Protocol) is a standardized protocol used to collect and store log messages from network devices, servers, and other systems in a network. It allows for centralized logging and monitoring of system events, making it easier for administrators to track and troubleshoot issues.
LDAP Over SSL or LDAPS
Port 636 - LDAP over SSL (often referred to as LDAPS) is a secure version of the Lightweight Directory Access Protocol (LDAP), which is used for accessing and maintaining distributed directory information services over a network. LDAPS encrypts the LDAP communication by using SSL/TLS (Secure Sockets Layer/Transport Layer Security) to secure the connection between the client and the LDAP server.
SQL Server (Port)
1433
SIP (Port)
5060/5061