Network Flashcards
Layer 1
Physical
Layer 2
Data Link
Layer 3
Network
Layer 4
Transport
Layer 5
Session
Layer 6
Presentation
Layer 7
Application
Physical
Layer 1
Data Link
Layer 2
Network
Layer 3
Transport
Layer 4
Session
Layer 5
Presentation
Layer 6
Application
Layer 7
Usually, layer 6 (______) and 7 (_____) are _____ together.
Usually, layer 6 (presentation) and 7 (application) are joined together.
At layer 2, devices are identified by
MAC addresses
At layer 3, devices are identified by
IP addresses
Protocol that translates L3 addresses to L2 addresses
ARP, from IP to MAC
Security in depth is also called
layered security
A server that manages several VPN tunnels is called
A VPN Concentrator
A general vulnerability of having a UTM appliance is…
It’s Single Point of Failure (SPoF)
A Web Security Gateway can be used as a _____ ______ prevention measure.
data loss
A Web Security Gateway’s main role is
applying corporate policies to internet traffic
A WAF operates on layer…
7 (application)
MOU
Memorandum of Understanding
BPA
Blanket Purchase Agreement
ISA
Internet Service Agreement
To prevent access to the network through exposed ports you can use
MAC Filtering
A control that detects a DoS attack and halt its traffic is called
Flood guards
To authenticate to wired and wireless networks to a central database using EAP you can use…
802.1x
802.1x encapsulates…
EAP
A supplicant is a…
client device trying to access a network
A DMZ creates an area
between the public internet and the internal network whereby the internal network can access outside resources, and only some resources can access the inside network
NAT allows
using two sets of IP addresses, internal and external, and translate between them
NAC
Network Access Control
In zero-trust, NAC is implemented with
Credentials and Posture Assessment
Segmentation of resources in a network creates
VLANs
IPv4 and IPv6 operate at the ____ layer
network (layer 3)
IPv6 is ____-bits
128 bits (16 bytes). It uses hex!
SAN
Storage Area Network
FC/FCP
Fiber Channel (Protocol)
SCSI
Small Computer System Interface
SCSI is used to control _____ devices
storage
FCP is used alongside with SCSI to control ______
storage devices
FCoE
Fiber Channel over Ethernet
iSCSI
Internet SCSI, L3 protocol between datacenters.
NetBIOS operates on layer
layer 5 (session)
NetBIOS is often used to access
printers and NAS
SNMP
Simple Network Management Protocol
IPsec modes
transport (host-to-host), tunnel (site-to-site)
Common attack to MAC filtering
MAC spoofing
Types of EAP
LEAP (Cisco), PEAP
Storage segmentation
Place controls on data access from a BYOD cellphone
TCP Wrappers
Host-based ACL for services under UNIX
RADIUS
AAA Protocol for network resources
TACACS+
AAA Protocol, less robust accounting than RADIUS, but better encryption
Kerberos
Authentication protocol
KDC
Key Distribution Center (Kerberos)
LDAP
Directory Service Protocol for Authentication, TCP 389
Secure LDAP
LDAP over SSL
SAML
XML-based standard for AA
Identity Federation
SSO method that allows access to multiple networks
Transitive Trust Authentication
Process of being authenticated by an entity because you’re trusted by another trusted entity. Usually in a PKI.
SDV
Software-defined visibility, allows monitoring of cloud network assets.
Tool for monitoring open ports on Windows
Netstat
Tool for monitoring open ports on Windows
Netstat
Windows NTFS permissions
Read, Write, Modify, List folder, R+X, Full Control
Windows sharing permissions
Read, Change, Full Control
Where to put omnidirectional WAP
Center of building
Where do switches store MAC-to-port
CAM, Content Addressable Memory
SRTP
Secure Real-time Protocol, used for audio and video
Centralized VPN and dial-up
RADIUS
An updated version of RADIUS is called
Diameter
Attestation
Authentication of software or device state, instead of identity
LDAP over SSL port
689
LDAP over TLS port
636
636 port
LDAP over TLS
689 port
LDAP over SSL
TLS is _____ and ____ than SSL
Newer and safer
Because TLS is newer than SSL, its LDAP port is
out of scheme (636)
Managed PDU
Managed Power Distribution Units, on-rack
In terms of networks, SCADA systems should always be
segmented and isolated from the internet
DMZs are now called
Screened subnets
S/MIME is used in the _____ layer
presentation
Common SNMP vuln
default community strings
IPSec provides full ___
CIA
Transport IPSec encrypts
only data
Tunnel IPSec encrypts
data and header
What IPSec mode is used for VPNs
Tunnel (site-to-site) mode
In IPSec key management is provided by the ___
IKE, Internet Key Exchange
POP port is
110
IMAP port
143
Secure POP port
995
Secure IMAP port
993
IMAP ports end in
3
POP ports end in
0 and 5
Secure email starts at ___ (ports)
990
995
Secure POP
993
Secure IMAP
Protocols to read email
POP and IMAP
Protocol to send email
SMTP
SMTP port
25
SMTPS
465
465
SMTPS
25
SMTP
SMTPS encrypts using
TLS
In a LAN, what IPSec mode should be used
Transport mode, because you need the IP header
NGFW
Next Generation Firewall
NGFW also adds ___/___ capabilities
NIDS/NIPS
An active HIDS
blocks the intrusion
HIDS
Host Intrusion Detection System
EDR
Endpoint Detection and Response
Measure Boot in W10 provides boot _____
attestation
A screened subnet usually contains
public facing servers and bastion hosts
Extranets enable __ communication
B2B
VLAN basic types
Port-based, MAC address-based, Protocol-based (IP)
VLANs that depend on IP addresses are called _____-based VLANs
Protocol-based VLANs
A common VPN solution combines ____ along with IPSec
L2TP
L2TP
Layer 2 tunneling protocol
____ _____ is when VPNs allow only some traffic to go through the VPN while other types of traffic go through the normal internet
split tunneling
When all traffic is routed through a VPN it is called ____ _____.
full tunnelling.
BPDU guard
prevents misconfigurations and BDPU attacks by detecting loops in the network topology. Anomalies need to reenable interfaces manually
DHCP snooping
Inspects DHCP traffic for rogue servers and drops that traffic
A nontransparent proxy
modifies traffic
Sensors, Collectors, Aggregators
Sensors can be host or network based, collectors retrieve data using SNMP from sensors, Aggregators unify them
Protocol Analyze
intercepts and analyzes network traffic, but only specific segments between certain hosts
TKIP replacement in WPA2
CCMP
An _____ ____ creates, maintains, and manages identity information for an organization
identity provider
