Network Design Flashcards

1
Q

MAC Flooding

A

Attempt to overwhelm the limited switch memory set aside to store the MAC addresses for each port

Switches can fail-open when flooded and begin to act like a hub

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

MAC Spoofing

A

Occurs when an attacker masks their own MAC address to pretend they have the MAC address of another device
MAC Spoofing is often combined with an ARP spoofing attack

Limit static MAC addresses accepted
Limit duration of time for ARP entry on hosts
Conduct ARP inspection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

DMZ

A

De-Militarized Zone:
A segment isolated from the rest of a private network by one or more firewalls that accepts connections from the Internet over designated ports

Focused on providing controlled access to publicly available servers that are hosted within your organizational network

Sub-zones can be created to provide additional protection for some servers
Everything behind the DMZ is invisible to the outside network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Extranet

A

Specialized type of DMZ that is created for your partner organizations to access over a wide area network

Intranets are used when only one company is involved

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Bastion Hosts

A

Hosts or servers in the DMZ which are not configured with any services that run on the local network

To configure devices in the DMZ, a jumpbox is utilized

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Jumpbox

A

A hardened server that provides access to other hosts within the DMZ

An administrator connects to the jumpbox and the jumpbox connects to hosts in the DMZ

The jumpbox and management workstation should only have the minimum required software to perform their job and be well hardened

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

NAC

A

Network Access Control:
Security technique in which devices are scanned to determine its current state prior to being allowed access onto a given network

If a device fails the inspection, it is placed into digital quarantine

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

NAC: Persistent Agents

A

A piece of software that is installed on the device requesting access to the network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

NAC: Non-Persistent Agents

A

Uses a piece of software that scans the device remotely or is installed and subsequently removed after the scan

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

VLAN Benefits

A

Segment the network
Reduce collisions
Organize the network
Boost performance
Increase security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

VLANs: Switch Spoofing

A

Attacker configures their device to pretend it is a switch and uses it to negotiate a trunk link to break out of a VLAN

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

VLANs: Double Tagging

A

Attacker adds an additional VLAN tag to create an outer and inner tag

Prevent double tagging by moving all ports out of the default VLAN group

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Benefits of Subnetting

A

Efficient use of IP addresses
Reduced broadcast traffic
Reduced collisions
Compartmentalized

Subnet’s policies and monitoring can aid in the security of your network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

NAT/PAT

A

Network Address Translation:
Process of changing an IP address while it transits across a router
Using NAT can help us hide our network IPs

Port Address Translation:
Router keeps track of requests from internal hosts by assigning them random high number ports for each request

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Telephony

A

Term used to describe devices that provide voice communication to users

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Modem

A

A device that could modulate digital information into an analog signal for transmission over a standard dial-up phone line

17
Q

War Dialing

A

Basically brute-force dialing numbers until you get a modem’s number

Protect dial-up resources by using the callback feature

18
Q

PBX

A

Public Branch Exchange:
Internal phone system used in large organizations

19
Q

Zigbee

A

IoT networking (IEEE 802.15.4 PAN)
Alternative to WiFi & Bluetooth
Longer distances than Bluetooth
Less power than WiFi
Mesh network of all Zigbee devices in your home
Uses ISM band (900MHz & 2.4GHz frequencies in US)
(Industrial, Scientific, Medical)