Network+ Fundamentals Flashcards
GSM
Global System for Mobile Communications was a standard that used multiplexing for 2G
CDMA
Code Division Multiple Access used a code instead of multiplexing for 2G
Latency
PING. A delay between the request and the response (waiting time)
Jitter
measures the variability of the delay, it’s the time between frames
SNMP
Simple Network Management Protocol is used to remotely monitor and manage network devices connected over an IP. SNMP v3 is currently the standard
MIB
Management Information Base or a database of data
OIDs
Object Identifiers are addresses used to uniquely identify managed devices and their statuses
MTTR / MTBF
They are both KPI key performance indicators usd to assess the reliability and maintenance effciency of systems and componets.
Mean time to restore or repair and the Mean time between failures
bonus (SLA) Service level agreement
SIEM
Security Information and Event Management collects log and event data for organizations or auditing and security purposes.
NMAP
A network mapper that finds and learns more about network devices, notably through port scanning. Example. It can identify what OS a device may be using without logging in or authenticating. It also provides additional scripts.
Vulnerability Scanner
unlike penetration testing, this is minimally invasive. Good at finding unknown devices on a network. Test from outside and inside. Identify the lack of security controls like firewall or anti-virus.
Protocol analyzers
solve complex application issues frame by frame. It can capture data from your ethernet connection or a wireless network. View unknown traffic patterns.
FTPS
(Port 21, 990) File Transfer Protocol over SSL (FTP-SSL)
SFTP
FTP using SSH which provides file system functionality
SSH
(Port 22) Secure Shell which is more focused on secure remote access and command execution
SSL
(Port 443) Secure Socket Layer makes sure that all data is encrypted from servers to web browsers. Similar to TLS
TFTP
Trivial File Transfer Protocol which is used for configuring VoIP phones.
WPA
Wifi Protected Access it replaced WEP (Wired Equivalent Privacy)
TKIP
Temporal Key Integrity Protocol is an encryption algorithm to secure a wireless network. 64 bit integrity check and prevents replay attacks.
RC4
stream cipher used with WPA
A stream cipher is a method of encryption where plaintext digits are combined with a pseudorandom cipher digit stream
WPA2
uses AES (Advanced Encryption Standard which replaced RC4 and uses CCMP which replaced TKIP
CCMP
It’s an encryption protocol used in wireless networking for security. It encrypts and authenticates.
Counter Mode with Cipher Block Chaining Message Authentication Code Protocol uses AES for data confidentiality. Uses a 128-bit key and a 128-bit block size. Offers also authentication and access control
EAP
Extensible Authentication Protocol which is an authentication framework. Many different ways to authenticate based on RFC standards. WPA and WPA2 use five EAP types as authentication mechanisms
EAP-TLS
Extensible Authentication Protocol Transport Layer Security. TLS was originally used for web servers but is now being used for wireless authentication. It’s purpose is to authenticate network access.
EAP-TTLS
EAP Tunneled TLS which supports other authentication protocols in a TLS tunnel.
PEAP
Protected EAP encapsulates EAP in a TLS tunnel
MAC Filtering
can be perform on a wired and wireless network. It’s a security measure used to control access to the network. Every NIC has a identifier (MAC address). Mac filtering involves setting up a list of allowed MAC addresses on a network device, such as a router or access point, to permit or deny network access to devices based on their MAC addy.
Geofencing
is a location-based service in which an app or other software uses GPS, RFID, Wi-Fi, or cellular data to trigger a pre-programmed action when a mobile device or RFID tag enters or exits a virtual boundary set up around a geographical location, known as a geofence.
Denial of service
criminals make a service from available to unavailable. This is why it’s import to PATCH. Sometimes not intended.
Network DoS
a layer 2 loop without STP
Bandwidth DoS
downloading multi-gigabyte Linux distributions over a DSL line would be a good example
DDoS
Distributed Denial of Service
- Launch an army of computers to bring down a service. Attacks on multiple fronts. Asymmetric threat. The attacker may have fewer resources than the victim.
DDoS amplification
Turn your small attack into a big attack which is becoming increasingly common. Uses protocol with little (if any) authentication or checks like NTP, DNS, or ICMP
ICMP
(Layer 3) Internet Control Message Protocol is used for sending error messages and operational information regarding the status of IP operations.
Logic Bomb
waits for a predefined event often left by someone with a grudge.
- Time bomb: waiting for a date and time
- User bomb: something a user does like waiting for a backup process to occur
- Difficult to identify
Wardriving
Combine WiFi monitoring and a GPS which gives you a huge amount of intel in a short period of time. A lot of intel in a short amount of time.
Phishing
tricking individuals by revealing sensitive information by disguising malware as a real site or email.
Spear Phishing
phishing with insider information which can result in making the phishing a lot more believable
Ransomware
Someone wants your money. They’ll take your computer in the meantime. Often may be fake ransomware. Meaning they don’t have your data.
Crypto-malware
your data is unavailable until you provide cash. The malware encrypts your data files and you must pay the bad guys to obtain the decryption key.
DNS Poisoning
(DNS spoofing or DNS cache poisoning) Modify the DNS server. You can do this by modifying the client host file.
DNS spoofing invokes the attacker intercepting and altering DNS queries to provide false responses. Goal is to redirect users to fraudulent websites that mimic legitimate ones to either phish or distribute malware.
DNS Cache Poisoning is a type of spoofing that targets the DNS servers themselves rather than individual users. Inserts a false address record into the DNS server’s cache.
VLAN hopping
the act of hopping from one VLAN to another. You do this by using methods such as switch spoofing or double tagging.
Switch spoofing
It’s a network attack where an attacker configures a device to mimic a switch’s behavior in order to manipulate or bypass network security.
some switches support automatic configuration which has no authentication required. In other words, you can pretend to be a switch. Send trunk negotiation. Admins should disable trunk negotiation
Double tagging
craft a packet that includes two VLAN tags. The first native VLAN tag is removed by the first switch (per usual) and the second “fake” tag is now visible to the second switch. This is a one-way trip, but can be used as DoS.
FIM
File Integrity Monitoring is a security process and technology that involves continuously monitoring and validating the integrity of files and file systems to make sure they haven’t been violated by things like malware.
SFC
System File Checker (Windows)
for Linux it’s tripwire
Flood guard
configure a maximum number of source MAC addresses on an interface. The switch monitors the number of unique MAC addresses. Once you exceed the maximum port security activates.
DHCP snooping
IP tracking on a layer 2 device (switch)
- the switch is a DHCP firewall
- switch watches for DHCP conversations
- Filters invalid I{ and DHCP information
DMZ
demilitarized zone which is an additional layer of security between the internet and you
Cable crimpers
“pinch” the connector onto a wire and connect the modular connector to the Ethernet cable. Metal prongs are pushed through the insulation.
Crimping best-practices
get a good crimper
good pair of electrician’s scissors\cable snips
get a good wire stripper.
Make sure you are using the correct modular connectors
Cable testers
helps you identify if the crimps are working. Doing a continuity test to see if everything is working properly. NOT used for frequency testing.
TDR and OTDR
Time Domain Reflectometer / Optical Time Domain Reflectometer which both estimate cable lengths and identify splice locations and cable impedance. Use it commonly when first installing cable infrastructure.
Tone generator
puts an analog sound on the wire. Inductive probe which means it doesn’t need to touch the copper and you can hear the tone through a small speaker
Helps with cable identification and tracing cable routes
Loopback plugs
if you’re trying to perform troubling shooting on a network connection. It can perform some tests sending some signals to know what kind of signals it’s receiving
Spectrum analyzer
examine all the different frequencies and be able to tell where the frequencies are. If you connecting a WAP for the first time and want to know if there is any interference that is being caused in the area
WAP is a wireless application protocol
Multimeters
tools that allow you to test AC and DC voltage. Also continuity tests to see if you’re getting connections from one end of a cable to another
traceroute
helps you determine the route a packet takes to a destination. Uses ICMP TTL
Internet Control Message Protocol used for error reporting
nslookup
lookup information from DNS servers, for Windows
dig
Domain Information Groper lookup information from DNS servers more advanced than nslookup
ipconfig/ifconfig
Helps determine an IP address. commands for Windows and Linux respectively. MOST of my troubleshooting starts with my IP address. Determines TCP/IP and network adapter information with some additional IP details.
netstat
is a command-line tool that displays network connections (both incoming and outgoing), routing tables, and a number of network interface statistics.
Routing table is a data table stored in a network router or a host that lists the routes to particular network destinations.
IP address
Subnet mawk
Next Hop
Interface/Port
Metric (distance to reach destination)
Route source. (How a route was learned)
Network statistics
netstat -a
- show all active connections
netstat -b
- show binaries (Windows)
netstat -n
- do not resolve names
iptables
in Linux helps you configure firewalls. Provides stateful firewall.
tcpdump
capture packets from the command line and apply filters, view in real-time. You can also save the date and use it in another application
pathping
combine ping and traceroute. The first phase runs a traceroute. The second phase measures round trip time and packet loss at each hop.
route
shows where traffic is routed.
Address Resolution Protocol
ARP determines a MAC address based on an IP address
arp -a
- view local ARP table
POP3
(Port 110) Post Office Protocol -3 is used for receiving email from a mail server from a local email client. Enables users to access their emails offline.
What makes up an IP address
network ID, subnet mask, host ID
10.0.0.0/8
according to RFC 1918, this address space is defined for large internet networks. These are private and non-Internet routable addresses
orchestration software
deals with the automated deployment, scalability, configuration management, service discovery, load balancing, and health monitoring and recovery. Large part deals with the cloud
maximum theoretical speed of Dial-up with the V.92 specification
V.92 is a standard for modems that was introduced in 2000.
56kb/second
wireless client density
important for designing WLAN infrastructure. It refers to the number of wireless devices connected to a particular wireless network
CSU/DSU
Channel Service Unit/Data Service Unit helps with connecting LANs to WANs
domain’s zone file
it maps domain names to IP addresses
MTRJ
Mechanical Transfer Registered Jack is a type of fiber optic connector which offers a compact design and a method for duplex connectivity. It resembles an RJ-45 connector and allows greater port density.
LDAPS
(TCP Port 636) Lightweight Directory Access Protocol uses SSL.
LDAP
(TCP Port 389) Lightweight Directory Access Protocol that can search a directory service for objects. Microsoft Active Directory (AD) is an example of a directory service that uses LDAP to locate objects.
static IP address
this is a fixed, unchanging IP address assigned to a computing device. It’s simple, reliable, and sometimes a requirement for certain applications. Especially for hosting servers, that way people can go on the website. GREAT for routers, printers, and servers.
1000BaseLX standard
Part of the IEEE 802.3z set of Gigabit Ethernet standards. It specifies a Gigabit Ethernet implementation using long-wavelength (LX) laser transmission over fiber optic cables. 1Gbps and can operate both single and multi-mode. It utilizes a 1300 nm laser over 9-micron single-mode fiber and can reach distances up to 10 kilometers.
LX (Long-wavelength) uses single-mode fiber and up to 550m