Network Maps and Topologies

Question 1

As an investigator, what is it important that you know when doing a cyber investigation?

Answer 1

It is critically important that you know all of the paths between the victim or the suspect at the internet

Question 2

What 2 things should you ask from the network administrator when doing a cyber investigation?

Answer 2

1) Ask for a network diagram, and
2) Ask how current the diagram is

Want to know any paths to the outside world, where do people get the internet, where does the internet get to them, are there any trusted partners?

Question 3

**What do network ports allow us to do?

Answer 3

1) allow us to multi-task (run different activities at once and distinguish data packages from other internet activities; without these we would have to finish one activity before info for another packet could come in)
2) ports provide for standardization

Question 4

**** What do these assigned ports correspond to:
20
23
25
80

Answer 4

20 - FTP data - file transfer protocol
23 - Telnet - old type of VPN
25 - Simple Mail Transfer Protocol (SMTP)
80 - HTTP - in bound web traffic

Question 5

What are ports?

Answer 5

“Virtual Doorways” where info packets pass through

lower #’s are for well known companies and internet activity

Question 6

What does “Netstat -ao” do?

Answer 6

displays all open ports along with the hostname of the remote computer if available

Question 7

**What format are IP Addresses in?

Answer 7

4 numbers (ranging between 0-255) separated by periods
In the Decimal format
Each number represents an 8 bit value

Question 8

Can IP addresses be shared?

Answer 8

NO

Question 9

What is the difference between Public IP addresses and Private IP addresses?

Answer 9

Public - must have to be able to get on to the internet

Private - Internal address within your organization, and CANNOT be on the internet

Question 10

What is a Dynamic IP Address?

Answer 10

when assigned, they are NOT fixed to that node

Question 11

What is a Static IP Address?

Answer 11

long term address, assigned to a particular resource (printers, routers, camera security systems, servers, etc)

Question 12

What are the Private Ranges of IP Addresses?

Answer 12

10. 0.0.0 - 10.255.255.255
11. 16.0.0 - 172.31.255.255
12. 168.0.0 - 192.168.255.255

Question 13

What does a Network Address Translator (NAT) refer to?

Answer 13

It refers to a system or server that has one public IP address that goes out to the internet, and numerous private addresses behind it that allow individual computers within a network to access the internet

Question 14

Benefits of NAT? (3)

Answer 14

1) Security - NAT is protecting private networks from the public
2) It is “Buying Time” for Gen4 IP addresses because you can have thousands of computers that access the internet with 1 Public IP Address
3) Web Cache - will keep a copy of the website that has already been accessed and recall it if asked again instead of going out to the internet and grabbing it again

Question 15

How many NIC cards does a NAT need?

Answer 15

at least 2:
1 - for the private IP addressed computers
1 - for the public IP addressed server

Question 16

What is Address Resolution Protocol (ARP)?

Answer 16

this maps IP address to Physical MAC Addresses

Keeps track of all physical MAC addresses on your network

Network Administrator is assigning IP address and entering it manually

Question 17

What is Dynamic Host Configuration Protocol (DHCP)?

Answer 17

A server automatically assigns IP addresses to computers on the network when they ask for them

Question 18

What do IP Addresses do?

Answer 18

Find an end location - end to end delivery

Question 19

What is the main function of DHCP?

Answer 19

Protocol where a user plugs in a device and it gets an IP address