Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Systems Security > Networks > Flashcards

Networks Flashcards

1
Q

TCP/IP Model

A

Application
Transport
Internet
Link
Physical

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Application Layer

A

data,
process-to-process communication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Transport Layer

A

TCP segment / UDP datagram,
host-to-host communication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Internet Layer

A

packet,
connects segments

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Link Layer

A

frame,
single network segments

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Physical Layer

A

bit,
the wire

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

TCP (Transmission Control Protocol)

A
  • transport layer
  • connection oriented, reliable, stream delivery service on top of IP.
  • retransmission of dropped/corrupt packets, in-order delivery
  • flow & congestion control
  • keeps track of client and server state
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

User Datagram Protocol (UDP)

A
  • no 3-way handshake –> unreliable
  • connectionless, no analogue to ISNs (TCP’s initial sequence number) –> easy to spoof
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Firewalls

A
  • network level access control
  • inspect traffic and filter/modify it based on rules
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Border Gateway Protocol (BGP)

A
  • standard exterior gateway (route between ASes)
  • allows for specifying complex routing policies
  • runs the distance-vector algorithm
  • attacker goals: blackholing (drop all traffic) & redirect sensitive traffic through an untrusted AS
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

HTTP Access Control

A
  • HTTP is stateless (doesn’t know previous and following requests), so need mechanisms to enforce authentication and authorization
  • HTTP Authentication.
  • Session cookies.
  • TLS certificates.
  • Secure Remote Password (SRP).
  • Kerberos.
  • OAuth2.0.
  • OpenID Connect.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Cookies

A
  • Basic mechanism for persistent state over HTTP.
    – Allows servers to store a small amount of data on the client’s machine.
    – Used for authentication, tracking.
    – Manipulated by Set-Cookie and Cookie HTTP headers.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

TLS

A
  • Application-level cryptographic protocol to provide confidentiality and integrity between applications. Also, either one-way or mutual authentication.
  • relies on X.509 certificates and the public-key infrastructure
  • Certificate authorities can be malicious or compromised… not always secure
  • does not help you if you connect to malicious site
  • does not help already vulnerable web applications
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Limiting factor of an anomaly detection system?

A

false positives

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Golden rule of cookie generating

A

cookies should not be predictable (otherwise, CSRF risk –> someone can predict your cookie and pretend to be you)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

Systems Security (8 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions