networks Flashcards

Question

Outline three ways wireless networks are secured.

Answer 1

**1. Wireless Security Protocols** - WEP (Wired Equivalent Privacy) - symmetric encryption algorithm, key is often too short and used for too long making it easy to decipher - WPA (WiFi Protected Access) - larger keys, a new key is generated for each data packet - WPA v2 - stronger encryption algorithm, message encrypted several times depending on key size **2. Disable SSID broadcasting** - An SSID is a string of alphanumeric characters that is specified during the setup of wireless devices to differentiate between wireless networks - Its broadcast can be hidden so user must know the exact SSID and enter it to access the network **3. MAC address whitelist** - A Media Access Control (MAC) address is a string of characters that identifies a device on a network - The router can have a whitelist of MAC addresses to allow on the network and will block any other devices

Answer 2

CSMA/CA is a protocol used in wireless networking. It makes sure that network collisions are avoided. 1. The first step is to listen to the channel to check for the presence of any other signals. 2. Upon the detection of an existing transmission on a channel, the node that wanted to send will wait for a random period of time before trying again. 3. Once the channel is free, the data is sent. 4. Then, the sender needs to receive an acknowledgement message from the receiver to verify that the data was received successfully. 5. Otherwise, the sender will attempt to resend the message.

Answer 3

1. Once the channel is determined to be idle, a signal is sent called Request to Send (RTS). 2. The answering device then sends a Clear to Send (CTS) reply. 3. This way it knows which device asked to send first and can ensure that only that device will send its message, by not responding to further RTS signals until the original sender has finished.

Answer 4

An SSID is a string of alphanumeric characters that is specified during the setup of wireless devices to differentiate between wireless networks

Answer 5

Internet is a global wide area network that is formed from the interconnection of many other networks and that uses the TCP/IP protocol.

Answer 6

- The hardware of the internet is made up of servers which hold internet web pages, cables which connect these servers together and routers/gateways to connect computers to the internet - The main part of the internet is the backbone which consists of a set of dedicated connections that connect several large networks at various points on the globe - These connections branch into regional networks typically controlled by ISPs - ISPs provide access to individual end-users

Answer 7

- Data transmitted is broken into small chunks (packets). - Each packet is sent separately over a network on which other similar communications are happening simultaneously. The data is reconstructed on arrival. - This allows for faster, more reliable and more efficient data transfer

Answer 8

1. Header = sender IP, recipient IP, Protocol, Packet number, TTL 2. Payload = data 3. Trailer = end of packet flag, checksum

Answer 9

A networking device that receives packets or from one host or router and uses the destination IP address that they contain to pass them correctly formatted, to another host or router.

Answer 10

A device used to connect networks using different protocols so that information can be successfully passed from one system to another. Header is removed and reapplied with the correct format

Answer 11

1. The data is broken up into packets 2. Router examines the header to identify the destination address 3. It consults its routing table to determine the next hop (router-to-router link) for the packet 4. The routing table is constantly updated with information about the optimal route for packets to take.

Answer 12

World Wide Web = A system of hypertext documents accessed via the internet using a HTTP protocol Internet = A global network of interconnected networks using globally unique address space and uses end-to-end communications protocols

Answer 13

- Uniform Resource Locator - Used to specify the means of accessing a resource and its location across a network - protocol + domain name = URL - This was invented so that users could use a memorable name to refer to a network and a host on that network.

Answer 14

Fully Qualified Domain Name It is a domain name that specifies its exact location in the tree hierarchy of the Domain Name System made up of host name and domain name. www/ftp/mail = host name bbc = domain name com = top-level domain

Answer 15

Internet Protocol Address identifies a network or device on the internet.

Answer 16

A Domain Name Server accepts a Domain Name and returns the IP address associated with this Domain Name.

Answer 17

Where is raspberrypi.org? 1. Domain name query sent to recursive name server (DNS resolver) 2. Asks root name server for ORG name server IP address 3. Asks ORG name server for raspberrypi name server IP address 4. Asks raspberrypi.org authoritative name server and returns public IP address 5. DNS resolver returns address to the client

Answer 18

- There are 5 global organisations with worldwide databases which hold records of domain names issued to individuals, organisations or companies. - They allocate IP addresses to the domain names and keep a track of which domain name is associated with which IP to ensure they're unique

Answer 19

A firewall is a security feature that monitors both incoming and outgoing network traffic, preventing unauthorised access to your network.

Answer 20

- Examining the payload of a packet and it will be rejected if it is not part of a recognised communication. - The firewall will keep a track of all open channels and transmissions. - So it will know the context of each packet, i.e. which transmission and channel it is linked to. - Any unknown source or port may be rejected.

Answer 21

- Examining the header of the packet against a set of rules or packet filters - These packet filters prohibit traffic based on the packet header fields, which include source IP address, destination IP address, port number, and protocol. - e.g. firewalls often block port 22 because SSH protocol usually uses that port; if firewall identifies packet with port number 22 in header, it will drop the packet and connection will fail

Answer 22

- A proxy server sits between the client devices and the firewall. - It provides anonymity to the clients, keeping their true IP addresses hidden. - Networks within schools often use a proxy server as a method of filtering websites for safeguarding purposes, so that young people do not inadvertently see material that is inappropriate.

Answer 23

- Symmetric encryption uses the same key for both encryption and decryption. - Symmetric encryption schemes are faster than asymmetric encryption schemes because they use less complex mathematical operations. - They are more susceptible to risk through a man-in-the-middle attack - Asymmetric encryption uses a related set of keys, one public and one private. - The keys work as a pair - one key is used to encrypt the message and the other to decrypt. - Asymmetric encryption is slower, but ensures that only the intended recipient accesses the message - Message encrypted with recipient's public key, then decrypted with recipient's private key

Answer 24

A digital signature can be used to authenticate the sender of a message and to guarantee the integrity of a message. 1. Sender runs a hashing algorithm on the plaintext to produce hash 2. Sender encrypts hash with private key (proves integrity of message as only sender can encrypt) 3. Bundle the digital signature with the message 4. Encrypt entire thing with recipient's public key 5. Recipient uses their private key to decrypt 6. Use sender's public key to decrypt hash 7. Runs same hashing algorithm on the plaintext 8. If same as the sender's hash, message hasn't been interfered with and verifies identity of the sender

Answer 25

A digital certificate is an electronic document that authenticates a message sender or a website. - A digital certificate is issued by a certification authority. - It contains your name, a serial number, expiration dates, a copy of the certificate holder's public key, and the digital signature of the certificate-issuing authority so that a recipient can verify that the certificate is real. - Digital certificates can be kept in registries so that authenticating users can look up other users' public keys.

Answer 26

- Worms have the ability to quickly replicate and distribute independently to waste resources and cause damage to the system - They cause problems by using up network bandwidth and therefore they slow down the network significantly. - In some cases, worms can use up all system resources, causing a denial-of-service attack. - In a denial-of-service attack, a server will be bombarded with requests at a level that it cannot cope with.

Answer 27

- A trojan is a piece of software that appears to be **legitimate** to trick the user into executing it. - However, unbeknown to the user, it also performs malicious actions such as **data theft, redirecting search requests, installing further malware**, or **opening a “backdoor”** for **remote control** of your computer. - The main objective of a trojan is typically to **steal confidential information** or **inflict damage.**

Answer 28

- A virus is a malicious form of self-replicating software that attaches itself to other programs or files, so that it can make copies of itself and spread easily to infect computer systems. - A virus may be designed to send spam, steal data, infect other computers on the network, or to corrupt files.

Answer 29

**Human weakness** Users can be tricked into revealing information through social engineering techniques, can download malware by installing software, or use insecure passwords that are easily cracked. **Out of date software** Security issues and bugs in software can be exploited as an opportunity for a cyber attack, so patch updates are essential to fix these issues. **Code quality** Malware can exploit weaknesses in code. For example, if a program does not sanitise input data, a hacker could create a successful SQL injection leaving malicious instructions to exploit later on.

Answer 30

**Improved code quality** - Poorly written code might leave data in memory to be stolen or exploited later - Or programs may contain debugging code that exposes sensitive information that the programmer forgot to remove. - If these errors are not spotted and removed before the program is published, these vulnerabilities may be found and exploited by malware. **Monitoring & Protection** - Anti-malware or antivirus software is used to detect, quarantine, or remove malware such as viruses, trojans, and worms from computers. - Anti-malware software can have a real-time checker that scans files before they are used to keep the computer safe - Can also have scheduled scans, which perform checks upon computer files on a regular basis.

Answer 31

- Use anti-malware software - Ensure software is fully up to date - Use encryption - Ensure sites use HTTPS - Use passwords & PIN’s on programs and files

Answer 32

- Use a language with built in security features - Use encryption for data stored - Set access rights to appropriate parts of the system - Thoroughly test your code, and test for known issues - Keep knowledge up to date for threats and method to combat

Answer 33

- Ensure requests come from known sources - Use firewall - Use anti-malware - Keep systems fully up to date

Answer 34

**1. Application Layer** The application layer sits at the top of the stack and uses protocols relating to the application being used to transmit the data over a network. - POP3 - SMTP - HTTP/HTTPS - FTP **2. Transport Layer** The transport layer uses TCP to **establish an end-to-end connection** with the recipient computer. The data is then **split into packets** and labelled with the **packet number** and the **port number** through which the packet should route. - TCP (Transport Control Protocol) - UDP (User Datagram Protocol) - faster data transfer but less reliable (used for real-time applications like Skype **3. Internet Layer** Adds the source and destination IP addresses to each packet. This combination of IP address and the port number forms a socket. **4. Data Link Layer** Adds the MAC Addresses identifying the Network Interface Controllers of the sender and the destination. This allows the data to get to the specific device once it has reached the required IP address.

Answer 35

A socket is an endpoint in a communication, it identifies the destination device (IP address) and application (port). It is the IP address with a Port number e.g.192.168.1.150 : 80

Answer 36

- An addressable location on a network that links to a process or application. - A port number is a way to identify a specific process to which an Internet or other network message is to be forwarded when it arrives at a server. - The port number is a 16 bit integer

Answer 37

A unique 12-digit hexadecimal identifier assigned to a network interface controller to distinguish between devices on a network.

Answer 38

20 = FTP Data (file transfer) 21 = FTP Control (file transfer) 22 = SSH (secure remote access) 23 = Telnet (secure remote access) 25 = SMTP (mail transfer) 80 = HTTP (website access) 110 = POP (mailbox access) 143 = IMAP (mailbox access) 443 = HTTPS (secure website access)

Answer 39

The use of well-known ports allows client applications to easily locate the corresponding server application processes on other hosts.

Answer 40

- FTP - HTTP - HTTPS - POP3 - SMTP - SSH - IMAP

Answer 41

File Transfer Protocol This allows you to download / upload files to a server, for example you would upload your websites pages to your webserver using FTP. FTP uses port 20/21.

Answer 42

HyperText Transfer Protocol It is used to transfer an user to a web address that is specified via the domain. HTTP uses port 80.

Answer 43

HyperText Transfer Protocol Secure A verified, secure version of HTTP. This ensures the user that the website they are on is safe and well protected through encryption. This uses port 443.

Answer 44

Post Office Protocol Used to receive incoming emails from an email server. This uses port 110.

Answer 45

Simple Mail Transfer Protocol This is used to send emails. SMTP uses port 25.

Answer 46

Secure Shell - This protocol allows remote access to a computer - This could be used to perform admin tasks on a server. - You will only have command line access to the computer. - SSH is also designed for operating securely over an unsecure network. - SSH uses port 22.

Answer 47

Internet Message Access Protocol Protocol used by email clients to retrieve email messages from a mail server over a TCP/IP connection. It creates copies on the local client device and synchronises any deletion on both client and server. IMAP is port number 143

Answer 48

- Secure Shell (SSH) can provide an encrypted connection for remote access to another computer. - Commonly used by network admins for remote management of servers and other computers - Secure shell tunnelling is a technique where you use the SSH port for remote access to another computer that can access ports that may be blocked on your own network's firewall - e.g. if port 80 is blocked, use port 22 and access it through another computer

Answer 49

Email servers facilitate the sending, receiving, and storage of electronic mail

Answer 50

The primary role of a web server is to store, process, and deliver requested information or webpages to end users.

Answer 51

- 4 octet values - 32 bits grouped by 8 separated by decimal points - Only supports 4.4 billion addresses

Answer 52

- 8 groups of 4 hexadecimal digits - Separated by a : - 128 bits with alphanumeric addressing method

Answer 53

- No more NAT (Network Address Translation) - No more private address collisions - True quality of service (QoS) - Easier administration (say good-bye to DHCP)

Answer 54

Quality of Service The use of mechanisms or technologies that work on a network to control traffic and ensure the performance of critical applications with limited network capacity

Answer 55

- Private IP addresses are usable only within the network they exist in. - They are typically class C addresses, such as 192.168.x.x. - These addresses are assigned to specific devices on a network, and the router routes traffic to it. - Most often, these addresses are assigned by the router using DHCP and an address can only be used with one device. - Private IP Addresses are non-routable.

Answer 56

- Public IP addresses are assigned by an ISP and apply to an entire LAN. - This is the address that other devices on the internet see and communicate with. - Data is transferred to specific devices from the Internet using NAT and port forwarding. - NAT occurs 'automatically' while ports can be denoted with a colon after the IP address (e.g. 255.255.255.255:99999). - Public addresses are routable.

Answer 57

- The use of private addresses helps to overcome the overall shortage of IP addresses. - These addresses need only be unique within the address space of the local network - They do not need to be unique within the address space of the internet.

Answer 58

Dynamic Host Configuration Protocol Dynamically assigns private (non-routable) IP addresses to devices in a network. 1. Discovery = when a device is started up, it broadcasts a **discovery message** for the DHCP server 2. Offer = DHCP server **reserves an IP address** for the device and sends an **offer message** to the client (IP address, subnet mask, lease duration) 3. Request = The new client **responds** to the offer which **accepts the configuration parameters.** 4. Acknowledgement = The server responds to the DHCP request message with a **DHCP ACK** message, and it confirms the requested parameters.

Answer 59

Network Address Translation - When sending a packet, the header will contain a source IP and destination IP address - However, the source IP address will be a private address (non-routable) e.g. 198.168.x.x - So NAT converts the source IP to a public IP before transmitting the packet across the internet - A single routable IP address can be used for an entire private network

Answer 60

Port forwarding allows remote computers (i.e. computers on the internet) to connect to a specific computer, or service within a private local area network. Routers can be programmed so that a request under a specific port number can be forwarded to a device with a specific IP address on the network

Answer 61

- We can use the port number to get round the problem of only having one public IP address but wishing to offer a access to a range of internal devices. - We can specify a different port number for each internal device - Then create a static translation on the router to map that port to a specific internal IP addresses, and a given port. - This static translation is called 'Port Forwarding'

Answer 62

A = 11111111 00000000 00000000 00000000 /8 B = 11111111 11111111 00000000 00000000 /16 C = 11111111 11111111 11111111 00000000 /24

Answer 63

- Subnetting is the process of dividing one network into subdivisions of networks that are treated logically as separate networks. - Each subnet has a different network ID - 0 is assigned to network address and 255 for broadcast address - Router is usually assigned to 1

Answer 64

- Reduces the broadcast domain, improving security - Reduces data collisions - less nodes share network address

Answer 65

The client–server model is a paradigm where providers of resources are designated as servers, and resource requesters are designated as clients.

Answer 66

A set of rules to create persistent connection between 2 devices: 1. Client sends handshaking request to establish connection 2. In response server creates a persistent full duplex (bi-directional) connection on a single socket 3. Data transferred both directions 4. Either side can close the connection The Websocket specification defines an API to set up the connection.

Answer 67

Application Program Interface A set of routines enabling one program to interface with each other. The code defines how the programs work together.

Answer 68

Data must be stored, managed and represented in the correct manner. Without the ability to manipulate your data, you essentially have a static data store that can never change. CRUD is an acronym to explain the main processes required: - Create - Retrieve - Update - Delete

Answer 69

Representational State Transfer - A method of using HTTP to carry out each of the CRUD operations on a networked database. - HTTP uses request methods which define the way in which the data will be handled. - In HTTP you use POST (create), GET (retreive) , PUT (update), DELETE (delete) and these are mapped to the CRUD operations.

Answer 70

1. The client makes a request to the server, this will be from a web browser on the local machine. 2. The requested URL will identify the resource (ie database) and also include the query 3. The REST API is run from the server, this co-ordinates client and server applications. 4. The REST API receives XML or JSON from the database. 5. The original request and the request data are transferred using HTTP, and delivered in HTML.

Answer 71

**Human Readable** - JSON = It's easy to read because it's just defining objects and values. - XML = Less readable because it's contained within markup tags **Compact Code** - JSON = more compact than XML - XML = more syntax, less compact than JSON **Speed of Parsing** - JSON = Quicker, because it's defined as object and value - XML = Slower, because the data has to be extracted from tags **Easier to create code** - JSON = Easier, because syntax is easier - XML = More like programming so more knowledge is needed. **Flexibility** - JSON = Only works with limited data types, not enough for all applications - XML = Gives total freedom, because you can create what data types there are, so it has greater flexibility

Answer 72

A network where all processing takes place in a central server; the clients are dumb terminals with little or no processing tower or local hard disk storage.

Answer 73

- A thick client is the term used when a network pc that does most of its own processing for on the client itself rather than the server like a thin client. - It also refers to the fact software is on the PC itself rather than a server. - If the applications you are using require multimedia components or are bandwidth intensive a thick client will be much more effective.

Answer 74

**THIN-CLIENT** - Easy to deploy requiring no extra or specialised software installations - If the server goes down the collection of the data will go down - Any workstation can be used on the network to do the same thing - Reduced security threat **THICK-CLIENT** - Thick clients are much more expensive and require more IT work in the future - Only requires some communication with server - Reduced server demands - Increased security issues