Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Security+ UDemy > Section 15 - Network Attacks > Flashcards

Section 15 - Network Attacks Flashcards

1
Q

What is a port?

A

A logical communication endpoint that exists on a computer or server

They are classified as inbound or outbound.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is an inbound port?

A

Used when your computer or server is listening for a connection

*** the web server had port 80 open, that’s an inbound port. It’s just waiting for somebody to come along and connect to it.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is an outbound port?

A

This is opened by a computer whenever it wants to connect to a server

*** If my computer is attempting to make a connection to your web server over port 80, my computer is going to open up a random high number port such as 52363 and it’s going to make an outbound request to that web server.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

In addition to ports being called inbound and outbound, the ports are also going to be assigned a…?

A

Number that can be anywhere between 0 to 65,535. This large range is divided into three smaller groups.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What are the three port range numbered groups?

A

Well-Known ports
Registered ports
Dynamic or Private Ports

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is a Well-Known port?

A

Ports 0 to 1023 are considered well known and are assigned by the Internet Assigned Numbers Authority (IANA)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is a Registered port?

A

Ports 1024 to 49,151 are considered registered and are usually assigned to proprietary protocols

** These are used by vendors for their own proprietary protocols and each vendor is going to register them with IANA prior to using them.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is a Dynamic/Private port?

A

Ports 49,152 to 65,535 can be used by any application without being registered with IANA

*** This range is usually used by your client whenever it picks a random high number port for its application. Anytime it wants to have a temporary outbound connection, this is the range that it’s going to use. This is used commonly in gaming, as well as instant message and chat.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Give the answer for the following information:

Port Number - 21
Protocol -
TCP/UDP -

A

Port Number - 21

Protocol - (FTP) File Transfer Protocol is used to transfer files from host to host

TCP/UDP - TCP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Give the answer for the following information:

Port Number - 22
Protocol -
TCP/UDP -

A

Port Number - 22

Protocol - (SSH, SCP, SFTP) Secure Shell is used to remotely administer network devices and systems.

SCP is used for secure copy and SFTP for secure FTP.

TCP/UDP -UDP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Give the answer for the following information:

Port Number - 23
Protocol -
TCP/UDP -

A

Port Number - 23

Protocol - Telnet is unencrypted method to remotely administer network devices (should not be used)

TCP/UDP - Both

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Give the answer for the following information:

Port Number - 25
Protocol -
TCP/UDP -

A

Port Number - 25

Protocol - (SMTP) Simple Mail Transfer Protocol is used to send email over the internet

TCP/UDP - TCP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Give the answer for the following information:

Port Number - 53
Protocol -
TCP/UDP -

A

Port Number - 53

Protocol - (DNS) Domain Name Service is used to resolve hostnames to IPs and IPs to hostnames

TCP/UDP - Both

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Give the answer for the following information:

Port Number - 69
Protocol -
TCP/UDP -

A

Port Number - 69

Protocol - (TFTP) Trivial FTP is used as a simplified version of FTP to put a file on a remote host, or get a file from a remote host

TCP/UDP - UDP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Give the answer for the following information:

Port Number - 80
Protocol -
TCP/UDP -

A

Port Number - 80

Protocol - (HTTP) Hyper Text Transfer Protocol is used to transmit web page data to a client for unsecured web browsing

TCP/UDP -TCP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Give the answer for the following information:

Port Number - 88
Protocol -
TCP/UDP -

A

Port Number - 88

Protocol - Kerberos is used for network authentication using a system of tickets within a windows domain

TCP/UDP - Both

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Give the answer for the following information:

Port Number - 110
Protocol -
TCP/UDP -

A

Port Number - 110

Protocol - (POP3) Post Office Protocol v3 is used to receive email from a mail server

TCP/UDP - TCP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Give the answer for the following information:

Port Number - 119
Protocol -
TCP/UDP -

A

Port Number - 119

Protocol - (NNTP) Network News Transfer Protocol is used to transport usenet articles

TCP/UDP -TCP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Give the answer for the following information:

Port Number - 135
Protocol -
TCP/UDP -

A

Port Number - 135

Protocol - (RPC/DCOM-scm) Remote Procedure Call is used to locate DCOM ports to request a service from a program on another computer on the network

TCP/UDP - Both

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Give the answer for the following information:

Port Number - 137-139
Protocol -
TCP/UDP -

A

Port Number - 137-139

Protocol - NetBIOS is used to conduct name querying, sending of data, and other functions over a NetBIOS connection

TCP/UDP - Both

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Give the answer for the following information:

Port Number - 143
Protocol -
TCP/UDP -

A

Port Number - 143

Protocol - (IMAP) Internet Message Access Protocol is used to receive email from a mail server with more features than POP3

TCP/UDP - TCP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Give the answer for the following information:

Port Number - 161
Protocol -
TCP/UDP -

A

Port Number - 161

Protocol - (SNMP) Simple Network Management Protocol is used to remotely monitor network devices

TCP/UDP - UDP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Give the answer for the following information:

Port Number - 162
Protocol -
TCP/UDP -

A

Port Number - 162

Protocol - SNMPTRAP is used to send trap and informrequests to the SNMP manager on a network

TCP/UDP -Both

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Give the answer for the following information:

Port Number - 389
Protocol -
TCP/UDP -

A

Port Number - 389

Protocol - (LDAP) Lightweight Directory Access Protocol is used to maintain directories of users and other objects

TCP/UDP - Both

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Give the answer for the following information:

Port Number - 443
Protocol -
TCP/UDP -

A

Port Number - 443

Protocol - (HTTPS) Hyper Text Transfer Protocol Secure is used to transmit web page data to a client over an SSL/TLS encrypted connection

TCP/UDP -TCP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

Give the answer for the following information:

Port Number - 445
Protocol -
TCP/UDP -

A

Port Number - 445

Protocol - (SMB) Server Message Block is used to provide shared access to files and other resources on a network

TCP/UDP - TCP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

Give the answer for the following information:

Port Number - 465/587
Protocol -
TCP/UDP -

A

Port Number - 465/587

Protocol - SMTP with SSL/TLS is Simple Mail Transfer Protocol used to send email over the internet with an SSL and TLS secured connection

TCP/UDP - TCP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

Give the answer for the following information:

Port Number - 514
Protocol -
TCP/UDP -

A

Port Number - 514

Protocol - Syslog is used to conduct computer message logging, especially for routers and firewall logs

TCP/UDP - UDP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

Give the answer for the following information:

Port Number - 636
Protocol -
TCP/UDP -

A

Port Number - 636

Protocol - LDAP SSL/TLS is used to maintain directories of users and other objects over an encrypted SSL/TLS connection

TCP/UDP - Both

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

Give the answer for the following information:

Port Number - 860
Protocol -
TCP/UDP -

A

Port Number - 860

Protocol - iSCSI is used for linking data storage facilites over IP

TCP/UDP - TCP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

Give the answer for the following information:

Port Number - 989/990
Protocol -
TCP/UDP -

A

Port Number - 989/990

Protocol - (FTPS) File Transfer Protocol Secure is used to transfer files from host to host over an encrypted connection

TCP/UDP - TCP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

Give the answer for the following information:

Port Number - 993
Protocol -
TCP/UDP -

A

Port Number - 993

Protocol - IMAP4 with SSL/TLS is used to receive email from a mail server over an SSL/TLS encrypted connection

TCP/UDP - TCP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

Give the answer for the following information:

Port Number - 995
Protocol -
TCP/UDP -

A

Port Number - 995

Protocol - (POP3 with SSL/TLS) is used to receive email from a mail server using an SSL/TLS encrypted connection

TCP/UDP - TCP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

Give the answer for the following information:

Port Number - 1433
Protocol -
TCP/UDP -

A

Port Number - 1433

Protocol - (Ms-sql-s) Microsoft SQL server is used to receive SQL database queries from clients

TCP/UDP - TCP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

Give the answer for the following information:

Port Number - 1645/1646
Protocol -
TCP/UDP -

A

Port Number - 1645/1646

Protocol - (RADIUS alternative) Remote Alternative Dial-In User Service is used for authentication and authorization (1645) and accounting (1646)

TCP/UDP - UDP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

Give the answer for the following information:

Port Number - 1701
Protocol -
TCP/UDP -

A

Port Number - 1701

Protocol - (L2TP) Layer 2 Tunnel Protocol is used as an underlying VPN protocol but has no inherent security

TCP/UDP - UDP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

Give the answer for the following information:

Port Number - 1723
Protocol -
TCP/UDP -

A

Port Number - 1723

Protocol - (PPTP) Point to Point Tunneling Protocol is an underlying VPN protocol with built in security

TCP/UDP - Both

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

Give the answer for the following information:

Port Number - 1812/1813
Protocol -
TCP/UDP -

A

Port Number - 1812/1813

Protocol - (RADIUS) Remote Authentication Dial-In User Service is used for authentication and authorization (1812) and accounting (1813)

TCP/UDP - UDP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

Give the answer for the following information:

Port Number - 3225
Protocol -
TCP/UDP -

A

Port Number - 3225

Protocol - (FCIP) Fibre Channel IP is used to encapsulate Fibre Channel frames within TCP/IP packets

TCP/UDP - Both

40
Q

Give the answer for the following information:

Port Number - 3260
Protocol -
TCP/UDP -

A

Port Number - 3260

Protocol - iSCSI Target is a listening port for a iSCSI targeted devices when linking data storage facilities over IP

TCP/UDP - TCP

41
Q

Give the answer for the following information:

Port Number - 3389
Protocol -
TCP/UDP -

A

Port Number - 3389

Protocol - (RDP) Remote Desktop Protocol is used to remotely view and control other Windows systems via Graphical User Interface

TCP/UDP - Both

42
Q

Give the answer for the following information:

Port Number - 3868
Protocol -
TCP/UDP -

A

Port Number - 3868

Protocol - Diameter is a more advanced AAA protocol that is a replacement for RADIUS

TCP/UDP - TCP

43
Q

Give the answer for the following information:

Port Number - 6514
Protocol -
TCP/UDP -

A

Port Number - 6514

Protocol - Syslog over TLS it is used to conduct computer message logging, especially for routers and firewall logs, over a TLS encrypted connection

TCP/UDP - TCP

44
Q

What makes a port unnecessary?

A

Any port that is associated with a service or function that is non-essential to the operation of your computer or network

45
Q

Why is it important that you close or disable any unused ports?

A

Any port represents a possible vulnerability that might be exposed

46
Q

Many security professionals and analyst do what to see which ports are opened and closed?

A

Scan their servers, their routers and their firewalls

47
Q

What are the three methods you can use to close an unnecessary port?

A
  1. The operating system’s graphic user interface - To do this in Windows, open up the computer management console, select services and applications and then select services. Double click on what you want to turn off.
  2. Command line interface - “C:\ net stop service” you can turn off a service by using the net stop command and the name of the service. On a Linux server, you can do this by entering sudo stop and the name of the service at the command line (ex. # sudo stop service)
  3. Block the ports at your firewall, whether this is a software or a hardware-based firewall, or on the server itself.
48
Q

What is a Denial of Service (DoS) attack?

A

Term used to describe many different attacks which attempt to make a computer or server’s resources unavailable

49
Q

What are the five subcategories of DoS attacks?

A
  1. Flooding Attacks
  2. Ping of Death
  3. the Teardrop
  4. the Permanent Denial of Service attack
  5. the Fork Bomb
50
Q

What is a DoS Flood Attack?

A

A specialized type of DoS which attempts to send more packets to a single server or host than they can handle

51
Q

There are a few different specialized varieties of DoS Flood Attacks, what are they?

A
  1. Ping Flood
  2. Smurf Attack
  3. Fraggle
  4. SYN Flood
  5. Christmas Attack
52
Q

What is a Ping Flood?

A

An attacker attempts to flood the server by sending too many ICMP echo request packets (which are known as pings)

53
Q

What is a Smurf Attack?

A

This is like a Ping Flood but instead of trying to flood a server by sending out pings directly to it the attack instead tries to amplify this attack by sending a ping to a subnet broadcast address instead, using the spoofed IP of the target server.

This causes all the devices on that subnet to reply back to the victimized server with those ICMP echo replies, and it’s going to eat up a lot of bandwidth and processing power.

54
Q

What is a Fraggle?

A

Attacks send a UDP echo packet to port 7 (ECHO) and port 19 (CHARGEN) to flood a server with UDP packets

*** Fraggle attacks are uncommon today due to this ports generally being closed however, a UDP Flood Attack, which is a variant of Fraggle is still heavily used. It works basically the same but it uses different UDP ports.

55
Q

What is a SYN Flood?

A

Variant on a Denial of Service (DoS) attack where attacker initiates multiple TCP sessions but never completes the 3-way handshake

56
Q

How do you prevent SYN floods?

A
  1. Flood guards
  2. Time outs
  3. IPS
57
Q

What is a flood guard?

A

These devices will detect when a SYN flood is being attempted and will block the request at the network boundary, freeing up the server.

58
Q

What is a Christmas Attack?

A

A specialized network scan that sets the FIN, PSH, and URG flags and can cause a device to crash or reboot

*** This will cause a device to crash or reboot anytime that packet’s received because it’s a nonstandard format. This name was given from the way the packets look inside of a protocol analyzer like Wireshark because all of the flags are turned on (looking like a Christmas Tree.)

59
Q

What is the Ping of Death?

A

An attack that sends an oversized and malformed packet to another computer or server

*** When received, these systems wouldn’t know what to do with it and they would crash. This is an older attack that modern operating systems aren’t vulnerable to anymore. This was one of the first DoS attacks that was very effective in the field.

60
Q

What is a Teardrop Attack?

A

Attack that breaks apart packets into IP fragments, modifies them with overlapping and oversized payloads and sends them to a victim machine.

** This attack gets its name because with enough “teardrops” you could form a puddle but this attack creates numerous smaller packets that can’t be reformed into this larger puddle, and when they’re trying to put those back together, the system simply crashes or reboots itself because it doesn’t understand how to handle it.

61
Q

What is a Permanent Denial of Service?

A

Attack which exploits a security flaw to permanently break a networking device by reflashing its firmware

** This is an attack which exploits a security flaw to permanently break a networking device by reflashing its firmware. This can cause a device to be unable to reboot itself because its operating system is overwritten. Also, a quick reboot won’t bring the system back online hence its name.

62
Q

What is Fork bomb?

A

Attack that creates a large number of processes to use up the available processing power of a computer

** This attack gets its name because a process is called a fork, and it can be forked into two processes, and then four processes and so on, until it eats up all of the resources. Now, some people think of this as a worm because of the self-replicating nature, but they’re not a worm, because they don’t infect programs, and they don’t use the network to spread. Instead, Fork Bombs only spread out inside the processor’s cache on a single computer that it’s being attacked with, and it causes a Denial of Service attack, and a Denial of Service condition, which is why it’s considered not to be a worm.

63
Q

What is a Denial of Service condition?

A

Any attack that causes a system to go offline, and to stop providing the service that it’s really suppose to do to its real users or it can permanently cause a system to be broken

64
Q

What is a Distributed Denial of Service (DDoS)?

A

A group of compromised systems attack a single target simultaneously to create a Denial of Service (DoS)

*** Usually, these machines that conduct the attack don’t even realize that they’re a part of it. Generally, they have become zombies or bots inside of a large botnet and then when they receive that command to attack they all simultaneously send all their payloads against a single victim.

65
Q

What is a DDoS DNS amplification?

A

Attack which relies on the large amount of DNS information that is sent in response to a spoofed query on behalf of the victimized server

*** This specialized attack allows an attacker to generate a high volume of packets that’s intended to flood a victim’s website by initiating DNS requests from a spoof version of the target’s IP address. This causes the DNS servers to respond to that request and send the response back to the server, thinking that it’s valid. Because a DNS request uses very little bandwidth to send, but the response usually takes up a lot more bandwidth, this allows the attack to be amplified against the victim’s server.

66
Q

What are the techniques to prevent DoS and DDoS attacks?

A
  1. Blackholing/Sinkholing
  2. IPS (can prevent small scale DDoS)
  3. Elastic Cloud Infrastructure (this infrastructure will scale up when demand increases allowing you to ride out an attack.)
67
Q

What is blackholing or sinkholing?

A

Identifies any attacking IP addresses and routes all their traffic to a non-existent server through the null interface

68
Q

What is spoofing?

A

Occurs when an attacker masquerades as another person by falsifying their identity

69
Q

How do you prevent spoofing?

A

The best way is to user proper authentication, preferably multi-factor.

70
Q

What is Hijacking?

A

The exploitation of a computer session in an attempt to gain unauthorized access to data, services, or other resources on a computer or server.

71
Q

What are the eight types of hijacking?

A
  1. Session Theft
  2. TCP/IP hijacking
  3. Blind hijacking
  4. Clickjacking
  5. Man-In-The-Middle
  6. Man-In-The-Browser
  7. Watering Hole
  8. Cross Site Scripting
72
Q

What is Session Theft?

A

Attacker guesses the session ID for a web session, enabling them to takeover the already authorized session of the client

73
Q

What is TCP/IP hijacking?

A

Occurs when an attack takes over a TCP session between two computers without the needs of a cookie or other host access

74
Q

What is Blind hijacking?

A

Occurs when an attack blindly injects data into the communication stream without being able to see if it is successful or not

75
Q

What is Clickjacking?

A

Attack that uses multiple transparent layers to trick a user into clicking on a button or link on a page when they were intending to click on the actual page

76
Q

What is a Man in the Middle attack?

A

Attack that causes data to flow through the attacker’s computer where they can intercept or manipulate the data

77
Q

What is a Man in the Browser (MITB) attack?

A

Occurs when a trojan infects a vulnerable web browser and modifies the web pages or transactions being done within the browser

** This is similar to a Man in the Middle attack except it’s limited to your browser’s web communication

78
Q

What is a Watering hole attack?

A

Occurs when malware is placed on a website that the attacker knows his potential victims will access

79
Q

What is a Replay Attack?

A

Network-based attack where a valid data transmission is fraudulently or maliciously rebroadcast, repeated or delayed

80
Q

How do we combat replay attacks?

A

Ensure that websites and devices are using session tokens to uniquely identify when an authentication session is occurring in addition to using multi-factor authentication

81
Q

What is a Null Session?

A

A connection to the Windows interprocess communications share (IPC$)

** This is an administrative share that you don’t see as a normal user, but it allows computers across the network to send information that they know about files, folders, users, groups, computers and servers to each other.

82
Q

What is a transitive attack?

A

These aren’t really an actual type of attack but more of a conceptual method. It gets its names from the transitive property we learned back in math. Essentially, this says that A = B = C then A also equals C. For the exam, this is the idea of trust. If one network trusts a second network and the second network trusts the third network, then that first network really trusts the third network. So if an attacker can get into any one of those three networks, he can then get into the other two as well.

83
Q

What are the four different types of DNS attacks?

A

DNS Poisoning
Unauthorized Zone Transfers
Altered Hosts Files
Domain Name Kiting

84
Q

What is DNS poisoning?

A

Occurs when the name resolution information is modified in the DNS server’s cache

85
Q

What is DNS Unauthorized Zone Transfers?

A

Occurs when an attacker requests replication of the DNS information to their systems for use in planning future attacks

86
Q

How do you counteract DNS poisoning?

A
  1. Secure DNS (DNSSEC) was created using encrypted digital signatures when passing DNS information between servers to help protect it from poisoning
  2. Ensure you are running the latest patches and updates
87
Q

What is a DNS Unauthorized Zone Transfer attack?

A

Occurs when an attacker requests replication of the DNS information to their systems for use in planning future attacks

88
Q

What is a DNS Altered Hosts File attack?

A

Occurs when an attacker modifies the host files to have the client bypass the DNS server and redirects them to an incorrect or malicious website

*** Every computer has a file on it called the host file. This is a plain text file and it contains IP addresses and names. This is a reference that the operating system is going to check every time a DNS lookup is requested prior to going to a DNS server.

89
Q

How do you prevent your host file from being manipulated?

A

It should always be set to read-only

On a windows machine, your host file’s located in the

systemroot\system32\drivers\etc directory

90
Q

What is Pharming?

A

Occurs when attacker redirects one website’s traffic to another website that is bogus or malicious

91
Q

What is Domain Name Kiting?

A

Attack that exploits a process in the way a domain name is registered so that the domain name is kept in limbo and cannot be registered by an authenticated buyer

** You’re normally given a five-day grace period when you’re adding a domain name, but if you delete it before that five days is up and you re-add it again, the five day restarts. So this lets an attacker gobble up domain names without ever having to pay for them and they can be kept in a limbo state.

92
Q

What is ARP?

A

Address Resolution Protocol is for mapping an internet protocol address (IP address) to a physical machine address that is recognized in the local network

*** used to convert IP address into a MAC addresss

93
Q

What is ARP poisoning?

A

Attack that exploits the IP address to MAC resolution in a network to steal, modify, or redirect frames within the local area network

** The concept here is that the attacker is going to associate their MAC address with the IP address of another device within their network. This way, whenever a router asks for the MAC address that’s associated with that IP, they get the attacker’s MAC address instead of the legitimate user’s.

94
Q

How do you prevent ARP poisoning?

A
  1. Set up good VLAN segmentation within your network
  2. Set up DHCP snooping to ensure that IP addresses aren’t being stolen and taken over by an attacker
95
Q
A

Security+ UDemy (33 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions