Section 15 OBJ 2.4: Network Services Flashcards
File Server
Can be configured to allow the clients on the network to access the network and be able to read and write to its disk (file share)
Print Server
a server that could be a physical workstation or network infrastructure that provides printing functionality
Windows based file and print server:
relies on NETBIOS (137, 139) or SMB (445)
Linux or Unix based file and print server:
Samba - Provides the ability for a Linux or Unix server to be able to host files or printers that can then be used by Windows clients running the SMB protocol
IP-based File and Print Server / Cloud Printing
allows for printing anywhere in the world
Web Server
Any server that provides access to a website, generally through HTTP or HTTPS
Internet Information Services (IIS)
Extensible web server software, created by Microsoft (HTTP, HTTP/2, HTTPS)
Apache
Most popular way to run a webserver these days
Can use Linux, Unix, Mac, and Windows
NGINX
Reverse proxy, load balancer, mail proxy, and HTTP cache
faster than IIS and Apache
Uniform Resource Locator (URL)
combines the fully qualified domain name (FQDN) with a protocol at the beginning
Email Server
Servers that are set up to compose a message and send it to another user
Simple Mail Transfer Protocol (SMTP)
Specifies how emails should be delivered from one mail domain to another
Port 25
Post Office Protocol version 3 (POP3)
Older email protocol where you connect to your server, download messages, and process them on your local machine
port 110
Internet Message Access Protocol (IMAP)
Mail retrieval protocol capable of retrieving emails and keeping a copy on the server. Can also manage status of each email
Port 143
Microsoft Exchange
Mailbox server environment designed for Windows based domain environments
Authentication
occurs when a person’s identity is established with proof and is confirmed by the system
Five methods of authentication:
- something you know
- something you are
- something you have
- something you do
- somewhere you are
802.1x
Standardized framework used for port based authentication on wired and wireless networks
Lightweight Directory Access Protocol
a database used to centralize information about clients and objects on the network
port 389 unencrypted
port 636 encrypted
Active Directory
used to organize and manage the network, including clients, servers, devices, users, and groups
Remote Authentication Dial-In User Service (RADIUS)
provides centralized administration of dial-up, VPN, and wireless authentication services for 802.1x and the EAP
operates at the application layer
Uses UDP
Combines authentication and authorization
Does not support all network protocols
Has cross-platform compatibility
Terminal Access Control Access-Control System Plus (TACACS+)
proprietary version of RADIUS from Cisco that can perform the role of an authenticator in 802.1x networks
Uses TCP
Separates authentication, authorization, and accounting
Supports all network protocols
Exclusive to Cisco devices
Authorization
Occurs when a user is given access to a certain piece of data or certain areas of a building
Kerberos
Authentication protocol used by Windows to provide for two-way (mutual) authentication using a system of tickets
Accounting
Ensures the tracking of data, computer usage, and network resources is maintained
Typically kept in a log file
Telnet
Sends text-based commands to remote devices and is a very old networking tool
Not secure because everything is sent in plain text
Port 23
Secure Shell (SSH)
Encrypts everything that is being sent and received between the client and the server
Port 22
Remote Desktop Protocol (RDP)
Provides graphical interface to connect to another computer over a network connection
Use remote desktop gateway (RDG) to create a secure connection tunnel into the RDP
Port 3389
Virtual Network Computing (VNC)
designed for thin client architectures
Port 5900
Terminal Emulator (TTY)
Any kind of software that replicates the TTY I/O functionality to remotely connect to a device
Syslog
Enables different appliances and software applications to transmit logs to a centralized server
It is the de facto standard for logging events
When mentioned, it can refer to the protocol, server, or the log entries themselves
Old Syslog:
Relied on UDP
Lacked security controls
New Syslog:
Uses TCP
Uses TLS
Uses MD5 and SHA1
Simple Network Management Protocol (SNMP)
TCP/IP protocol that aids in monitoring network-attached devices and computers
3 components:
Managed Devices - computers and other network-attached devices monitored through the use of agents by a network management system
Agent - software that is loaded on a managed device to redirect information to the network management system
Network Management Systems - running on one or more servers to control the monitoring of network attached computers
Proxy Server
Devices that create a network connection between an end user’s client machine and a remote resource (web server)
Can cache websites to save bandwidth
Increased security by whitelisting and blacklisting sites
Increase auditing capabilities by keeping logs
Load Balancer/Content Switch
Distributes traffic across a number of servers inside a server farm or cloud infrastructure
Denial of Service (DoS)
a continuous flooding of requests to crash the system
Distributed Denial of Service (DDoS)
Multiple machines simultaneously launch attacks on the server to force it offline
Blackholing/Sinkholing
Identifies any attacking IP address and routes their traffic through a null interface
Intrusion Prevention System (IPS)
Works for small-scale attacks against DoS
Elastic Cloud
Allows to scale up the demand as needed
Access Control List (ACL)
Rule sets placed on the firewalls, routers and other network devices that permit or allow traffic through a particular interface
Actions always performed top-down in an ACL, so specific rules on top, generic on bottom
Firewall
Inspect and control traffic trying to enter or leave a network
Types include:
Packet-filtering
Stateful
Proxy
Dynamic packet-filtering
Kernel Proxy
Unified Threat Management (UTM)
Provides the ability to conduct security functions within a single device or network appliance
Information Technology (IT)
Includes computers, servers, networks, and cloud platforms
Operational Technology (OT)
Communications network designed to implement an ICS
Technology that interacts with the real world, no computer needed
Industrial Control Systems (ICS)
Provides the mechanisms for workflow and process automation by controlling machinery using embedded devices
Fieldbus
Digital serial data communication protocol used in OT networks to link different programmable logic controllers (PLCs)
Programmable Logic Controller (PLC)
Type of digital computer used in industrial settings that enables automation and assembly lines, autonomous field operations, robotics, and other applications
Human-Machine Interface (HMI)
Can be a local control panel or software that runs on a computer
Supervisory Control and Data Acquisition (SCADA)
Type of ICS used to manage large scale multi-site devices and equipment in a geographic region from a host computer
Embedded System
Computer system that is designed to perform specific or dedicated functions
Considered static environments, where frequent changes are not allowed
Real-time Operating System (RTOS)
Type of OS that prioritizes deterministic execution of operations that ensure consistent response for time critical tasks
System-on-a-Chip
processor integrates the platform functionality of multiple logic controllers on a chip
ex: raspberry-pi
Legacy system
computer system that is no longer supported by its vendor and is no longer provided with security updates and patches
Must identify legacy systems and put mitigations in place
Proprietary System
System that is owned by its developer or vendor
