Section 16 - Security Infrastructure Flashcards

1
Q

What is the known ports, registered ports, unregistered ports?

A

Known ports - 1 to 1023

Registered ports - these are the port numbers that are normally assigned to proprietary application of different vendors
- Goes from 1024 to 49151
Ex - port 3389 for RDP

Unregistered ports - 59152 to 65535

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is SCP protocol and what is its port number?

A

TCP port 22
It is a protocol to securely copy data over the internet/network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What port number is used by TFTP?

A

UDP 69

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What port number is used by Kerberos?

A

UDP 88

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What port number is used by NNTP?

A

NNTP stands for Network News Transfer Protocol
TCP port 119

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What port number is used by RPC (Remote Procedure call)?

A

It runs on port number 135 and can use UDP or TCP.

It allows programs to execute code or make function calls on remote systems as it were a local call. It is often used as part of the Windows File sharing system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is NetBIOS and what port number does it use?

A

NetBIOS stands for Network Basic Input-Output.
Normally it is used by legacy systems for resolving names to IP addresses within the intranet. It can’t be used on the internet where we use DNS instead.

It uses port 137, 138, 139 (TCP or UDP)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What port number is used by SNMP (Simple Network Management Protocol)

A

SNMP uses UDP 161
SNMP trap uses UDP 162

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What port number is used by LDAP?

A

LDAP uses TCP port 389
LDAP secure uses 636

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is SMB and what port number does it use?

A

It uses TCP port 445
It is used for file, printer sharing etc.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What port number is used by SMTP secure?

A

TCP port 587 or 465

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What port number is used by syslog protocol?

A

UDP 514
Syslog protocol using TLS/SSL uses TCP port 6514

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What port number is used by Microsoft SQL?

A

TCP port 1433

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What port numbers are used by RADIUS server?

A

There are 4 ports it can use -

Ports 1645 and 1646 (TCP)

Ports 1812 and 1813 (UDP)

It is an 802.1X server.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What are different kinds of firewalls?

A
  1. Stateless Firewalls
  2. Statefull firewalls
  3. Proxy firewall - It is a firewall that makes connections on behalf of endpoints. These work at the network layer (often same as Stateful firewalls). Can be divided into 2 types -
    - Layer 5 proxy firewall
    - Application level
    - Kernel Proxy firewall
  4. NGFW - Next-generation firewall. It can perform deep inspection and can inspect at the application level and can differentiate between different kinds of data. It provides other additional security features.
  5. WAF - Web Application Firewall
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is unified threat management system?

A

It is a system that combines several security systems into one. In one device, it can provide Firewall capabilities, proxy service, Load balancing, IPS/IDS, VPN concentrator, DLP (Data Loss Prevention), Gateway antivirus

17
Q

What’s the name of a Host-based Firewall in a Windows system?

A

Windows Defender Firewall

18
Q

What are different types of IDS/IPS?

A

Network-based IDS/IPS
Host-based IDS/IPS
Wireless IDS/IPS - Wireless IDS can detect malicious activities on wireless networks and can protect against different wireless attacks like Disassociation attacks, Evil Twin, Rouge AP, and De-authentication attacks.

19
Q

What are different services that a load balancer can provide?

A

Load Balancing
Encryption/ Decryption
Can protect against attacks
Caching service

20
Q

What is Sticky Mac or Persistent MAC learning?

A

It is a Switch Feature in which switch will learn the Mac addresses of devices off its ports connect for the first time.

21
Q

What is 802.1 X protocol?

A

It is a port-based authentication protocol that can be used in Wireless or wired networks or can be implemented with VPNs.
It consists of an 802.1X Server (Usually a Radius server or TACACS+)

22
Q

What is PEAP?

A

PEAP - Protected EAP - It provides a secure tunnel using TLS/SSL for authenticating endpoints of the tunnel.
It requires a certificate on the server side and can use some other protocol/method to authenticate the user. (Like it might complete the user authentication using MS-CHAP v2)

23
Q

What are different EAP protocol?

A
  1. PEAP- (Protected Extensible Authentication protocol) - It encapsulates EAP in a TLS tunnel and allows Password-based authentication.
  2. EAP-TLS - requires certificate on both the server and client-side
  3. EAP-TTLS (Tunneled Transport Layuer Security) - It only requires certificate on the server side. (Similar to PEAP)
  4. EAP-FAST (Flexible authentication via secure tunneling) - Certificates are optional in this protocol/framework. It is an upgrade to LEAP (Light-weight Extensible authentication protocol)
24
Q

What are 2 ways in which we can setup Site to Site VPN?

A
  1. Full Tunnel
  2. Split Tunnel
25
Q

What is a clientless VPN?

A

In clientless VPN, user is provided access to VPN through a browser that uses TLS/SSL for creating VPN tunnel.

Site to Site and Client to Site VPN uses IPsec for creating secure tunnel.

26
Q

What is SD-WAN concept?

A

SD-WAN stands for Software Defined Wide Area Networking.
In SD-WAN technologies, control of WAN devices like routers is managed from a centralized place.

It is a virtualized approach to managing and optimizing wide area network connections to efficiently route traffic between remote sites, data centers and cloud environments.

27
Q

What is SASE (Secure Access Service Edge)?

A

It is a concept that combines the concept of SD-WAN and security services together.
SASE solution typically involve a wide variety of services -
- Firewalls
- VPNs
- Zero Trust network access
- CASB (Cloud access service broker)

All of this is implemented using policies and management controls.

28
Q

What are 2 types of failure modes that we can setup for our devices?

A
  1. Fail-close - once failed, it will close/break the connection.
  2. Fail-open