Security test Flashcards
HTTPS
It is the secure version of HTTP, a protocol used for viewing web pages. It encrypts the data which is being transferred between computers and servers over the internet. The encryption protocol for HTTPS is SSL or TLS. When entering a secure website, the user’s browser will ask for a digital certificate from the website. The digital certificate will be verified, and session keys will be created.
TCP vs UDP
- TCP creates a connection before sending data using a 3-way handshake. The UDP doesn’t do that.
- TCP guarantees that the data will be delivered to its destination while in UDP data delivery cannot be guaranteed.
- TCP is slower while UDP is faster.
KERBEROS
Is an authentication protocol that authenticates service requests between two or more trusted hosts across an untrusted network. At the heart of the protocol there’s the KDC which functions as the authentication service. Using this protocol when the user wants to access a service, the user will send a message to the AS and after authentication will receive a TGT. The user will send the TGT to the TGS. After validation, the TGS will send the user a service ticket. Using this ticket, the user will be able to get access to the service.
Default gateway
1 computer can have only one default gateway. In order to reach a remote network, a default gateway needs to be established. There can be only one default gateway because if we don’t know the mac address of the destination IP, there can be only one address that we go to and usually it is the router.
Ports
- 0 – 1023 - Well known ports
- 1024 – 49151 - Registered ports
- 49152 – 65535 - Dynamic, Private ports.
Broadcast
A way for devices to communicate with one another. When a device uses broadcast, it sends one packet to all the devices in the network. Usually it is used for ARP requests or DHCP.
ARP
A protocol used to translate IP address to MAC address. When a device wants to communicate with another device on the same network, it will need the mac address of that device. First, it will check ARP table to see if that device is registered. If not, it will broadcast a message to the network and the device with the required IP address will send its MAC address back.
DHCP
This protocol allows a DHCP server to automatically assign TCP/IP network configuration to a device in the network. This process can be broken into 4 stages:
a. Discover – The client broadcasts a message attempting to find the DHCP server.
b. Offer – The DHCP server sends back an IP address and other network configuration data.
c. Request – The client accepts the given IP address and other info.
d. Ack – The server acknowledges the request and sends back all the necessary data to the client and saves a record of the request.
Antivirus Vendors
a. Symantec
b. AVAST
c. Norton
d. Kaspersky
e. McAfee
FW Vendors
a. Check Point
b. Fortinet
c. Palo Alto
d. WatchGuard
e. Cisco
MX Record
A DNS record that shows where emails sent to a certain domain should be routed to. Can have several email servers set per domain. Email servers have a priority which decides the order by which the mail is sent. Priority is described as a number and the lower the number, the higher the priority.
Can a single host have multiple IP addresses?
Yes. A single host can have multiple NIC (Network Interface Card) with different IPs as well as one NIC with 2 different IPs.
Can one IP address have multiple sites?
Yes. It is possible to have multiple sites on one host with one IP. The access to the sites is possible by assigning different ports to different sites.
NAT
Network Address Translation. The purpose of NAT is to translate from a private IP address to public and vice versa. The reason for that is the limited number of IPv4 public IP addresses.
DNS
Domain Name System. The purpose of DNS is to translate domain names to IP addresses. The DNS works as a hierarchical system when looking for domain’s address. First, we will look for the address in the host’s cache memory, then the ISP and then the DNS root server.
