Seriously, Ariel Flashcards
Pen Testing
the practice of testing a computer system, network, or web application to find security vulnerabilities that an attacker could exploit. Penetration testers only do this with permission of the organization that owns the system, network, or web application and within the bounds of their scope of work.
Fiber light meter
AKA optical power meter
used to measure the power in an optical signal over a fiber optic cable
A fiber light meter could be used to test if the cable is broken, but it would not be able to determine where the break in the fiber cable is located
OTDR
Optical Time Domain Reflectometer
used by organizations to certify the performance of new fiber optics links and detect problems with existing fiber links. An OTDR can identify if a fiber cable is broken and provide an approximately location for the break
Cable tester
cable tester is used to verify the electrical connections in a twisted pair or coaxial cable
Loopback adapter
plug that is used to test the physical port or interface on a network device
Media converter
a Layer 1 device that changes one type of physical network connection to another
incident response plan
a set of instructions to help our network and system administrators detect, respond to, and recover from network security incidents. These types of plans address issues like cybercrime, data loss, and service outages that threaten daily work
System life cycle plan
AKA life cycle planning
describes the approach to maintaining an asset from creation to disposal. In the information technology world, we normally have a 5-phase lifecycle that is used for all of our systems and networks: Planning, Design, Transition, Operations, and Retirement
AUP
acceptable use policy
set of rules applied by the owner, creator, or administrator of a network, website, or service, that restrict the ways in which the network, website, or system may be used and sets guidelines as to how it should be used
BYOD Policy
A bring your own device policy allows, and sometimes encourages, employees to access enterprise networks and systems using personal mobile devices such as smartphones, tablets, and laptops.
Least privilege
the concept and practice of restricting access rights for users, accounts, and computing processes to only those resources absolutely required to perform routine, legitimate activities.
Zero trust
a security framework that requires all users, whether in or outside the organization’s network, to be authenticated, authorized, and continuously validated for security configuration and posture before being granted or keeping access to applications and data.
Giant
any ethernet frame that exceeds the 802.3 frame size of 1518 bytes
Runt
an ethernet frame that is less than 64 bytes in size
Encapsulation
a process by which a lower-layer protocol receives data from a higher-layer protocol and then places the data into the data portion of its frame
CRC
Cyclic Redundancy Checksum
error-detecting code commonly used in digital networks and storage devices to detect accidental changes to raw data as it transits the network
Channel Bonding
a practice commonly used in IEEE 802.11 implementations in which two adjacent channels within a given frequency band are combined to increase throughput between two or more wireless devices
Broadcast
IPv4 only
Broadcast communication has one sender, but it sends the traffic to every device on the network
Anycast
IPv6 only
communications are sent to the nearest receiver in a group of receivers with the same IP
Multicast
a technique used for one-to-many communication over an IP network. The central location sends a signal to subscribed devices.
Unicast
communication only has one sender and one receiver
DLP
Data Loss Prevention
systems are used to ensure that end-users do not send sensitive or critical information outside the corporate network. These DLP products help a network administrator control what data end users can transfer
PaaS
Platform as a Service
a complete development and deployment environment in the cloud, with resources that enable you to deliver everything from simple cloud-based apps to sophisticated, cloud-enabled enterprise applications.
IaaS
Infrastructure as a Service
a type of cloud computing service that offers essential compute, storage, and networking resources on-demand, on a pay-as-you-go basis
SaaS
Software as a Service
allows users to connect to and use cloud-based apps over the Internet. Common examples are email, calendaring, and office tools (such as Microsoft Office 365). SaaS provides a complete software solution that you purchase on a pay-as-you-go basis from a cloud service provider
DaaS
Desktop as a Service
a cloud computing offering where a service provider delivers virtual desktops to end-users over the Internet, licensed with a per-user subscription. DaaS is often called Virtual Desktop Infrastructure (VDI).
MAC Spoofing
a technique for changing a factory-assigned Media Access Control (MAC) address of a network interface on a networked device. Public wireless networks can be configured to use MAC filtering to block access to devices once they reach a certain time limit
IP Spoofing
a method of modifying the source address in the packet header to make the receiving computer system think the packet is from a trusted source, such as another computer on a legitimate network, and accept it.
Dictionary attack
Type of password
attack that compares encrypted
passwords against a predetermined list
of possible password values
a method of breaking into a password-protected computer, network, or other IT resource by systematically entering every word in a dictionary or list file
Brute-force attack
consists of an attacker submitting every possible combination for a password or pin until they crack it
EAP
The Extensible Authentication Protocol (EAP) is a framework in a series of protocols that allows for numerous different mechanisms of authentication, including things like simple passwords, digital certificates, and public key infrastructure.
10GBase-SR
10 Gigabit Ethernet over fiber
Short Range
– Multimode fiber
– 26 to 400 meters, depending on the fiber
10GBASE-LR
10 Gigabit Ethernet over fiber
Long range
– Single-mode fiber
– 10 kilometers maximum range
100BASE-TX
100 megabit Ethernet
“Fast Ethernet”
– Category 5 or better twisted pair copper - two pair
– 100 meters maximum length
10GBASE-T
10 Gig Ethernet over copper
– 4-pair balanced twisted-pair
* Frequency use of 500 MHz
– Well above the 125 MHz for gigabit Ethernet
* Category 6
– Unshielded: 55 meters, Shielded: 100 meters
* Category 6A (augmented)
– Unshielded or shielded: 100 meters
Broadcast storm
The result of an excessive amount of broadcast or multicast traffic on a computer network. A broadcast storm can consume sufficient network resources and render the network unable to transport normal network traffic.
Asymmetric routing
when network packets leave via one path and return via a different path (unlike symmetric routing, in which packets come and go using the same path)
OSI Layer 1
Physical Layer
The physics of the network
– Signaling, cabling, connectors
– This layer isn’t about protocols
Signaling, cabling, connectors (Cable, NIC, Hub)
Electrical signals
OSI Layer 2
Data Link Layer
The basic network “language”
– The foundation of communication
at the data link layer
* Data Link Control (DLC) protocols
– MAC (Media Access Control) address on Ethernet
* The “switching” layer
(Frame, MAC address, EUI-48, EUI-64, Switch)
OSI Layer 3
Network Layer
- The “routing” layer
- Internet Protocol (IP)
- Fragments frames to traverse different networks
(IP address, router, packet)
IP Encapsulation
OSI Layer 4
Transport Layer
The “post office” layer – Parcels and letters
* TCP segment (Transmission Control Protocol) and UDP datagram (UserDatagram Protocol)
TCP encapsulation
OSI Layer 5
Session Layer
Communication management between devices – Start, stop, restart
* Half-duplex, full-duplex
* Control protocols, tunneling protocols
Link the presentation to the transport
OSI Layer 6
Presentation Layer
- Character encoding
- Application encryption
- Often combined with the Application Layer
Encoding and encryption (SSL/TLS)
OSI Layer 7
Application Layer
The layer we see - HTTP, FTP, DNS, POP3
GMail, Twitter, Facebook
Encapsulation
Describing how data messages should be packaged for
transmission. Encapsulation is like an envelope for a letter, with the distinction
that each layer requires its own envelope. At each layer, the protocol adds fields
in a header to whatever data (payload) it receives from an application or other
protocol.
TCP Flags
The flags control the payload
– SYN - Synchronize sequence numbers
– PSH - Push the data to the application without
buffering
– RST - Reset the connection
– FIN - Last packet from the sender
MTU
Maximum Transmission Unit
Maximum IP packet to transmit – But not fragment
The payload can normally be between 46 and 1500 bytes.
The upper limit of the payload is also referred to as the maximum transmission
unit
Star topology
- Hub and spoke
- Used in most large and small networks
- All devices are connected to a central device
- Switched Ethernet networks
– The switch is in the middle
each endpoint node is connected to a central forwarding node,
such as a hub, switch, or router. The central node mediates communications
between the endpoints. The star topology is the most widely used physical
topology
Ring Topology
each node is wired to its neighbor in a closed loop.
A node receives a transmission from its upstream neighbor and passes it to its
downstream neighbor until the transmission reaches its intended destination.
Each node can regenerate the transmission, improving the potential range of the
network.
Still used in many Metro Area Networks (MANs) and Wide Area Networks (WANs)
– Dual-rings
– Built-in fault tolerance
Bus topology
All nodes attach directly to a single cable segment via cable taps
A physical bus topology with more than two nodes is a shared access topology,
meaning that all nodes share the bandwidth of the media. Only one node can be
active at any one time, so the nodes must contend to put signals on the media.
A signal travels down
the bus in both directions from the source and is received by all nodes connected
to the segment. The bus is terminated at both ends of the cable to absorb the signal
when it has passed all connected devices.
Mesh Topology
Multiple links to the same place – Fully connected
– Partially connected
* Redundancy, fault-tolerance, load balancing
* Used in wide area networks (WANs) – Fully meshed and partially meshed
commonly used in WANs, especially public networks like the
Internet. In theory, a mesh network requires that each device has a point-to-point
link with every other device on the network (fully connected).
Peer-to-peer
All devices are both clients and servers – Everyone talks to everyone
* Advantages
– Easy to deploy, Low cost
* Disadvantages
– Difficult to administer
– Difficult to secure
Client-server
- Central server
– Clients talk to the server - No client-to-client communication
- Advantages
– Performance, administration - Disadvantages
– Cost, complexity
LAN
Local Area Network
- A building or group of buildings – High-speed connectivity
- Ethernet and 802.11 wireless
– Any slower and it isn’t “local”
MAN
Metropolitan Area Network
- A network in your city
– Larger than a LAN, often smaller than a WAN - Common to see government ownership – They “own” the right-of-way
WAN
Wide Area Network
- Generally connects LANs across a distance – And generally much slower than the LAN
- Many different WAN technologies – Point-to-point serial, MPLS, etc. – Terrestrial and non-terrestrial
WLAN
Wireless LAN
- 802.11 technologies
- Mobility within a building or geographic area * Expand coverage with additional access points
PAN
Personal Area Network
- Your own private network
– Bluetooth, IR, NFC - Automobile
– Audio output
– Integrate with phone - Mobile phone
– Wireless headset - Health
– Workout telemetry, daily reports
CAN
Campus Area Network
Corporate Area Network
- Limited geographical area – A group of buildings
- LAN technologies
– Fiber connected, high speed Ethernet - Your fiber in the ground – No third-party provider
NAS
Network Attached Storage
– Connect to a shared storage device
across the network
– File-level access
SAN
Storage Area Network
– Looks and feels like a local storage device
– Block-level access
– Very efficient reading and writing
MPLS
Multiprotocol label switching
- Packets through the WAN have a label – Routing decisions are easy
- Labels are “pushed” onto packets as they enter the MPLS cloud by an edge router
- Labels are “popped” off on the way out
operates as an overlay network to
configure point-to-point or point-to-multipoint links between nodes regardless of
the underlying physical and data link topologies
mGRE
Multipoint Generic Router Encapsulation
– Used extensively for Dynamic Multipoint VPN (DMVPN) – Common on Cisco routers
* Your VPN builds itself
– Remote sites communicate to each other
* Tunnels are built dynamically, on-demand
– A dynamic mesh
SD-WAN
Software Defined Networking in a Wide Area Network
– A WAN built for the cloud
* The data center used to be in one place – The cloud has changed everything
* Cloud-based applications communicate directly to the cloud – No need to hop through a central point
Demarcation point
The point where you connect with the outside world
– WAN provider
– Internet service provider
- You connect your CPE
– Customer premises equipment or “customer prem”
Smartjack
- Network interface unit (NIU)
– The device that determines the demarc – Network Interface Device,
Telephone Network Interface - Smartjack
– More than just a simple interface – Can be a circuit card in a chassis - Built-in diagnostics – Loopback tests
- Alarm indicators
– Configuration, status
NFV
Network Function virtualization
- Replace physical network devices with virtual versions – Manage from the hypervisor
- Same functionality as a physical device
– Routing, switching, load balancing, firewalls, etc. - Quickly and easily deploy network functions – Click and deploy from the hypervisor
- Many different deployment options – Virtual machine, container,
fault tolerance, etc.
Hypervisor
- Virtual Machine Manager
– Manages the virtual platform and guest
operating systems - Hardware management
– CPU, networking, security - Single console control – One pane of glass
vSwitch
- Virtual switch
– Move the physical switch into the virtual environment - Functionality is similar to a physical switch
– Forwarding options, link aggregation,
port mirroring, NetFlow - Deploy from the hypervisor
– Automate with orchestration
vNIC
- A virtual machine needs a network interface
– A vNIC - Configured and connected through the hypervisor
– Enable additional features
– VLAN, aggregation, multiple interfaces
RG-6
Coaxial cable
used in television/digital cable and high-speed Internet over cable
RG-59
Coaxial cable
used as patch cables
Not designed for long distances
Cat 5
100BASE-T & 1000BASE-T
UTP
100m
Cat 5e
1000BASE-T
UTP or F/UTP
100m
Cat 6
10GBASE-T
UTP
Unshielded: 55m
Shielded: 100m
Cat 6a
10GBASE-T
F/UTP
100m
Cat 7
S/FTP
10GBASE-T
100m
GG45/
TERA
Cat 8
40GBASE-T
S/FTP
30m
T568A
RJ45 Pin assignment:
White and Green
Green
White and Orange
Blue
White and Blue
Orange
White and Brown
Brown
T568B
RJ45 Pin assignment:
White and Orange
Orange
White and Green
Blue
White and Blue
Green
White and Brown
Brown
Elements of Fiber Optic Cable
Core: provides the transmission path for the light signals (waveguide)
Cladding: reflects signals back into the waveguide as efficiently as possible so
that the light signal travels along the waveguide by multiple internal reflections
Buffer coating: protective plastic coating.
MMF
Multi-mode Fiber
Short-range communication, up to 2km
Inexpensive light source; LED
SMF
Single-mode Fiber
Long-range communication, up to 100km
Expensive light source; laser beams
support data rates up to 100 Gbps
UPC
Ultra-polished connectors
– Ferrule end-face radius polished at a zero degree angle
– High return loss
APC
Angle-polished connectors
– Ferrule end-face radius polished at an eight degree angle
– Lower return loss, generally higher insertion loss than
LC
Local connectors
push down for removal
ST
Straight Tip
plug and twist/untwist
SC
Subscriber connector
push/pull
MT-RJ
Mechanical Transfer Registered Jack
Fiber connector
RJ-11
Copper connector
Telephone & DSL
