Seriously, Ariel Flashcards
1
Q
Pen Testing
A
the practice of testing a computer system, network, or web application to find security vulnerabilities that an attacker could exploit. Penetration testers only do this with permission of the organization that owns the system, network, or web application and within the bounds of their scope of work.
2
Q
Fiber light meter
A
AKA optical power meter
used to measure the power in an optical signal over a fiber optic cable
A fiber light meter could be used to test if the cable is broken, but it would not be able to determine where the break in the fiber cable is located
3
Q
OTDR
A
Optical Time Domain Reflectometer
used by organizations to certify the performance of new fiber optics links and detect problems with existing fiber links. An OTDR can identify if a fiber cable is broken and provide an approximately location for the break
4
Q
Cable tester
A
cable tester is used to verify the electrical connections in a twisted pair or coaxial cable
5
Q
Loopback adapter
A
plug that is used to test the physical port or interface on a network device
6
Q
Media converter
A
a Layer 1 device that changes one type of physical network connection to another
7
Q
incident response plan
A
a set of instructions to help our network and system administrators detect, respond to, and recover from network security incidents. These types of plans address issues like cybercrime, data loss, and service outages that threaten daily work
8
Q
System life cycle plan
A
AKA life cycle planning
describes the approach to maintaining an asset from creation to disposal. In the information technology world, we normally have a 5-phase lifecycle that is used for all of our systems and networks: Planning, Design, Transition, Operations, and Retirement
9
Q
AUP
A
acceptable use policy
set of rules applied by the owner, creator, or administrator of a network, website, or service, that restrict the ways in which the network, website, or system may be used and sets guidelines as to how it should be used
10
Q
BYOD Policy
A
A bring your own device policy allows, and sometimes encourages, employees to access enterprise networks and systems using personal mobile devices such as smartphones, tablets, and laptops.
11
Q
Least privilege
A
the concept and practice of restricting access rights for users, accounts, and computing processes to only those resources absolutely required to perform routine, legitimate activities.
12
Q
Zero trust
A
a security framework that requires all users, whether in or outside the organization’s network, to be authenticated, authorized, and continuously validated for security configuration and posture before being granted or keeping access to applications and data.
13
Q
Giant
A
any ethernet frame that exceeds the 802.3 frame size of 1518 bytes
14
Q
Runt
A
an ethernet frame that is less than 64 bytes in size
15
Q
Encapsulation
A
a process by which a lower-layer protocol receives data from a higher-layer protocol and then places the data into the data portion of its frame
16
Q
CRC
A
Cyclic Redundancy Checksum
error-detecting code commonly used in digital networks and storage devices to detect accidental changes to raw data as it transits the network
17
Q
Channel Bonding
A
a practice commonly used in IEEE 802.11 implementations in which two adjacent channels within a given frequency band are combined to increase throughput between two or more wireless devices
18
Q
Broadcast
A
IPv4 only
Broadcast communication has one sender, but it sends the traffic to every device on the network
19
Q
Anycast
A
IPv6 only
communications are sent to the nearest receiver in a group of receivers with the same IP
20
Q
Multicast
A
a technique used for one-to-many communication over an IP network. The central location sends a signal to subscribed devices.
21
Q
Unicast
A
communication only has one sender and one receiver
22
Q
DLP
A
Data Loss Prevention
systems are used to ensure that end-users do not send sensitive or critical information outside the corporate network. These DLP products help a network administrator control what data end users can transfer
23
Q
PaaS
A
Platform as a Service
a complete development and deployment environment in the cloud, with resources that enable you to deliver everything from simple cloud-based apps to sophisticated, cloud-enabled enterprise applications.
24
Q
IaaS
A
Infrastructure as a Service
a type of cloud computing service that offers essential compute, storage, and networking resources on-demand, on a pay-as-you-go basis
25
SaaS
Software as a Service
allows users to connect to and use cloud-based apps over the Internet. Common examples are email, calendaring, and office tools (such as Microsoft Office 365). SaaS provides a complete software solution that you purchase on a pay-as-you-go basis from a cloud service provider
26
DaaS
Desktop as a Service
a cloud computing offering where a service provider delivers virtual desktops to end-users over the Internet, licensed with a per-user subscription. DaaS is often called Virtual Desktop Infrastructure (VDI).
27
MAC Spoofing
a technique for changing a factory-assigned Media Access Control (MAC) address of a network interface on a networked device. Public wireless networks can be configured to use MAC filtering to block access to devices once they reach a certain time limit
28
IP Spoofing
a method of modifying the source address in the packet header to make the receiving computer system think the packet is from a trusted source, such as another computer on a legitimate network, and accept it.
29
Dictionary attack
Type of password
attack that compares encrypted
passwords against a predetermined list
of possible password values
a method of breaking into a password-protected computer, network, or other IT resource by systematically entering every word in a dictionary or list file
30
Brute-force attack
consists of an attacker submitting every possible combination for a password or pin until they crack it
31
EAP
The Extensible Authentication Protocol (EAP) is a framework in a series of protocols that allows for numerous different mechanisms of authentication, including things like simple passwords, digital certificates, and public key infrastructure.
32
10GBase-SR
10 Gigabit Ethernet over fiber
Short Range
– Multimode fiber
– 26 to 400 meters, depending on the fiber
33
10GBASE-LR
10 Gigabit Ethernet over fiber
Long range
– Single-mode fiber
– 10 kilometers maximum range
34
100BASE-TX
100 megabit Ethernet
“Fast Ethernet”
– Category 5 or better twisted pair copper - two pair
– 100 meters maximum length
35
10GBASE-T
10 Gig Ethernet over copper
– 4-pair balanced twisted-pair
* Frequency use of 500 MHz
– Well above the 125 MHz for gigabit Ethernet
* Category 6
– Unshielded: 55 meters, Shielded: 100 meters
* Category 6A (augmented)
– Unshielded or shielded: 100 meters
36
Broadcast storm
The result of an excessive amount of broadcast or multicast traffic on a computer network. A broadcast storm can consume sufficient network resources and render the network unable to transport normal network traffic.
37
Asymmetric routing
when network packets leave via one path and return via a different path (unlike symmetric routing, in which packets come and go using the same path)
38
OSI Layer 1
Physical Layer
The physics of the network
– Signaling, cabling, connectors
– This layer isn’t about protocols
Signaling, cabling, connectors (Cable, NIC, Hub)
Electrical signals
39
OSI Layer 2
Data Link Layer
The basic network “language”
– The foundation of communication
at the data link layer
* Data Link Control (DLC) protocols
– MAC (Media Access Control) address on Ethernet
* The “switching” layer
(Frame, MAC address, EUI-48, EUI-64, Switch)
40
OSI Layer 3
Network Layer
* The “routing” layer
* Internet Protocol (IP)
* Fragments frames to traverse different networks
(IP address, router, packet)
IP Encapsulation
41
OSI Layer 4
Transport Layer
The “post office” layer – Parcels and letters
* TCP segment (Transmission Control Protocol) and UDP datagram (UserDatagram Protocol)
TCP encapsulation
42
OSI Layer 5
Session Layer
Communication management between devices – Start, stop, restart
* Half-duplex, full-duplex
* Control protocols, tunneling protocols
Link the presentation to the transport
42
OSI Layer 6
Presentation Layer
* Character encoding
* Application encryption
* Often combined with the Application Layer
Encoding and encryption (SSL/TLS)
43
OSI Layer 7
Application Layer
The layer we see - HTTP, FTP, DNS, POP3
GMail, Twitter, Facebook
44
Encapsulation
Describing how data messages should be packaged for
transmission. Encapsulation is like an envelope for a letter, with the distinction
that each layer requires its own envelope. At each layer, the protocol adds fields
in a header to whatever data (payload) it receives from an application or other
protocol.
45
TCP Flags
The flags control the payload
– SYN - Synchronize sequence numbers
– PSH - Push the data to the application without
buffering
– RST - Reset the connection
– FIN - Last packet from the sender
46
MTU
Maximum Transmission Unit
Maximum IP packet to transmit – But not fragment
The payload can normally be between 46 and 1500 bytes.
The upper limit of the payload is also referred to as the maximum transmission
unit
47
Star topology
* Hub and spoke
* Used in most large and small networks
* All devices are connected to a central device
* Switched Ethernet networks
– The switch is in the middle
each endpoint node is connected to a central forwarding node,
such as a hub, switch, or router. The central node mediates communications
between the endpoints. The star topology is the most widely used physical
topology
48
Ring Topology
each node is wired to its neighbor in a closed loop.
A node receives a transmission from its upstream neighbor and passes it to its
downstream neighbor until the transmission reaches its intended destination.
Each node can regenerate the transmission, improving the potential range of the
network.
Still used in many Metro Area Networks (MANs) and Wide Area Networks (WANs)
– Dual-rings
– Built-in fault tolerance
49
Bus topology
All nodes attach directly to a single cable segment via cable taps
A physical bus topology with more than two nodes is a shared access topology,
meaning that all nodes share the bandwidth of the media. Only one node can be
active at any one time, so the nodes must contend to put signals on the media.
A signal travels down
the bus in both directions from the source and is received by all nodes connected
to the segment. The bus is terminated at both ends of the cable to absorb the signal
when it has passed all connected devices.
49
Mesh Topology
Multiple links to the same place – Fully connected
– Partially connected
* Redundancy, fault-tolerance, load balancing
* Used in wide area networks (WANs) – Fully meshed and partially meshed
commonly used in WANs, especially public networks like the
Internet. In theory, a mesh network requires that each device has a point-to-point
link with every other device on the network (fully connected).
50
Peer-to-peer
All devices are both clients and servers – Everyone talks to everyone
* Advantages
– Easy to deploy, Low cost
* Disadvantages
– Difficult to administer
– Difficult to secure
51
Client-server
* Central server
– Clients talk to the server
* No client-to-client communication
* Advantages
– Performance, administration
* Disadvantages
– Cost, complexity
52
LAN
Local Area Network
* A building or group of buildings – High-speed connectivity
* Ethernet and 802.11 wireless
– Any slower and it isn’t “local”
53
MAN
Metropolitan Area Network
* A network in your city
– Larger than a LAN, often smaller than a WAN
* Common to see government ownership – They “own” the right-of-way
54
WAN
Wide Area Network
* Generally connects LANs across a distance – And generally much slower than the LAN
* Many different WAN technologies – Point-to-point serial, MPLS, etc. – Terrestrial and non-terrestrial
55
WLAN
Wireless LAN
* 802.11 technologies
* Mobility within a building or geographic area * Expand coverage with additional access points
56
PAN
Personal Area Network
* Your own private network
– Bluetooth, IR, NFC
* Automobile
– Audio output
– Integrate with phone
* Mobile phone
– Wireless headset
* Health
– Workout telemetry, daily reports
57
CAN
Campus Area Network
Corporate Area Network
* Limited geographical area – A group of buildings
* LAN technologies
– Fiber connected, high speed Ethernet
* Your fiber in the ground – No third-party provider
58
NAS
Network Attached Storage
– Connect to a shared storage device
across the network
– File-level access
59
SAN
Storage Area Network
– Looks and feels like a local storage device
– Block-level access
– Very efficient reading and writing
60
MPLS
Multiprotocol label switching
* Packets through the WAN have a label – Routing decisions are easy
* Labels are “pushed” onto packets as they enter the MPLS cloud by an edge router
* Labels are “popped” off on the way out
operates as an overlay network to
configure point-to-point or point-to-multipoint links between nodes regardless of
the underlying physical and data link topologies
61
mGRE
Multipoint Generic Router Encapsulation
– Used extensively for Dynamic Multipoint VPN (DMVPN) – Common on Cisco routers
* Your VPN builds itself
– Remote sites communicate to each other
* Tunnels are built dynamically, on-demand
– A dynamic mesh
62
SD-WAN
Software Defined Networking in a Wide Area Network
– A WAN built for the cloud
* The data center used to be in one place – The cloud has changed everything
* Cloud-based applications communicate directly to the cloud – No need to hop through a central point
63
Demarcation point
The point where you connect with the outside world
– WAN provider
– Internet service provider
* You connect your CPE
– Customer premises equipment or “customer prem”
64
Smartjack
* Network interface unit (NIU)
– The device that determines the demarc – Network Interface Device,
Telephone Network Interface
* Smartjack
– More than just a simple interface – Can be a circuit card in a chassis
* Built-in diagnostics – Loopback tests
* Alarm indicators
– Configuration, status
65
NFV
Network Function virtualization
* Replace physical network devices with virtual versions – Manage from the hypervisor
* Same functionality as a physical device
– Routing, switching, load balancing, firewalls, etc.
* Quickly and easily deploy network functions – Click and deploy from the hypervisor
* Many different deployment options – Virtual machine, container,
fault tolerance, etc.
66
Hypervisor
* Virtual Machine Manager
– Manages the virtual platform and guest
operating systems
* Hardware management
– CPU, networking, security
* Single console control – One pane of glass
67
vSwitch
* Virtual switch
– Move the physical switch into the virtual environment
* Functionality is similar to a physical switch
– Forwarding options, link aggregation,
port mirroring, NetFlow
* Deploy from the hypervisor
– Automate with orchestration
68
vNIC
* A virtual machine needs a network interface
– A vNIC
* Configured and connected through the hypervisor
– Enable additional features
– VLAN, aggregation, multiple interfaces
69
RG-6
Coaxial cable
used in television/digital cable and high-speed Internet over cable
70
RG-59
Coaxial cable
used as patch cables
Not designed for long distances
71
Cat 5
100BASE-T & 1000BASE-T
UTP
100m
72
Cat 5e
1000BASE-T
UTP or F/UTP
100m
73
Cat 6
10GBASE-T
UTP
Unshielded: 55m
Shielded: 100m
74
Cat 6a
10GBASE-T
F/UTP
100m
75
Cat 7
S/FTP
10GBASE-T
100m
GG45/
TERA
76
Cat 8
40GBASE-T
S/FTP
30m
77
T568A
RJ45 Pin assignment:
White and Green
Green
White and Orange
Blue
White and Blue
Orange
White and Brown
Brown
78
T568B
RJ45 Pin assignment:
White and Orange
Orange
White and Green
Blue
White and Blue
Green
White and Brown
Brown
79
Elements of Fiber Optic Cable
Core: provides the transmission path for the light signals (waveguide)
Cladding: reflects signals back into the waveguide as efficiently as possible so
that the light signal travels along the waveguide by multiple internal reflections
Buffer coating: protective plastic coating.
80
MMF
Multi-mode Fiber
Short-range communication, up to 2km
Inexpensive light source; LED
81
SMF
Single-mode Fiber
Long-range communication, up to 100km
Expensive light source; laser beams
support data rates up to 100 Gbps
82
UPC
Ultra-polished connectors
– Ferrule end-face radius polished at a zero degree angle
– High return loss
83
APC
Angle-polished connectors
– Ferrule end-face radius polished at an eight degree angle
– Lower return loss, generally higher insertion loss than
84
LC
Local connectors
push down for removal
85
ST
Straight Tip
plug and twist/untwist
86
SC
Subscriber connector
push/pull
87
MT-RJ
Mechanical Transfer Registered Jack
Fiber connector
88
RJ-11
Copper connector
Telephone & DSL
89
RJ-45
Copper connector
ethernet
90
F-Connector
copper connector
cable television
RG-6
91
Media Converter
A device that converts one media signaling type to another.
92
Transceiver
Transmitter and receiver
The part of a network interface that sends and receives signals
over the network media
93
SFP & QSFP
Transceiver Form-Factors
Small Form-factor Pluggable
-1Gbit/s fiber
Quad Small Form-factor Pluggable
-4 channel SFP = Four 1Gbit/s = 4Gbit/s
94
Duplex & BiDi
Duplex communication is two fibers; one to transmit and one to receive
Bi-Directional is two fibers that both allow transmission and reception
95
Copper patch panel
Punch-down block on one side and RJ45 connectors on the other
Allows for the run to the desk to go unchanged
96
Fiber distribution panel
* Permanent fiber installation
- Patch panel at both ends
* Fiber bend radius - Breaks when bent too tightly
* Often includes a service loop
– Extra fiber for
future changes
97
66 block
* A patch panel for analog voice
– And some digital links
* Left side is patched to the right
– Easy to follow the path
* Wire and a punch-down tool
– No additional connectors required
* Generally replaced by 110 blocks
– Still seen in many installations
98
110 block
* Wire-to-wire patch panel
– No intermediate interface required
* Replaces the 66 block
– Patch Category 5 and Category 6 cables
* Wires are “punched” into the block
– Connecting block is on top
* Additional wires punched into connecting block
– Patch the top to the bottom
99
Krone block
* An alternative to the 110 block
– Common in Europe
100
BIX
Building Industry Cross-connect
* Created in the 1970s by Northern Telecom
– A common block type
* Updated through the years
– GigaBIX performance is better than the
Category 6 cable standard
101
Baseband vs broadband
Baseband uses single frequency using the entire medium
Broadband uses many frequencies, sharing the medium
102
WDM
Wavelength-Division Multiplexing
– Bidirectional communication over a single strand of fiber
* Use different wavelengths for each carrier
– Different “colors”
103
CWDM
Coarse Wavelength-Division Multiplexing – 10GBASE-LX4 uses four 3.125 Gbit/sec carriers at four different wavelengths
104
DWDM
Dense Wavelength-Division Multiplexing
– Multiplex multiple OC carriers into a single fiber
– Add 160 signals, increase to 1.6 Tbit/s
105
127.0.0.1 - 127.255.255.254
Loopback address
106
240.0.0.1 - 254.255.255.254
Reserved addresses
Class E address
107
DHCP
Dynamic Host Configuration Protocol
– Provides automatic addresses and
IP configuration for almost all devices
108
169.265.1.0 - 169.254.254.255
APIPA
link local address
No forwarding by routers
if assigned you either are working on a network that doesn't have a DHCP server or the DHCP server is not functioning
109
NAT
Network Address Translation
When a device changes it's IP address when communicating outside the network.
Facilitated by the router; it translates the private IP address to a public IP address
110
Dual stack
hosts and routers can run both IPv4 and IPv6 simultaneously and
communicate with devices configured with either type of address.
111
NDP
Neighbor Discovery Protocol
Replaces the IPv4 ARP
Operates using multicast
performs some of the functions on an IPv6
network that ARP and ICMP perform under IPv4
112
SLAAC
Stateless Address Autoconfiguration
Automatically configure an IP address without a DHCP server
113
Port 23
Telnet
114
Port 22
SSH
Secure shell
115
Port 53
DNS
116
Port 25
SMTP
117
Port 110
POP3
118
Port 143
IMAP
119
ICMP
Internet Control Message Protocol
– “Text messaging” for your network devices
* Another protocol carried by IP – Not used for data transfer
* Devices can request and reply
to administrative requests
– Hey, are you there? / Yes, I’m right here.
* Devices can send messages when things don’t go well – That network you’re trying to reach
is not reachable from here
– Your time-to-live expired, just letting you know
120
IPSec
Internet Protocol Security
121
SOA
Start of Authority
Describes the DNS zone details
* Structure
– IN SOA (Internet zone, Start of Authority)
with name of zone
– Serial number
– Refresh, retry, and expiry timeframes – Caching duration/TTL (Time To Live)
122
(A) & (AAAA)
IPv4 address & IPv6 address
123
CNAME
Canonical name records
A name is an alias of another, canonical name
s used to configure an alias for an
existing address record (A or AAAA).
124
SRV
Service records
Find a specific service
Where is the Windows Domain Controller? Where is the instant messaging server? Where is the VoIP controller?
Identifies where a device is
125
MX
Mail exchanger record
Determines the host name for the mail server - this isn't an IP address; it's a name
126
NS
Name server record
List the name servers for a domain
NS records point to the name of the server
127
PTR
Pointer record
The reverse of an A or AAAA record
Reverse DNS lookup
128
TXT
Text record
Human readable text information
*SPF protocol
(Sender Policy Framework)
– Mail servers check that incoming mail
really did come from an authorized host
*DKIM (Domain Keys Identified Mail) – Digitally sign your outgoing mail
129
NTP
Network Time Protocol
Time synchronization for devices
130
Port 123
NTP
131
NTP Stratum Layers
Stratum 0
-atomic lock; very accurate
Stratum 1
-synchronized to stratum 0
-primary time servers
stratum 2
-sync'd to stratum 1
132
Three Tier Architecture
Core
-Web servers, databases, applications
Distribution
– A midpoint between the core and the users – Communication between access switches
– Manage the path to the end users
Access
– Where the users connect
– End stations, printers
133
SDN
Software Defined Networking
Networking devices have different functional planes of operation
– Data, control, and management planes
134
Infrastructure layer / Data plane
– Process the network frames and packets
– Forwarding, trunking, encrypting, NAT
135
Control layer / Control plane
– Manages the actions of the data plane
– Routing tables, session tables, NAT tables – Dynamic routing protocol updates
136
Application layer / Management plane
– Configure and manage the device
137
Spine and leaf architecture
* Each leaf switch connects to each spine switch
– Each spine switch connects to each leaf switch
* Leaf switches do not connect to each other – Same for spine switches
* Top-of-rack switching
– Each leaf is on the “top” of a physical network rack
– May include a group of physical racks
* Advantages
– Simple cabling, redundant, fast
* Disadvantages
– Additional switches may be costly
138
East-west traffic
– Traffic between devices in the same data center
– Relatively fast response times
139
North-south traffic
– Ingress/egress to an outside device
– A different security posture than east-west traffic
140
PBX
Private Banch Exchange
– The “phone switch”
– Connects to phone provider network – Analog telephone lines to each desk
141
VoIP PBX
– Integrate VoIP devices with a corporate phone switch
142
Distance-vector protocol
Information passed between routers contains network details
* How many “hops” away is another network?
* The deciding “vector” is the “distance”
RIP (Routing Information Protocol),
EIGRP (Enhanced Interior Gateway Routing Protocol)
143
RIP
Routing Information Protocol
Distance-vector routing protocol
144
EIGRP
Enhanced Interior Gateway Routing Protocol
Distance-vector routing protocol
145
Link-state routing protocols
Information passed between routers is related to the current connectivity
– If it’s up, you can get there.
– If it’s down, you can’t.
* Consider the speed of the link
– Faster is always better, right?
OSPF
146
BGP
Border Gateway Protocol
– Determines route based on paths, network policies, or
configured rule-sets
Hybrid routing protocols
147
Traffic Shaping
AKA packet shaping
Control by bandwidth usage or data rates
* Set important applications to have higher priorities than other apps
* Manage the Quality of Service (QoS)
– Routers, switches, firewalls, QoS devices
Prioritizing traffic types
148
What are the ethernet field frames?
Preamble
SFD
Dest. MAC
Source MAC
Type
Payload
FCS
149
Half-duplex
A device cannot send and receive simultaneously
150
Full duplex
Data can be sent and received at the same time
151
CSMA/CD
Carrier Sense Multiple Access Collision Detect
For half-duplex only
* Listen for an opening
– Don’t transmit if the network
is already busy
* Send a frame of data
– You send data whenever you can
– There’s no queue or prioritization
* If a collision occurs
– Transmit a jam signal to let everyone know
a collision has occurred
– Wait a random amount of time, then retry
152
ARP
Address Resolution Protocol
Determine a MAC address based on an IP address
153
802.3af
PoE
154
802.1Q
Ethernet trunking
155
Trunking
Adding a VLAN header to an ethernet frame
VLAN communicating over a single link between switches
156
STP
Spanning Tree Protocol
Routing loop protection between switches
157
802.1D
STP
158
STP Port States
* Blocking - Not forwarding to prevent a loop
* Listening - Not forwarding and cleaning the MAC table
* Learning - Not forwarding and adding to the MAC table
* Forwarding - Data passes through and is fully operational
* Disabled - Administrator has turned off the port
159
LAG
Link aggregation or port bonding
Multiple interfaces acts like one big interface
160
Port mirroring
– Copy traffic from one interface to another
– Used for packet captures, IDS
– Mirror traffic on the same switch
– Mirror traffic from one switch to another
* Examine a copy of the traffic
– Port mirror (SPAN), network tap
* No way to block (prevent) traffic
161
802.3x
Flow control
send message to another device to pause for a moment before sending more data
162
Straight through cable
Connect workstations to network devices
– Workstation to switch
– Router to switch
163
Crossover cable
* Connect MDI to MDI
* Connect MDI-X to MDI-X
* Auto-MDI-X is on most modern Ethernet devices – Automatically decides to cross-over
* This is obviously not 568A on one side and 568B on the other – 568A and 568B are cabling standards
– The TIA-568 standard does not define Ethernet (or other)
crossover cables
164
802.11a
5GHz
54Mb/s
small range
165
802.11b
2.4GHz
11Mb/s
long range; more frequency issues
166
802.11g
2.4GHz
54Mb/s
Backwards compatible
167
802.11n
5GHz and/or 2.4GHz
40 MHz
600 Mb/s
MIMO
168
802.11ac
5 GHz
up to 160Mhz
MU-MIMO
7 Gbps
169
802.11ax
5GHz and/or 2.4GHz
20, 40, 80, and 160 MHz
1,201 Mbps or 10Gbps
8 bidirectional MU-MIMO
170
Omnidirectional antennas
Signal is evenly distributed on all sides
* Good choice for most environments – You need coverage in all directions
* No ability to focus the signal
– A different antenna will be required
171
Yagi antenna
Very directional and high gain
172
Parabolic antenna
Focus the signal to a single point
Better for long distance
173
WPA
Replaced WEP
Uses RC4 with TKIP
174
WPA2
Uses CCMP
Has PSK brute-force problem
175
WPA3
Uses GCMP and AES and SAE
176
WPA2/3 Personal vs Enterprise
Personal will use a PSK while Enterprise will use 802.1x authentication
177
CDMA
* Code Division Multiple Access
– Everyone communicates at the same time – Each call uses a different code
– The codes are used to filter each call on the
receiving side
* Used by Verizon and Sprint
– Handsets are controlled by the network provider – Not much adoption elsewhere
178
GSM
Global System for Mobile Communications – Mobile networking standard
* 90% of the market
– Originally an EU standard - Worldwide coverage
* Used by AT&T and T-Mobile in the United States
– Move your SIM card (Subscriber Identity Module)
from phone to phone
* Original GSM standard used multiplexing – Everyone gets a little slice of time
179
LTE
Long Term Evolution (LTE) - A “4G” technology
– Converged standard (GSM and CDMA providers) – Based on GSM and
EDGE (Enhanced Data Rates for GSM Evolution
– Standard supports download rates of 150 Mbit/s
* LTE Advanced (LTE-A)
– Standard supports download rates of 300 Mbit/s
180
5G
* Significant performance improvements – At higher frequencies
– Eventually 10 gigabits per second
– Slower speeds from 100-900 Mbit/s
* Significant IoT impact
– Bandwidth becomes less of a constraint – Larger data transfers
– Faster monitoring and notification
* Additional cloud processing
181
Latency
Delay between the request and the response
182
Jitter
time between frames
183
SNMP
Simple Network Management Protocol
Database of data (MIB)
The database contains OIDs. Every variable in the MIB has a corresponding OID
184
SNMP Trap
Alarm/alert that is sent reactively to the management workstation
185
Syslog
System log collection
186
Severity Levels
0 - Emergency - The system is unusable
(kernel panic)
1 - Alert - A fault requiring immediate
remediation has occurred
2 - Critical - A fault that will require
immediate remediation is
likely to develop
3 - Error - A nonurgent fault has
developed
4 - Warning - A nonurgent fault is likely to
develop
5 - Notice - A state that could potentially
lead to an error condition
has developed
6 - Informational - A normal but reportable
event has occurred
7 - Debug - Verbose status conditions
used during development
and testing
187
Netflow
Gather traffic statistics from all traffic flows
* Probe and collector
– Probe watches network communication
– Summary records are sent to the collector
* Usually a separate reporting app – Closely tied to the collector
188
Disaster recovery plan
A comprehensive plan
– Recovery location
– Data recovery method
– Application restoration
– IT team and employee availability
189
Continuity of operations planning (COOP)
There needs to be an alternative
– Manual transactions
– Paper receipts
– Phone calls for transaction approvals
* These must be documented and tested before a problem occurs
190
System life cycle
* Managing asset disposal
– Desktops, laptops, tablets, mobile devices
* Disposal becomes a legal issue
– Some information must not be destroyed – Consider offsite storage
* You don’t want critical information in the trash – People really do dumpster dive
– Recycling can be a security concern
191
SOP
Standard operating procedures
* Organizations have different business objectives – Processes and procedures
* Operational procedures
– Downtime notifications, facilities issues
* Software upgrades - Testing, change control
* Documentation is the key
– Everyone can review and understand the policies
192
SLA
Service Level Agreement
– Minimum terms for services provided
– Uptime, response time agreement, etc.
– Commonly used between customers and service
providers
193
MOU
Memorandum of Understanding
– Both sides agree on the contents of the memorandum – Usually includes statements of confidentiality
– Informal letter of intent; not a signed contract
194
NDA
Non-disclosure agreement
Confidentiality agreement between parties
– Information in the agreement should not be disclosed
Protects confidential information – Trade secrets, business activities – Anything else listed in the NDA
Unilateral or bilateral (or multilateral) – One-way NDA or mutual NDA
Formal contract - Signatures are usually required
195
AUP
Acceptable use policies
* What is acceptable use of company assets?
– Detailed documentation
– May be documented in the Rules of Behavior
* *
Covers many topics
– Internet use, telephones, computers,
mobile devices, etc.
Used by an organization to limit legal liability – If someone is dismissed, these are the
well-documented reasons why
196
FHRP
First Hop Redundancy Protocol
– Your computer is configured with a single
default gateway
– We need a way to provide availability if the
default gateway fails
197
VRRP
Virtual Router Redundancy Protocol
– The default router isn’t real
– Devices use a virtual IP for the default gateway
– If a router disappears, another one takes its place – Data continues to flow
198
RTO
Recovery time objective
Time it takes to get the system up and running
199
RPO
Recovery Point Objective
– How much data loss is acceptable? – Bring the system back online;
how far back does data go?
200
MTTR
Mean time to repair
Time required to fix the issue
201
MTBF
Mean time between failures
Predict the time between outages
202
CIA Triad
Confidentiality
* Certain information should only be known to certain people
Integrity
* Data is stored and transferred as intended
– Any modification to the data would be identified
Availability
* Information is accessible to authorized users – Always at your fingertips
203
Zero-day attacks
The vulnerability has not been detected or published
204
RADIUS
Remote Authentication Dial-in User Service
Centralize authentication for users
– Routers, switches, firewalls
– Server authentication
– Remote VPN access, 802.1X network access
205
TACACS
Terminal Access Controller Access-Control System
– Remote authentication protocol
206
LDAP
Lightweight Directory Access Protocol
Protocol for reading and writing directories
over an IP network
LDAP is the protocol used to query
and update an X.500 directory
– Used in Windows Active Directory, Apple
OpenDirectory, OpenLDAP, etc.
207
Kerberos
Network authentication protocol
– Authenticate once, trusted by the system
208
802.1X
Port-based Network Access Control (NAC) – You don’t get access to the network until
you authenticate
209
Posture assessment
You can’t trust everyone’s computer
– BYOD (Bring Your Own Device)
– Malware infections / missing anti-malware – Unauthorized applications
Before connecting to the network, perform a health check – Is it a trusted device?
– Is it running anti-virus? Which one? Is it updated?
– Are the corporate applications installed?
– Is it a mobile device? Is the disk encrypted?
– The type of device doesn’t matter - Windows, Mac,
Linux, iOS, Android
210
SIEM
Security Information and Event Management – Logging of security events and information
* Security alerts
– Real-time information
* Log aggregation and long-term storage
– Usually includes advanced reporting features
* Data correlation
– Link diverse data types
* Forensic analysis
– Gather details after an event
211
DoS
Denial of service
* Force a service to fail – Overload the service
211
On-path Attacks
man-in-the-middle
attacker sits between you and your destination
Redirects your traffic
– Then passes it on to the destination
– You never know your traffic was redirected
* ARP poisoning
– ARP has no security
– On-path attack on the local IP subnet
212
DNS poisoning
Modify the DNS server
– Requires some crafty hacking
* Modify the client host file
– The host file takes precedent over DNS queries
Send a fake response to a valid DNS request
– Requires a redirection of the original request or the
resulting response
– Real-time redirection
– This is an on-path attack
213
VLAN hopping
“Hop” to another VLAN - this shouldn’t happen
* Two primary methods
– Switch spoofing and double tagging
214
Rogue DHCP server
IP addresses assigned by a non-authorized server – There’s no inherent security in DHCP
* Client is assigned an invalid or duplicate address – Intermittent connectivity, no connectivity
215
DAI
Dynamic ARP inspection
Prevent those nasty on-path attacks
– Stops ARP poisoning at the switch levelq
216
DHCP snooping
IP tracking on a layer 2 device (switch)
– The switch is a DHCP firewall
– Trusted: Routers, switches, DHCP servers
– Untrusted: Other computers, unofficial DHCP servers
* Switch watches for DHCP conversations
– Adds a list of untrusted devices to a table
* Filters invalid IP and DHCP information – Static IP addresses
– Devices acting as DHCP servers
* Other invalid traffic patterns
217
Rolled cable
standard for RJ-45 to serial communications
Connect to Ethernet devices without using a switch – Use your crossover cable
218
802.3af
PoE
219
Attenuation
Gradual diminishing of signal over distance
220
Port 1433
Microsoft sql
221
Port 3306
mysql
222
Port 1521
sqlnet
223
