Tech Fundamentals Flashcards
YAML (YAML ain’t markup language)
It’s a language for definning data or configuration, which is designed to be human readable.
- Is one of the languages which CloudFormation uses for its templates
YAML Document is an unordered collection of key-value pairs separated by a colon, each key has a value
key: value »_space;»»»> cat1: roffle (keys and values are strings)
YAML also supports number (1 or 2…), floating point (1.337), boolean (true or false), and null
YAML Introduction - List
YAML supports orther types and one of those are lists known as Arrays.
A list is an ordered set of values, and in YAML we can represent a list by having a key, in this care “adrianscats” and then as a value we might have something that looks like this:
adriancats: [“roffle”, “truffles”, “penny”, “winkie”] = a comma separated a set of values inside square brackets (this is known as inline format, where the list is placed where you expect the value to be after the key and the colon)
Also can be represented like this:
adrianscats:
- “roffle”
- “truffles”
- “penny”
- “winkie”
Indentation matters in YAML, it shows “roffle”, “truffles”, “penny” and “winkie” are part of the value for adrianscats
The “-“ means each item is a member of a list, same indentation = same list.
YAML Introduction - Structure
A dictionary is just a data structure, it’s a collection of one or more key value pairs, which are unordered.
adrianscats:
- name: roffle
color: [black, white]
- name: truffles
color: “mixed”
numbereyes: 1
Using YAML - key:value pairs, Lists and Dictionaries allows you to build complex data structures in a way which is human readable
JavaScript Object Notation (JSON)
Is a lightweight data-interchange format. It’s easy for humans to read and write. It’s easy for machines to parse and generate.
Is an alternative format, In AWS is only used for CloudFormation and other things such as policy documents, which are used within AWS for permissions.
JSON doesn’t care about indentation because everything is enclosed in some things, braces or brackets.
There are two main elements that you need to understand if you want to be competent with JSON:
- Object = Unordered set of key:value pairs enclosed by { & }:
{“roffle: “cat”, “sparky”: “dog”}
YAML dictionary = JSON object
-Array = Ordered collection of values, separated by commas & Enclosed in [ & ]:
[ “cat”, “cat”, “chicken”, “cat”]
YAML list = JSON Array
Values = string, object, number, array, true, false, null
Encryption Approaches
- Encryption at Rest = Is designed to protect against physical theft and physical tampering (One entity involved)
- Encryption in Transit = Aimed at protecting data while it’s being transferred between two places (Multiple individuals or systems)
Encryption does not prove identity.
Encryption Concepts
- Plaintext = Is un-encrypted data, it can be text, documents, images or an application. Plaintext is data that you can load into an application and use, or you can load and inmediately read that data.
- Algorithm = Is a piece of code or a piece of maths which takes plain text and an encryption key, and it generates encrypted data. When an algorithm is being used, it needs the plain text and a key. (AES,DES)
- Key = Is technically a password. When an algorithm takes plain text and the key, the output that it generates is ciphertext.
- Ciphertext = Isn’t always text data, is just encrypted data
So the relationship between all these things is that encryption, it takes plain text, it uses an algorithm and a key, and it uses those things to create a ciphertext
Decryption is just the reverse, it takes ciphertext, it takes a key and it generates plaintext
Symmetric & Asymmetric
- Symmetric = keys are used as part of a symmetric encryption process. The same key is used for both the encryption and decryption processes. (great for local file encryption, not useful where the data needs to be transferred between two parties, because arranging the transit of the key is the problem)
- Asymmetric = The keys used in asymmetric encryption are themselfs asymmetric. These are formed of two parts, a public key and a private key (in order to transfer, both sides need both keys).
A public key can be used to generate ciphertext, which can ONLY be decrypted by the private key. (used where two or more parties are involved)
Signing & Steganography
- Signing = Person 1, uses his private key to sign a document and then sends it to Person2, after that, Person2 uses Person1’s public key to verify that the document was signed using its matching private key. (generally used for ID verification and certain log on systems)
- Steganography =The problem of encryption is that, if you use it, it’s obvious that you’ve used it. Steganography is a method of hiding something in something else, like a ciphertext in an image.
OSI 7-Layer Model
- Networking Stack = All 7 layers of the OSI model
- Media Layers = Layers 1-3
Dealing with how data is moved between point A and point B, and these could be in the same local network or on opposite sides of the planet.
- Host Layers = Layers 3-7
How the data is chopped up and reassembled for transport, and how it’s formatted so that it’s understandable by both sides of a network connection.
Layer 1 - Physical
- Physical shared medium
- Standards for transmitting onto the medium (voltage levels, timing, rates, distances, modulation and connectors.)
- Standards for receiving from the medium
- There are no individual device addresses
- All data is processed by all devices
- No media access control and no collision detection
If multiple things transmit on the same layer one physical medium, then collisions occur and render all of the information useless.
Layer 2 - Data Link
- Allows multiple devices to coexist
- Identify devices using MAC addresses for every device on a network (48 bits) (Globally unique)
- Uses Layer 1 to perform the physical communication
- Provides frames = are a format for sending information over a layer 2 network
- Provides control access (sharing)
- Collision detection = Checks for any carrier before it instructs Layer 1 to transmit (avoiding collisions) but if they both trasmit at the same time and a collision is detected, then a jam signal is sent by all of the devices which detect it and then a random back off occurs, after this the transmission is retried.
- Unicast communication (1 to 1)
- Broadcast communication (ALL)
- Switches undestand frames and MAC addresses. They maintain a MAC address table which starts off empty. As the switch receives frames on its ports, it learns which devices are connected and populates the mac address table.
-Each port on the switch has a separate collision domain
Encapsulation = process of taking some data, wrapping it in something else.
Layer 3 - Network
- Internet Protocol (IP), is a Layer-3 protocol which adds cross-network IP addressing and routing to move data between Local Area Networks without direct P2P links
- ARP - Find the MAC address, for this IP
- Routers move packets from SRC to DST accross different networks, they remove frame encapsulation and add new frame encapsulation at every hop. (encapsulation means that an IP packet is put inside an ethernet frame for that part of the journey, then when it needs to be moved into a new network, that particular frame is removed, a new one is added around the same packet and it’s moved onto the next local network)
- Route Tables - Multiple Routes
- Allows communication device to device over the internet
Layer 3 - Problems
- No ordering mechanism
- Different packets can experience different delays
- No method for channels of communications - packets have a source and destination IP but no method of splitting by ARP or CHANNEL
- No flow control, if the source transmit faster than the destination can receive it can saturate the destination causing packet loss
IP Addressing (v4)
Ip addressing is what identifies a device which uses layer 3 IP networking
They are formed by two different parts
* The network which states which IP network the IP address belongs to
* The host which represents hosts on that network
- The entire IP address is 32 bits in size, so four sets of eight bits, and each of these eight bits is known as an octet.
- Default Gateway is an IP address on the local network which packets are forwarded to generally if the intended destination is not a local IP address.
- Subnet Mask = Allows a host to determine if an IP address needs to communicate with is local or remote - which influences if it needs to use a gateway or can communicate locally.
Route Tables & Routes /// Address Resolution Protocol (ARP)
- Route Tables & Routes
A route table is a collection of routes, each row in the table will have a destination field and next to it will have a new hop or a target field. The router compares packet destination IP and route table for matching destinations. The more specific prefixes are preferred (0 lowest, 32 highest)
Routing as a process is where packets are forwarded or routed hop by hop across the internet from source to destination (route tables enables this)
- Address Resolution Protocol (ARP)
This protocol is used generally when you have a layer 3 packet and you want to encapsulate it inside a frame and then send that frame to a MAC address. ARP will give you the MAC address for a given IP address.
Layer 4 - Transport
- Transmission Control Protocol (TCP) = Is a connection-oriented protocol, you need to set up a connection between two devices and once set up, it creates a bidirectional channel of communications
Reliability, error correction and ordering of data. It’s used for most of the important application layer protocols, such as HTTP, HTTPS, SSH and so on.
- User Datagram Protocol (UDP) = Is faster and less reliable because it doesn’t have the TCP overhead required for the reliable delivery of data
Both of these run on top of IP and both of them add a collection of features depending on which one of them is used. (they use IP as transit)
TCP Segments
Is just a container for data, like packets and frames before them. They are contained in which is known as encapsulated within IP packets.
- TCP segments add source and destination ports and this gives the combined TCP IP protocol the ability to have multiple streams of conversations at the same time between two devices.
- Also have a sequence number which is a way of uniquely identifying a particular segment within a particular connection so that both sides can make observations about it.
- The acknowledgement field is the way that one side can indicate that it’s received up to and including a certain sequence number, every segments which is transmitted needs to be acknowledged.
- Flags are used to close the connection or to synchronize sequence numbers.
- Window defines the number of bites that you indicate that you’re willing to receive between acknowledgements. Once reached, the sender will pause until you acknowledge that amount of data, and this is how flow control is implemented, it lets the receiver control the rate at which the sender sends data
- Checksum are used for error checking.
All of these fields together are known as “TCP Header”
TCP 3-Way Handshake
Flags can be set to alter the connection. FIN can be used to close, ACK for acknowledgments, SYN to synchronise sequence numbers.
- Client > SYN > Server = Send a segment with SYN sequence set ‘cs’ (ISN) Initial sequence number
- Server > SYN-ACK > Client = Pick random ISN sequence ‘ss’ Sends Segment - SYN & ACK Acknowledge set to ‘cs+1’
- Client > ACK > Server = Sends segment with ACK set to ‘ss+1’, I’ve received ‘ss’, send ‘ss+1’ Sequence set to cs+1
Network Address Translation (NAT)
NAT’s a process which is designed to address the growing shortage of IP version 4 addresses, these are either publicly routable or private address.
- Translate IPv4 addresses to Public
- Publicly routable addresses are assigned by a central agency and regional agencies, which in turn assign them to ISP’s and these ISP’s allocate them to business or consumer end users (they need to be globally unique)
- Private addresses, such as those in the 10.0.0.0 range, can be used in multiple places, but can’t be routed over the internet and so to give internet access to private devices, we need to use network address translation (NAT)
Types of NAT
- Static NAT = translate from 1 private address to 1 (fixed) public address (IGW) (giving that private address access to the public internet). The router maintains a NAT table to translate. (AWS Internet Gateway) (Permanent Public IP)
- Dynamic NAT = translate from 1 private address to 1st available Public address (you have a pool of public ip addresses to use and these are allocated as needed). This method of NAT is used when you have a large number of private addresses and want them all to have internet access via public IPs, but when you have less public IP addresses than private IP addresses. (Temporarily Public IP)
- Port Address Translation (PAT) = Allows a large number of private devices to share one public address. (AWS NAT Gateway)
The NAT Device records the source (Private) IP and Source Port. It replaces the source IP with the single Public IP and a public sources port allocated from a pool which allows IP Overloading (many to one)
IPv4 Address Space
- Class A = Generally used for huge networks, these were allocated to huge businesses or organizations which had an internet presence in the early days of the internet
Start 0.0.0.0 - End 127.255.255.255
- Class B = Used for larger businesses which didn’t need a Class A allocation, these are now generally allocated to the regional authorities and they manage them and allocate them out to any organization who requests and can justify addresses in this range
Start 128.0.0.0.0 - End 191.255.255.255
- Class C = Start 192.0.0.0 - End 191.255.255.255
- Class D = Used for multicast
- Class E = Is reserved
Private IPv4 Address Space
Often used within cloud environments, and it’s generally chopped up into smaller sub networks
- 10.0.0.0 - 10.255.255.255 (1 x Class A Network)
- 172.16.0.0 - 172.31.255.255 (16 x Class B Network)
- 192.168.0.0 - 192.168.255.255 (256 x Class C Network)
When possible, you should always aim to allocate non-overlapping ranges to all of your networks
IP Subnetting
Subnetting is the process of breaking networks up into smaller pieces
“The larger the prefix value, the smaller the network”
Example: 10.16.0.0/16 > Split network in 2 > 10.16.0.0/17
> 10.16.128.0/17
Distributed Denial of Service (DDoS)
Distributed Denial of Service (DDoS)
-Attacks designed to overload websites
-Compete against ‘legitimate connections’
-Distributed - hard to block individual IPs/Ranges
Common Attacks:
-Application Layer - HTTP Flood = These take advantage of the imbalance of preprocessing between client and server
-Protocol Attack - SYN Flood = Takes advantage of the connection based nature of requests. SYN floods spoof a source IP address and initiate the connection attempt with a server, the server tries to perform step two of the handshake, but i can’t contact the source address because is spoofed. (this consumes network resources)
-Volumetric - DNS Aplification = Attacker leverages the functionality of open DNS resolvers in order to overwhelm a target server or network with an amplified amount of traffic, rendering the server and its surrounding infrastructure inaccessible.
-DDoS attacks are often orchestrated by one or small number of people who are in control of huge botnets. Botnets are constructed machines such as your laptop, infected with malware.
