Technologies And Tools Flashcards
Layers of the OSI Model
Physical Data Network Transport Session Presentation Application
Define IP
Internet Protocol, delivers packets across layer 3
Define TCP
Transmission Control Protocol
TCP Flags
Syn opens connect
Fin terminates connect
Ack acknowledges request
Define UDP
User Data Protocol
Primary difference between UDP and TCP
UDP does not send acknowledge responses (one way comms)
TCP is connection oriented
DNS Look Up Port Number
53 via UDP
FTP Port Number
21
SSH Port Number
22
RDP Port Number
3389
SMTP Port Number
25 Unencrypted
465 Encrypted
POP Port Number
110 Unencryted
995 Encrypted
IMAP Port Number
143 Unencrypted
993 Encrypted
HTTP Port Number
80
HTTPS Port Number
443 with SSL
Purpose of a Switch
Create Networks on layers 2 and limited layer 3
Purpose of Routers
Connect networks via ACL
Purpose of Bridges
Connect only two nets over layer 2 between MAC addresses
Purpose of a Media Gateway
Translate between network types (i.e. 3G, 4G, LTE, etc)
Define a Stateful Firewall
Tracks outgoing communications to determine open connections
Purpose of Explicit Deny Rule
To generate logs, implicit deny is not logged.
Firewall Positioning
typically between router and internet
Difference between a Forward Proxy and Reverse Proxy
Forward Proxy is on client’s side (i.e. a web browser)
Reverse Proxy is on a server’s side
Purpose of a Transparent Proxy
Also called “In-line, intercepting, or forced” proxy
Intercepts connection between client and server without modifying requests and responses.
Load Balancer Modes
Round-Robin Scheduling
Session Persistance
VPN Types
Site-to-site
Remote Access
VPN Endpoints
Firewalls
Routers
Servers
VPN Concentrators (for high volume)
VPN Modes
Full Tunnel
Split Tunnel
IPsec Functions
Adds security to TCP/IP via: Internet Key Exchange (IKE) Encapsulating Sec Payload (ESP) for Confidentiality Authentication Header (AH) *Not compatible for dynamic NAT
Define NIDS
Network Intrusion Detection System
Define NIPS
Network Intrusion Prevention System
Define HIPS
Host Intrusion Prevention System
Define HIDS
Host Intrusion Detection System
Detection Methods
Signature Based
Anomaly/Behavior/Heuristic Based
Define OAuth
Federated SSO for web authorization
Define Open ID Connect
Authentication protocol for OAuth
Firewall Rule Configuration Errors
Shadowed Rules
Promiscuous Rules
Orphaned Rules
Define a Shadow Rule
Rule never reached due to placement order
Define a Promiscuous Rule
Overly broad permissions
Define an Orphaned Rule
Rule built for decommissioned networks or systems
Types of Flooding Attacks
SYN flood
MAC flood
Define STP and Purpose
Spanning Tree Protocol, prever loops in IP/MAC addressing
Network Monitoring Modes
Full Packet Capture
Net Flow Data
Information in Net Flow Data
Source and Destination IP/Ports
Time
Amount of Data
SNMP PDU Types
GetRequest SetRequest GetNextRequest GetBulkRequest Response Trap InformRequest
Storage Network Types
Network Attached Storage (NAS), file servers
Storage Area Network (SAN), raw disks
802.11 Network speed and frequency
2 Mbps on 2.4 GHz
802.11b Network speed and frequency
11 Mbps on 2.4 GHz
802.11g Network speed and frequency
22 Mbps on 2.4 GHz
802.11n Network speed and frequency
600 Mbps on 2.4/5 GHz
802.11ac Network Speeds
1 Gbps
Wireless Authentication Methods
Pre-shared Keys
Enterprise Authentication
Pre-Shared Key Types
Hexadecimal String
Passwords
Enterprise Authentication Types
LEAP
EAP
PEAP
LEAP Algorithm Types
MS-CHAP (insecure)
EAP Algorithm Types
TLS
TTLS
MD5 (Insecure)
FAST
Define PEAP
EAP tunneled in encrypted TLS
Wireless Antennae Types
Omni-Directional
Directional
Beam forming (Virtual Directional)
WAP HW Types
Fat; contain hardware and software
Thin; contain hardware only, configured via wireless controller
Define WORM
Write Once Read Many, permanent logs sent to SIEMs
Define NTP
Network Time Protocol, sync devices to centralized time server
DLP Environments
Host
Network
Cloud
DLP Methods
Pattern matching
Watermarking
802.1x Protocol Components
Supplicant
Switch/Authenticator
Server
NAC/NAP Postures
Persistent Agent
Dissolvable
Agentless
Purpose of Protocol Analyzers
Packet sniffing; monitor network traffic and sort by protocol
Purpose of Network Scanners
Detect active systems
OS Fingerprinting
Common Command Line Networking Prompts
Ping Traceroute/tracert Ifconfig/ipconfig Arp Netstat/ss Nc Dig/nslookup
Ping Command Function
Check remote system accessibility over ICMP
Traceroute/tracert Command Function
Determine network path to destination
Devices listed as *** do not self-identify
Ifconfig/ipconfig Command Function
View or change configuration
Arp Command Function
View ARP cache on local network
Netstat/ss Command Function
View all active network connections;
- a (listening and non-listening sockets)
- l (listening sockets)
- s (statistics for each protocol)
- i (table of network interfaces)
Nc Command Function
Send and receive raw code over network
Not available on windows
Dig/nslookup Command Function
Correlate IP addresses and domain names over DNS
Telnet Secure Alternative
SSH
FTP Secure Alternative
SFTP
HTTP Secure Alternative
HTTPS using SSL
Network Level Additional Protection Measures
VPN
SSH Tunneling
Types of Certificate Errors
Expired
Mismatched Names
Untrusted CA
Revoked
Request for Change (RFC) Components
Description Impact Risks Mitigation Users Schedule Affected Systems
Difference between Configuration and Change Management
Configuration Management is for specific products
Change Management is for systems and processes
OS Security Issues
Baseline Settings
Patch Management
System Hardening
Application Control Methods
White Listing
Black Listing
Mobile Networking Methods
Cellular WiFi SAT Comms NFC Bluetooth ANT Infrared USB
MDM Solutions/Uses
Configuration Management
Prevent user modifications
Revoke access/remote wipe
Application Control
Define Containerization
Separate memory allocation for secure/unsecured or business/personal
Define geolocation
Track location information
Purpose of Geofencing
Alert when leaving area
Limit access to specific area
MDM Solutions Circumvention
Side loading
Jailbreaking
Mobile Deployment Methods
BYOD
CYOD
COPE
COBO
SNMPv1 and 2 Vulnerability
Plain Text Authentication
WPS Brute Force Protection
Disable WPS
Update firmware
WEP Encryption
RC4
WPA Encryption
TKIP
WPA2 Encryption
AES:
CBC-MAC for integrity
CCMP for key rotation
IV Role
Build decryption table
Compute RC4 key stream
Define EFS
Encryption File System, allows for encryption of individual files or folders
Define ANT
Adaptive Network Topology
Proprietary tech used primarily for sports and health
Private IP Address Ranges
- 0.0.1-10.255.255.255
- 16.0.1-172.31.255.255
- 168.0.1-192.168.255.255
Benefits of Immutable Systems
Lower IT Complexity
Easy to Troubleshoot
Purpose of Collectors
Receive sensory input
DNSSEC Key Distribution Steps between Servers
Sign a zone
Share DNS folder
Import DNSSEC key
APT Threat Prevention
Restrict administrative privileges
Application whitelisting
Patch updates for applications, OS, firmware for systems and network devices
Define a Null Ciphers
Simple form of steganography hiding a message in a larger message or mass of characters requiring a cipher to decrypt (also called a concealment cipher)
Define a Visual Semagram
Form of steganography hiding a message in an image (real or digital)
Define a Text Semagram
Form of steganography hiding a message in a text based on text characteristics
LDAP Protocol Methods
SSL (layer 5)
TLS (layer 4-7?)
Common Banner Grabbing Tools
Telnet Wget cURL NMAP Nc DMitry
Define a Credentialed Scan
Scan conducted from an account on the network
WYOD Protections
EMM Remote wipe
Ability to disable bluetooth connectivity
Access Point Setup Features
MAC Filtering Encryption Algorithm Key length Default Passwords Maximum users
Meaning of DEP Value of 0
Always off
Meaning of DEP Value of 1
Always on
Meaning of DEP Value of 2
On for windows binary files
Meaning of DEP Value of 3
On for all programs and services
Define DEP
Data Execution Prevention
802.11a speed and frequency
5 Mbps on 2.4 GHz
Types of Vulnerability Scanner Tools
Nessus
Retina Vulnerability Assessment Scanner
Microsoft Baseline Security Analyzer (MBSA)
MBSA Scan Features
Open Ports Active IP Addresses Running applications/services Missing critical patches Default user account which have not been disabled Default, blank, or common passwords
Define OVAL
Open Vulnerability and Assessment Language; international standard for testing, analyzing, and reporting the security vulnerabilities of a system
MDM Location Tracking Accuracy (Most to least)
GPS
Wi-Fi Triangulation
Cell phone tower triangulation
IP Address resolution
Define MEM and purpose
Mobile Endpoint Managment; automate asset tracking and inventory control process
Define a Trunk port
A member of all VLANs defined on a switch for carrying traffic between switches
Define Windows Intune
Windows RT tablet management solution
Windows Intune Features
Admin Portal: Remote wipe and password changes
Account Portal: Manage subscriptions, users, groups and domains
Company Portal: End user manager their own accounts and enroll devices
Difference between Application Aware Firewall, IDS/IPS, and Proxy
Firewall: enforce security rules
IDS/IPS: analyze network packets
Proxy: Improve performance and content filtering
IPsec NAP Enforcement Method
Issued certificates prior to network connection
Switch and WAP Access Control Method
MAC address filtering
Least Secure Location for Omni-Directional Antennae
Against a perimeter wall/window
DTP Vulnerability
potential for unauthorized devices to modify configuration information
Define DTP
Data Trunking Protocol; automatically detects ports that are trunk ports and negotiate the trunking protocol between devices
VLAN Creation Hardware
A Switch, switch port is used to identify which VLAN a device belongs to
Define a NIC
Network Interface Controller, by default only accepts frames addressed to that specific NIC
Purpose of a Network Hub
Sends packets to all device ports
Define Network Bonding
Logically groups two or more network adapters for a single network connection
Explain Network Communication Security Setting Configuration
Managed by a GPO computer policy
Define User Rights
Special category of computer policies that identify maintenance tasks and the users/groups who can perform said actions
NAC/NAP Components
Health validation,
802.1x authentication,
IPsec enforcement
GPO Application Order
Local Group Policy,
GPO’s linked to the site,
GPO’s linked to the user/computer domain,
GPO’s linked to the organizational unit (OU) from highest to lowest
DLP Monitoring States
Data in use on endpoints,
Data in motion transmitted over a network,
Data at rest on a storage medium,
Data transmitted to/from cloud-based systems
Key Exchange Protocols
TLS: DH or RSA
SSL: KEA or RSA
IPsec: IKE
Define IDEA
International Data Encryption Algorithm, symmetric-key block cipher
SSH Algorithms
IDEA (default)
Blowfish
DES
Explain the purpose of Firewall Logs
Identify traffic allowed or denied through the firewall (servers running specific services, device communicating via specific ports, etc.)
Explain the purpose of Systems Logs
Record OS, system, and HW events (logons, logon attempts, user rights, etc.)
Explain the purpose of Application Logs
Record actions performed by applications
Explain the purpose of Performance Logs
Record information about system resources (network connections, processors, memory, disks, and network utilization)
Archived Logs Primary Considerations
Disk space required
Backup requirements on the server
Time stamping
Integrity of the logs
Application Level Audit Components
Logon/Logon Attempts
User Name
Start/End Time of access
Activities performed
Purpose of Promiscuous Mode (p-mode)
Visibility for packet sniffers viewing captured frames sent to a NIC
Purpose of a Throughput Tester
Measure the amount of data that can be transferred through a network (aka bandwidth)
Linux TCP Port Scan Command
nmap -sT
Linux UDP Port Scan Command
nmap -sU
Purpose of TPM
Generate and store cryptographic keys
Generate hash values of system components
Linux server Installed Software RPM Package List Command
yum list installed