Telecom and Network Sec Flashcards
hub
repeater with more than 2 ports; has 1 collision domain; half-duplex device
LLC
Link Layer Control: handles LAN communications; touches layer 3
Telnet
application layer TCP/IP protocol: provides terminal emulation over a network; port 23; weka, no confidentiality; data tx in plaintext
packet-switched networks
data is broken into packets, each sent individually. Unused bandwidth is available for other connections
OSI Layer 4
Transport: handles packet sequencing, flow control, error detection; protocols include TCP, UDP
SNMP
simple network management protocol: application layer TCP/IP protocol; used to monitor network devices; port UDP 161; SNMPv3 provides CIA via encryption
Token Ring
attached resource computer network: LAN Tech/protocol; legacy LAN technology; pass network traffic via tokens
FDDI
Fiber Distributed Data Interface: LAN Tech/protocol; legacy LAN using fiber and token bus
BGP
border gateway protocol: routing protocol used on internet between autonomous systems; considered a path vector routing protocol
802.11
most common form of wireless data networking standard
DCE
Data circuit-terminating equipment: aka data communcations equip; networks DTEs (ie router); DCE marks end of ISP’s network and connects to the DTE
CHAP
challenge handshake authentication protocol: more secure, not susceptible to replay attacks; relies on shared secret password
RSN
robust security network: allows changs to cryptographic ciphers as new vulnerabilities arise; aka WPA2 and uses AES encryption (or TKIP)
OSI Model
network model with 7 layers: physical, data link, netork, transport, session, presentation, and application
broadcast
one-to-all on a LAN
HDLC modes
NRM (normal response mode)2ndary nodes transmit when given permission by primary; ARM (asynchronous response mode)2ndary nodes may inititate comm with primary; ABM (asynchronous balanced mode)nodes may act as primary or 2ndary initiating tx w/o permission
circuit-level proxies
operate at layer 5; filters more protocols
TCP/IP Layer 1
Network access layer=OSI layer 1/2; describes bits and medium used to carry them, converting bits into protocol units (like ethernet frames, MAC addresses, NICs)
Ipv4
32-bit addresses in dotted quad format
WAP
wireless application protocol: designed to provide secure web services to handheld devices
RFID
radio frequency identification: 3 types: active (has battery broadcasts), semi-passive (has battery but uses reader’s signal for power), passive (uses readers signal for power)
802.11n
144+ Mbps - 2.4/5 GHz
SSID
service set identifier: acts as a network name; normally broadcast
broadband networks
mhave multiple channels and can send multiple signeals at a time
bastian host
any host placed on the internet not protected by another device; must protect themselves and be hardened; usually provide a specific service
classless inter-domain routing
/8 for Class A because first 8 bits are for network. /16 for class B; class C /24; Class D /32
screened host
older flat network design using one router to filter external traffic to and from a bastion host via an ACL
TCP/IP Layer 4
Application Layer=OSI layer 5/6/7; most protocols here use client-server architecture
AS
authentication server: server that authenticates a supplicant
traceroute
uses ICMP time exceeded to tace a network route
TLS
transport layer security: latest version of SSL
loopback addresses
127.0.0.0 or ::1
802.11a
54 Mbps - 5 GHz
analog
continuous wave of information
EUI-64
standard for 64 bit MAC addresses; OUI still 24 bits, but serial number is 40 bits
convergence
all routers on a network agree on the state of routing
DHCP
Dynamic Host Configuration protocol: application layer TCP/IP protocol; designed to replace and improve BOOTP; pool of IP addresses
IPS
intrusion protection system: preventive device designed to prevent malicious actions
full-duplex
communication sends and receives simultaneously (like a phone)
802.11i
first 802.11 standard with reasonable security
digital
communications transfer data in bits (1’s and 0’s)
DTE
Data terminal equipment; network terminal (desktop, server, etc)
socket pair
unique connection between two nodes: sorce port, source IP, Destination port, destination IP
DNS
Domain Name Server: application layer TCP/IP protocol; distributed global hierarchical database that translates names to IP addresses and back; uses TCP and UDP; unreliable; no authentication
RIP
routing information protocol: maximum hop count=15; distance vector routing protocol using hops as metric; used split horizon to help avoid routing loops; ; limited protocol; slow convergence
TCP flags
URG-Urgent; ACK-acknowledge data; PSH-push data to application layer; RST-reset (teardown) connection; SYN-synchronize connection; FIN-finish connection; CWR-congestion window reduced; ECE-explicit congestion notification echo; NS-Nonce sum
Fiber Optic
long distance (> 50 mi), no EMI; multimode=shorter distance, multiple paths of light; singlemode=longer distance, high speed network
IDS
intrusion detection system: detective device designed to detect malicious actions
Anomaly detction
anomaly detection IDS works by establishing a baseline of normal traffic, then ignores that traffic
DSSS
direct sequence spread spectrum: uses entire band at once, spreading the signal throughout the band
tree
LAN physical topology; aka hierarchical network; n/w with root node and branch nodes that are at least 3 levels deep (2 levels make a star)
RDP
remote desktop protocol: different session
AutoRun
best practice to disable AutoRun on microsoft operating systems (in association with removable media)
bluejacking
sending unsolicited messages
ring
LAN physical topology; dominant plysical topology; better fault tolerance; more expensive;
DSL
digital Subscriber Line: copper pair; 10 Mbs+
antivirus
most commonly deployed endpoint security product
IPv6
128-bit addresses
protocol behavior
protocol behavior IDS works by modeling the way protocols should work, often analyzing RFC
promiscuous
allows access to all unicast traffic on a newtork segment
NIPS
network intrusion prevention system: main difference in NIDS and NIPS is NIPS alters traffic
SLIP
serial line internet protocol: layer 2 protocol provides IP connectivity via asynchronous connections such as serial lines and modems
bluesnarking
taking info via bluetooth network
mesh
LAN physical topology; interconnects nodes with each other; high availability
packet filter and stateful firewalls
devices that filter traffic based on OSI layer 3 (IP addresses) and layer 4 (ports); packet less secure, stateful more secure but slower
ACL
access control List: tells who can gain access to a resource
WPA2
wi-fi-protected access 2: aka RSN
HDLC
high-level data link control: WAN technology/protocol; successor to SDLC; adds error correction and flow control
MPLS
multiprotocol label switching: WAN technology/protocol; uses labels and carries ATM, rame relay, IP and others
authenticator
device such as an access point that allows a supplicant to authenticate and connect
Pool NAT
reserves a number of public IP addresses in a pool; these are used, then returned to the pool
VNC
virtual network computing: same session
DNS cache poisoning attack
triacks a cachign DNS server into caching a forged response
Baseband networks
one channel and can send only one signal at a time (Ethernet is baseband)
OSI Layer 2
data link: handles access to the physical layer as well as LAN communication; includes ethernet card (and MAC address), switches, bridges; divided in 2: Media Access Control (MAC) and Logical Link Control (LLC)
routers
layer 3 device that routes traffic from one LAN to another; are default gateways
Ping
sends an ICMP echo request to a node and listens for a reply
bluetooth
802.15; PAN technology; operates in 2.4 GHz; short distances; must pair devices
IMAP
internet message access protocol: application layer TCP/IP protocol; client-server e-mail access
listen
socket that is waiting for a connection
encapsulation
takes information from a higher layer and addes header to it
Ipsec
designed to privde CIA via encryption for IPv6 and now ported to IPv4; suite of protocols: ESP and AH
OSI Layer 7
application: where you interface with your computer application; web browser, word processor; protocols include Telnet, FTP
malware
malicious software
TCP/IP Layer 2
Internet Layer=OSI layer 3; IP address/routing live here
network model
description of how a network protocol suite operates (such as OSI or TCP/IP models)
explain 100base T
100=speed base=baseband T=twisted pair
OSPF
open shortest path first: open link state routing protocol learns the entire network topology for their area; send event driven updates; fast convergence
HTTP/HTTPS
Hypertext transfer protocol (secure): application layer TCP/IP protocol; used to transfer web=based data (secure via SSL/TLS); HTML used to display web content
802.11g
54 Mbps - 2.4 GHz
switch
layer 2 device that carries traffic on one LAN based on media access control (MAC) addresses
ARP
Address resolution protocol: used to translate between layer 2 MAC address and layer 3 IP address
MAC
Media Access Control: transfers data to and from physical layer; touches layer 1; unique hardware address of an Ethernet NIC; 48 bits long, 1st 24 form Organizationally Unique Identifier, 2nd 24 form serial #
Internet
global collection of peereed networks running TCP/IP providing best-effort service
UDP scans
sends UDP packets to ports and listens for answers; harder and slower then TCP scans
half-duplex
communication sends or receives at one time only (walkie talkie)
TCP/IP Layer 3
Host-to-Host Transport Layer=OSI layer 4; connects inernet layer to application layer; where applications are addressed on a network, via ports; TCP and UDP are 2 transport layer protocols of TCP/IP
pattern matching
pattern matching IDS works by comparing events to static signatures
SSH
Secure shell: application layer TCP/IP protocol; secure replacement for telnet, FTP and “r” commands; provides confidentiality, intregrity, and secure authentication; port 22
VLAN
virtual LAN: aka virtual switch
TCP/IP model
simplet network model with 4 layers: network access, Internet, transport, and application
types of Scans
attackers scan networks from layers 2-7
roaming infected laptop
addressed by EAP
NAT
network address translation: used to translate RFC 1918 addresses as they pass from intranets to the internet; 3 types: static NAT, Pool NAT, Port Address Translation (PAT); hides origin of a packet
honeypot
system designed to attract attackers; consult with legal before deploying honeypots
POPv3
post office protocol version 3: application layer TCP/IP protocol; client-server e-mail access
SONET
synchronous optical network uses multiple T carrier circuits via fiber; physical fiber ring for redundancy
CSMA
Carrier Sense Multiple access: method used by ehternet networks to allow shared usage of a baseband network and avoid collisions
802.11i
wireless security standard; describes RSN
Difference between a Smurf attack and Fraggle attack
Both are denial of service attacks: smurf=TCP; Fraggle=UDP
802.11b
11 Mbps - 2.4 GHz
router
layer 3 device that routes traffic from one LAN to another based on IP addresses
Extranet
connection between private intranets
DMZ
demilitarized Zone: implies 2 firewall DMZ; servers that receive traffic from untrusted networks should be on DMZ networks
PPTP
point-to-point tunneling protocol: tunnels PPP via IP; uses generic routing encapsulation to pass PPP via IP and TCP for a control channel
OSI Layer 6
presentation: presents data to the application (and user); ASCII, JPEG, GIF, TIFF exist here
RTP
real-time Transport protocol: designed to carry streaming audio and video
supplicant
an 802.1x client
bridge
layer 2 device with two ports and connets network segments together; has two collision domains
coaxial cable
inner copper core, insulator, shield, plastic sheath; used for satellite/cable tv; more resistant to EMI; higher bandwidth; longer connections than UTP
TKIP
temporal key integrity protocol: uses River Cipher 4 (RC4); used by WPA2
PDA
personal digital assistant: two major issues: loss of data due to theft, wireless security
FTP
File Transfer Protol: application layer TCP/IP protocol used to transfer files to/from servers; no confidentiality or integrity; ports 20/21
Bus
LAN physical topology; connects network nodes in a string; one break brings down entire network
LAND attack
single packet denial of service attack
VPN
virtual private network: secure data sent via insecure networks
UTP categories
Unshielded Twisted Pair: Cat 1
SPAN ports
switched port analyzer: mirrors traffic from multiple switch ports to one SPAN port; drawback is port bandwidth overload
application whitelisting
determines in advance which binaries are considered safe to execute on a given system, denies all other binaries tyring to executre
FHSS
frequency hopping spread spectrum: uses a number of small freq channels throughout the bnd and hops through them in pseudo random order
QoS
Quality of Service: often applied to Voice over IP; gives specific traffic precedence over other traffic
SMTP
simple mail trasnfer protocol: application layer TCP/IP protocol; used to transfer email between servers
IGP
interior gateway protocol (RIP, OSPF); routing protocol; support layer 3
UDP
user datagram protocol: simplet and faster; no handshake, session, or reliability “send and pray”; used with applications that can handle loss
T1, T3, E1, E3
WAN technology/protocol; T1=1.544 mb/24 64-bit channels; T3=28 bundled T1’s (45 Mb); E1=2.048 mb/30 channels; E3=16 E1 (34.368 Mb)
types of IDS events
true positive, true negative, false positive, false negative
tripwire
well known HIDS
hacker
someone who uses technology in ways the creators did not intend
dual-homed host
has 2 NIC?one to trusted network, one to untrusted network
OSI Layer 1
physical: describes units of data as bits; devices include hubs and repeaters, cabling standards like thinknet, thicknet, UTP
TCP
Transmission Control Protocol: reliable layer 4 protocol; uses a 3-way handshake to create reliable connections; can reorder out of order segments
network stack
network protocol suite programmed in software or hardware
proxy firewall
act as intermediary servers; terminates connections
SIP
session initiation protocol: includes session teardown
IPv4 Classes
Class A: 0.0.0.0-127.255.255.255 Class B: 128.0.0.0-191.255.255.255 Class C: 192.0.0.0-223.255.255.255 Class D: 224.0.0.0-239.255.255.255 Class E: 240.0.0.0-255.255.255.255
static NAT
makes a one-to-one translation between addresses
802.1x
port-based network access control and includes EAP,
three Ipsec architectures
host-to-gateway; gateway-to-gateway; host-to-host
OSI Layer 3
Network: moving data from a asystem on one LAN to a system on another; IP addresses and routers exists here; protocols include IPv4, IPv6
VoiP
voice over internet protocol: carries voice via data networks; can easedrop easily with wireshark
PAT
many-to-one translations
OSI Layer 5
Session: manages sessnios; remote procedure calls exist here; “Connections between applications”; uses simples, half/full duplex
static route
fixed routing entries; great for simple network with limited or no redundancy
HIPS
host intrusion prevention system: like NIPS only for a host
demarc
where DTE and DCE meet?marks the end of ISP responsibility and beginning of users responsibility
x.25
WAN technology/protocol; older packet-switched WAN protocol; cost effective over long distances
ARP scan
layer 2 scan that sends ARP requests for each IP address on subnet learning MAC addresses of systems that answer
SOCKS
circuit-level proxy uses TCP port 1080
SSL
secure socket layer: designed to protect HTTP data
FF:FF:FF:FF:FF:FF
ethernet broadcast address
MODEM
modulator/demodulator: takes binary data and modulates it into analog sound, then reverses it
nonce
small random string server sends as a challenge in CHAP
DSL speeds
ADSL 1.5-9 Mbps down - 16-640 kbps up - 18k ft SDSL & HDSL 1.544 Mbps down - 1.5444 Mbps up - 10k ft VDSL 20-50 Mbps down - up to 20 Mbps up - < 5k ft
TFTP
Trivial FTP: application layer TCP/IP protocol; simpler way to transfer files; no authentication, confidentiality, or integrity; port UDP 69
DNSSEC
Domain name server security extensions: provides authentication and integrtiy via PKI; no confidentiality
EAP
extensible authentication protocol: very secure; layer 2, port based
CSMA/CA & CD
Collision detection (ethernet) and collision avoidance (wireless)
ATM
Asynchronouse transfer mode: WAN technology/protocol; uses fixed length cells of 53 bytes; reliable
RFC 1918
private IPv4 addresses that may be sued for internal traffic that does not route via the Internet
NIDS
network intrusion detection system: detects malicious traffic on a network; usually require promiscuous network access; passive devices
802.11
2 Mbps - 2.4 GHz
unicast
one-to-one traffic like client surfing the web
TCP Scan
sends a TCP SYN and records who responds, then leaves half-open connections
ICMP
internet control message protocol: helper protocol at layer 3 used to troubleshoot and report error conditions; echo request, echo reply, time to live are here
Faraday cage
shields things from EMI
ARCNET
attached resource computer network: LAN Tech/protocol; legacy LAN technology; pass network traffic via tokens
PPP
point-to-point protocol: layer 2 protocol replaced SLIP; HDLC based and adds CIA via point-to-point links; support synchronous links and asynchronous links
simplex
one-way communication
snort
open source NIDS and NIPS
multicast
one-to-many and the many is preselected
firewall
filter traffic between networks; TCP/IP packet filter and stateful firewalls=layer3/4; proxy firewalls=layer 5/6/7; they are multi-homed and have multiple NICs
WEP
wired equivalent privacy: critically weak; new attacks can break WEP key in minutes; little integrity or confidentialiyt; 24 bit initialization vector
Protocol Data Units
TCP/IP - Layer 4= TCP segment, Layer 3=IP Packet, Layer 2=Ethernet Frame, Layer 1=bits
Ethernet
LAN Tech/protocol; dominant LAN technology transmits network data via frames
switch
bridge with more than two ports; provides traffic isolation
HIDS
host intrusion detection system: like NIDS only for a host
repeater
layer 1 device; receives bits on one pot and repeats them out on the other; no understanding of protocols; they extend a network
ISDN
integrated services digital network: early attmpt to provide digital service via “copper pair”
packet-switched network
form of networking where bandwidth is shared and data is carried in units called packets
EGP
exterior gateway protocol (BGP): routing protocol; support layer 3
OFDM
orthogonal frequency division multiplexing: allows simultaneous transmission using multiple independent wireless feqs that don’t interfer with each other
TCP SYN flood
TCP denial of service attack; attacker sends many SYN, but never ACK resulting in half-open connections
Intranet
privately owned network running TCP/IP (like a company network)
L2TP
layer 2 tunneling protocol: combines PPTP and layer 2 forwarding; focuses on authentication and does not provide confidentiality; frequirently used with Ipsec to provide encryption
TPM
trusted platform module: installed on motherboard dedicated to carrying out security functions that involve storage and processing of keys, hashes, digital certs
circuit-switched networks
provide dedicated bandwidth to point to point connections, such as a T1 connecting 2 offices
teardrop attack
denial of service attack that relies on fragmentation reassembly; attacker sends multiple large overlapping IP fragments
application-layer proxy firewall
operate up to layer 7
BOOTP
Bootstrap protocol: application layer TCP/IP protocol; used for bootstrappig via a network by diskless systems
demultiplexing/de-encapsulation
removal of header info as data moves up the stack
PAP
password authentication protocol; very weak authentication protocol; sends username/password in clear text
LAN, MAN, WAN, GAN, PAN
Local Area Network, Metro Area Network, Wide Area Network, Global Area Network, Personal Area Network
socket
combination of an IP address and TCP/UDP port on one node
network taps
preferred way to provide promiscuous network access; can “Fail open” so traffic will pass in event of a failure
SDLC
synchronous data link control: WAN technology/protocol; layer 2 WAN protocol that uses polling to transmit data
Frame relay
WAN technology/protocol; packet-switched layer 2 WAN protocol provides no error recovery and focuses on speed; multiplexes multiple logical connnections over a single physical connection
