Telecommunications and Network Security Flashcards
IPv6
39-digit number in decimal larger and simpler than IPv4.
Does IPv6 hosts needs a DHCP
no, because IPv6 hosts can statelessly autoconfigure a unique IPv6 address, omitting the need for static addressing or DHCP. It takes the host’s MAC address and uses it to configure the IPv6 address.
What is RFC 1918 addresses?
* 10.0.0.0–10.255.255.255 (10.0.0.0/8)
- 172.16.0.0–172.31.255.255 (172.16.0.0/12)
- 192.168.0.0–192.168.255.255 (192.168.0.0/16)
Three new TCP flags were added
CWR (Congestion Window Reduced)
ECE (Explicit Congestion Notification Echo),
NS (Nonce Sum)
These flags are used to manage congestion (slowness) along a network path.
SNMP agents use what port?
UDP port 161
coaxial network cable
has an inner copper core separated by an insulator from a metallic braid or shield. The outer layer is a plastic sheath.
Fiber Optics
made from a very narrow glass or plastic fiber that is surrounded by and the cladding in turn is covered by a protective sheath. Fiber optics emit extremely small amounts of energy from the cable, data cannot be as easily intercepted. Fiber optics are more difficult to wiretap.
FDDI (Fiber Distributed Data Interface)
legacy LAN technology, running a logical network ring (token-passing ) via a primary and secondary counter-rotating fiber optic ring.
The secondary ring was typically used for fault tolerance. Runs at 100 MBPS speed using light Not effected by EMI
FDDI-2 allows for fixed bandwidth to be assigned unlike FDDI and not affected by EMI.
T1
a 1.544-megabit circuit that carries 24 64-bit DS0 (DigitalSignal0) channels.
T3
28 bundled T1s, forming a 44.736-megabit circuit.
E1
is a dedicated 2.048-megabit circuit that carries 30 channels.
E3
16 bundled E1s, forming a 34.368-megabit circuit.
SONET
carries multiple T-carrier circuits via fiber optic cable. SONET uses a physical fiber ring for redundancy.
X.25
is an older packet-switched WAN protocol.
Transmit data over long distances in the 1970s though early 1990s via analog modem.
Separate from the global IP-based Internet.
Performs error correction that can add latency on long links and can carry TCP/IP.
It uses virtual circuits instead of dedicated ones.
Frame Relay
a Layer 2 WAN protocol, no error recovery and focuses on speed.
Frame Relay multiplexes multiple logical connections over a single physical connection to create Virtual Circuits; this shared bandwidth model is an alternative to dedicated circuits such as T1s.
Frame Relay can carry TCP/IP.
Like X.25, it uses virtual circuits instead of dedicated ones.
Asynchronous Transfer Mode (ATM)
Not a packet-switch based network. Reliable network comparing to Ethernet
Multiprotocol Label Switching (MPLS)
forward WAN data via labels through a shared MPLS cloud network, such as ATM, Frame Relay and IP.
A technical solution for the QoS, speed, and security problems facing the Internet.
Improved routing performance. gives service providers the ability to create VPNs without the need of end user applications.
Synchronous Data Link Control (SDLC) is
synchronous Layer 2 WAN protocol that uses polling to transmit data. Polling is similar to token passing; the difference is that a primary node polls secondary nodes, which can transmit data when polled.
High-Level Data Link Control (HDLC)
the successor to SDLC. HDLC adds error correction and flow control, as well as two additional modes (ARM and ABM). Three modes: NRM, ARM, and ABM
Normal Response Mode (NRM)
Secondary nodes can transmit when given permission by the primary.
Asynchronous Response Mode (ARM
Secondary nodes may initiate communication with the primary.
Asynchronous Balanced Mode (ABM)
Combined mode where nodes may act as primary or secondary, initiating transmissions without receiving permission.
Routing protocols come in two basic varieties:
o Interior Gateway Protocols (IGPs) such as RIP and OSPF used by Private network. o Exterior Gateway Protocols (EGPs), such as BGP are used on public networks.
Distance vector routing protocols
uses metrics, which is hop count prone to routing loops, where packets loop between two routers. Ex. RIP and OSPF
RIP
a distance vector routing protocol that uses hop count as it’s metric.
It does not have a full view of a network: It can only “see“directly connected routers.
Convergence is slow.
RIP sends routing updates every 30 seconds regardless of routing changes.
RIP’s maximum hop count is 15; 16 is considered “infinite.”.
Disadvantage of RIP
increases network congestion
Only works with classful network, and there is no way for a router to verify the trustworthiness of a route update from its neighbors.
Hold-down timers, split horizon, and poison reverse are small fixes that do not compensate for RIP’s weaknesses.
RIP uses split horizon to help avoid routing loops.
RIP uses a hold-down timer to avoid flapping (repeatedly changing a route’s status from up to down).
RIPv2
used in a network with different subnet masks and authenticate with other routers using MD5. RIPv2 added support for CIDR.
What RIP can do to avoid routing loop?
RIP can use split horizon to help avoid routing loops
Poison reverse
Distance vector routing protocol safeguard that sets a bad route to infinity. Can be used in addition to split horizon
Link-state routing protocols
additional metrics for determining the best route, including bandwidth, latency and QoS. Ex. OSPF
o Open Shortest Path First (OSPF)
an open link-state routing protocol. It learns the entire network topology for their area the lowest cost paths to a destination. OSPF routers send event-driven updates. If a network is converged for a week, the OSPF routers will send no updates.
Stateful matching IDS`
scans for attack signatures in the context of a stream of traffic or overall system behavior rather than the individual packets.
Statistical anomaly-based IDS
Analyzes event data by comparing it to typical, known, or predicted traffic profiles by analyzing event data and identifying patterns of entries that deviate from a predicted norm. Very effective and, at a very high level. It can detect unknown attacks. Tuning the IDS can be challenging and, if not performed regularly, the system will be prone to false positives. Not suitable in large enterprises.
Protocol anomaly-based IDS
identifies any unacceptable deviation from expected behavior based well-known or well-defined protocols within an environment. Ex: HTTP session Specific protocol analysis modules may have to be added or customized to deal with unique or new protocols or unusual use of standard protocols.
Traffic anomaly-based IDS
dentifies any unacceptable deviation from expected behavior based on actual traffic structure. When a session is established between systems, there is typically an expected pattern and behavior to the traffic transmitted in that session. That traffic can be compared to expected traffic conduct based on the understandings of traditional system interaction for that type of connection.
Land attack
It uses a spoofed SYN packet that includes the victim’s IP address as both source and destination.
Smurf attack
which involves ICMP flooding.
The attacker sends ICMP Echo Request messages with spoofed source addresses of the victim to the directed broadcast address of a network known to be a Smurf amplifier.
Key points about CHAP
not susceptible to replay attacks.
relies on a shared secret: the password
Chap uses Link Control Protocol (LCP) to create an initial connection.
CHAP uses three-way authentication process.
CHAP is an authentication scheme used by Point to Point Protocol (PPP) servers to validate the identity of remote clients.
A drawback of CHAP
the server stores plaintext passwords of each client.
What layer does EAP provides?
layer 2
802.1X
802.1X is Port-Based Network Access Control (PBNAC) and includes the Extensible Authentication Protocol (EAP).
Serial Line Internet Protocol (SLIP)
is a Layer 2 protocol and older dial-up connection protocol, which requires IP assigned to both ends and it uses asynchronous connections such as serial lines and modems. No built-in confidentiality, integrity, or authentication. SLIP replaced with PPP.
PPP (Point-to-Point Protocol)
a Layer 2 protocol adds confidentiality, integrity, and authentication via point-to-point links. Replace SLIP supports authentication: PAP, CHAP and EAP.
PPTP
tunnels PPP via IP uses Generic Routing Encapsulation (GRE) to pass PPP via IP. Uses TCP for a control channel (using TCP port 1723). A key weakness of PPTP is: it derives its encryption key from the user’s password. This violates the cryptographic principle of randomness.
Layer 2 Tunneling Protocol (L2TP) combines
PPTP and Layer 2 Forwarding (L2F), designed to tunnel PPP.
It focuses on authentication and does not provide confidentiality
Unlike PPTP, L2TP can also be used on non-IP networks, such as ATM.
Internet Key Exchange (IKE) protocol
a key management protocol standard negotiates the algorithm selection process.
Two sides of an IPsec tunnel will typically use IKE to negotiate to the highest and fastest level of security.
IPSec can however, be configured without IKE by manually.
IPsec security association (SA)
is a simplex (one-way) connection that may be used to negotiate ESP or AH parameters.
In phase 1, IKE creates an authenticated, secure channel between the two IKE peers, called the IKE security association. The Diffie-Hellman key agreement is always performed in this phase.
In phase 2 IKE negotiates the IPSec security associations and generates the required key material for IPSec.
Security Parameter Index (SPI)
a unique 32-bit number, which identifies each simplex SA connection.
ISAKMP manages the SA creation process.
Which attack is effective against IPsec?
man-in-the-middle
What is the default encryption potocol for IPsec?
Cipher Block Chaining (CBC) mode
SRTP uses for security
AES for confidentiality and SHA-1 for integrity.
What are the methods for sending traffic via a radio band?
Frequency Hopping Spread Spectrum (FHSS) Direct Sequence Spread Spectrum (DSSS) Both DSSS and FHSS are designed to maximize throughput while minimizing the effects of interference
Direct Sequence Spread Spectrum (DSSS)
uses the entire band at once, “spreading” the signal throughout the band. By spreading the signal over a wider band, the signal is less susceptible to interference.
Frequency-Hopping Spread Spectrum (FHSS)
uses a number of small-frequency channels throughout the band and “hops” through them in pseudorandom order.
Orthogonal Frequency-Division Multiplexing (OFDM)
is a newer multiplexing method, allowing simultaneous transmission using multiple independent wireless frequencies that do not interfere with each other.
Frequency Division Multiple Access (FDMA)
used in analog cellular only. It subdivides a frequency band into sub-bands and assigns an analog conversation to each sub-band.
WPA2 uses
uses AES encryption to provide confidentiality CCMP (Counter Mode CBC MAC Protocol) to create a Message Integrity Check (MIC), which provides integrity.
What is Bluetooth cipher type and what frequency?
uses the 128-bit E0 symmetric stream cipher.
802.15, PAN and 2.4GHZ.
WPA uses
RC4 for confidentiality and TKIP for integrity
ISDN
D channel for control signals - 16K B channel for sending voice/data - 64K
NIS weakness
It does not authenticate individual RPC requests can be used to spoof responses to NIS requests from a client.
What is the maximum upstream and downstream rate of HDSL transmitted over two copper twisted pairs?
1.544 megabits per second (Mbps)
What are the transmission rates of Very high bit-rate Digital Subscriber Line (VDSL)?
52 Mbps downstream and 12 Mbps upstream
Which type of frame includes a two-byte Type field?
an Ethernet II frame
Which layer is OSPF located?
Layer 3 of the OSI model
Which wireless mode allows wireless computers to connect to a LAN, a WAN, or the Internet?
Infrastructure mode
What are the three physical elements of fiber-optic cable?
the core, the cladding, and the jacket
What is the purpose of an inverse multiplexer?
to group several leased lines together for fault tolerance purposes
Which type of cable uses LC, SC, and ST connectors?
fiber-optic cable
Which protocol is a combination of PPTP and L2F?
Layer 2 Tunneling Protocol (L2TP)
Which switching method copies an entire frame to its buffer, computes the cyclic redundancy check (CRC), and discards frames containing errors?
store-and-forward switching
Which layer PPTP is located?
Layer 5 of OSI
What is Global Information Grid ?
DoD global network, one of the largest private networks.
What bootstrap ports use?
UDP port 67 for servers and UDP port 68 for clients.
Fraggle attack -
a variation of the Smurf attack. While Smurf uses ICMP, Fraggle uses UDP port 7 and often stimulates an ICMP Port Unreachable message.
Session hijacking
involves a combination of sniffing and spoofing in order for the attacker to masquerade as one or both ends of an established connection.
What post used by VNC?
TCP 5900
HDSL (High-data-rate DSL)
matches SDSL speeds using two pairs of copper; HDSL is used to provide inexpensive T1 service.
Network File System (NFS), Common Internet File System (CIFS), and Server Message Block (SMB) are all protocols used by
network-attached storage (NAS)
What is rthe pirpose of Network File System (NFS)?
used to enable two different types of file systems to interoperate. NFS attacks: drawbacks are due to their rather basic authentication mechanisms.
Modbus and Fieldbus are standard
standard industrial communication protocols designed by separate groups - SCADA.
The focus of the design is not security; rather it is uptime and control of devices.
Many of these protocols send information in clear text across transmission media, and the devices they support require little or no authentication to execute commands on a device
What is the name of the standrd that uses 802.5
Toket Ring
What si the name of the data in data-link layer?
Frame
What is the name of the data in network layer?
packet or datagram
What si the name of the data in transport layer?
segment
What is the size of UPD header?
What is the size of TCP header?
8
20
What is challeneging fotr active FTP through fiorewall?
A challenging protocol because the server initiates the data channel connection to client.
What is SSL protocol primary use?
is to authenticate the client to the server using public key cryptography and digital certificates.
he authentication of the client side only comes with version 3.0.
Application whitelisting
determines in advance which binaries are considered safe to execute. A weakness is when a “known good” binary is exploited by an attacker and used maliciously. Application whitelisting is superior to application blacklisting. This technique can prevent a previously unknown attack from being successful.
What is the purpose of TCP Sequence number?
Guarantee message delivery.
TCP uses a sequence number to identify each byte of data.
