Telecommunications & Network Security Flashcards
What are the 7 layers of the OSI Model
Physical Data Network Transport Session Presentation Application
What is Data encapsulation?
In the OSI Model, Data encapsulation wraps protocol information from the layer immediately above in the data section of the layer immediately below.
What are the 4 common network topologies in use today?
Star
Mesh
Ring
Bus
Which is the most common network topology in use today? Ring, Bus, Star, Mesh
Star
In which topology are all systems interconnected to provide multiple paths to all other resources.
Star, bus, mesh or ring
Mesh
In which topology is each individual node connected to a switch, hub or concentrator?
Star, Mesh, Bus, Ring
Star
Which network topology is commonly used for the most critical network components, ie routers, switches servers by using multiple NICs, server clustering, etc. to eliminate single points of failure?
Mesh, Bus, Ring, Star
Mesh
In which network topology does traffic travel in a single direction?
Star, Bus, Ring, Mesh
Ring
In which network topology are all devices connected via a single cable that’s terminated on both ends
Star, Bus, Mesh, Ring
Bus
What are the 4 basic cable types used in networks?
coaxial, twin-axial, twisted pair and fibre optic
Which type of cable is commonly used for cable or satellite television receivers?
twin-axial, coaxial, twisted pair, fibre optic
coaxial
Which type of signal conveys information in a series or pulses through the presence or absence of electrical signals as opposed to wave frequencies?
Digital or Analog
Digital
Which type of cable is used to achieve high transmission speeds over short distances (often used by SAN’s or switches connecting critical servers to a high speed core)
coaxial, fibre optic, twin-axial, twisted pair
Twin-Axial
What is Bit Error Ratio?
It’s the ratio of incorrectly received bits to total received bits over a specified period of time
Which cable is the most common cable used by LAN’s today?
Coaxial, Twisted pair, Fibre-optic, twin-axial
twisted pair
Twisted pair cabling can be shielded or unshielded. What are the benefits of shielded with regards security?
Reduces electromagnetic emissions which can be intercepted by an attacker. Also protects it from EMI and RFI from other sources.
Which term refers to the study of electromagnetic emissions from computers or related equipment?
TEMPEST
Which type of CAT cables are available as Shielded Twisted pair only
CAT 7 and CAT 7a
Which type of cable uses light signals as opposed to electrical signals?
twisted pair, coaxial, twin-axial, fibre optic
fibre optic
Which cable has the advantage or high speed, long distance and best resistance to interference and interference?
twisted pair, coaxial, fibre optic, twin-axial
fibre optic
At which layer of the OSI model are network topologies, cable/connector types and interfaces defined
Physical
At which layer of the OSI model are NIC cards used?
Physical
Which type of card is used to connect a computer to a network?
NIC card
What is the term used for a device that amplifies a signal to compensate for attenuation (signal loss)?
Repeater
What two devices connect LAN segments together such as servers and workstations?
Hub (concentrator) and Switch
What are the two basic types of hubs?
Active and Passive
What s the difference between a hub and switch?
A switch sends packets to destination devices as opposed to a hub which will send packets to all devices on the network.
At which two layers of the OSI model can a switch operate?
Physical and Data
Which layer ensures that messages are delivered to the proper device across a physical network link?
Data
Which layer formats messages form layers above into frames for transmission, handles point to point synchronisation and error control and can perform link encryption
Data
What are the two sub layers of the Data layer?
Logical Link Control and Media Access Control
Which Data sub layer handles flow control and controls sequencing and acknowledgement of frames?
Logical Link Control (operates between the network layer above and sub MAC layer below)
Which Data sub layer performs error control, identifies the hardware device and controls media access?
Media Access Control (operates between the LLC sub layer above and Physical layer below)
How many bits are used in a MAC address?
48 bits
A MAC address is split into two 24-bit portions? Which portion identifies the device?
Second portion
What are the 3 basic types of media access?
Contention
Token Passing
Polling
In which media access type must devices viefor control of the physical network medium? contention, token passing or polling?
Contention
In which media access type must individual devices wait for a special frame before transmitting data across the physical network medium? contention, token passing or polling?
token passing
In which media access type are devices checked to see whether they have any data to transmit? contention, token passing, polling?
Polling
What are 3 common examples of a wide area network? (WAN)
- Internet
- Intranet
- Extranet
What is the purpose of the OSI Model?
to facilitate interoperability between network devices independent on the manufacturer.
What are 5 benefits of the OSI model?
- clarifies general functions of a communications process.
- reduces complex networking processes into simpler sub-layers and components.
- Promotes interoperability by defining standard interfaces
- Aids development by allowing vendors to change individual features at a single layer, instead of rebuilding the entire stack
- Facilitates easier troubleshooting
Which type of network connects an individuals electronic devices together or to a larger network? Personal Area Network (PAN) Storage Area Network (SAN) Virtual Local Area Network (VLAN) Wireless Local Area Network (WLAN) Campus Area Network (CAN) Metropolitan Area Network (MAN) Value-added network (VAN)
Personal Area Network (PAN)
Which type of network connects servers to a separate physical storage device? Personal Area Network (PAN) Storage Area Network (SAN) Virtual Local Area Network (VLAN) Wireless Local Area Network (WLAN) Campus Area Network (CAN) Metropolitan Area Network (MAN) Value-added network (VAN)
Storage Area Network (SAN)
Which type of network is implemented on network switches in a LAN as a way of logically grouping users and resources together? Personal Area Network (PAN) Storage Area Network (SAN) Virtual Local Area Network (VLAN) Wireless Local Area Network (WLAN) Campus Area Network (CAN) Metropolitan Area Network (MAN) Value-added network (VAN)
Virtual Local Area Network (VLAN)
Which type of network connects multiple buildings across a high performance backbone? Personal Area Network (PAN) Storage Area Network (SAN) Virtual Local Area Network (VLAN) Wireless Local Area Network (WLAN) Campus Area Network (CAN) Metropolitan Area Network (MAN) Value-added network (VAN)
Campus Area Network (CAN)
Which type of network extends across a large area such as a small city? Personal Area Network (PAN) Storage Area Network (SAN) Virtual Local Area Network (VLAN) Wireless Local Area Network (WLAN) Campus Area Network (CAN) Metropolitan Area Network (MAN) Value-added network (VAN)
Metropolitan Area Network (MAN)
Which type of network is a type of extranet? Personal Area Network (PAN) Storage Area Network (SAN) Virtual Local Area Network (VLAN) Wireless Local Area Network (WLAN) Campus Area Network (CAN) Metropolitan Area Network (MAN) Value-added network (VAN)
Value-added network (VAN)
Which type of network topology is commonly used in token-ring or FDDI networks? Star Mesh Bus Ring
Ring
Which two types of network topology has a single point of failure? Star Mesh Bus Ring
Bus and Ring
What are the characteristics of a coaxial cable?
- single solid copper wire sourrounded by a plastic or teflon insulator, braided metal shielding with a plastic wrap.
- durable and resistant to EMI and RFI.
- commonly used to connectcable /satellite tv
What are the two types of coaxial cable?
Thick (RG8 or RG11) screw type
Thin (RG58) bayonet type
What are the characteristics of twin-axial cable?
- similar to coax cable but consists of two solid copper wires
- used to achieve high data transmission speeds over very short distances at low cost
- typically used for SANs or top of rack switches that connect critical servers to a high sped core.
- also low transceiver latency, power consumption and Bit Error ratio (BER)
- durable and resistant to EMI and RFI.
What are the characteristics of a twisted pair cable?
- most popular LAN cable in use today
- lightweight, flexible, inexpensive
- consists of 4 copper wire pairs twisted together to improve transmission and reduce crosstalk and attenuation.
What is crosstalk in relation to cabling?
occurs when a signal transmitted over one channel or circuit negatively affects the signal transmitted over another.
What is attenuation in relation to cabling?
gradual loss of intensity of a wave as it travels over a medium
Which 4 twisted pair cables are defined as standards by TIA/EIA?
Cat 3, Cat 5e, Cat 6, Cat 6a
Which 3 twisted pair cables are typically used in network today?
Cat 5, Cat 5e, Cat 6
What are the characteristics of a fibre optic cable?
- most expensive most most reliable
- typically used in backbone and HA networks (FDDI)
- uses light signals rather than electrical signals
- high speed, long distance and best resistance to interference, inference
Which type of cabling has the least resistance to EMI/RFI?
Fibre, twisted pair (UTP/STP), coax cable, twin-coax cable
Unshielded twisted pair, followed by shielded twisted pair
What is the difference between a passive and active hub?
Passive: data enters one port and exits all others without any signal amplification or re-regeneration
Active: Combines the features of a passive hub and repeater. (Multi-port repeater)
What is the process used by the MAC sub-layer for error checking?
- uses a cyclic redundancy check (CRC): a simple mathematical calculation or checksum used to create a message profile.
- CRC is re-calculated by the receiving device.
- If calculated CRC does not match received CRC, then packet is dropped and request to re-send is transmitted.
LAN protocols are defined at the Data Link layer. What are 6 common types?
ARCnet Ethernet Token-Ring Fiber Distributed Data Interface (FDDI) Address Resolution Protocol (ARP) Reverse Address Resolution Protocol (RARP)
Which LAN protocol has the following characteristics?
- one of the earliest LAN technologies
- transports data to the physical LAN medium using the token passing media access method
implemented in star topology using coaxial cable
- provides slow but predictable network performance
ARCnet
Which LAN protocol has the following characteristics?
- transports data to the physical LAN medium using CSMA/CD
- designed for networks characterised by sporadic, sometimes heavy traffic requirements
- most common LAN protocol
- most often implemented with twisted pair
- normally operates at speeds of 10, 100 or 1000Mbps
Ethernet
Which LAN protocol has the following characteristics?
- transports data to the physical LAN medium using the token passing media access method
- all nodes are attached to a multi-station access unit (MSAU) in a logical ring topology
- one node is designated as the active monitor ensuring that no more than one token is one the network at any one given time
- operate at speed of 4 and 16 Mbps
Token-ring
Which LAN protocol has the following characteristics?
- transports data to the physical LAN medium using the token passing media access method
- implemented as a dual counter rotating ring over fiber at speeds up to 100 Mbps
- All stations on network are connected to both rings
- in event of a fault the ring wraps back round to the nearest node on the secondary ring
Fiber Distributed Data Interface (FDDI)
Which LAN protocol has the following characteristics?
- maps an IP to a MAC
Address Resolution Protocol (ARP)
Which LAN protocol has the following characteristics?
- maps MAC to an IP
- necessary when a system such as a disk-less machine needs to discover its own IP
Reverse Address Resolution Protocol (RARP)
LAN data transmission are classified into 3 categories. What are they?
Unitcast: packets sent from source to single destination
Broadcast: packets sent to every device on network using broadcast address.
Multi-cast: packets copied and sent from source to multiple destinations using special Multi-cast IP
WLAN standards
Type, Speed, Description
- 802.11a, 54Mbps, Operates at 5GHz (less interference than 2.4GHz,
- 802.11b, 11Mbps, Operates at 2.4GHz (first used protocol)
- 802.11g, 54Mbps, Operates at 2.4GHz (backward compatible with 802.11b)
- 802.11n, 600Mbps, Operates at 5GHz or 2.4 GHz
At which 3 layers do WAN technologies operate at?
Physical, Data (primary) and Network
What are 5 types of WAN protocols?
- Point to Point Links
- Circuit switched networks
- Packet switched networks
- High level data link controls (HLDC)
- Synchronous Data Link Control (SDLC)
What is a Point to Point Link?
a pre-established WAN comms path from customer network across a carrier network to a remote network
Point to Point Links include which 5 protocols?
- Layer 2 Forwarding Protocol (L2F)
- layer 2 Tunnelling Protocol (L2TP)
- Point to Point Protocol (PPP)
- Point to Point tunnelling protocol (PPTP)
- Serial Line IP (SLIP)
Which Point to Point Link protocol has the following characteristics?
- a tunnelling (data encapsulation) protocol used to implement VPN’s, specifically PPP traffic.
- doesn’t provide encryption or confidentiality
Layer 2 Forwarding Protocol (L2F)
Which Point to Point Link protocol has the following characteristics?
- a tunnelling protocol used to implement VPN’s
- is derived from L2F and PPTP
- uses UDP port 1701 to create a tunnelling session
- commonly implemented with an encryption protocol such as IPSec.
layer 2 Tunnelling Protocol (L2TP)
Which Point to Point Link protocol has the following characteristics?
- is a successor to SLIP
- provides router to router and host to network connections over synchronous and asynchronous circuits
- more robust than SLIP and provides additional in-built security mechanisms
- Point to Point Protocol (PPP)
Which Point to Point Link protocol has the following characteristics?
- tunnelling protocol developed by Microsoft and commonly used to implement VPN’s, specifically PPP traffic
- doesn’t provide encryption or confidentiality, instead relying on other protocols such as CHAP, PAP, EAP, etc.
- Point to Point tunnelling protocol (PPTP)
Which Point to Point Link protocol has the following characteristics?
- the predecessor of PPP
- originally developed for lines such as dial up modems using TCP/IP networking.
- Serial Line IP (SLIP)
What is a circuit switched network?
- a dedicated, physical circuit path is established, maintained and terminated between the sender and receiver across a carrier network for each communications message (the call)
- used extensively in telephone company networks
What are 3 examples of circuit switched networks?
- Digital Subscriber Line (xDSL)
- Data Over Cable Services Interface Specification (DOCSIS)
- Integrated Services Digital Network (ISDN)
Circuit switched networks are ideally suited for which type of traffic?
Always on (constant)
Which circuit switched network has the following characteristics?
- uses existing analog phone lines to deliver high bandwidth connectivity to remote customers
Digital Subscriber Line (xDSL)
Which circuit switched network has the following characteristics?
- communications protocol for transmitting high speed data over an existing cable TV system
Data Over Cable Services Interface Specification (DOCSIS)
Which circuit switched network has the following characteristics?
- communications protocol that operates over analog phone lines that have been converted to use digital signalling
- capable of transmitting both voice and data traffic
-
- Integrated Services Digital Network (ISDN)
xDSL examples
- ADSL & ADSL 2: asymmetric digital subscriber line. delivers higher bandwidth downstream than upstream, ie from central office to customer site
- SDSL: single line digital subscriber line. designed to deliver high bandwidth both upstream and downstream using twisted copper pair.
- HDSL: High rate Digital Subscriber Line. High bandwidth both upstream and downstream using twisted copper pair. commonly used for T1.
- VDSL: Subscriber Line; designed to deliver extremely high bandwidth over a single copper twisted pair (VDSL2 provides simultaneous upstream/downstream)
Which xDSL line has the highest operating range?
ADSL & ADSL 2
Which xDSL line can deliver the highest downstream bandwidth?
VDSL
Which xDSL line can deliver the highest upstream bandwidth?
ADSL & ADSL 2
What are the two IDSN service levels?
Basic Rate Interference (BRI)
Primary rate Interference (PRI) (quicker)
What are the characteristics of a packet switched network?
- devices share bandwidth on communications links to transport packets between a sender and receiver over a carrier network
- more resilient to error and congestion that circuit switched networks
name 6 types of packet switched networks?
- Asynchronous Transfer Mode (ATM)
- Frame Relay
- Multi-Protocol Label Switching (MPLS)
- Synchronous Optical Network (SONET) and Synchronous Digital Hierarchy (SDH)
- Switched Multi-megabit Data Service (SMDS)
- X.25
Which type of packet switched network has the following characteristics?
- very high speed, low delay technology that uses switching and multi-plexing techniques to rapidly relay fixed length cells containing voice, video, data
- Cell processing occurs in hardware that reduces transit delays
- ideally suited for fiber-optic networks that handle bursty uneven traffic
Asynchronous Transfer Mode (ATM)
Which type of packet switched network has the following characteristics?
- a packet switched standard protocol that handles multiple virtual circuits by using High Level Data Link Control (HDLC) encapsulation between connect devices.
- has no error connection or high speeds
- can be used on SVC’s (Switched Virtual Circuit) or PVC’s (Permanent Virtual Circuit)
- Frame Relay
Which type of packet switched network has the following characteristics?
- a high speed, highly scalable, highly versatile technology used to create VPN’s
- can carry IP packets, as well as ATM, SONET or ethernet frames
- specified at both Layer 2 and Layer 3
- uses MPLS cloud to route packets using MPLS labels
- routing decisoin based solely on labels without examining payload.
- Multi-Protocol Label Switching (MPLS)
Which type of packet switched network has the following characteristics?
- a high availability, high speed, multi-plexed, low latency technology used on fiber-optic networks
- SONET was originally designed for the public telephone network and widely used in the US and Canada
- SSH widely used by rest of the world. Came later
Synchronous Optical Network (SONET) and Synchronous Digital Hierarchy (SDH)
Which type of packet switched network has the following characteristics?
- a high-speed, connectionless oriented, datagram based technology available over public switched networks
- typically companies that exchange large amounts of data bursts with other remote networks use this
- Switched Multi-megabit Data Service (SMDS)
Which type of packet switched network has the following characteristics?
- the first packet switching network
- more common outside the US but being superseded by Frame Relay
- defines how point to point connections between a DTE and DCE are established and maintained
- X.25
What is the difference between a Switched Virtual Circuit (SVC) and a Permanent Virtual Circuit (PVC)?
SVC is a temporary connection that is dynamically created to transmit data, whereas a PVC are permanently established connections.
What is the advantage and disadvantage of a Permanent Virtual Circuit over a Temporary Switched Circuit?
PVC requires less bandwidth due to the lack of circuit establishment and termination but is more expensive
What is a disadvantage of using a MPLS packet switched network?
Customer loses visibility into the cloud, however so would an attacker
What is a datagram?
A self contained unit of data that is capable of being routed between a source and destination. Similar to a packet that is used in IP, datagrams are commonly used in UDP and other protocols such as AppleTalk
What are the key differences between a packet switched network and a circuit switched network?
Circuit switching is connection oriented, using fixed delays and is ideal for always on connections, constant traffic and voice communications.
Packet switching is connectionless oriented, using variable delays and is ideal for bursty traffic and data communications
What are the characteristics of the WAN protocol, High Level Data Link Control (HDLC)?
- a bit oriented, synchronous protocol that was created by ISO to support point to point and multipoint configurations.
- specifies a data encapsulation method for synchronous serial links and is the default for serial links on Cisco routers.
- various vendors implementations of HDLC are incompatible with each other
What are the characteristics of the WAN protocol, Synchronous Data Link Control (SDLC)?
- a bit-oriented full duplex serial protocol that was developed by IBM to facilitate communications between mainframes and remote offices
- defines and implements a polling method of media access.
What is the difference between asynchronous and synchronous communications?
Asynchronous: data transmitted in a serial stream. devices must communicate at same speed of slowest party. parity bits used to reduce transmission errors as no internal clocking signal is used.
Synchronous: utilises an internal clocking signal to transmit large blocks of data, known as frames. characterised by very high speed transmission rates.
What are the 5 types of telecommunications circuits used by WAN protocols?
DS0 - Slowest (used on T1) - Digital Signalling Level
DS1 (used on E1) - Digital Signalling Level
DS3 -Fastest (used on T3) - Digital Signalling Level
T1 - WAN carrier Facility
T3 - Fastest - WAN carrier Facility
E1 - Wide area digital transmission scheme (Europe)
E3 - Wide area digital transmission scheme (Europe)
Which telecommunications circuit does SONET use?
OC
What is a bridge?
a repeater used to connect two or more network segments. maintains an ARP cache that holds MAC addresses of devices connected on network segments. forwards data to all network segments if data isn’t on the local network segment
A serious problem associated with a bridge is a broadcast storm. What is this?
broadcast traffic is automatically forwarded by a bridge, effectively flooding a network
What is a switch?
- uses MAC addresses to route traffic
- unlike a hub, a switch transports data, only to the port connected to the destination MAC address
- used to create separate collision domains and thus increases transmission rates available on individual network segments.
A switch is a layer 2 device, but can also operate at which other 2 layers due to newer technologies?
Layer 3 (Network) and 7 (Application)
What is a DTE (Data terminal Equipment)?
term used to classify devices at the user end of a user to network interface, ie a workstation.
What is a DCE (Data Communications Equipment)?
consists of devices at the network end of a user to network interface. provides the physical connection of the network, forwards network traffic, etc.
What is an example of a DCE?
NIC, Modem, CSU (Channel Service Units), DSU (Data Service units)
Routing Information Protocol (RIP), Open Shortest Path First (OSPF) and Border Gateway Protocol are all types of what?
Routing Protocols
IP and IPX are two types of what?
Routed Protocols
In what two ways are routing protocols classified as?
Static or Dynamic
Which routing protocol class has the following characteristics?
- routes created and updated manually
- can’t re-route traffic to an alternate destination automatically
- only practical in small networks or where a destination is only available via a single router
- low bandwidth requirements
- built in security (users can only get to destinations specified in routing table
Static routing
Which routing protocol class has the following characteristics?
- can discover routes
- determine best route to a destination
- routing table periodically updated with new routing information
- classified as link state, distance vector or path vector
Dynamic routing
Which dynamic routing protocol algorithm has the following characteristics?
- makes routing decision based on distance (hop count or other metric) and vector (the egress router interface)
- periodically informs its peers of topology changes
- suffers from convergence
- RIP uses this dynamic class algorithm
distance vector
What is convergence in relation to routing?
the time it takes for all routers in a network to update their routing tables. Without convergence some routers on a network may be unaware of topology changes, however during convergence the network slows down considerably.
The number of router nodes that a packet must pass through to reach its destination is known as what?
Hop count
Which dynamic routing algorithm has the following characteristics?
- requires every router to calculate and maintain a complete map or routing table of the entire network
- periodically transmit updates that contain information about adjacent connections (link states) to all other routers on the network
- computation intensive but can calculate best route to a destination.
convergence occurs rapidly
- OSPF uses this dynamic class
link state
An arbitrary assigned weight or metric in routing is known as what?
Cost
Which dynamic routing protocol algoruthm has the following characteristics?
- similar to a distance vector protocol but without the scalability issues associated with a limited hop count.
- the BGP protocol uses this dynamic class
path vector
What is the Routing Information Protocol (RIP)?
A distance vector protocol that uses hop count as its routing metric.
What is a routing loop?
packets getting stuck bouncing between various router nodes
RIP employs three techniques to prevent routing loops. What are they?
Split horizon
Route poisoning
Holddown timers
Which technique to prevent routing loops prevents a router from advertising a route back through the same interface from which the route was learned?
Split horizon
Route poisoning
Holddown timers
Split horizon
Which technique to prevent routing loops sets the hop count on a bad route to 16, effectively advertising the route as unreachable if it takes for than 15 hops to reach.
Route poisoning
Which technique to prevent routing loops cause a router to start a timer when the router first receives information that a destination is unreachable. subsequent updates about the destination will not be accepted until the timer expires.
Holddown timers
Holddown timers in RIP can help prevent what?
Flapping: occurs when a router repeatedly changes state over a short period of time
Which routing protocol uses UDP 520 and is connectionless?
RIP
What are 2 disadvantages of RIP?
- slow convergence
- insufficient security (RIPv1 has no authentication and RIPv2 transfers passwords in clear text)
What is the main advantage as to why RIP is still commonly used on many networks?
Its simplicity
What is Open Shortest Path First (OSPF)?
A link state protocol widely used in large enterprise networks. considered an interior gateway protocol (IGP) because it performs routing with a single autonomous system (AS). OSPF is encapsulated directly into IP datagrams as opposed to using a Transport Layer Protocl such as TCP or UDP.
A group of contiguous IP address ranges under the control of a single internet entity is known as what?
An autonomous system (AS) - uses AS Numbers to uniquely identify the network on the internet
The following are characteristics of which Routing Protocol?
- is a link state routing protocol used to route datagrams through a packet switched network
- is an interior gateway protocol used for routing within an autonomous system.
- used in large service provider backbone networks
(IS-IS) Intermediate System to Intermediate System
The following are characteristics of which Routing Protocol?
- is a path vector protocol used between autonomous systems
- is considered an exterior gateway protocol (EGP) as it is performs routing between separate autonomous systems (such as between ISP’s) and on very large private IP networks.
Border gateway Protocol (BGP)
What is an internal Border Gateway Protocol (iBGP)?
When BGP runs within an AS such as a private IP network
What is used to address packets with routing information, allowing those packets to be transported across networks using Routing protocols?
Routed Protocols such as IP (internet protocol) and IPX (internetwork packet exchange)
What is the Internet Protocol (IP)?
Is part of the TCP/IP suite and contains addressing information that allows packets to be routed.
What are the two primary responsibilities of IP?
- Connectionless, best effort (no guarantee) delivery of datagrams
- Fragmentation and reassembly of datagrams
Which address range is used as a loopback address for testing and troubleshooting?
127.0.0.1 to 127.255.255.255
The following address ranges are examples of what?
IP address ranges reserved for use on private networks and are not routable on the internet
What is the purpose of NAT?
To conserve IP addresses
How many bits is an IPv6 address?
128-bits
What are 4 benefits of IPv6?
security
multi-media support
plug and play compatibility
backward compatibility with IPv4
What is IPX (Internet Packet Exchange)?
connectionless protocol used primarily in older Novell Netware networks for routing packets across the network. part of the IPX/SPX suite which is analogous to the TCP/IP suite
Other than IP and IPX, name two other common types of protocols defined at the network layer?
Internet Control Message Protocol (ICMP)
Simple Key Management for Internet Protocols (SKIP)
What is ICMP used for?
error reporting regarding processing of packets
The Packet Internet Groper (PING) uses which network layer protocol?
ICMP
What is Simple Key Management for Internet Protocols (SKIP) used for?
to share encryption keys
What is an advantage and disadvantage of SKIP?
doesn’t require a prior communication session to be established before it sends encrypted keys or packet, however it is bandwidth intensive because of additional header size due to encryption.
What are the two primary pieces of networking equipment defined at the Network layer?
Routers and gateways
What Network Layer device would you use to link dissimilar programs and protocols such as an Exchange Server to a Lotus Notes server?
A Gateway
What is the Transport Layer (Layer 4) used for?
transparent, reliable, data transport and end to end transmission control.
What are 4 important functions of the Transport Layer?
- Flow Control
- Multi-plexing (Enables data from multiple applications to be transmitted over a single physical link)
- Virtual Circuit Management (Establishes, maintains and terminates virtual circuits)
- Error checking and recovery (detects transmission errors)
Name 4 common Transport Layer Protocols?
- TCP
- UDP
- SPX
- SSL/TLS
The following are characteristics of which Transport Layer Protocol?
- capable of simultaneous transmission and reception (full-duplex)
- connection-oriented
- slow
- reliable
TCP
What is a three way handshake?
SYN - SYN-ACK - ACK
The following are characteristics of which Transport Layer Protocol?
- connection-less protocol
- fast
- unreliable
- doesn’t perform re-sequencing, error checking or recovery
UDP
Which protocol is used by the following applications?
Domain name System (DNS)
Simple Network Management Protocol (SNMP)
Streaming audio / video
UDP
Which protocol was used to guarantee delivery in old Novell Netware IPX/SPX networks?
Sequenced Packet Exchange (SPX) - connection-oriented protocol
Connection-oriented and Connectionless-oriented protocol examples:
TCP (Layer 4) connection-oriented UDP (Layer 4) connectionless-oriented IP (Layer 3) connectionless-oriented IPX (Layer 3) connectionless-oriented SPX (Layer 4) connection-oriented
What is SSL/TLS?
Provides session based encryption and authentication for secure communication between clients and servers on the internet.
Which layer is responsible for establishing, co-ordinating and terminating communication sessions between networked systems?
Session Layer
What are the 3 phases at the session layer?
Connection establishment
Data transfer
Connection release
What are the 3 modes of operation in Connection establishment at the session layer?
Simplex Mode (one way) -radio
Half-duplex mode (two way but one at a time) - walkie talkie
Full-duplex mode (two way simultaneously) - phone
Name 5 examples of Session layer protocols?
- Net-BIOS - Microsoft Protocol that allows apps to communicate over a LAN
- Network File System (NFS) - transparent user access to remote resources on a UNIX TCP/IP network
- Remote Procedure Call (RPC) - client server re-direciton tool
- Secure Shell (SSH and SSH2) - establishes an encrypted tunnel between client and server
Session Initiation Protocol (SIP) - signalling protocol for real-time comms such as voice, video, text over IP based networks
Which layer is responsible for coding and conversion functions being applied to data at the application layer?
Presentation Layer (ensures compatibility)
What 4 tasks are associated with the presentation layer?
- Data representation (image, sound, video formats)
- Character conversion (common character conversion schemes)
- Data compression
- Data encryption
Name 5 presentation layer protocols?
- American Standard Code for Information Interchange (ASCII) (character encoding scheme ie alphabet)
- Extended Binary Code Decimal Interchange Code (EBCDIC)
- GIF
- JPEG
- MPEG
Which layer is responsible for identifying and establishing availability of communicating partners, determining resource availability and synchronisation?
Application Layer
HTTPS, FTP, HTTP, IMAP, POP3, PEM, SET, S-HTTP, S/MIME, S-RPC, SMTP, SNMP, Telnet, TFTP are all what?
Application layer protocols
What is the Intenet Message Access Protocol (IMAP)?
a store and forward electronic mail protocol that allows and email client to access, manage and synchronise email on a remote mail server.
How can an email client using IMAP be secured?
using SSL/TLS
In what way does IMAP provide more functionality than POP3?
requires users to explicitly delete e-mails from the server
What is POP3?
An email retrieval protocol that allows an email client to retrieve email from a remote mail server. allows users to authenticate over internet using plain-text passwords. can be secured using TLS/SSL
What is the Secure Remote Procedure Call Protocol (S-RPC)?
a secure client-server protocol. using public and private keys with diffie-hellman
What is the Simple Mail Transfer Protocol (SMTP)?
Used to send and receive email across the internet.operates on TCP/UDP port 25. has well known vulnerabilities that make it inherently insecure.
What is the Simple Network Management Protocol (SNMP)?
Used to collect network information by polling stations or sending traps
What is a well known vulnerability of SNMP?
uses default cleartext community strings (passwords)
What is telnet?
Terminal emulation for remote access to system resources
What is a weakness of telnet?
Passwords sent in cleartext
What is the Trivial File Transfer Protocol (TFTP)?
A lean version of FTP without directory browsing or authentication. Less secure than FTP
Which model was created by the US Department of Defence and preceded the OSI model?
The TCP/IP model
What are the 4 layers of the TCP/IP model?
- Application Layer (loosely corresponds to the Application, Presentation and Session layer)
- Transport Layer (corresponds to the OSI Transport Layer)
- Internet Layer (corresponds to the OSI Network Layer)
- Network Access (or Link) Layer (corresponds to the Data and Physical Layer of the OSI model)
What is an IDPS?
An intrusion Detection and Prevention System
What is the purpose of a firewall?
To control traffic between a trusted network (LAN) and an untrusted network (WAN).
What are the 3 basic types of firewalls?
- Packet filtering
- Circuit level gateway
- Application level gateway
The following are characteristics of which type of firewall?
- suitable for a low risk environment
- permits or denies traffic based solely on TCP, UDP, ICMP and IP headers in packets
- it examines traffic direction, source/destination IP addresses and source/destination port numbers
- information then compared in a pre-defined Access Control List (ACL) to permit or deny traffic
- typical operates at network or transport layer
- is inexpensive, fast and transparent to users
- access decisions based purely on address, port information
- has no protection from IP or DNS spoofing
- doesn’t support strong user authentication
ACL lists difficult to maintain
Packet filtering firewall
What is an advanced variation of a packet filtering firewall?
A dynamic packet filtering firewall (allows the creation of dynamic access list rules for individual sessions)
The following are characteristics of which type of firewall?
- maintains state information about established connections
- tunnels used for sessions between two hosts, without the need for further inspection of individual packets
- advantages include speed, support for many protocols and easy maintenance
- disadvantages include dependence on trustworthiness of connecting user/host and limited logging about individual packets after initial connection
- Circuit level gateway
Which type of circuit level gateway captures packets at the network layer, then queues and analyses them at the upper layers of the OSI model?
Stateful inspection firewall
The following are characteristics of which type of firewall?
- operates at application layer of the OSI model
- considered most secure and commonly implemented as a proxy server (no direct communication between each host is permitted)
- proxy intercepts data packets, analyses contents and if permitted by the firewall rules, sends a copy of the original packet to the intended host.
- can be used to implement strong user authentication
- resource intensive and must be tailored to specific applications.
Application level gateway
Firewalls can be implemented using which 4 firewall architectures?
- screening router
- dual homed gateway
- screened host gateway
- screened subnet
The following are the characteristics of which firewall architecture?
- most basic type
- external router placed between trusted and untrusted networks with a security policy implemented using ACL’s
- advantage is transparency, simple to use and inexpensive
- disadvantages include difficulty in handling certain traffic, limited or no logging, no user authentication, makes masking the internal network structure difficult and is a single point of failure
- screening router
The following are the characteristics of which firewall architecture?
- has two NICs and sits in-between the trusted and untrusted network
- connected to the untrusted network via an external screening router and a proxy server with the trusted network often requiring authentication
- offers a more fail-safe operation than a screening router because data isn’t forwarded across the two interfaces
- internal network structure is masked.
- disadvantages includes inconvenience to users due to authentication with a proxy server, added latency and proxies may not be available for some services.
A dual homed gateway (or bastion host)
What is a bastion hosts?
a general term used to refer to proxies, firewalls, gateways or any server that provides applications or services directly to an untrusted network
The following are the characteristics of which firewall architecture?
- employs an external screening router and internal bastion host
- screening router is configured so that the bastion host is the only host accessible from the untrusted network
- bastion host provides required web services to the untrusted network as permitted by the security policy
- connections to the internet from the proxy are routed via a application proxy
- advantages include transparent outbound access, restricted inbound access and distributed security between two devices
- disadvantages include difficulty in masking internal network structure, can have multiple single points of failure (on screening router or bastion host) and considered less secure because the screening router can bypass the bastion hosts to access trusted services.
- screened host gateway
The following are the characteristics of which firewall architecture?
- most secure
- employs an external screening route, a dual homed host and a second internal screening router
- implements concept of DMZ
- publicly available services are placed on bastion host within DMZ
- advantages include transparency to end users, flexibility, internal network structure can be masked, provides defence in depth.
- disadvantages include more expensive, difficult to configure and maintain, more difficult to troubleshoot
- screened subnet
What is the reason for placing public services in a DMZ?
To separate them from private services on your network
What are the 3 ways in which Intrusion Detection Systems can be categorised?
Active and Passive
Network based and Host based
knowledge based and behaviour based
What is the difference between an active and passive IDS?
Active is known as an IPS which blocks attacks, whereas passive is an IDS that only detects attacks?
How can an IPS perform a DoS attack on its own network?
By flooding the network with alarms that cause it no block connections until no connection or bandwidth is available
What is the difference between a network based and host based IDS?
network based sniffs all traffic on the network whereas host based is an agent monitoring a single host
What is the difference between a knowledge based and behaviour based IDS?
Knowledge based uses signatures whereas behaviour based detects anomalies.
What kind of devices use remote access?
Cable Modems, Wireless Devices and protocols such as asynchronous dial-up, ISDN, xDSL
What are the 3 common remote access methods?
- Restricted Access: restricts access based on allowed IP
- Caller ID: restricts access based on allowed phone No.s
- Callback: restricts access by requiring a remote user to authenticate with a remote access server (RAS). RAS then disconnects and calls the user back at a pre-configured phone number.
In what way is CallerID and Callback more secure method of node authentication than Restricted Access?
phone numbers are more difficult to spoof than IP’s
What is a way of defeating Callback?
Call forwarding
PPP incorporates which 3 authentication protocols?
EAP, PAP and CHAP
Which PPP authentication protocol has the following characteristics?
- uses a two way handshake to authenticate a peer to a server when a link is initially established
- transfers passwords in clear text (no protection form replay or brute force attacks)
PAP (Password Authentication Protocol)
Which PPP authentication protocol has the following characteristics?
- uses a three way handshake
- requires both peer and server to be pre-configured with s shared secret stored in cleartext
- peer uses the secret to calculate the response to a server challenge by using an MD5 one way hash function
CHAP (Challenge Handshake Authentication Protocol)
What is MS-CHAP?
A Microsoft enhancement to CHAP that allows the shared secret to be stored in a encrypted form.
Which PPP authentication protocol has the following characteristics?
- adds flexibility to the PPP protocol by implementing various authentication mechanisms such as MD5-challenge, S-Key, generic token card, digital certificates, etc.
- implemented on many wireless networks
EAP (The Extensible Authentication Protocol)
name 4 remote access security technologies?
RAS
RADIUS
TACACS
Diameter
Which authentication technologies can a RAS server commonly use?
PPP, RADIUS, TACACS
What are the characteristics of the RADIUS protocol?
- open source, UDP, client-server protocol
- provides authentication and accountability
- user provides username/password information to a RADIUS client using PAP or CHAP.
- RADIUS client encrypts the password and sends the user-name and encrypted password to the RADIUS server for authentication
Note regarding Radius:
Passwords exchanged between the RADIUS client and RADIUS server are encrypted, however password exchanged between PC client and RADIUS client aren’t if PAP is used. If PC client happens to be RADIUS client all password exchanges are encrypted.
Also the same for TACACS+
What is the next generation RADIUS protocol otherwise known as?
Diameter
What are the advantages of using Diameter over RADIUS?
- uses TCP rather than UDP
- supports IPSec over TLS
- has a larger address space
What are the characteristics of the authentication protocol, TACACS Terminal Access Controller Access Control System)?
- UDP based which provides authentication, authorisation and accountability (AAA)
What is the most common implementation of TACACS?
TACACS+ (TCP based and supports practically any authentication mechanism, ie PAP, CHAP, MS-CHAP, EAP, token cards, Kerberos, etc.)
What are the 2 advantages of TACACS+?
- wide support for various authentication mechanisms
- granular control of authorisation parameters
What is a VPN?
Creates a secure tunnel over the internet
What can a VPN do to data as it’s transmitted across the internet?
Encrypt or encapsulate it
The two ends of a VPN are commonly implemented using one of which 4 methods?
- Client to VPN concentrator (or device)
- Client to Firewall
- Firewall to Firewall
- Router to Router
What are 5 common VPN protocol standards?
PPTP (Point to Point Tunnelling Protocol) (L2F) (Layer 2 Forwarding Protocol) L2TP (Layer 2 Tunnelling Protocol) IPSec SSL
Which VPN protocol standard has the following characteristics?
- developed by microsoft
- enables PPP to be tunnelled through a public network
- uses native PPP authentication and encryption such as PAP, CHAP and EAP.
- commonly used for secure dial-up connections
- operates at layer 2 and is designed for individual client server connections
PPTP (Point to Point Tunnelling Protocol)
Which VPN protocol standard has the following characteristics?
- developed by cisco and provides similar functionality to PPTP.
- operates at layer 2 and permits tunnelling of layer 2 WAN protocol such as HDLC and SLIP.
(L2F) (Layer 2 Forwarding Protocol)
Which VPN protocol standard has the following characteristics?
- is an IETF standard that combines microsoft, cisco and other vendor protocols.
- operates an layer 2 to create secure VPN connections for individual client server connections
L2TP (Layer 2 Tunnelling Protocol)
Which VPN tunnelling protocol addresses the following end user requirements?
- Transparency: requires no additional software
- Robust authentication: Supports PPP authentication protocols, RADIUS, TACACS, smart cards and one time passwords.
- Local Addressing: The VPN entities rather than the ISP assign IP addresses.
- Authorisation: managed by the VPN server side, similar to direct dial-up connections.
- Accounting: Both the ISP and user perform AAA accounting
L2TP (Layer 2 Tunnelling Protocol)
What does IPSec ensure by providing Layer 3 encryption and authentication to provide an end to end solution?
Confidentiality, Integrity and Authenticity
Which type of VPN provides a secure connection to web based applications?
SSL VPN
What is an advantage, but also a disadvantage of an SSL VPN over other protocols?
granularity - can grant a user access to a specific application rather than an entire network, however not all applications work over SSL VPN and may lack functions such as File Sharing, printing, etc.
What are the 3 basic components of a WLAN?
client devices, wireless network cards and wireless access points
What is a WNIC in relation to wireless?
Wireless network interface card
In what type of mode does a wireless access point operate in?
Simplex
Half-duplex
Full-duplex
half-duplex
What are the 4 basic types of wireless antennas?
- Omni-directional: most common type, short poles that transmit and receive signals with equal strength in all directions around a horizontal axis.
- Parabolic: dish antennas made of meshed wired grid or solid metal. used to extend wireless signals over great distances
- Sectorised: similar in shape to omni-directional antennas, but have reflectors that transmit signals in a particular direction to provide greater distance and less interference.
- Yagi: similar in appearance to a small tv aerial antenna. used for long distances in point to point or point to multipoint wireless applications.
Access points and the wireless cards that connect to them must use the same WLAN 802.11 standard. True or False?
true
What 3 modes can an access point operate in?
- Root mode: default config for most AP’s. directly connected to the wired network. also known as infrastructure mode
- Repeater mode: doesn’t connect directly to the wired network, but instead provides an upstream link to another AP. extends the range of the WLAN. also known as stand alone mode
Bridge mode: rare config that isn’t supported in most AP’s. used to connect two separate wired network segments using an AP.
What type of wireless architecture does not have any AP’s where the wireless devices communicate directly with each other in a peer to peer network?
Ad-hoc
What are 3 common security techniques and protocols used by WLAN?
WEP
SSID
WPA
Which WLAN security technique has the following characteristics?
- used to uniquely identify a wireless network
- wireless client must know it before connecting to the network
Service Set Identifier (SSID)
Which WLAN protocol has the following characteristics?
- originally developed to provide the same confidentiality as on a wired network
- uses an RC4 stream cipher for confidentiality and a CRC-32 checksum for integrity
- uses a 40bit or 104 bit key with a 24bit initialisation vector(IV) to form a 64bit or 128bit key.
- WEP can easily be cracked due to the short initialisation vector used and other flaws
Wired Equivalent Privacy (WEP)
Which two methods of authentication does WEP support?
Open System Authentication: require no credentials, but encrypts data after client has associated with AP
Shared Key Authentication: uses a 4 way handshake to authenticate with the AP and encrypts data thereafter
What two tunnelling protocols can be used to enhance WEP security?
IPSec and SSH
Which WLAN protocol has the following characteristics?
- provides significant security enhancements over WEP
- uses the Temporal Key Integrity Protocol (TKIP) to address some of the encryption problems in WEP.
- implements a sequence counter to prevent replay attacks and a 64-bit message integrity check
- supports various EAP extensions including EAP-TLS, EAP-TTLS and PEAP.
WiFi Protected Access (WPA)
Which WLAN protocol has the following characteristics?
- supports various EAP extensions including EAP-TLS, EAP-TTLS and PEAP.
- is an enhancement to WPA
- uses the AES based algorithm Counter Mode with Cipher Block Chaining Message Authentication Protocol (CCMP) which replaces TKIP and WEP to produce a fully secure WLAN protocol
WiFi Protected Access 2 (WPA2)
In relation to the WPA protocol, what is TKIP?
combines a secret root key with the initialisation vector by using a key mixing function
Spam accounts for roughly what percentage of all email traffic?
85%
What is a risk in using SMTP?
most SMTP servers are configured by default to forward or relay all mail regardless of whether the sender or recipient address is valid
What is a Realtime Blackhole List (RBL) use for?
a blacklist of domain or IP addresses that are known to send spam
What 3 risks can be associated with spam email?
- Missing or deleting important emails
- Viruses and other malicious code
- Phishing and Pharming scams
How can clients and server be protected against the risks posed by email?
- placing mail servers within a DMZ
- unnecessary or unused services should be disabled (change the default relay setting)
- most other servers and client PC’s should have port 25 disabled
- implement a spam filter/secure mail gateway
What is SPIM?
Spam over instant messaging
What is SPIT?
Spam over Internet Telephony
What are the two principal protocols that make up the World Wide Web?
HTTP (Hypertext Transfer Protocol)
HTML (Hypertext Mark-up Language)
What is the difference between HTTP and HTML?
HTTP is the command and response language used by web browsers to communicate with web servers and HTML is the display language that the defines the appearance of web pages.
name 3 common attacks on these protocols?
- Script injection: Hacker injects scripting language commads into forms on web pages in an attempt to fool the web server into sending the contents of a back end database
- Buffer overflow: Hackers try to send machine language instructions as part of queries to web servers in an attempt to run those instructions
Denial of Service (DOS): an attacker can send specifically crafter queries to a web server to make it malfunctions or huge volumes of queries to make it stop working.
Facsimile Security: 4 general administrative and technical controls?
- Using cover pages that include appropriate routing and classification markings
- Place fax machines in secure areas
- using secure phone lines
- Encrypting fax data
What are 3 types of corporate telecommunications infrastructure?
PBX (Private Branch Exchange)
POTS (Plain Old Telephone Systems)
VoIP (Voice over IP)
How can an organisation protect against fraud and abuse of telecommunications systems?
User security policy
regular auditing of calls
strong passwords and patching of systems
What 5 methods can be used to forge Caller ID’s to perpetrate fraud or abuse?
- Using a calling card: using a long distance calling card often masks the origin of the call
- Using callerID services: commercial services are available that can generate any desired callerID
- Blocking callerID: some wireline or wireless telephone services block callerID
- Re-configure your telephone switch: a telephone switch connected via a trunk to a telephone network can send callerID data.
- VoIP: Simple IP smartphone or PC software can be used to generate false callerID data from VoIP phones
name 8 common types of network attacks?
Bluejacking and Bluesnarfing Fraggle ICMP Flood Session Hijacking (Spoofing) Smurf SYN Flood Teardrop UDP Flood
Which type of network attack has the following characteristics?
- sending anonymous, unsolicited messages to Bluetooth enabled devices
Bluejacking
Which type of network attack has the following characteristics?
- stealing personal data from Bluetooth enabled phones
Bluesnarfing
Which type of network attack has the following characteristics?
- a variant of the SMURF attack that uses UDP packets instead ICMP packets
Fraggle
Which type of network attack has the following characteristics?
- large number of ICMP packets (usually echo requests) sent to a target network to consume bandwidth or resources
ICMP flood
Which type of network attack has the following characteristics?
- involves altering a TCP packet so that is appears to come from a known, trusted source
Session Hijacking (spoofing)
Which type of network attack has the following characteristics?
- a variation of the ICMP flood attack
- ICMP echo request packets are sent to the broadcast address of the target network by using a spoofed address on the target network
- each echo request is then sent to every host on the network in which all hosts respond with an echo reply overwhelming available bandwidth or system resources
Smurf
Which type of network attack has the following characteristics?
- TCP packets with a spoofed source address requests a connection (SYN). target responds with a (SYN-ACK) packet but source never responds. Half open connections are incomplete communications sessions which can overwhelm a systems resources whilst the system waits for the connection to timeout.
SYN flood
Which type of network attack has the following characteristics?
- the length and fragmentation offset fields of sequential IP packets are modified causing the target system to become confused and crash.
Teardrop
Which type of network attack has the following characteristics?
- large number of UDP packets are sent to the target network to consume bandwidth and resources
UDP Flood
How can a Fraggle attack be countered?
Cisco routers can be used to disable TCP and UDP services.
How can an ICMP Flood attack be countered?
Because ICMP isn’t required for normal network operations, the easiest defence is to drop ICMP packets at the router or filter them at the firewall
how can a Smurf attack be countered?
Dropping ICMP packets at the router
How can SYN Flood attacks be countered?
Can be countered on Cisco routers using two methods:
- TCP intercept which proxies for half-open connections
- Committed Access Rate: limits bandwidth available to certain types of traffic
Other defences include changing the default maximum number of TCP half-open connections and reducing the timeout period on networked systems
How can UDP Flood attacks be countered?
drop unnecessary UDP packets at the router
What is fragmentation at the Network layer?
IP will sub-divide a packet if its size is greater than the maximum size allowed on the local network.
What advantages does RIPv2 provide over RIPv1?
- Carries a subnet mask
- Supports password authentication security
- specifies the next hop address
- does not require that routes be aggregated on the network boundary
What is an advantage to using OSPF?
results in smaller, more frequent updates everywhere. they converge quickly so can prevent routing loops and Count-to-Infinity (when router continually increment the hop count)
What is a disadvantage to using OSPF?
require large amounts of CPU and memory
Which Routing protocol uses a hierarchical structure and supports classless IP address ranges?
OSPF
What is the latest version of RIP, OSPF and BGP respectively?
RIPv2
OSPFv2
BGPv4
Which routing protocol allowed the internet to become a de-centralised system?
RIP, OSPF or BGP?
BGP
Hosts using which routing protocol communicate using TCP and send updated router table information when one host has detected a change? (only the affected part of the routing table is sent)
RIP, OSPF, BGP
BGP
What are the two message categories in ICMP?
Error Messages
Query Messages
What are the 4 main functions of ICMP?
- Announce network errors
- Announce network congestion
- Assist troubleshooting
- Announce timeouts
IPv4, ICMP, OSPF, IPSec, IPX are all associated with which OSI layer?
Network layer
What are the 6 control bits used by TCP during data transmission?
URG: Urgent Pointer Field Significant ACK: Acknowledgement Field Significant PSH: Push Function RST: Reset the connection SYN: Sync sequence numbers FIN: No more data from sender
In a 3 way handshake what assurance does the acknowledgement number provide to the client that requested the connection?
proof to the client that the ACK is specific to the SYN the client initiated.
TCP, UDP, SPX, RDP are examples of protocols at which OSI layer?
Transport
What is the H.245 protocol and which layer is it used at?
Call control protocol for multimedia communication used at Session layer.
L2TP, NetBIOS, PAP, PPTP, RPC are used at which OSI layer?
Session
What are the two sub-layers of the Presentation layer?
CASE (Common Application Service Element) - provides services for the application layer and request services from the session layer
SASE (Specific Application Service Element) - provides application specific services
FTP, MIME, Telnet are common protocol at which OSI layer?
Presentation
FTP, SMTP, HTTP, LDAP, DNS, DHCP are protocols at which OSI layer?
Application
The following classes of firewall operate at which OSI layers respectively?
Application Proxy
Circuit gateway
Packet switched
Application Proxy - Application
Circuit gateway - Session
Packet Filter (SPF) - Network
IP classes explained:
Class, Range of first octet, No. of octets for Network No., No. of hosts in network.
A 1-127, 1, 16,777,216 B 128-191, 2, 65,536 C 192-223, 3, 256 D 224-239, Multicast E 240-255, Reserved
What Classless Interdomain Routing? (CIDR)
does not require that a new address be allocated based on the number of hosts in a network class. used to address shortage of IP’s
Ports are broken into 3 ranges. What are they?
Well known Ports: 0 to 1023
Registered Ports: 1024 to 49151
Dynamic or Private Ports: 49152 to 65535
What can be the reason for choosing a registered port than a well known port?
On most systems, the user may not have the privileges to run an application on a well known port.
Which protocol is more susceptible to spoofing? TCP or UDP?
UDP
What is the difference between an extranet and a DMZ?
Extranet offers controlled access to authenticated connections, whereas a public facing server in a DMZ must normally support unauthenticated connections.
What is RFC 3118 in relation to DHCP?
specifies how to implement authentication for DHCP messages so that messages are rejected from invalid sources, ie a protects against an attacker pluggin his machine into a port.
In what 4 ways can Ping/tracert (ICMP) maliciously be used?
- Ping of Death: (ICMP echo greater than legal packet limit 65,536 bytes)
- ICMP re-direct attacks: tells a host to use an attackers machine as default route
- Ping scanning: basic technique that helps narrow the scope of an attack.
- Traceroute exploitation: map a victim network to learn about its routing
What type of tool is Firewalk?
similar to traceroute but instead enumerates a firewall rulset.
What is the Internet Group management Protocol (IGMP)?
used to manage multi-casting groups, which are a set of hosts anywhere on a network that are interested in a particular multi-cast.
What are the 3 versions of IGMP?
Ver1: periodically sends queries to a host on its network to update its database of multicast groups membership. Hosts stagger their replies to prevent a storm of traffic. when replies no longer come, agents will stop forwarding multicasts to that group.
Ver2: extends functionality of ver1. does 2 queries, general query and group specific query.
Ver3: allows hosts to specify from which sources they want to receive multicasts.
Which Routing Protocol supports automatic failover of routers?
Virtual Router Redundancy Protocol (VRRP)
What is RPC (Remote Procedure Call)?
provides a brokering service between client and application, ie authentication.
Why is RPC not used over the open internet?
weak authentication mechanism which can be leveraged for privilege escalation by an attacker.
CORBA and DCOM are examples of what protocol?
RPC
What is DNSSEC?
DNS authentication
What are 3 ways of enhancing DNS security?
DNSSEC
Multicasting
Service Directory
What port does DNS use?
53
Can LDAP security be subverted by breaking DNS?
Yes
What ports are used by NetBIOS for TCP and UDP respectively?
TCP: 137 and 138
UDP: 135 (used for remote procedure calls) and 139
NIS is a directory service commonly used by which environment?
Unix
What is a weakness of NIS?
Uses RPC
What is NIS+?
enhancement to NIS that uses Secure RPC.
What is CIFS/SMB?
A file sharing protocol on Windows. (freeSAMBA is UNIX alternative) designed to run on top of NetBIOS on TCP port 445. authentication can be performed via challenge response.
What is the main weakness of CIFS/SMB? (Common Internet File System/Server Message Block)
passwords delivered in clear text.
What is NFS (Network File Sharing) system?
Used by Unix, but can also exist on Linux, Windows, etc.
What are the 4 versions of NFS?
2, UDP, uses RDP, stateless protocols
3 TCP, uses RDP, stateless protocols
4 TCP, stateful, uses encryption based on kerberos.
What are 3 ways of securing NFS?
Secure NFS (DES encryption)
Using NFS version 4
tunnel NFS through SSH
What port does SMTP use?
25
What are the two main weaknesses of SMTP?
lack of authentication and encryption
What is the enhancement to SMTP which allows authentication?
ESMTP
What 2 ports does FTP use?
20 Data stream
21 Control stream
What are 3 ways of securing FTP?
- Secure FTP with TLS: uses AUTH TLS to request that FTP session be encrypted
- SFTP (SSH File Transfer Protocol): not an SFTP protocol so clients cannot be used to talk to an SFTP server, however encrypts both commands and data unlike standard FTP.
- FTP over SSH: refers to the practice of tunnelling a normal FTP session over SSH. protects only the channel.
What are the two transfer modes of FTP?
Active (server initiates connection) not common and should be blocked by firewall.
Passive (client initiates connection)
What is anonymous FTP
guest authentication
What is Trivial File Transfer Protocol (TFTP)?
used when authentication is not need. simplified version of FTP. operates on UDP 69
When is TFTP most commonly used?
In LAN’s for pulling packages, ie in booting up a diskles client or deploying images to a client environment
What are 3 types of HTTP proxies?
- Anonymising Proxies: allows the anonymisation of HTTP requests. JAP is an example
- Open proxy Servers: allows unrestricted access to GET commands from the internet, potentially to be used to launch an attack.
- Content Filtering
What is the best way of separating application gateways from the proxy for web browsing?
A reverse proxy.
Why should a reverse proxy be used?
allows direct access from he internet
What is HTTP Tunnelling?
Allows tunnelling of applications through firewall
What is the main concern when using mult-layer protocols?
Outdated components
What two terms are most commonly associated with Multi-layer protocols?
SCADA (Supervisory Control and Data Acquisition) and ICS (Industrial Control System)
What are 6 vulnerabilities associated with SCADA?
- Network Perimeter Vulnerabilities
- Protocol Vulnerabilities through stack
- Database Insecurities
- Session Hijacking MIM attacks
- OS and server weaknesses
- Device and vendor Backdoors
What are two standard industrial communication protocols?
MODBUS and FIELDBUS
What are weaknesses of the MODBUS and FIELDBUS industrial communication protocols?
- focus in on uptime not security
- send information in cleartext
- little or no authentication
What is the best way of protecting SCADA systems?
physical controls
What is a key security function of a boundary router?
To prevent IP spoofing
What are 3 types of IP spoofing attacks?
Non-blind spoofing: attacker on same subnet as victim
Blind spoofing: packets sent to victim to determine sequence numbers
Man in the Middle attack: interception of a legitimate communication (both blind and non-blind spoofing are types of MitM attacks)
How does an OS protect against blind spoofing?
uses random sequence number generation
Network partitioning often includes 3 common security zones. What are they?
- DMZ, Application Zone, Internal Zone.
Which network zone would you place proxy servers, SMTP or DNS?
DMZ
Which network zone would you place web servers, DB, AV, etc?
Application Zone
A terminal server is a type of which host? Dual-homed or Bastion?
Bastion
Why are modems discouraged on networks?
allow remote users to access a network from almost any analog phone line. allows a backdoor into the network.
What is a modem?
a modem connected to a user’s computer converts digital signal to analog to be transmitted over a phone line
What is a way of combating legacy equipment such as modems on a network?
Telephony firewalls
What is a Concentrator?
multiplex connected devices into one signal , ie FDDI
What is GSM?
Global Service for Mobile Communications
Should Wireless Access Point placement focus on security or strong signal?
Strong signal
WPA supports which type of authentication?
IEEE 802.1x based on the EAP framework
What are the 3 EAP authentication models?
EAP-TLS: client server authentication with certificates. more secure but more overhead with managing certificates
EAP-TTLS: less secure as only server presents certificate to client, however less overhead to administer
EAP-PEAP: similar to EAP-TLS. server authenticates to client with cert and client employs non-digital cert mechanism to authenticate with server. easier to administer, but still a lack of client side cert
What enhancements does WPA2 provide to WEP and WPA?
- uses 802.1x access control to start an EAP authentication method
- uses Counter Mode/CBC-MAC protocol (CCMP for encryption
In relation to Bluetooth what is a Blue Bug attack?
an attacker can use the AT commands on a victims phone to initiate calls, send messages
What is the IEEE 802.16 standard?
WiMAX. Fixed mobile wireless solution meaning that the client devices are highly portable but whilst not in use. 802.16a deals with issues such as improved access. useful for access to MAN network. allow wireless access from long distances
What does WiMax use to protect confidentiality of data?
AES and authentication options including EAP.
What is alternative technology to running fiber cables through a building?
Wireless Optics: uses infra-red light or lasers to transmit data between two receivers. have advantages over microwave as they are more difficult to intercept, however they are un-reliable due to weather
Light emitting Diodes (LEDs) and Diode Lasers are two types of what?
Fiber Optics
Why would you use Diode Lasers over LED’s n fiber optics?
more bandwidth and distance
What is the difference between single mode and multi-mode fiber?
in single mode, light is transmitted in a direct path down cable. single mode allows for greater bandwidth, longer cables and is suitable for carrier networks
Where should firewalls be installed?
Between Domain Trusts
What are two important conditions used to determine if a packet should be filtered by a firewall?
Address: source/destination address
Service: ie port number TCP UDP
An extension to NAT that translates all addresses into one routable IP address if using multiple ports is known as what?
Port Address Translation (PAT)
What is HAIPE (High Assurance Internet Protocol Encryptor)?
based on IPSec, possesses additional restrictions and enhancements. has the ability to encrypt multi-cast data using high assurance hardware encryption which requires that the same key be loaded on all communicating devices. Often used in military.
What is SOCKS?
a circuit proxy server where users employ a SOCKS client to access a remote server.the client initiates a connection to the SOCKS proxy server which accesses the remote server on behalf of the client.
What is a key advantage of SOCKS over other VPN’?
The ability to use proxy servers
What is a PSTN (Modems and Public Switched Telephone Networks)?
designed for analog communications, but today used for data connections over WAN’s.
What is the Extensible Messaging and Presence Protocol (XMAPP) and Jabber?
- open instant messaging protocol
- server based app designed to interact with other instant messaging apps.
- anyone can offer a Jabber server making the network untrusted.
- traffic can be encrypted using TLS, though it does not stop eavesdropping on server.
- offers both cleartext and challenge response authentication though credentials are cached on jabber server.
What is Internet relay Chat? (IRC)
- chat system that typically operates through terminal or telnet connections which leave no log related to file transfers.
- client/server based and unencrypted
- common platform for social engineering attacks
What 4 things does security of instant messaging rely on?
- strength of the protocol
- quality of the implementation
- trustworthiness of the operator
- behaviour of the user
What ports does RADIUS typically operate across?
1812 and 1813, both TCP and UDP
What ports does SNMP operate accross?
161 and 162 for both TCP and UDP
What port does Telnet operate on?
TCP 23
What is rlogin, rsh and rcp?
rlogin: protocol for granting remote access to a machine, normally a Unix server.
rsh: grants direct remote command execution
rcp: copies data from or to a remote machine
What are the weaknesses or rlogin?
unencrypted
authentication is host/IP based. although it will take a user ID, the ID is not verified as rlogin relies on trustworthiness of the host.
What is a secure alternative to rlogin, crp, rsh?
SSH
What ports do virtual network terminal services typically operate across?
80TCP or 443UDP
What is the main method of protecting terminal services?
Patching
What is a teleworker?
A mobile worker
What is the Tree Network Topology?
similar to a bus, except devices connect to a branching cable.
What is CSMA (Carrie Sense Multiple Access)?
- only one device can transmit a time
- devices compete for available bandwidth
- referred as a contention-based protocol.
What two types of CSMA exist?
CSMA/CA(collision avoidance): uses jamming signals so other devices don’t transmit. used in the 802.11 wireless standard
CSMA/CD(collision detection): listens for carrier before transmitting data. used as part of the IEEE 802.3 (ethernet) standard
What IEEE standard does token ring use?
IEEE 802.5
What attack allows an attacker to move across VLAN’s?
VLAN hopping
What is port scanning?
The act of probing tcp services on a machine
FIN, NULL and XMAS scanning explained:
request to close a connection sent to a target machine. works with UNIX, not Windows. if a response is received it provides recognition that port is open.
How to protect against a FIN attack?
Firewall Stealth Mode
What is a network tap?
a device with the ability to copy all data flowing through a network in real time for analysis and storage. can also be deployed for purposes of compliance with legal requirements related to retention of records/transactions for fraud.
What are the 4 common steps in the methodology of a network attack?
-Target Acquisition: intelligence gathering through network scanning. split network security zone, NAT, etc can protect against this.
target Analysis: target analysed for security weaknesses/vulnerabilities
Target Access: social engineering, unauthorised access via vulnerability.
Target Appropriation: escalate privileges
What are two types of scanning tools?
Nessus: vulnerability scanner
NMap: discovery scanner
What is the difference between a vulnerability scan and a penetration scan?
Vulnerability scan uncovers vulnerabilities, whereas penetration scanning exploits them
What is an Overlapping fragment attack?
used to subvert packet filters that only check the first fragment of a fragmented packet. other packets follow that overwrite the first fragment with malicious data. solution is for TCP/IP stacks not to allow fragments to overwrite each other.
What is source routing exploitation and how would you protect against it?
where an attacker can specify the path to take to a destination. source routing can be disabled on routers
What is the main weakness of Network News Transport Protocol (NNTP)?
Authentication. confidentiality is less of a concern as the message is supposed to be published, rather proper identification and authentication of the sender is the issue.
What is the Finger User Information Protocol?
An identification service that allows a user to obtain information about the last login time of a user and whether he or she s currently logged in. implemented as a UNIX daemon.
Why is the Finger User information protocol no longer widely used?
- has been subject to a number of security exploits
- raises privacy and security concerns. can be abused for social engineering
- the users self-actuation
What ports does NTP (Network Time Protocol) use?
TCP and UDP 123
How to protect NTP?
- restrict access based on IP
- NTP3 uses symmetric encryption for authentication
- NTP4 uses asymmetric encryption for authentication
What is the main countermeasure to DNS spoofing?
establish DNS servers dedicated to their domain and vigorously monitor them. an internal DNS server which only accepts queries from the internal network/users.
To avoid Information Disclosure in DNS, what should a business do?
Use split-DNS zones and refrain from using telling name conventions for servers.
What are split naming zones?
names of hosts that are only accessible on the intranet that are available on the internet
What is TCP SYN scanning?
no complete connection is opened. instead only the initial steps of the handshake are performed. makes the scans harder to detect but can’t be stopped by firewalls.
