things to memorize Flashcards
What are the six steps of trouble shooting
▪ Identify the problem
▪ Establish a theory of probable cause
▪ Test the theory to determine the cause
● If the theory is not confirmed, re-establish a new theory
▪ Establish a plan of action to resolve the problem and implement the
solution
▪ Verify full system functionality
▪ Document the findings, actions, and outcomes
“bit”
o A single “bit” can store one of two values: 1 or 0
“Nibble”
is 4 bits
1000 bits
▪ 1Kilobit (1Kb)
how do we represent a “bit” and a “byte”
bit = b
byte = B
DB 25 Connector
▪ A D-shaped sub miniature pin that goes into the back of a computer and
has two thumb screws on the side
Serial Cable
▪ A cable that sends data in ones and zeros in a straight line, but it can only
send one bit at a time, which is measured at the speed of cables in bits
per second
DB9 Connector
▪ A slow speed connection for much older mice keyboards and other
external modems
▪ A USB 1 and a USB 2 run at a much slower speed and should be split
across a hub
▪ A USB 1.0 has the slowest speed out of a USB with a maximum speed of
1.5 megabits per second
USB 1.1
▪ Known as full speed and runs at 12 megabits per second
USB 2.0
▪ Known as high speed and runs at 480 megabits per second
USB 3.0
▪ Known as super speed and is at least 5 gigabits per second
USB 3.1 Gen One
▪ Runs at 5 gigabits per second
USB 3.1 Gen Two
▪ Runs at 10 gigabits per second
USB 3.2 Gen 2x2
▪ Runs at 20 gigabits per second
USB 4
▪ The most modern version of USB and can run at 40 gigabits per second
▪ A USB 4 and a USB 3.2 gen 2x2 must have a shorter cable because that is
going to give the best performance
▪ The longer a cable, the more likelihood that the cable would not work as
efficiently, or even at all
● Type A
● Type C
● Type B
● Type B Mini
● Type B Micro
DVI
Used to support both analog and digital outputs
● DVI A - DVI A only supports analog signals,
● DVI D - DVI D only supports digital signals,
● DVI I - DVI I support both signals
VGA
▪ The graphic standard that used a 15-pin standard analog video interface
port that would connect to the computer
Thunderbolt
▪ Supports speeds of up to 40 gigabits per second for data transfer over
cables
Lightning Cable
▪ A specific proprietary connector that was created by apple their mobile
devices
SATA Cable
▪ The standard cables that are the main method of connecting a storage
device to a motherboard inside of a desktop computer
▪ The SATA cable has two cables, one is a seven-pin data cable, which does
not supply any power, and the other is a 15-pin SATA power connector to
provide the power to the device
▪ SATA version 1 can support speeds of up to 1.5 gigabits per second,
version 2 can support speeds of up 3 gigabits per second, and version 3
can support speeds of up to 6 gigabits per second
External SATA or ESATA
▪ A SATA cable on the outside of the case
PATA
▪ The old IDE connectors with the exact same cables and connectors and
standards but renamed for branding
▪ Parallel devices have each cable support up to two devices and they both
can communicate at the same time
Molex Power Connector
▪ A 4-pin connector that would attach from the power supply directly to a
device
SCIS
▪ A legacy parallel bus connector that allows multiple devices to be Daisy
chained together
▪ A narrow SCIS can support up to 7 devices, but a wide SCIS can support
up to 15 devices
Advanced Technology eXtended (ATX)
▪ Full-size motherboard and measures 12” x 9.6” in size (305mm x 244 mm)
Mini-ATX
▪ Smaller than ATX but contains the same features (11.2” x 8.2” / 284mm x
208 mm)
Micro-ATX (mATX)
▪ Measures 9.6 inches squared (244mm x 244mm)
▪ Micro-ATX is the same as ATX but only has 4 expansion card slots
Information Technology eXtended (ITX)
▪ Designed as a replacement for the ATX but never produced
Mini-ITX
▪ Measures 6.7” x 6.7” with only one expansion slot (170 x 170mm
squared)
● Mobile-ITX
CPU
▪ The brains of the computer that execute the different programing codes
in the software and firmware
▪ The CPU is performing the basic operations for every instruction in the
computer
▪ Once the processor has done the execution of the instruction, it will send
that information back to the memory so that it can be stored and used for
later use
X86
X86
▪ Can support a maximum of 4 gigabytes of Ram
X64
X64
▪ An extension of the X86 instruction set to be able to support 64-bit
operations
▪ 32 bit systems can only run 32 bit programs, but 64 bit processors can run
64 bit programs and 32 bit programs because they are fully backwards
compatible
Advanced RISC Machine (ARM)
▪ Used for low-power devices (tablets and cell phones)
● Extended battery life
● Produces less heat
▪ RISC systems use code to do tasks
CPU Sockets
ZIF
▪ The ability to insert the CPU without pressing down and applying
pressure to it
▪ If you bend, snap, or break a pin from a processor, the entire processor is
no longer functional
LGA Socket
▪ A form factor that positions all the pins to be able to connect the CPU
processor into the socket
PGA Form Factor
▪ The processor has the pins and the socket have holes which allows the
holes to align when installing the processor
Multi-Socket
▪ Multiple CPU’s or processors installed on a motherboard
▪ You cannot upgrade or change out the processor on a mobile device
▪ The two main types of CPU sockets are LGA, which is made by Intel, and
we have PGA, which has made by AMD.
CPU Features
Simultaneous Multithreading (SMT) / Hyper-threading
▪ Single stream of instructions is being sent by a software application to a
processor
▪ Manufacturers developed a way to allow software to run multiple parallel
threads at the same time
Symmetric Multiprocessing (SMP)
▪ Traditional workstation and servers have multiple processors
Multi-core Processors
▪ Single CPU with multiple processors inside
▪ Multiple processors have multiple cores inside the CPU
Dual-core Processor
▪ Two CPUs inside a single chip
Quad-core Processor
▪ Four CPUs inside a single chip
Hexa-core Processor
▪ Six CPUs inside a single chip
Octa-core Processor
▪ Eight CPUs inside a single chip
● Hyper-threading / SMT
● Symmetric Multiprocessing
● Multi-core Processors
● Virtualization
VT and AMD-V
provide processor extensions to support virtualization
Virtualization
Virtualization allows running multiple systems on a single physical host
▪ Extended Page Table (EPT)
● Intel
▪ Rapid Virtualization Indexing (RVI)
● AMD
PCIe (PCI Express) replaces PCI, PCI-X, and AGP
▪ PCIe x1
▪ PCIe x4
▪ PCIe x8
▪ PCIe x16
● PCIe x1 is used for modems, network cards, wireless cards,
input/output devices, and audio cards
● PCIe x16 is used for graphics cards
Thermal Load
▪ Heat from different components inside the computer
Passive Cooling
▪ Type of cooling that doesn’t rely on moving parts or power
Heat Sink
▪ Finned metal device that radiates heat away from the processor
Thermal Paste
▪ Compound that ensures heat transfer by eliminating air gaps
● Passive cooling requires no power to operate and is silent when
operating
Active Cooling
▪ Uses a fan to cool down the heat from the device
Closed Loop System (liquid cooling)
▪ Cooling of a single component
Open Loop System (liquid cooling)
▪ Liquid cooling based system of different components
Power supply unit (PSU)
Converts AC power from the wall jack to DC power for computers components
120V AC (Low Line Power)
▪ US-based power supply
230V AC (High Line Power)
▪ Europe and Asia power supply
Random Access Memory (RAM)
▪ Used to load applications and files into a non-persistent and fast storage
area
Cache
▪ High-speed memory
Storage
▪ Mass storage device that holds more data but is slower than a cache
Mass Storage Devices
▪ Permanent storage area
Random Access Memory (RAM) / System Memory
▪ Temporary storage area/non-persistent storage
Disk Cache
▪ Pulls the files from the disc into memory and replaces the old file
Dynamic RAM (DRAM)
▪ Oldest type of memory that requires frequent refreshing
● DRAM storage cell is dynamic
Synchronous DRAM (SDRAM)
▪ First memory module that operates at the same speed as the
motherboard bus (168-pin connector)
● PC66 (66 MHz bus)
● PC133 (133 MHz bus)
● PC266 (266 MHz bus)
Double Data Rate Synchronous Dynamic Random-Access Memory (DDR
SDRAM)
▪ Doubles the transfer speed of an SRAM module (184-pin connector)
Double Data Rate 2 Synchronous Dynamic Random-Access Memory (DDR2
SDRAM)
▪ Higher latency and has faster access to the external bus (240-pin
connector)
● PC2-4200
Double Data Rate 3 Synchronous Dynamic Random-Access Memory (DDR3
SDRAM)
▪ Runs at a lower voltage and at a higher speed than DDR2 (240 keyed pin
connector)
● PC3-10600
▪ DDR3 throughput is 6.4 to 17 GB/s with a maximum module size of 8GB
per memory module
Small Outline Dual In-line Memory Module (SODIMM)
▪ Classified as DDR3, DDR4, or DDR5
Multi-Channel Memory
▪ Uses two different memory modules to increase the performance and
throughput
Single-Channel
● Uses one memory module on one bus (64-bit data bus)
Dual-Channel
● Requires two memory modules and two memory slots on the
motherboard (128-bit data bus)
Triple-Channel
● Uses three memory modules and three memory slots (192-bit
data bus)
Quad-Channel
● Uses four memory modules and four memory slots (256-bit data
bus)
Multiple modules
● Give faster speeds and add memory for storage
Non-Parity Memory
▪ Standard memory that does not check for errors and allows data to be
put in or taken out
Parity Memory
▪ Performs basic error checking and ensures the memory contents are
reliable
● A parity check does basic calculation
o Every bit has an associated parity bit
▪ Bits can only be a zero or one
Error Correcting Code (ECC)
▪ Detects and corrects an error
Virtual Memory/Page File
▪ Space on a hard drive that is allocated by the OS and pretends to be
memory
DDR5
▪ Has an internal error checking for its modules
● DDR5 modules can still be sold as ECC or non-ECC modules
DDR4 and DDR5 have how many pins?
288
BIOS and UEFI
Basic Input/Output System (BIOS)
▪ Program that a CPU uses to start the computer system
▪ BIOS serves as a method of configuring the motherboard using a
text-based interface
Firmware
▪ Software on a chip and contains BIOS program code in the flash memory
of a motherboard
Unified Extensible Firmware Interface (UEFI)
▪ Supports 64 bit processors and provides a GUI
Read-Only Memory (ROM)
▪ Type of chip embedded in the motherboard and can be upgraded through
flashing
Power-On Self-Test (POST)
▪ Diagnostic testing sequence to check the computer’s basic input/output
system
BIOS/UEFI Security
- BIOS and UEFI are used during loading and booting up the OS
- Computers that rely on BIOS use MBR to hold the boot information
- Computers that rely on UEFI use GPT to hold the boot information
Trusted Platform Module (TPM)
▪ Specification for hardware-based storage of digital certificates, keys,
hashed passwords, and other user and platform identification
information
● TPM is a hardware RoT
● Secured boot-up
● Provides encryption
▪ A TPM can be managed in Windows via tpm.msc console
or through group policy
Hardware Root of Trust (RoT)
▪ Cryptographic module embedded in a computer system that endorses
trusted execution and attests to boot settings and metrics
Hardware Security Module (HSM)
▪ Appliance for generating and storing cryptographic keys that
is less susceptible to tampering and insider threats
Hard Disk Drive (HDD)
▪ Form of mass storage device
Mass Storage Device
▪ Non-volatile storage device that holds the data when the system
is powered down (GB or TB)
Redundant Array of Independent Disks (RAID)
▪ Combination of multiple physical hard disks that is recognized by the
operating system
RAID 0
RAID 0 is great for speed but provides no data redundancy
RAID 0 has no loss of space on the disks
RAID 1
RAID 1 provides full redundancy
Failure Resistant
▪ Protection against the loss of erased data (RAID 1/RAID 5)
Fault Tolerant
▪ Raid can function even when a hard drive fails (RAID 1/RAID 5/RAID 6)
Disaster Tolerant
▪ RAID with two independent zones with full data access (RAID 10)
▪ RAIDs provide redundancy and high-availability
Virtualization
▪ Host computer installed with a hypervisor that can be used to install and
manage multiple guest operating systems or virtual machines (VMs)
Type I Hypervisor (Bare Metal)
runs directly on the host hardware and functions as the
operating system
Type II Hypervisor
Runs within the normal operating system
VM Escape
▪ Threat attempts to get out of an isolated VM and send commands to the
underlying hypervisor
▪ VM escape is easier to perform on a Type II hypervisor than a Type I
hypervisor
VM Hopping
▪ Threat attempts to move from one VM to another on the same host
Sandbox Escape
▪ Occurs when an attacker circumvents sandbox protections to gain access
to the protected OS or other privileged processes
Live Migration
▪ Migrates the virtual machine from one host to another while it is running
▪ Ensure that live migration only occurs on a trusted network or utilizes
encryption
Data Remnants
▪ Leftover pieces of data that may exist in the hard drive which are no
longer needed
● Encrypt virtual machine storage location
● Destroy encryption key
VM Sprawl
Cloud Computing
▪ The practice of using a network of remote servers hosted on the Internet
Rapid Elasticity (cloud computing)
The ability to quickly scale up or down
● Elasticity is the system’s ability to handle changes to demand in
real time
Metered Utilization (cloud computing)
▪ Being charged for a service on a pay per use basis
▪ The benefit of using the cloud is that most things are done on a metered
basis
Measured Services (cloud computing)
▪ Charging is based upon the actual usage of the service being consumed
▪ Measured services are charged based on the actual usage of the service
being consumed
Public Cloud
▪ Systems and users interact with devices on public networks, such as the
Internet and other clouds
Shared Resources (cloud computing)
▪ The ability to minimize the costs by putting VMs on other servers
▪ Shared resources is pooling together all the hardware to make a cloud
provider
File Synchronization (cloud computing)
▪ The ability to store data that can spread to other places depending on the
configuration
Private Cloud
▪ Systems and users that only have access with other devices inside the
same private cloud or system
Hybrid Cloud
▪ Combination of private and public clouds
Community Cloud
▪ Collaborative effort where infrastructure is shared between several
organizations from a specific community with common concerns
Multitenancy
▪ The ability for customers to share computing resources in a public or
private cloud
Single-Tenancy
▪ Assigns a particular resource to a single organization
On-Premise Solution
▪ The need to to procure hardware, software, and personnel necessary to
run the organization’s cloud
▪ On-premise solution allows the ability to control all the physical and
logical access to servers
Hosted Solution
▪ Third-party service provider that provides all the hardware and facilities
needed to maintain a cloud solution
Hosted Model/ Desktop as a Service (DAAS)
▪ Maintained by a service provider and provided to the end user as a
service
Virtual Desktop Infrastructure (VDI)
▪ Hosts desktop OSs within a virtualized environment hosted by a
centralized server or server farm
Remote Virtual Desktop Model
▪ Copies the desktop image to a local machine prior to being used by the
end user
Personal Area Network (PAN)
▪ Smallest type of wired or wireless network and covers
the least amount of area
Local Area Network (LAN)
▪ Connects components within a limited distance
● Up to a few hundred feet
Campus Area Network (CAN)
▪ Connects LANs that are building-centric across a university, industrial
park, or business park
● Up to a few miles
Metropolitan Area Network (MAN)
▪ Connects scattered locations across a city or metro area
● Up to about 25 miles
Wide Area Network (WAN)
▪ Connects geographically disparate internal networks and consists of
leased lines or VPNs
● Worldwide coverage
Wireless Local Area Network (WLAN)
▪ A wireless distribution method for two or more devices that creates a
local area network using wireless frequencies
Storage Area Network (SAN)
▪ Provisions access to configurable pools of storage devices that can be
used by application server
Channel
▪ A virtual medium through which wireless networks can send and receive
data
● For the 2.4 GHz spectrum, there can be 11 or 14 channels
● Channels 1, 6, and 11 avoid overlapping frequencies in the 2.4
GHz band
● We can use 5.725-5.875 GHz to run our wireless networks in the 5
GHz band
● There are 24 non-overlapping channels in the 5 GHz band
What 802.11 standards use 5ghz
802.11a
-5GHz, 54Mbps
802.11n
-2.4 and 5GHz, 150Mbps/600Mbps (MIMO) WiFi-4
802.11ac
-5GHz, 6.9Gbps (MU-MIMO) WiFi-5
802.11X
-2.4, 5, 6GHz 9.6Gbps (MU-MIMO) WIFI-6
What 802.11 Standards are only 2.4Ghz
802.11b
-2.4Ghz 11Mbps
802.11g
-2.4Ghz 54Mbps
Multiple-Input and Multiple-Output (MIMO)
▪ Uses multiple antennas to send and receive data than it could with a
single antenna
Multiple User Multiple Input Multiple Output (MU-MIMO)
▪ Allows multiple users to access the wireless network and access point at
the same time
Radio Frequency Interference (RFI)
▪ Occurs when there are similar frequencies to wireless networks in the
area
Wired Equivalent Privacy (WEP)
▪ Original 802.11 wireless security standard which is an insecure security
protocol
▪ WEP uses 24-bit Initialization Vector (IV) sent in clear text
Wi-Fi Protected Access (WPA)
▪ Replaced WEP and follows the Temporal Key Integrity Protocol (TKIP)
▪ WPA uses 48-bit Initialization Vector (IV) instead of 24-bit
● Rivest Cipher 4 (RC4)
- For encryption
● Message Integrity Check (MIC)
- To confirm data was not modified in transit
Wi-Fi Protected Access 2 (WPA2)
▪ Created as part of IEEE 802.11i standard and requires stronger encryption
and integrity checking through CCMP
▪ Advanced Encryption Standard (AES)
- provides additional security by using a 128-bit key or
higher
MAC Address Filtering
▪ Configures an access point with a listing of permitted MAC addresses (like
an ACL)
Disabling SSID Broadcast
▪ Configures an access point not to broadcast the name of the wireless LAN
Cellular (wireless networks)
▪ Uses a larger antenna and a larger hotspot powered by a power outlet
within an office or home
Microwave
▪ Creates point to point connection between two or more buildings that
have longer distances
▪ A traditional microwave link can cover about 40 miles of distance
Satellite
▪ A long range and fixed wireless solution that can go for miles
● Low Earth Orbit
- Requires more satellites to cover the entire planet but
gives lower latency speeds
● Geosynchronous Orbit
- One satellite can cover a large portion of the Earth
- Geosynchronous orbit gives higher latency and lower
quality
Near Field Communication (NFC)
▪ Uses radio frequency to send electromagnetic charge containing the
transaction data over a short distance
Radio Frequency dentification (RFID)
▪ A form of radio frequency transmission modified for use in authentication
systems
Infrared Data (IrDA)
▪ Allows two devices to communicate using line of sight communication
in the infrared spectrum
Bluetooth
▪ Creates a personal area network over 2.4 GHz to allow for wireless
connectivity
Bluejacking
Sending unsolicited messages to a Bluetooth device
Bluesnarfing
Making unauthorized access to a device via Bluetooth
connection
BlueBorne
Allows the attacker to gain complete control over a device
without even being connected to the target device
Tethering
▪ Sharing cellular data Internet connection from a smartphone
to multiple other devices
▪ Only connect to trusted wireless networks
Fiber To The Curb (FTTC)
▪ Runs a fiber optic cable from an internet provider access point to a curb
Fiber To The Premises (FTTP)
▪ Fiber optic that connects directly to a building and connects to an optical
network terminal (ONT)
Optical Network Terminal (ONT)
▪ Physical devices that convert optical signals to electrical signals
Link/Network Interface Layer
▪ Responsible for putting frames in the physical network’s transmission media
▪ In the link/network interface layer, the data can only travel through the local area network
Internet Layer
▪ Used to address packets and route them across the network
Transport Layer
▪ Shows how to send the packets
● (TCP) Transmission Control Protocol
● (UDP) User Datagram Protocol
Application Layer
▪ Contains all the protocols that perform higher-level functions
● IPv4 Class A
1st octet starts 1-127
● IPv4 Class B
1st octet starts 128-191
● IPv4 Class C
1st octet starts 192-223
● IPv4 Class D
1st octet starts 224-239
● IPv4 Class E
1st octet starts 240-255
Public (Routable) IP Address
▪ Can be accessed over the Internet and is assigned to the network by an Internet service provider
Private (Non-Routable) IP Address
▪ Can be used by anyone any time, but only within their own local area network
▪ Private IP ranges include those that start with either 10, 172, or 192
Loopback Address (127.0.0.1)
▪ Creates a loopback to the host and is often used in troubleshooting and testing network protocols on a system
Automatic Private IP Addresses (APIPA)
▪ Used when a device does not have a static IP address or cannot reach a DHCP server
● 169.254.0.0 to 169.254.255.255
D iscover
O ffer
R equest
A cknowledge
Static Assignment
▪ Manually type the IP address for the host, its subnet mask, default gateway, and DNS server
▪ Static assignment of IP addresses is impractical on large enterprise networks
Dynamic Assignment
▪ Dynamic allocation of IP addresses (DHCP SERVER)
Domain Name System (DNS)
▪ Converts the domain names used by a website to the IP address of its server
▪ DNS is the internet version of a phone book
Windows Internet Name Service (WINS)
▪ Identifies NetBIOS systems on a TCP/IP network and converts those NetBIOS names to IP addresses
Bootstrap Protocol (BOOTP)
▪ Dynamically assigns IP addresses and allows a workstation to load a copy of boot image to the network
Dynamic Host Control Protocol (DHCP)
▪ Assigns an IP based on an assignable scope or addresses and provides the ability to configure other options
▪ 192.168.1.100 through 192.168.1.200
● Each IP is leased for a period of time and returns to the pool when the lease expires
Automatic Private IP Addressing (APIPA)
▪ Used when a device does not have a static IP address or cannot reach a DHCP server
▪ Allows for the quick configuration of a LAN without the need for a DHCP server
▪ APIPA-assigned devices cannot communicate outside the LAN or with non-APIPA devices
Zero Configuration (ZeroConf)
▪ New technology that provides the same features as APIPA
▪ Assign an IPv4 link-local address to a client
▪ Resolve computer names to IP addresses without the need for DNS by using mDNS (multicast domain name service)
▪ Perform service discovery on a network
● Windows
- Link-Local Multicast Name Resolution (LLMNR)
● Linux
-SystemD
Domain Name System (DNS)
▪ Helps network clients find a website using human-readable hostnames instead of numeric IP addresses
Fully Qualified Domain Name (FQDN)
▪ Domain name under a top-level provider Ex. is .UK .US .COM .NET
DNS Records
A - Links host name to an IPv4 address
AAAA - links a host name to an IPv6 address
CNAME - points a domain to another domain or sub domain - (CNAME records can only be used to point to another domain or subdomain, not to an IP address)
MX - directs e-mails to an email server
TXT - adds texts into a DNS
NAMESERVER - indicates which DNS name server has authority
DomainKeys Identified Mail (DKIM)
▪ provides the cryptographic authentication mechanism for mail using a public key published as a DNS record
Domain-based Message Authentication, Reporting & Conformance (DMARC)
▪ Framework that is used for proper application of SPF and DKIM, utilizing a policy that’s published as a DNS record
Nameserver
▪ Type of DNS server that stores all the DNS records for a given domain
Internal DNS
▪ Allows cloud instances on the same network access each other using internal DNS names
External DNS
▪ Records created around the domain names from a central authority and used on the public Internet
Time to Live (TTL)
▪ Tells the DNS resolver how long to cache a query before requesting a new one
DNS Resolver/DNS Cache
▪ Makes a local copy of every DNS entry it resolves as connected to websites
Recursive Lookup
▪ DNA server communicates with several other DNS servers to hunt down
the IP address and return to the client
Iterative Lookup
▪ Each DNS server responds directly to the client with an address for another DNS server that may have the correct IP address
Virtual Local Area Network (VLAN)
▪ Allows different logical networks to share the same physical hardware and provides added security and efficiency
Virtual Private Network (VPN)
▪ Extends a private network across a public network and enables sending and receiving data across shared or public networks
Full Tunnel VPN
▪ Routes and encrypts all network requests through the VPN connection back to the headquarters
Split Tunnel VPN
▪ Routes and encrypts only the traffic bound for the headquarters over the VPN, and sends the rest of the traffic to the regular Internet
Clientless VPN
▪ Creates a secure remote-access VPN tunnel using a web browser without requiring a software or hardware client
Secure Socket Layer (SSL)
▪ Provides cryptography and reliability using the upper layers of the OSI model (Layers 5, 6, and 7)
Transport Layer Security (TLS)
▪ Provides secure web browsing over HTTPS
Dual Stack
▪ Simultaneously runs both the IPv4 and IPv6 protocols on the same network devices
Tunneling
▪ Allows an existing IPv4 router to carry IPv6 traffic
● Simple Mail Transfer Protocol (SMTP)
o Port 25
o Provides the ability to send emails over the network
● Dynamic Host Control Protocol (DHCP)
o Ports 67, 68
o Automatically provides network parameters such as
assigned IP address, subnet mask, default gateway, and the
DNS server
● Domain Name Service (DNS)
o Port 53
o Converts domain names to IP addresses, and IP address
to domain names
● Hypertext Transfer Protocol (HTTP)
o Port 80
o Used for insecure web browsing
● Post Office Protocol Version Three (POP3)
o Port 110
o Used for receiving incoming emails
● Network Basic Input/Output System (NetBIOS)7
o Ports 137, 139
o Used for file or printer sharing in a Windows network
● Internet Mail Application Protocol (IMAP)
o Port 143
o A newer method of retrieving incoming emails which
improves upon the older POP3
● Simple Network Management Protocol (SNMP)
o Ports 161, 162
o Used to collect data about network devices and monitor
their status
● Lightweight Directory Access Protocol (LDAP)
o Port 389
o Used to provide directory services to your network
● Hypertext Transfer Protocol – Secure (HTTPS)
o Port 443
o Used as a secure and encrypted version of web browsing
▪ SSL (Secure Socket Layer)
▪ TLS (Transport Layer Security)
● Server Message Block (SMB)
o Port 445
o Used for Windows file and printer sharing services
● Remote Desktop Protocol (RDP)
o Port 3389
o Provides graphical remote control of another client or
server
o RDP provides a full graphical user interface
● TCP (Connection-Oriented)
o SSH, HTTP or HTTPS
● UDP (Connectionless)
o Audio, video streaming, DHCP, and TFTP
▪ Dynamic Host Control Protocol (DHCP)
● Ports 67, 68
● Automatically provides network parameters
such as assigned IP address, subnet mask,
default gateway, and the DNS server
▪ Trivial File Transfer Protocol (TFTP)
● Ports 69
● a connectionless protocol that uses UDP as
its transport
Server
▪ Can be configured to allow the clients on the network to access the network and be able to read and write to its disk (file share)
Print Server
▪ Another server that could be a physical workstation or network infrastructure that provides printing functionality
Windows-based file and print server
- Relies on the NetBIOS protocol or SMB
● Network Basic Input/Output System (NetBIOS) - Ports 137, 139
- Used for file or printer sharing in a Windows network
● Server Message Block (SMB) - Port 445
- Used for Windows file and printer sharing services
Samba
▪ Provides the ability for a Linux or Unix server to be able to host files or printers that can then be used by Windows clients running the SMB protocol
Web Servers
▪ Any server that provides access to a website
● HTTP
- Port 80
● HTTPS
- Port 443
Internet Information Services (IIS)
▪ Extensible web server software, created by Microsoft (HTTP, HTTP/2, and HTTPS)
Apache
▪ Most popular way to run a web server these days
NGINX
▪ Reverse proxy, load balancer, mail proxy, and HTTP cache
Uniform Resource Locator (URL)
▪ Combines the fully qualified domain name with a protocol at the beginning
● Simple Mail Transfer Protocol (SMTP)
- Specifies how emails should be delivered from one mail
domain to another - Send mail transfer protocol
- SMTP operates over port 25
● Post Office Protocol 3 (POP3)
- Older email protocol which operates over port 110
● Internet Message Access Protocol (IMAP)
- Mail retrieval protocol
- IMAP operates over port 143 and can connect to a server
and receive and read messages
● Microsoft Exchange
- Mailbox server environment designed for Windows-based
domain environments
802.1x
▪ Standardized framework used for port-based authentication on wired and
wireless networks
Authentication
▪ Occurs when a person’s identity is established with proof and is confirmed by the system
● Something you know
● Something you are
● Something you have
● Something you do
● Somewhere you are
Lightweight Directory Access Protocol (LDAP)
▪ A database used to centralize information about clients and objects on the network
o Active Directory (AD)A
▪ Used to organize and manage the network, including clients, servers, devices, users, and groups
Remote Authentication Dial-In User Service (RADIUS)
▪ Provides centralized administration of dial-up, VPN, and wireless
authentication services for 802.1x and the EAP
● RADIUS operates at the application layer
● RADIUS utilizes UDP for making connections
Terminal Access Controller Access-Control System Plus (TACACS+)
▪ Proprietary version of RADIUS that can perform the role of an authenticator in 802.1x networks
Authorization
▪ Occurs when a user is given access to a certain piece of data or certain areas of a building
Kerberos
▪ Authentication protocol used by Windows to provide for two-way (mutual) authentication using a system of tickets
▪ A domain controller can be a single point of failure for Kerberos
Telnet Port 23
▪ Sends text-based commands to remote devices and is a very old networking protocol
▪ Telnet should never be used to connect to secure devices
Secure Shell (SSH) Port 22
▪ Encrypts everything that is being sent and received between the client and the server
Remote Desktop Protocol (RDP) Port 3389
▪ Provides graphical interface to connect to another computer over a network connection
▪ Remote desktop gateway (RDG) creates a secure connection to tunnel into the RDP
Virtual Network Computing (VNC) Port 5900
▪ Designed for thin client architectures
Terminal Emulator (TTY)
▪ Any kind of software that replicates the TTY I/O functionality to remotely connect to a device
▪ TTY is the terminal or end point of the communication between the computer and the end-user
Syslog
▪ Enables different appliances and software applications to transmit logs to
a centralized server
▪ Syslog is the de facto standard for logging events
● PRI code (Priority code)
● Header
● Message
Proxy Server
▪ Devices that create a network connection between an end user’s client machine and a remote resource (web server)
● Increased network speed and efficiency
● Increased security
● Additional auditing capabilities
Load Balancer/ Content Switch
▪ Distributes incoming requests across a number of servers inside a server farm or a cloud infrastructure
▪ A load balancer is one of the key things to help defend against a DoS attack or a DDoS attack
Access Control List (ACL)
▪ Rule sets placed on the firewalls, routers, and other network devices that permit or allow traffic through a particular interface
▪ The actions are performed top-down inside of an ACL
● Top
- Specific rules
● Bottom
- Generic rules
Firewall
▪ Inspects and controls the traffic that is trying to enter or leave a network’s boundary
● Packet-filtering
● Stateful
● Proxy
● Dynamic packet-filtering
● Kernel proxy
Unified Threat Management (UTM)
▪ Provides the ability to conduct security functions within a single device or network appliance
