Video Content Lesson 8 Flashcards
Network Devices
Hubs Bridges Switches Routers Gateways Firewalls
Hubs
Operates at physical layer
often also called (concentrator, repeater, multistation access unit MAU)
works by (all inbound traffic is echoed to all connected devices) (produces lots of excess traffic on network)
Used to connect multiple LAN devices (an in Star typologies)
Bridges
Operates at Data-link layer
Forwards messages from one network segment to another network segment
Can filter traffic based on the data-link layer address
used to bridge two networks (can be using different protocols)
Switches
Operates at Data-link layer (some at network layer)
Only forward packets to the specific port where the destination machine is located
can be used to increase performance of network by decreasing network bandwidth utilization
Only sends message to one destination machine by looking at data-link layer address
parallel transmission is possible (machine A transmits to B while C to D)
Routers
Operates at network layer (generally)
Read network address (IP) of the destination and forward the packet to that network
work at higher level don’t need to bridge networks of different types
Gateways
generally software products
often used to translate between dissimilar network protocols (high level)
copy packets from one network protocol to another protocol
all the way to application layer filtering
Firewalls
several types of firewalls
generally operate at network layer (can at application)
can perform sophisticated or simplistic filtering
look at packets desiring to enter/exit network (does it make sense to let it through)
Most common first point of contact for attackers
Attackers look for ways through or around firewall
look for open ports
Firewalls
1st Generation 2nd and 3rd Generation 4th and 5th Generaion Packet Filtering Router Screened Host Dual-Homed Host Screened Subnet
1st Generation
Packet filtering
operates at network or transport layer
Examines source and target addresses and target port
uses ACLs to accept or deny packet (drop packet-don’t tell that it’s denied)
Easily fooled by spoofing
2nd and 3rd Generation
Application Layer Gateway filter (proxy) (2nd Gen)
Operates at Application layer
Copies packets from one network to another
Changes the source and destination address from original packet (protects the identity of the true source machine)
Can filter content of message
Stateful Inspection (3rd Gen)
Similar to 1st Gen but also looks at state of connection
if packet is part of previous connection will allow packet through as it is expected
4th and 5th Generaion
Dynamic Filtering (4th Gen)
Combination of Application Layer and stateful inspection firewalls
Rules can be determined dynamically
Works well with UDP traffic
UDP is a connectionless protocol
Every packet is a separate datagram and not part of a connection
Once you receive original UDP packet from source machine can make filtering and firewall rules
Kernel Proxy (5th Gen)
Multilevel firewall integrated into the OS kernel
Being an internal firewall it increases Performance and Security as it operates dynamically
Firewall Architecture (4 types)
1-Packet filtering router
2-Screened Host
3-Dual Homed Host
4-Screened Subnet (DMZ)
Packet Filtering Router
Oldest and most common
Firewall placed between untrusted and trusted networks
uses ACLs to determine whether or not to allow packets to pass through it (filter packets)
look at source, destination, port
filters incoming and outgoing packets
Screened Host
Packet filtering router plus application gateway (placed between untrusted and trusted networks)
Bastion Host is placed between firewall (router) and trusted network
Provides packet filtering and proxey services (filters higher level packets that make it through the firewall)
Dual-Homed Host
Similar to screen host, except bastion hast has two NICs
One NIC is connected to the trusted network
The other NIC is connected to the untrusted network
Also has 2 routers–Untrusted Network, Router, Bastion Host, Router, Trust Network
Allows Bastion Host to filter packets and copy to other network
Screened Subnet (DMZ)
Almost identical to Dual-Homed Host with addition of subnet attached to Bastion Host
This is where Web Server is placed
Port 80 and 443 (HTTPS) (HTTP)
Can make a secure connection between web server and trusted network
Security Protocols and Services
TCP-IP Network Layer Security Protocols Transport Layer Security Protocols Application Layer Security Protocols Multiple layers in OSI reference Model (each layer has different protocols)
TCP/IP
Transmission Control Protocol/Internet Protocol
Operates at Transport and Network Layers
This is the most common protocol
It is actually a suite-combination of two different layers and protocols
TCP (splits outbound messages into packets and passes packets down to the next layer, IP; Assembles inbound messages in the correct order into a message and passes it up to the next layer)
IP (Manages addressing the packets and getting them to their destination)
Network Layer
IPSec - ensures IP confidentiality and integrity; Uses either ESP (Encapsulation Security Payload) (for confidentiality) or AH (Authentication Header) (for authentication) to secure packets
Standard protocol used to implement VPNs
Operates in 2 modes- 1 Transport Mode (clear text header with encrypted payload) and 2 Tunnel mode (encrypted payload and header) primarily used to connect two different networks (use VPN connection to the gateways of networks)
Transport Layer
SWIPE (Network layer security protocol for IP (provides confidentiality, integrity, and availability))
SKIP (Simple Key Management for Internet Protocols) (provides high availability using encryption at transport level)
SSL (Secure Sockets Layer) (most commonly used for secure Web application communication) (communication for web browser to web server for secure communication)
TLS (Transport Layer Security) (replaced SSL) (implements secure communication through the use of encryption) (NOTE: Encryption ONLY takes place between the browser and web server)
Application Layer
S/MIME (Secure MIME)
Protocol that secures e-mail using the Rivest-Shamir-Adleman encryption system
SET (Developed by Visa and MasterCard to authenticate both sender and receiver; uses digital certificates and signatures to provide data confidentiality and integrity) (dual action, two-way protocol)
PEM (developed by IETF for secure e-mail)
SDLC-HDLC
Synchronous Data Link Control (SDLC) (Developed by IBM to ease connections to mainframe computers)(Submitted to ISO who took and expanded it to form HDLC)
High-level Data Link Control (HDLC)(Derived from SDLC, HDLC provides both point-to-point and multipoint configurations) USED for WAN and Mainframe connections
Frame Relay
High performance WAN protocol Cost efficient data transfer uses NO error correction if receive defective packet discard it and have it retransmitted cheaper to resend packet
ISDN
Integrated Services Digital Network (ISDN)
Service that allows voice and digital to b e combined on same channel
Combination of digital telephony and data trasport services
Target of this was small businesses
Allows voice and digital communication over existing wires
2 basic variations-1-Basic Rate Interface (BRI) and 2-Primary Rate Interface (PRI)
for Small business and large businesses
BRI got two 64-KB channels and one 16-KB channel or 128-KB Channel
PRI got twenty-three 64-KB channel and one 16-KB Channel (or mix as desired)
X.25
The first packet-switching network
Each packet can take a different route through a network (use smaller packets) (determine best route to take with least conjestion)
Point-to-point communication between DTE and DCE
DTE (Data Terminal Equipment) (your computer)
DCE (Data Circuit-terminating Equipment) (entry point to packet switch network)
Idea was that the X.25 would support a virtual connection between two Data Terminal Equipment Nodes
Security Techniques
Tunneling Network Monitors Transparency Hash Totals E-mail Security Facsimile Security Voice Communication
Tunneling
Use the Internet to create a virtual private line
PPTP and L2TP are common protocols
Tunneling almost always uses VPN
Encrypted connections over a public network creates creates a secure VPN
Network Monitors
Tunneling and VPNs are techniques used to set up a network environment to provide security
1-Network Monitors and 2-Packet Sniffer (Ensure security and monitor activity on the network) (Tools to capture and analyze network packets) (1-Analyze network traffic, 2-search for unauthorized packets, 3-detect anomalous activities
NAT (Network Address Translation) (on routers) (Translates nonroutable IP behind a firewall to routable addresses; hides true machine IP addresses) (192.168.. or 10.0.0.*)
Transparency
An OS feature that allows users to access resources without knowing whether the resource is local or remote
Mapped Drive
Printer (often configured as remote printers)
Makes it very easy to secure and centrally administer many data repositories, printers, modems, or other devices that multiple users need to access
Hash Totals
A mathematically generated unique value from a string of text (Used in cryptography and when file integrity must be ensured) Hash totals are used not only in end-to-end communication, but also in lower-level protocols to guarantee the integrity A hash total is a one-way type of algorithm Error Correction (adds more to each message; recipient can re-create original block of text; small or medium networks and large packets) Retransmission (small or large networks and small packets)
E-mail Security
e-mail protocols (SMTP-Simple Mail Transfer Protocol (forwards mail from one mail server to another mail server NOT to a client))
To download messages from a mail server to a client
POP (POP3) Post Office Protocol (automatically downloads all messages) (Therefore not able to access e-mail from another machine if already downloaded)
IMAP (Internet Message Access Protocol (allows you to view headers from e-mails to select which ones to download and remove from the server)
Mail Servers are the entry point into the e-mail system
Mail Client is the software for writing e-mail
Send mail to the mail server using SMTP protocol
Mail Server looks at the To: address and figures out where to send it next
When it reaches the destination it is head in queue until accessed or downloaded
Relay agents will relay messages from one mail server to another
Messages are very easily spoofed (e-mail, by default, is all text-based; be comfortable with how e-mail headers work and how to detect spoofed e-mails)
By default, e-mails sends in-the-clear payloads (clear, plain text)
Facsimile Security
Faxing can be insecure
The standards in place assume that every end-to-end fax will start off at an insecure fax macnine and end up at an insecure fax machine
Very few fax machines are capable of supporting secure encryptions mechanisms
Any images scanned may be stored
Physical access to receiving device
Without encryption, fax data can be intercepted and interpreted by any other machine
Voice Communication
Standard voice communication can be easy to intercept
When transmitting voice over digital media, it allows for the same security as sending regular messages (Ensure Confidentiality and Integrity
Voice over IP (VOIP)
Common Network Attacks
Network Abuses ARP DoS-DDoS Flooding Spoofing Spamming Eavesdropping Sniffers
Network Abuses
Class A - Unauthorized access of restricted network resources
Class B - Unauthorized use of network resources for nonbusiness purposes
Class C - Eavesdropping
Class D - Denial of Service and other distruptions
Class E - Network Intrusion
Class F - Probing (not illegal but like casing neighborhood)
ARP
Address Resolution Protocol (takes a MAC (Media Access Control) address (physical address) and relates that to an IP address
Every NIC has a hard-coded address (MAC)
ARP resolves MAC and IP addresses “Who is MAC address XXX? I am IP XXX.
Reverse ARP ask for IP “Tell me your MAC”
ARP table built
ARP table poisoning (having a MAC address sent to the wrong IP address)
DoS-DDoS
Denial of Service (Many variations; Basic goal is to render a machine/network unavailable)
Distributed Denial of Service
Similar to DoS attack, but the attacker uses multiple machines to launch the attack
This is reason to have firewall to limit packets coming in and being sent out
Flooding
Sending large numbers of packets to the victim machine SYN flood (Send multiple SYN packets without responding to the victim's ACKs)
Spoofing
Using counterfeit information to forge the sender’s identification (IP/MAC address or TCP sequence number (used to hijack sessions and launch DoS or DDoS attacks))
Spamming
Floods mail servers with useless messages
Eavesdropping
Reading messages not intended for you (Voice messages, e-mail messages, reassembled packets)
Sniffers
Easest way is to put a NIC in Promiscuous Mode
capturing packets that pass by
Defense is to make all packets encrypted