Video Content Lesson 8

Question 2

Network Devices

Answer 2

Hubs
Bridges
Switches
Routers
Gateways
Firewalls

Question 3

Hubs

Answer 3

Operates at physical layer
often also called (concentrator, repeater, multistation access unit MAU)
works by (all inbound traffic is echoed to all connected devices) (produces lots of excess traffic on network)
Used to connect multiple LAN devices (an in Star typologies)

Question 4

Bridges

Answer 4

Operates at Data-link layer
Forwards messages from one network segment to another network segment
Can filter traffic based on the data-link layer address
used to bridge two networks (can be using different protocols)

Question 5

Switches

Answer 5

Operates at Data-link layer (some at network layer)
Only forward packets to the specific port where the destination machine is located
can be used to increase performance of network by decreasing network bandwidth utilization
Only sends message to one destination machine by looking at data-link layer address
parallel transmission is possible (machine A transmits to B while C to D)

Question 6

Routers

Answer 6

Operates at network layer (generally)
Read network address (IP) of the destination and forward the packet to that network
work at higher level don’t need to bridge networks of different types

Question 7

Gateways

Answer 7

generally software products
often used to translate between dissimilar network protocols (high level)
copy packets from one network protocol to another protocol
all the way to application layer filtering

Question 8

Firewalls

Answer 8

several types of firewalls
generally operate at network layer (can at application)
can perform sophisticated or simplistic filtering
look at packets desiring to enter/exit network (does it make sense to let it through)
Most common first point of contact for attackers
Attackers look for ways through or around firewall
look for open ports

Question 9

Firewalls

Answer 9

1st Generation
2nd and 3rd Generation
4th and 5th Generaion
Packet Filtering Router
Screened Host
Dual-Homed Host
Screened Subnet

Question 10

1st Generation

Answer 10

Packet filtering
operates at network or transport layer
Examines source and target addresses and target port
uses ACLs to accept or deny packet (drop packet-don’t tell that it’s denied)
Easily fooled by spoofing

Question 11

2nd and 3rd Generation

Answer 11

Application Layer Gateway filter (proxy) (2nd Gen)
Operates at Application layer
Copies packets from one network to another
Changes the source and destination address from original packet (protects the identity of the true source machine)
Can filter content of message
Stateful Inspection (3rd Gen)
Similar to 1st Gen but also looks at state of connection
if packet is part of previous connection will allow packet through as it is expected

Question 12

4th and 5th Generaion

Answer 12

Dynamic Filtering (4th Gen)
Combination of Application Layer and stateful inspection firewalls
Rules can be determined dynamically
Works well with UDP traffic
UDP is a connectionless protocol
Every packet is a separate datagram and not part of a connection
Once you receive original UDP packet from source machine can make filtering and firewall rules
Kernel Proxy (5th Gen)
Multilevel firewall integrated into the OS kernel
Being an internal firewall it increases Performance and Security as it operates dynamically

Question 13

Firewall Architecture (4 types)

Answer 13

1-Packet filtering router
2-Screened Host
3-Dual Homed Host
4-Screened Subnet (DMZ)

Question 14

Packet Filtering Router

Answer 14

Oldest and most common
Firewall placed between untrusted and trusted networks
uses ACLs to determine whether or not to allow packets to pass through it (filter packets)
look at source, destination, port
filters incoming and outgoing packets

Question 15

Screened Host

Answer 15

Packet filtering router plus application gateway (placed between untrusted and trusted networks)
Bastion Host is placed between firewall (router) and trusted network
Provides packet filtering and proxey services (filters higher level packets that make it through the firewall)

Question 16

Dual-Homed Host

Answer 16

Similar to screen host, except bastion hast has two NICs
One NIC is connected to the trusted network
The other NIC is connected to the untrusted network
Also has 2 routers–Untrusted Network, Router, Bastion Host, Router, Trust Network
Allows Bastion Host to filter packets and copy to other network

Question 17

Screened Subnet (DMZ)

Answer 17

Almost identical to Dual-Homed Host with addition of subnet attached to Bastion Host
This is where Web Server is placed
Port 80 and 443 (HTTPS) (HTTP)
Can make a secure connection between web server and trusted network

Question 18

Security Protocols and Services

Answer 18

TCP-IP
Network Layer Security Protocols
Transport Layer Security Protocols
Application Layer Security Protocols
Multiple layers in OSI reference Model (each layer has different protocols)

Question 19

TCP/IP

Answer 19

Transmission Control Protocol/Internet Protocol
Operates at Transport and Network Layers
This is the most common protocol
It is actually a suite-combination of two different layers and protocols
TCP (splits outbound messages into packets and passes packets down to the next layer, IP; Assembles inbound messages in the correct order into a message and passes it up to the next layer)
IP (Manages addressing the packets and getting them to their destination)

Question 20

Network Layer

Answer 20

IPSec - ensures IP confidentiality and integrity; Uses either ESP (Encapsulation Security Payload) (for confidentiality) or AH (Authentication Header) (for authentication) to secure packets
Standard protocol used to implement VPNs
Operates in 2 modes- 1 Transport Mode (clear text header with encrypted payload) and 2 Tunnel mode (encrypted payload and header) primarily used to connect two different networks (use VPN connection to the gateways of networks)

Question 21

Transport Layer

Answer 21

SWIPE (Network layer security protocol for IP (provides confidentiality, integrity, and availability))
SKIP (Simple Key Management for Internet Protocols) (provides high availability using encryption at transport level)
SSL (Secure Sockets Layer) (most commonly used for secure Web application communication) (communication for web browser to web server for secure communication)
TLS (Transport Layer Security) (replaced SSL) (implements secure communication through the use of encryption) (NOTE: Encryption ONLY takes place between the browser and web server)

Question 22

Application Layer

Answer 22

S/MIME (Secure MIME)
Protocol that secures e-mail using the Rivest-Shamir-Adleman encryption system
SET (Developed by Visa and MasterCard to authenticate both sender and receiver; uses digital certificates and signatures to provide data confidentiality and integrity) (dual action, two-way protocol)
PEM (developed by IETF for secure e-mail)

Question 23

SDLC-HDLC

Answer 23

Synchronous Data Link Control (SDLC) (Developed by IBM to ease connections to mainframe computers)(Submitted to ISO who took and expanded it to form HDLC)
High-level Data Link Control (HDLC)(Derived from SDLC, HDLC provides both point-to-point and multipoint configurations) USED for WAN and Mainframe connections

Question 24

Frame Relay

Answer 24

High performance WAN protocol
Cost efficient data transfer
uses NO error correction
if receive defective packet discard it and have it retransmitted
cheaper to resend packet

Question 25

ISDN

Answer 25

Integrated Services Digital Network (ISDN)
Service that allows voice and digital to b e combined on same channel
Combination of digital telephony and data trasport services
Target of this was small businesses
Allows voice and digital communication over existing wires
2 basic variations-1-Basic Rate Interface (BRI) and 2-Primary Rate Interface (PRI)
for Small business and large businesses
BRI got two 64-KB channels and one 16-KB channel or 128-KB Channel
PRI got twenty-three 64-KB channel and one 16-KB Channel (or mix as desired)

Question 26

X.25

Answer 26

The first packet-switching network
Each packet can take a different route through a network (use smaller packets) (determine best route to take with least conjestion)
Point-to-point communication between DTE and DCE
DTE (Data Terminal Equipment) (your computer)
DCE (Data Circuit-terminating Equipment) (entry point to packet switch network)
Idea was that the X.25 would support a virtual connection between two Data Terminal Equipment Nodes

Question 27

Security Techniques

Answer 27

Tunneling
Network Monitors
Transparency
Hash Totals
E-mail Security
Facsimile Security
Voice Communication

Question 28

Tunneling

Answer 28

Use the Internet to create a virtual private line
PPTP and L2TP are common protocols
Tunneling almost always uses VPN
Encrypted connections over a public network creates creates a secure VPN

Question 29

Network Monitors

Answer 29

Tunneling and VPNs are techniques used to set up a network environment to provide security
1-Network Monitors and 2-Packet Sniffer (Ensure security and monitor activity on the network) (Tools to capture and analyze network packets) (1-Analyze network traffic, 2-search for unauthorized packets, 3-detect anomalous activities
NAT (Network Address Translation) (on routers) (Translates nonroutable IP behind a firewall to routable addresses; hides true machine IP addresses) (192.168.. or 10.0.0.*)

Question 30

Transparency

Answer 30

An OS feature that allows users to access resources without knowing whether the resource is local or remote
Mapped Drive
Printer (often configured as remote printers)
Makes it very easy to secure and centrally administer many data repositories, printers, modems, or other devices that multiple users need to access

Question 31

Hash Totals

Answer 31

A mathematically generated unique value from a string of text (Used in cryptography and when file integrity must be ensured)
Hash totals are used not only in end-to-end communication, but also in lower-level protocols to guarantee the integrity
A hash total is a one-way type of algorithm
Error Correction (adds more to each message; recipient can re-create original block of text; small or medium networks and large packets)
Retransmission (small or large networks and small packets)

Question 32

E-mail Security

Answer 32

e-mail protocols (SMTP-Simple Mail Transfer Protocol (forwards mail from one mail server to another mail server NOT to a client))
To download messages from a mail server to a client
POP (POP3) Post Office Protocol (automatically downloads all messages) (Therefore not able to access e-mail from another machine if already downloaded)
IMAP (Internet Message Access Protocol (allows you to view headers from e-mails to select which ones to download and remove from the server)
Mail Servers are the entry point into the e-mail system
Mail Client is the software for writing e-mail
Send mail to the mail server using SMTP protocol
Mail Server looks at the To: address and figures out where to send it next
When it reaches the destination it is head in queue until accessed or downloaded
Relay agents will relay messages from one mail server to another
Messages are very easily spoofed (e-mail, by default, is all text-based; be comfortable with how e-mail headers work and how to detect spoofed e-mails)
By default, e-mails sends in-the-clear payloads (clear, plain text)

Question 33

Facsimile Security

Answer 33

Faxing can be insecure
The standards in place assume that every end-to-end fax will start off at an insecure fax macnine and end up at an insecure fax machine
Very few fax machines are capable of supporting secure encryptions mechanisms
Any images scanned may be stored
Physical access to receiving device
Without encryption, fax data can be intercepted and interpreted by any other machine

Question 34

Voice Communication

Answer 34

Standard voice communication can be easy to intercept
When transmitting voice over digital media, it allows for the same security as sending regular messages (Ensure Confidentiality and Integrity
Voice over IP (VOIP)

Question 35

Common Network Attacks

Answer 35

Network Abuses
ARP
DoS-DDoS
Flooding
Spoofing
Spamming
Eavesdropping
Sniffers

Question 36

Network Abuses

Answer 36

Class A - Unauthorized access of restricted network resources
Class B - Unauthorized use of network resources for nonbusiness purposes
Class C - Eavesdropping
Class D - Denial of Service and other distruptions
Class E - Network Intrusion
Class F - Probing (not illegal but like casing neighborhood)

Question 37

ARP

Answer 37

Address Resolution Protocol (takes a MAC (Media Access Control) address (physical address) and relates that to an IP address
Every NIC has a hard-coded address (MAC)
ARP resolves MAC and IP addresses “Who is MAC address XXX? I am IP XXX.
Reverse ARP ask for IP “Tell me your MAC”
ARP table built
ARP table poisoning (having a MAC address sent to the wrong IP address)

Question 38

DoS-DDoS

Answer 38

Denial of Service (Many variations; Basic goal is to render a machine/network unavailable)
Distributed Denial of Service
Similar to DoS attack, but the attacker uses multiple machines to launch the attack
This is reason to have firewall to limit packets coming in and being sent out

Question 39

Flooding

Answer 39

Sending large numbers of packets to the victim machine
SYN flood (Send multiple SYN packets without responding to the victim's ACKs)

Question 40

Spoofing

Answer 40

Using counterfeit information to forge the sender’s identification (IP/MAC address or TCP sequence number (used to hijack sessions and launch DoS or DDoS attacks))

Question 41

Spamming

Answer 41

Floods mail servers with useless messages

Question 42

Eavesdropping

Answer 42

Reading messages not intended for you (Voice messages, e-mail messages, reassembled packets)

Question 43

Sniffers

Answer 43

Easest way is to put a NIC in Promiscuous Mode
capturing packets that pass by
Defense is to make all packets encrypted