Core Technical Skills

Question 1

List 5 IP protocols

Answer 1

IPv4
IPv6
TCP
UDP
ICMP

Question 2

What is IPv4?

Answer 2

• composed of 32- bit address length

Question 3

Is the IP address
192.168.10.150
an example of IPv4 or IPv6

Answer 3

IPv4

Question 4

What is IPv6?

Answer 4

• composed of 128-bit address length
  -latest version of IP

Question 5

Is the IP address
002:0bd6:0000:0000:0000:ee00:0033:6778
an example of IPv4 or IPv6?

Answer 5

IPv6

Question 6

What are some technical differences between IPv4 and IPv6?

Answer 6

IPv6 has built in QoS (Quality of Service)
IPv6 has built in network security layer (IPSec)
IPv6 eliminates NAT(Network Address Translation) and allows end-to-end connectivity at IP layer
IPv6 has larger packet headers (2x size of IPv4)
Multicasting is part of base spec in IPv6 but optional in IPv4

Question 7

What is Multicasting?

Answer 7

Multicasting allows for the transmission of a packet to multiple destinations in a single operation

Question 8

What is TCP?

Answer 8

Transmission Control Protocol

• Transport protocol used on top of IP to ensure reliable transmission of packets
• TCP/IP is a suite of communication protocols used to interconnect network devices on the internet
• Connection-oriented protocol
• Can be thousands of packets

Question 9

What OSI Layer is TCP?

Answer 9

OSI Layer 4: Transport

Question 10

What is UDP?

Answer 10

User Datagram Protocol
- Communications protocol that establishes low-latency and loss-tolerating connections between applications on the internet
- UDP speeds up transmissions by not formally establishing a connection before data is transferred

Question 11

What OSI Layer is UDP?

Answer 11

OSI Layer 4: Transport

Question 12

What is ICMP?

Answer 12

Internet Control Message Protocol
- Used by devices like routers, to communicate with data packet source about transmission issues.
—- if a datagram isn’t delivered, ICMP will report back to the host with details to find out where the transmission went wrong.

• ICMP gives TCP/IP a way to handle errors
• ICMP is a single packet - never more than one

Question 13

What OSI Layer is ICMP?

Answer 13

OSI Layer 3: Network

Question 14

What is 10/100/1000 BaseT?

Answer 14

To break down 10/100/1000 ethernet - we get 10 Megabits, 100 Megabits, and 1000 Megabits

1000BASE-T is Gigabit ethernet. 100BASE-T is Fast ethernet.

Question 15

What are implications of Cat5, 5e, 6, 7 Ethernet Cables?

Answer 15

Implications: A strong magnet near a cable can interfere communications. We can also do cable splicing on a cable to preform man-in-the-middle attacks.

Question 16

What is Cat 5/Fibre?

Answer 16

• Category 5 networking cable consisting of four twisted pairs of copper wire terminated with RJ45 connectors.
  -Supports frequencies up to 100MHz and speeds up to 1000Mbps
• Can be used for ATM, token ring, 10/100/1000Base-T networking

Question 17

What is CAT5e?

Answer 17

• Category 5 enhanced
• Used for 10/100/1000Base-T networks.
• Four unshielded twisted pairs (UTP) of copper wire terminated by RJ45 connectors

Question 18

What is CAT6?

Answer 18

• Four unshielded twisted pairs (UTP) of copper wire terminated by RJ45 connectors
• Can be used for ASE-T, 10/100/1000Base-T networks

Question 19

What is a Token Ring network?

Answer 19

• Used to build LANs
• A data link for a LAN where all devices are connected in a ring or star topology and pass one or more token from host to host

Question 20

What is a token?

Answer 20

A token is a frame of data transmitted between network points

Question 21

What is wireless 802.11?

Answer 21

Technical standard for wireless local area network.

IEEE 802.11 uses various frequencies including, but not limited to, 2.4 GHz, 5 >GHz, 6 GHz, and 60 GHz frequency bands.

Question 22

What is VLAN?

Answer 22

Virtual Local Area Network

• Often used to separate portions of users or servers
• VLAN enables this to be run on a single network hardware, without having geographical limitations.

Question 23

What are some security implications of shared media, switched media and VLANs?

Answer 23

• We use VLANs for access control. A person from the guest network cannot access any data on the Sales Department
  This also means that if the sales department suffers an attack, the executive department is safe, even though they are in the same office.

Advanced settings can allow some cross communication/

Question 24

What tool and command would be used to analyse the output after mapping the route between engagement point and number of targets?

Answer 24

Nmap

nmap <target_ip></target_ip>

netcat or telnet can talk directly to the port to confirm scan results

Question 25

3 common network tools
(port scanners, network sniffers and other network enumeration tools)

Answer 25

• nmap
• wireshark
• tcpdump

Question 26

What is Ingress Filtering?

Answer 26

Monitors, controls and restricts traffic entering a network with the objective of ensuring only legitimate traffic is allowed to enter and unauthorised or malicious traffic is prevented from doing so.

Question 27

What is Egress Filtering?

Answer 27

Monitors, controls and restricts traffic leaving a network with the objective of ensuring only legitimate traffic is allowed to leave and unauthorised or malicious traffic is prevented from doing so.
This is important to prevent attackers from attaining reverse shells.

Question 28

What is Active Fingerprinting?

Answer 28

Directly sending packets to find information about a device.
- e.g. nmap is active fingerprinting

• When we see NetBIOS, SMB, MSRPC services running - we can assume it’s a windows machine
• Likely to be caught by intrusion prevention/detection systems

Question 29

What is Passive Fingerprinting?

Answer 29

Uses sniffing instead as less likely to be detected
- wireshark - good for manual analysis
- NetworkMiner - good for automatic extraction of files, emails, etc.

Question 30

Determining server types and network application versions from application banners. Evaluation of responsive but unknown network applications.

Answer 30

Netcat, telnet

nc<target_ip><target_port>
telnet <target_ip><target_port></target_port></target_ip></target_port></target_ip>

For SMTP - we send HELO or EHLO and if there’s a response, it’s confirmed it’s an SMTP or ESMTP service

For Web - we can send GET /HTTP/1.1 to see if there’s a HTTP response or not

Question 31

What is a Network Access Control?

Answer 31

A NAC system can deny network access to non compliant devices, place them in quarantine or give them restricted access to computing resources, keeping insecure nodes from infecting the network.

Question 32

What is Encoding?

Answer 32

• A command ‘language’ to format data so different devices, services and applications can understand each other.
• ASCII is an encoding format, which can be used to encode alphabets and symbols into HTML format so browsers know how to display them.
• Encoding is not meant for security.

Question 33

What is encryption?

Answer 33

• Encryption is meant for security.
• Data can be locked with a key or passphrase - the receiver of the data needs the key to decrypt and access the data

Question 34

What is Symmetric Encryption?

Answer 34

Both sender and receiver use the same key to encrypt data - e.g. caesars cipher

Question 35

What is Asymmetric Encryption?

Answer 35

• Uses maths to produce public and private key - public-key cryptography

—A has private and public key
—A sends public key to B
—B encrypts data with public key and sends back to A
—A decrypts the ciphertext with the private key

^ This is more secure- even if public key is stolen - data cant be viewed without private key
- If private key is stolen - security of the data is compromised

• Often used in current web technologies such as HTTPS. Encryption algorithms - RSA

Question 36

What are 10 Encryption Algorithms?

Answer 36

• DES (Data Encryption Standard)
• 3DES (Triple DES)
• AES (Advanced Encryption Standard)
• RSA
• RC4
• Hashing
• MD5
• SHA-1
• SHA-2,3
• HMAC

Question 37

What does DES stand for? Is is symmetric or asymmetric encryption?

Answer 37

Data Encryption Standard
Symmetric encryption

Question 38

What is 3DES?
- symmetric or asymmetric encryption?

Answer 38

Triple DES
- Modern and more secure version of DES
- Popular in electronic payment industries
-Symmetric encryption

Question 39

Advanced Encryption Standards (AES) Key Sizes?

Answer 39

• AES 128 bits
• AES 192 bits
• AES 256 bits

Question 40

RSA
commonly used for?
symmetric or asymmetric encryption?

Answer 40

SSL, HTTPS web technologies
Asymmetric encryption

Question 41

What is RC4 encryption?

Answer 41

Insecure
Removed from use in TLS in 2015

Question 42

Hashing?
Commonly used for?

Answer 42

• Used for error checking in data, amongst other users
• Save passwords as hashed
• When data is hashed it cannot be unhashed.

Question 43

MD5?
Commonly used for?

Answer 43

• weak hashing
• not recommended for saving passwords
• used for error checking
• turns words into strings

Question 44

SHA
SHA-1
SHA2,3

Answer 44

• SHA-1 is considered weak
• SHA-2 and 3 are updated versions of SHA
• SHA-256 and SHA-512 from 2021

Question 45

HMAC
Commonly used for?

Answer 45

• Authenticating messages

Question 46

Applications of Cryptography
What is:
Secure Sockets Layer (SSL) / Transport Layer Security (TLS)

Answer 46

• SSL 3.0 now vulnerable
• Replaced with TLS
• TLS 1.3 latest version (2018)
• SSL/TLS used to secure web traffic for HTTPS
• SSL/TLS used to generate a certificate for use

Question 47

Applications of Cryptography
What is:
Internet Protocol Security (IPSec)

Answer 47

• Secure network protocol suite to authenticate and encrypt packets of data to provide secure encrypted communication between computers over IP network
• used in VPNs
• common VPN tunnelling protocol - other one is TLS/SSL

Question 48

Applications of Cryptography
What is:
Secure-Shell (SSH)

Answer 48

• Used for remote access to a server/computer

Question 49

Applications of Cryptography
What is:
Pretty Good Privacy (PGP)

Answer 49

• Encryption program to encrypt emails and hard drive disks
• Verifies id of sender

Question 50

Linux File System Permissions Command

Answer 50

ls -la
—— Lists files with attributes
——Owner-group-others
——-777

Question 51

Windows File System Permissions Command

Answer 51

lcacls <file_path></file_path>

Question 52

Audit Techniques (accessing patch levels)
Linux commands:

Answer 52

uname -a
ps-aux
sudo lsof -l -P -n | grep LISTEN
netstat -ano

Question 53

Audit Techniques (accessing patch levels)
Windows commands:

Answer 53

gen info:
systeminfo

Patch Level:
wmic qfe get Caption, Description, HotFixID, InstalledOn

Services:
wmic service list brief

Network status and services:
Netstat -ano