Network & Protocols

Question 1

Router

Answer 1

• Routers are “network traffic management devices used to connect different network segments together.”
• Routers are located at gateways where two or more networks connect. They look at each packet and its destination address, and then determine optimal paths across a network.

Question 2

Switch

Answer 2

• Routers operate at the network layer (layer 3) of the OSI model. Switches operate at the data link layer (layer 2). Switches connect together devices on a network.

Note: They pose a security risk because access means that an attacker can eavesdrop on all communications. Similar to routers, switches also have insecure methods of access (notably Telnet or older versions of SNMP, use SNMPv3 instead).

Question 3

Access Control lists (ACL)

Answer 3

Routers use access control lists (ACL) to determine if a packet should be allowed to enter a network, based on its source address.

Question 4

Anti-Spoofing

Answer 4

Routers have insight into expected source IP addresses, so they can check the stated source IP address, which might be spoofed.

Question 5

Port Security

Answer 5

• As switches move packets from inbound connections to outbound connections, it’s possible for them to inspect the packet headers.
• Port security means that switches can control which devices connect on each port via allowed MAC addresses (still, they can be spoofed).

Question 6

Loop Prevention

Answer 6

Switches use Open Shortest Path First (OSPF) to route traffic and the Spanning Tree Protocol (STP) to avoid loops.

Question 7

Flood Guard

Answer 7

Switches also commonly have flood guards to protect against flooding attacks.

Question 7

Proxy

Answer 7

Proxy servers are a way of filtering traffic and can be used to further the security goals of an organization. A proxy intercepts requests from a client and either forwards them to their intended destination.

Question 8

Forward and reverse proxy

Answer 8

• Proxies can be forward, meaning that they intercept a request and then forward them to the destination.
• They can be reverse, meaning that they’re installed on the server-side of a connection and intercept incoming requests.

Question 9

Anonymizing Proxies

Answer 9

Anonymizing proxies hide information about the client making the request.

Question 10

Load Balancer

Answer 10

Load balancers move loads across several resources. This helps to avoid overloading a server and helps increase fault tolerance. Load balancing is easiest in stateless systems.

Question 11

Affinity Based Load Balancer

Answer 11

This means a host connects to the same server across a given session.

Question 12

Round-robin Load Balancer

Answer 12

This means that each new request goes to a new server in rotation.

Question 13

Active-passive Load Balancer

Answer 13

Load balancers can be active-passive, meaning that one system is balancing everything.

Question 14

Access Point (AP)

Answer 14

Wireless access points (APs) are “the point of entry and exit for radio-based network signals into and out of a network.”

Question 14

Active-active Load Balancer

Answer 14

Active-active means that all the load balancers are active at once.

Question 15

SSID

Answer 15

• An SSID is a service set identifier. This is a unique identifier for a network, at most 32 characters.
• When a client wants to join the network, they have to perform a handshake to associate with an AP.

Question 16

MAC Filtering

Answer 16

AP:s can use MAC filtering for handshake.

Question 17

Signal Strength

Answer 17

The transmitting power of the AP, as well as the physical environment can play a role in signal strength.

Question 18

Band Selection/Width

Answer 18

Capacity of the AP.

Question 19

Fat/Thin Access Point

Answer 19

• Access points can be “fat” (standalone) or “thin” (controller-based).
• Standalone often includes encryption, authentication and channel management capabilities. Controller-based makes it easier to have centralized management.

Question 20

Border Gateway Protocol (BGP)

Answer 20

BGP makes the internet work. This routing protocol controls how packets pass through routers in an autonomous system (AS) – one or multiple networks run by a single organization or provider – and connect to different networks.

Question 20

Adress Resolution Protocol (ARP)

Answer 20

ARP translates IP addresses to MAC addresses and vice versa so LAN endpoints can communicate with one another.

Question 21

Domain name system (DNS)

Answer 21

DNS is a database that includes a website’s domain name and its corresponding IP addresses.

Question 22

Dynamic Host Configuration Protocol (DHCP)

Answer 22

DHCP assigns IP addresses to network endpoints so they can communicate with other network endpoints over IP.

Question 23

File Transfer Protocol (FTP)

Answer 23

FTP is a client-server protocol, with which a client requests a file and the server supplies it. FTP runs over TCP/IP – a suite of communications protocols – and requires a command channel and a data channel to communicate and exchange files

Question 24

Hypertext Transfer Protocol (HTTP/HTTPS)

Answer 24

• A file sharing protocol that runs over TCP/IP. HTTP primarily works over web browsers and is commonly recognizable for most users
• Another form of HTTP is HTTPS, which stands for HTTP over Secure Sockets Layer or HTTP Secure that encrypt a user’s HTTP requests and webpages.

Question 25

Transmission Control Protocol (TCP)

Answer 25

TCP is the other half of TCP/IP and arranges packets in order so IP can deliver them. Specifically, TCP numbers individual packets because IP can send packets to their destinations through different routes and get them out of order, so TCP amends this before IP delivers the packets.

Question 25

Simple Mail Transfer Protocol (SMTP)

Answer 25

SMTP is the most popular email protocol, is part of the TCP/IP suite and controls how email clients send users’ email messages.

Question 26

Internet Protocol (IP)

Answer 26

When users send and receive data from their device, the data gets spliced into packets. Packets are like letters with two IP addresses: one for the sender and one for the recipient.

Question 27

User Datagram Protocol (UDP)

Answer 27

UDP is an alternative to TCP and also works with IP to transmit time-sensitive data. UDP enables low-latency data transmissions between internet applications, making it ideal for VoIP or other audio and video requirements.

Question 28

OSI Model

Answer 28

• The Open Systems Interconnection (OSI) model describes seven layers that computer systems use to communicate over a network.
• The modern Internet is not based on OSI, but on the simpler TCP/IP model. However, the OSI 7-layer model is still widely used, as it helps visualize and communicate how networks operate, and helps isolate and troubleshoot networking problems.

Question 29

Application Layer 7 (OSI)

Answer 29

Human computer interaction layer where applications can access the network services.

Question 30

Presentation Layer 6 (OSI)

Answer 30

Ensures that data is in a usable format and is where data encryption occurs.

Question 31

Session Layer 5 (OSI)

Answer 31

Maintains connections and is responsible for controlling ports and sessions.

Question 32

Transport Layer 4 (OSI)

Answer 32

Transmits data using transmission protocols including TCP and UDP.

Question 33

Network Layer 3 (OSI)

Answer 33

Decides which physical path the data will take.

Question 34

Data Link Layer 2 (OSI)

Answer 34

Defines the format of data on the network.

Question 35

Physical Layer 1 (OSI)

Answer 35

Transmits raw bit stream over the physical medium.