Advanced Networks

Question 1

Modulation

Answer 1

The encoding of data in a radio wave

Question 2

Carrier Signal

Answer 2

The basis upon which information is superimposed allowing for transmission of data

Question 3

AM

Answer 3

Amplitude Modulation

Varies the amplitude of a carrier signal to encode the message signal

Question 4

ASK

Answer 4

Amplitude Shift Keying

Toggles the amplitude of the carrier signal depending on the message signal

Question 5

FSK

Answer 5

Frequency Shift Keying

Toggles the frequency of the carrier signal between two distinct values depending on the message signal (0 or 1)

Question 6

PSK

Answer 6

Phase Shift Keying

Toggles the phase of a carrier signal depending on the digital signal

Question 7

Binary PSK

Answer 7

Toggles the phase between two states to encode 1 bit (2 states)

Question 8

Quadrature PSK

Answer 8

Toggles the phase between four states to encode 2 bits (4 states)

Question 9

Eight-PSK

Answer 9

Toggles the phase between eight states to encode 3 bits (8 states)

Question 10

QAM

Answer 10

Quadrature Amplitude Modulation

Varies both the phase and amplitude of the to improve bandwidth efficiency

Question 11

FDMA

Answer 11

Frequency Division Multiple Access

Divides a band into channels and assigns each user a channel

Question 12

(Dynamic) TDMA

Answer 12

Time Division Multiple Access

Divides time into slots and allocates each user a time slot

Guard Periods may help space out time slots

Dynamic TDMA considers user requirements and allocates multiple time slots if necessary

Question 13

CDMA

Answer 13

Code Division Multiple Access

Uses orthogonal modulation codes to allow multiple transmissions over the same frequency bands

Question 14

802.11

Answer 14

Wi-Fi

Specifications for PHY Layer and MAC Layer for Wireless Local Area Networks (WLAN)

Question 15

DSSS

Answer 15

Direct Sequence Spread Spectrum

Wi-Fi Modulation Technique

Spreads signal across an entire allocated frequency by modulating with a spreading code (known only to the sender and receiver) at a higher bit-rate
A higher bit-rate (spreading ratio) uses more frequency and improves interference immunity

Question 16

FDM

Answer 16

Frequency Division Multiplexing

Wi-Fi Modulation Technique

Combines multiple signals into one signal for transmission over a single channel
Guard bands between each signal avoid overlap

Question 17

OFDM

Answer 17

Orthogonal FDM

Wi-Fi Modulation Technique

Sub-carrier frequencies are orthogonal with the peak coinciding with the nulls of adjacent subcarriers
Saves bandwidth, allowing for higher data rate but is more susceptible to noise

Question 18

OFDMA

Answer 18

OFDM With Multiple Access

Wi-Fi Modulation Technique

Not every packet utilises the entire bandwidth of a sub-carrier. So sub-carriers (and time allocations) are divided amongst users
Improves efficiency

Question 19

Beamforming

Answer 19

Wi-Fi Spatial Performance Improvement

Focuses radio waves in the direction of a specific client
Improves medium range communications (Provides no benefit for long range and is not needed for short range)

Question 20

MIMO

Answer 20

Multiple-Input Multiple-Output

Wi-Fi Spatial Performance Improvement

Uses multiple antennas at both the transmitter and receiver for simultaneous transmission and reception of multiple data streams

Question 21

MU-MIMO

Answer 21

Multi-User MIMO

Wi-Fi Spatial Performance Improvement

Enables parallel communication with multiple clients

Question 22

CSMA/CD

Answer 22

Carrier Sense Multiple Access/Collision Detection

Ethernet Multiple Access Technique

Detects collisions and retransmits

Question 23

CSMA/CA

Answer 23

Carrier Sense Multiple Access/Collision Avoidance

Wi-Fi Multiple Access Technique

Avoid collisions by checking if a channel is clear before transmitting
Transmitter sends RTS (Ready to Send) message to Receiver
Receiver responds with CTS (Clear to Send) message to Transmitter
Nodes that hear CTS don’t transmit until data is sent

Question 24

5GHz Wi-Fi

Answer 24

More bandwidth but worse penetration than 2.4GHz
Interferes with radar, requiring Dynamic Frequency Selection (DFS)

Question 25

DFS

Answer 25

Dynamic Frequency Selection

Avoids interference with radar by checking if it is detected on a channel and avoiding it if necessary
In-use channels are monitored and channel is changed if radar detected

Adds cost and complexity and is susceptible to false triggers

Question 26

802.11ax

Answer 26

Wi-Fi 6
Designed for efficiency in dense environments
Uses 1024-QAM
Uses 2.4GHz, 5GHz and provisionally 6GHz

Question 27

TWT

Answer 27

Target Wake Time

Allows clients to schedule times with Wi-Fi access points for waking up and sending data
Ideal for IoT and Sensor Networks

Question 28

LPWAN

Answer 28

A category of wireless communication that covers low-power long-range connection.

Question 29

LoRaWAN

Answer 29

LPWAN Technology

Low Power Long Range Wide Area Network

Question 30

LoRaWAN Cost

Answer 30

Expensive

Proprietary Physical Layer
Pricey Gateways

Question 31

LoRaWAN Transmission Speeds

Answer 31

50 kbit/s
Slow

Question 32

LoRaWAN Packet Size

Answer 32

256 bytes

Question 33

LoRaWAN Range

Answer 33

10km

Question 34

LoRaWAN Power

Answer 34

Low

Question 35

LoRaWAN Layer

Answer 35

Data Link & Physical

Question 36

LoRaWAN Topology

Answer 36

Star-of-Stars

Question 37

LoRaWAN Advantages

Answer 37

Uses Chirp Modulation
- Doppler Resistant: Ideal for moving objects
- Interference Resistant
- Multipath Resistant
- Highly Scalable

Uses IP for communication between Gateways and Cloud Services

Uses sub-GHz frequencies that penetrate obstacles and don’t collide with other communication protocols

Up to 10km range in rural areas

Question 38

LoRaWAN Disadvantages

Answer 38

Proprietary PHY Layer

Relatively Low Data Rate

Question 39

Sigfox

Answer 39

LPWAN Technology

Uses Ultra Narrow Band modulation for very slow data transmission

Question 40

NB-IoT

Answer 40

LPWAN Technology

Uses a low-cost sim-card within a narrowband of 4G LTE and 2G GSM for 4x faster speeds than LoRaWAN. Used in Asset Tracking

Question 41

Nano Satellites

Answer 41

LPWAN Technology

Low Earth Orbit satellites that forward data from devices onto ground stations. Requires subscription

Question 42

LTE-M

Answer 42

LPWAN Technology

Uses 4G LTE for 1Mbit/s speeds at relatively high-power consumption

Question 43

Bluetooth

Answer 43

Short range, personal area network wireless communication technology

2.4GHz band is divided into 79 Bluetooth channels, communication is divided into 1600 time slots per second

Question 44

Bluetooth Layer

Answer 44

Data Link & Physical

Question 45

Bluetooth Range

Answer 45

1m - 100m

Question 46

Bluetooth Transmission Speeds

Answer 46

1 Mbit/s

Question 47

Bluetooth Power

Answer 47

Low if BLE

Question 48

Bluetooth Topology

Answer 48

Star

Question 49

Bluetooth Cost

Answer 49

Inexpensive

Question 50

Bluetooth Piconet

Answer 50

One controller forms up to seven active connections with responders creating a Piconet

Up to 255 responders can be parked, maintain a connection but not communicating

Question 51

Bluetooth (Adaptive) Frequency Hopping

Answer 51

Reduces interference by having transmission hop between channels.

Adaptive Frequency Hopping avoids channels in use such as those used by Wi-Fi

Question 52

Bluetooth GATT Profile

Answer 52

GATT Profiles standardise exchange of data for specific device types e.g. Heart Rate Sensor

Question 53

Bluetooth Advantages

Answer 53

Frequency hopping improves security as all channels must be sniffed

Interleaving allows communication with multiple responders

TDMA allows contention-free networking

Ubiquitous integration among devices

Question 54

Bluetooth Disadvantages

Answer 54

Operates in unlicensed 2.4GHz ISM band, interference prone

Relatively low data rate

Question 55

802.15.4

Answer 55

A standard covering specification of the Physical and Data Link layers for low-rate wireless PANs

Question 56

802.15.4 Layer

Answer 56

Data Link & Physical

Question 57

802.15.4 Range

Answer 57

<100m

Question 58

802.15.4 Transmission Speeds

Answer 58

250 kbit/s

Question 59

802.15.4 Power

Answer 59

Very Low

Question 60

802.15.4 Topology

Answer 60

Star & Peer-to-Peer

Question 61

802.15.4 Cost

Answer 61

Inexpensive

Question 62

802.15.4 Packet Size

Answer 62

127 bytes

Question 63

802.15.4 PAN Coordinator

Answer 63

Acts as a central network controller

Question 64

802.15.4 Coordinator

Answer 64

Provide synchronisation services to devices

Question 65

802.15.4 FFD

Answer 65

Full Function Device

Capable of acting as a PAN Coordinator and can associate with multiple devices simultaneously

Question 66

802.15.4 RFD

Answer 66

Reduced Function Device

Capable of associating with only one FFD at a time
Suitable for simple sensors or actuators

Question 67

802.15.4 Routing

Answer 67

Routing between devices not in range of each other is not handled by 802.15.4 and instead is handled by higher-layer protocols e.g. RPL

Question 68

802.15.4 Addressing

Answer 68

Uses 64-bit MAC addresses and (sometimes) a 16-bit address valid only within the PAN

Question 69

802.15.4 Advantages

Answer 69

Low cost, Low power: Ideal for IoT and Sensor Networks

Peer-to-Peer topology acts as a basis of mesh networking allowing for self-healing, self-organising networks

Question 70

802.15.4 Disadvantages

Answer 70

Relatively low data rate

Operates in 2.4GHz, prone to interference

Question 71

802.15.4 Duty Cycling

Answer 71

Alternates radio between active/idle to save power

Question 72

802.15.4 ContikiMAC

Answer 72

An asynchronous duty cycling protocol has retransmissions until the receiver periodically wakes up and responds with an acknowledgement

Question 73

802.15.4 TSCH

Answer 73

Time-slotted Channel Hopping

A synchronous duty cycling protocol (defined in the 802.15.4 standard ) that divides time into slots assigned for communication between two specific devices.
Devices synchronise their schedule and use different channels to avoid interference

Question 74

Zigbee

Answer 74

A specification of the application and network layer to facilitate mesh and multi-hop networking
Builds on 802.15.4

Question 75

Zigbee Layer

Answer 75

Application & Network

Question 76

Zigbee Power

Answer 76

Very Low

Question 77

Zigbee Advantages

Answer 77

Zigbee-certified devices have a battery life of at least 2 years

Enables mesh networking

Question 78

Zigbee Disadvantages

Answer 78

Non-IP

Certification required to add Zigbee logo to device

Question 79

6LoWPAN

Answer 79

A specification of the network layer to allow IPv6 over 802.15.4 addresses

Builds on 802.15.4

Question 80

6LoWPAN Layer

Answer 80

Network

Question 81

6LoWPAN Advantages

Answer 81

IPv6 Compatible allowing for Interoperability

Small headers

Question 82

Thread

Answer 82

A standard that provides encrypted, self-healing, resilient mesh networking

Uses 6LoWPAN

Question 83

RPL

Answer 83

IPv6 Routing Protocol for Low-Power and Lossy Networks

An IPv6 Routing Protocol suitable for routing over mesh networks, allowing for multi-hop networking

Builds on 802.15.4

Question 84

RPL Layer

Answer 84

Network

Question 85

RPL Topology

Answer 85

Uses network traffic to build a picture of network (traffic decreases as network stabalises)

Creates a tree-like DODAG topology and assigns a distance-dependent rank to nodes further from the root to prevent routing to closer nodes via farther nodes

Question 86

MQTT

Answer 86

A lightweight publish-subscribe messaging protocol

Question 87

MQTT Layer

Answer 87

Application

Question 88

MQTT Broker

Answer 88

Brokers forward messages from publishers onto appropriate subscribers

Clients connect to the broker using Wi-Fi typically and transfer JSON

Question 89

MQTT Topics

Answer 89

Topics are hierarchical
- # acts as a multi-level wildcard
- + acts as a single level wildcard

Question 90

CoAP

Answer 90

A lightweight RESTful messaging protocol designed for resource-constrained devices

Follows REST principles, providing interoperability with HTTP (and the Web)
Border gateways/proxies translate between HTTP and CoAP

Question 91

CoAP Layer

Answer 91

Application

Question 92

CoAP Request Types Support

Answer 92

• Confirmable (requiring acknowledgement) requests
• Non-confirmable requests
• Timeouts
• Delayed payload responses with tokens
• Resource observation
• Block transfers for large payloads

Question 93

CoAP Resource Discovery

Answer 93

Request to GET .well-known/core returns descriptions of resources available on nodes allowing for automatic configuration

Question 94

CoAP Advantages

Answer 94

Small packet size; header is fixed-size at 4 bytes

Highly suited for use with 802.15.4, a basic packet will fit into a single radio frame

Uses UDP, ideal for prolonging battery life

CoAP proxies cache data allowing nodes to sleep

Supports multicast allowing interactions with multiple nodes at once

Question 95

Matter

Answer 95

A unifying application layer that leverages existing communication standards. It specifies
- Device Onboarding
- Device Messaging
- Security

Sits on-top of Thread, Ethernet, Wi-Fi, Bluetooth and unifies interactions

Question 96

Matter Layer

Answer 96

Application

Question 97

Matter Advantages

Answer 97

Non-matter devices can be bridged into a Matter network

Big-players in home automation are onboard

Question 98

Improving Wi-Fi

Answer 98

Modulation Techniques
Spatial Performance Improvements
Multiple Access
Wi-Fi 6

Question 99

Wi-Fi Modulation Techniques

Answer 99

DSSS
FDM
OFDM
OFDMA

Question 100

Wi-Fi Spatial Performance Improvements

Answer 100

Beamforming
MIMO
MU-MIMO

Question 101

Wi-Fi Multiple Access

Answer 101

CSMA/CD (Ethernet)
CSMA/CA (Wi-Fi)

Question 102

IPv4 Exhaustion Mitigitation

Answer 102

• Address Conservation: RIRs avoid giving out large blocks of address space
• Network Address Translation (NAT): Multiple private IPs, one public IP
• Release of Reserved Address Space: Challenging as client configurations need updating
• Address Recovery: Challenging as reputation of IP must be recovered
• CGNAT: ISP shares single IP address among multiple homes

Question 103

CGNAT Issues

Answer 103

Breaks end-to-end connectivity
Public IP abuse causes multiple homes to be punished
Security and privacy implications
Scalability issues
Does not solve IPv4 exhaustion

Question 104

Reasons for lack of IPv6 Adoption

Answer 104

Hardware
Infrastructure
Training

Lack of Urgency
Implementation Challenges
Money

HInT LimM

Question 105

IPv6 Benefits

Answer 105

Resolves IPv4 Exhaustion
Direct end-to-end global addressability
Simplified networks with reduced latency

Question 106

IPv6 DNS Adoption

Answer 106

IPv4 DNS servers can serve AAAA (IPv6) records and vice-versa

Question 107

Dual Stack Deployment

Answer 107

Supporting of both IPv4 and IPv6 protocols with devices having addresses in both forms

Question 108

Dual Stack Deployment Issues

Answer 108

Essentially two networks running in parallel:
- Each protocol needs its own firewall
- More issues to troubleshoot
- Double the IP config
- More hardware usage e.g. routing table

Question 109

IPv6 Deployment Strategy

Answer 109

1. Plan Ahead
2. Comprehensive Planning
3. Initial IPv6 Deployment During a Network Upgrade (Reduces cost)
4. Aim to keep parity of service no matter the strategy (No not damage IPv4 performance)

Question 110

Imperial College IPv6 Deployment

Answer 110

Deployed a dual-stack system
Used SLAAC as DHCPv6 was not well supported and still is not supported on Android
Has both IPv6 and IPv4 used on the same network
Switched early for to lower cost

Motivation was from CERN requiring IPv6 and they were running out of IPv4

Question 111

Microsoft IPv6 Deployment Case Study

Answer 111

RFC1918 (Private Network) Address space is running out due to overlapping from acquired companies and their networks
Dual-stack is operationally complex and hence Microsoft’s desire to switch to IPv6 solely

Question 112

IPv6 Transition Mechanisms

Answer 112

Tunnelling
NAT64
VPN

Question 113

IPv6 Tunnelling

Answer 113

Encapsulates IPv6 packets in IPv4 packets between two destinations
- Reduces MTU
- Increases Latency
- Causes issues with GeoIP-restricted services

Question 114

6in4 Tunnelling

Answer 114

Adds IPv4 header in front of IPv6 packet
- Protocol 41 is not supported by many consumer routers and so they cannot provide options to support it

Question 115

NAT64

Answer 115

Embeds IPv4 DNS web addresses within an IPv6 address with a specific prefix
- DNS64 Servers synthesise AAAA records for a web domain that only has A records
- NAT64 Gateway translates packets with the specified prefix to IPv4

Question 116

NAT64 Example

Answer 116

1. User requests IP of URL from DNS64 server
2. The DNS64 server does not know the IP and contacts a DNS server which returns an A record IPv4 address
3. The DNS64 server prefixes the IPv4 address to create a AAAA record
4. The user contacts the IP address via a NAT64 gateway which strips the prefix and contacts the IPv4 web server

Question 117

464XLAT

Answer 117

Allows IPv4 Connectivity over an IPv6 Network with two translators
- Stateless Customer Translator (CLAT): Converts IPv4 to IPv6
- Stateful Provider Translator (PLAT): Converts back to IPv4. Must track connections, ports, addresses etc.

Question 118

Google IPv6 Transition Case Study

Answer 118

Uses 464XLAT with DHCPv4 Option 108

Question 119

DHCPv4 Option 108

Answer 119

Devices are either
- In need of IPv4
- Capable of operating IPv6 only

Devices capable of IPv6 only send DHCP requests with Option 108 which indicates IPv4 is not necessary if IPv6 is available
- DHCPv4 servers will not provide IPv4 address if Option 108 is specified and supported. Forcing a device to use IPv6

Question 120

Steps of the Mandiant Cyber Attack Life Cycle

Answer 120

1. Initial Recon
2. Initial Compromise
3. Establish Foothold
4. Escalate Privileges
5. Internal Recon
6. Move Laterally
7. Maintain Presence (Loop back to 4.)
8. Complete Mission

Question 121

Initial Recon

Answer 121

Scope out a target through methods such as

• Port & Network Scanning: Identify open ports
• Banner Grabbing: Extract information on system software versions and configurations
• Signature Recognition: Different versions of software respond in different ways
• DNS Brute Forcing: Look for common subdomains i.e. vpn.xyz or login.xyz and reverse DNS
• Dumpster Diving: Physical rummaging through discarded documents or hardware (network switches, hard drive etc. need to be wiped)
• Social Engineering: Psychological manipulation to deceive individuals
• Man-in-the-Middle: Intercept communication
• Google & Shodan: Identify publicly available information

Question 122

Defending Against Initial Recon

Answer 122

Difficult to defend as malicious recon blends in with normal network traffic

Security through obscurity can impede an attacker

Question 123

Initial Compromise

Answer 123

Execute malicious code on the target’s system using
- Social Engineering
- Remote Execution: SQL Injection
- Brute Force
- Password Reuse

Question 124

Defending Against Initial Compromise

Answer 124

User Education
Appropriate technical methods

Question 125

Establish Foothold

Answer 125

Gain some level of control over a target system using
- Rootkits
- Backdoors
- Introduction of further vulnerabilities

Question 126

Defending Against Establish Foothold

Answer 126

Block vulnerabilities
Update Systems

Question 127

Escalate Privileges

Answer 127

Gain more control by increasing privileges and eventually gaining root access using
- Exploitation of privilege escalation vulnerabilities
- Dumping and cracking hashed passwords/access password managers

Question 128

Defending against Escalate Privileges

Answer 128

Implement Least Privilege Principle, Minimum level of access to perform necessary tasks
MFA

Question 129

Internal Recon

Answer 129

Gain a more thorough understanding of the target’s network and systems
- Where are key files stored
- What is known about key individuals (for social engineering)
- What internal systems are used?

Question 130

Defending against Internal Recon

Answer 130

Network segmentation

Question 131

Move Laterally

Answer 131

Gain more access to more systems

Question 132

Defending against Move Laterally

Answer 132

Firewalls

Question 133

Maintain Presence

Answer 133

Establish persistent access
- Additional rootkits
- Multiple backdoors
- Deploy more malware
- Gain access via existing legitimate remote access services/VPN

Question 134

Defending against Maintain Presence

Answer 134

Network monitoring and audits

Question 135

Complete Mission

Question 136

Security Policies

Answer 136

Identify the rules and procedures for people and systems accessing networks and sets out responsibilities of those managing networks

Question 137

A good security policy should

Answer 137

• Ensure confidentiality, integrity and availability of systems
• It should be organisation specific, practical, enforceable and regularly updated
• It should include processes for users to report security issues and detail how issues will be responded to and who is responsible
• It should define a password policy
• It should cover incident responses, who’s is responsible

Question 138

A bad security policy will

Answer 138

• Encourage users to be less secure
• Users who dont understand the goal of the policy are less likely to apply it
• Users who feel it hinders their work are more likely to bypass it
• Users who feel security is driven from top-down are less likely to report incidents

Question 139

Employee Training

Answer 139

Employees should be educated on
- Why you shouldn’t bypass security policies
- Phishing
- Fake websites
- Malicious Downloads

Question 140

Ongoing Network Maintenance

Answer 140

Updated devices often have less vulnerabilities
- OS Patches
- Drivers, Firmware, BIOS updates
- Mobile device firmware
- Routers
- IoT firmware

Question 141

IP Reputation

Answer 141

Block or alert on access from IP known for malware/botnets, or dodgy URLs
Geographic IP restricts e.g. restrict incoming Russian traffic