Chapter 2 System Fundamentals Flashcards

1
Q
  1. Network Topologies
    • Physical Layout (List 5 types)
    • Logical Layout
A
  1. Network topologies - represent the physical side of a network, as well as the foundation of our overall system
    • Physical Layout - relates directly to the wiring & cabling that connect devices
      • Bus, ring, star, mesh, & hybrid topologies
    • Logical Layout - the flow of information or other data, the stuff you can’t readily see or touch OR how traffic enters the NW
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Bus Topology

A
  • lays out all connecting nodes in a single run that acts as the common backbone connection for all connected devices
  • Analogy: such as a person on a bus, signals get on, travel to their destination, and get off
  • Downside to its simplicity is its vulnerability. All connectivity is lost if the bus backbone is damaged
  • Imagine Christmas lights, if one turns off, they all turn off
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Token

A

A token is used to be passed around for permission to transmit

This token-based method is only used by the Bus Topology

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Ring Topology

A

the common backbone is looped in a ring; some ring layouts use a concentric circle design to provide redundancy if one ring fails (not required).

each client or node attaches to the ring & delivers packets according to its designated turn or availability of the token

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Star Topology

A

one of the most common bc of its ease of setup & isolation of connectivity problems, meaning a single node of a star can go offline without affecting other nodes;

A star topology attaches multiple nodes to a centralized NW device, a hub or a switch, that ties the NW together

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Mesh Topology

A

essentially a web of cabling that attaches a group of clients or nodes to each other;

can look a little messy and convoluted, but this setup is often used for mission critical services bc of its high level of redundancy & resistance to outages.

The internet was designed to survive a nuclear attack and is built as one large mesh NW

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Hybrid Topology

A

By far most common in use today;

A hybrid layout combines different topoologies into one mixed topology; it takes the best of other layotus and uses them to its advantage

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

OSI

A

Open Systems Interconnection Model is an industry standard for data communication; data travels from one end to another, & each layer communicates with the next

The OSI model has 7 layers

  1. Application Layer (App Layer)
  2. Presentation Layter (App Layer)
  3. Session Layer (App Layer)
  4. Transport Layer (Host 2 Host Transport)
  5. NW Layer (Internet Layer, strictly deals with IP addresses)
  6. Data Link Layer (NW Interface Layer, strictly deals with MAC addresses)
  7. Physical (NW Interface Layer)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Layer 1: Physical Layer

A

consists of the physical media & devices that make up the infrastructure of our NWs;

  • Attack considerations are aligned with the physical security of site resources*
  • Examples: cabling, connections, fiber optics, microwave transmission equipment*
  • Stuxnet - a worm named Stuxnet shows up on the scene - wreaking havac & destroying industrial equipment; it replicated itself via removable drives (physical layer)*
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Layer 2: Data Link Layer

A

works to ensure that the data it transfers is free of errors;

Functions such as media access control (MAC) & link establishment occur at this layer; as well as basic protocols such as 802.3 for Ethernet & 802.11 for WiFi

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

MAC

A

Media Access Control - unique identifier assigned to network interfaces for communications on the physical network segment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Layer 3: NW Layer

A

determines the path of data packets based on protocol used;

At this layer, we see IP addressing for routers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Routing Information Protocol

A

prevents routing loops by limiting the # of hops allowed in a path from source to destination

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Layer 4: Transport Layer

A

ensures the transport or sending of data is successful;

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Layer 5: Session Layer

A

identifies established system sessions between different NW entities

When accessing a system remotely, you are creating a session between your computer & the remote system;

NetBIOS & RPC is found here

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

NetBIOS

LAN

RPC

A

Network Basic Input/Output System - a program that allows applications on different computers to communicate within a LAN

LAN - a computer NW that interconnects computers within a limited area using NW media

Remote Procedure Call - inter-process communication that allows a computer program to execute in another address space

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Most attacks reside within layers

A

3,4,5 which is NW, Transport, Session

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Layer 6: Presentation Layer

A

provides translation of data that is understandable by the next receiving layer

& can optionally be encrypted with protocols such as SSL (Secure Sockets Layer)

19
Q

SSL

A

Secure Sockets Layer - standard security technology for establishing an encrypted link between web server & browser

20
Q

Layer 7: Application Layer

A

functions as a user platform in which the user & SW processes within the system can operate & access NW resources

Apps & SW suites that we use on a daily basis are under this layer; includes protocols such as FTP and HTTP

21
Q

TCP

3 way handshake

A

connection-oriented protocol that establishes connection & verifies the packets sent across that connection make it to their destination

3 way handshake - Process starts with a SYN packet that tells the receiving system that another system wants to connect; (random seq #1000)

The receiving system responds with a SYN-ACK (random seq #2585)

Then an ACK is sent back verifying and connection is initiated (#1001)

22
Q

3 way handshake, SYN, SYN-ACK, ACK explained

A

SYN (start)

SYN-ACK (acknowledge start)

ACK (acknowledge the acknowledge)

23
Q

IP Subnetting

A

Purpose: if you can subnet, you can pinpoint a target & know how to go after it in the most efficient & effective way

Knowing a few IP addresses can give you a clue as to how an organization’s NW is laid out

Defined: Subnetting is a sequential breakdown of IP addresses based on desired NW size & host quantity

NW bits & host bits are manipulated by the subnet mask;

The mask is used to determine what subnet an IP address belongs to. An IP address has two components, the NW address & the host address

24
Q

Localhost Loopback Address

NW Address

Broadcast Address

CIDR

A

Loopback : 127.0.0.1 is a hostname that refers to this computer & is used to access this computer’s own NW services via its loopback NW interface

NW Address : address that identifies the subnet of a host

Broadcast Address: an IP address that allows information to be sent to all machines on a given subnet rather than a specific machine

Classless Inter-Domain Routing: CIDR Value is equivalent to the # of ON bits in a 32 bit address going left to right

25
Q

IP Address 150.215.017.009

If this NW is divided into 14 subnets, identify the subnet mask and subnet address

A

For the Subnet Mask, the first 16 bits (network address) are all set to 1.

The host address is determined by how much space is needed for the 14 subnets. 16 is the closest bit to turn on to accomodate the 14 subnet addresses, so 256-16 = 240 making the subnet mask 255.255.240.0

As for the subnet address, it becomes the inverse, 255.255.16.0

26
Q

Basic Slash Notation

IP Address (Subnet) 192.168.1.15

CIDR (Netmask): 24

Identify the NW address & Broadcast address of a subnet

A

Convert everything to binary

CIDR defines the # of bits that are on, so out of the 32 bits in an IP address, the first 24 from left to right are 1s

To find the NW address, we want to add the IP address AND Netmask.

NW Address = 192.168.1.0

To find the broadcast address, we want to peform utilize the OR operator between the NW address & the inverse of the Netmask

Broadcast address = 192.168.1.255

27
Q

What are bits, nibbles, & a byte

A

Bits are 1s and 0s

Nibbles are 4 bits

A byte is 2 nibbles

28
Q

Ports

List of Well-Known Ports

A

allows computers to send data out the door while simultaneously identifying that data by category

These ports range from 1-1024

  1. FTP 20-21
  2. SSH 22
  3. Telnet 23
  4. SMTP 25
  5. WINS 42
  6. DNS 53
  7. HTTP 80, 8080
  8. Kerberos 88
    • Computer NW authentication protocol, authenticates request for a service in a computer NW
  9. POP3 110
  10. Portmapper-Linux 111
    • Makes RPC Calls
  11. NTP 123
  12. RPC-DCOM 135
  13. SMB 139
  14. IMAP 143
  15. SNMP 161, 162
  16. LDAP 389
  17. CIFS 443
  18. Syslog 514
  19. Secure LDAP 636
29
Q

Registered Ports

A

These ports are the ones that have been identified as usable by other applications running outside of the user’s present purview.

Registered ports range form 1025-49151.

  1. WINS 1512
    • Windows Internet Naming Service - maps NetBIOS names to IP addresses; solves problem of NetBIOS name resolution in routed environments
  2. Socks5 1080
    • routes NW packets between client & server through an application proxy which is different from a normal proxy; An example would be when using HTTP proxy, you are actually fowarding an HTTP request, and the HTTP proxy server then performs the request on your behalf
  3. Nessus Server 1241
  4. SQL Server 1433, 1434
  5. Citrix Applications 1494, 2598
  6. Oracle Listener 1521
  7. Citrix Mgmt 2512, 2513
  8. RDP 3389
  9. IRC 6662-6667
    • Internet Relay Chat - Application layer protocol that facilitates transfer of messages in the form of text
30
Q

Proxy Server

A

a server that sits between client applications, such as between a web browser and server

31
Q

Dynamic Ports

A

free ports available for use by TCP, UDP requests made by an application

These ports range from 49152 - 65535

32
Q

DNS

DNS Hacking

AD

A

database that contains the translated names to IP addresses that can be queried by any DNS-aware applications

The internet root servers, or top level servers, contain addresses of the DNS servers for all top-level domains, .com, .org, etc. Each top-level server contains a DNS database of all names & addresses in that domain

Local NWs isolated from the Internet may use their own domain name systems through use of DNS mgmt SW. These names are typically same as those used by internet implementation

Hacking - if an attacker manipulates DNS, in modern day environments, applications may not work without DNS present & functioning; Ex. Microsoft AD wouldn’t work without DNS present or accessible

Active Directory - special purpose database for windows that handles a large # of read & search operations

33
Q

Networking Devices: Routers (& Switches)

A

Routers work at layer 3 by directing packets & connecting different NWs

Routers also used as gateway between different types of NWs, such as on different NWs or IP ranges or NWs that don’t understand each other’s protocols

i.e. can’t just jam a fiber-run T1 connection into client computer & have fast NW; NIC (NW interface card) is nto capable of speaking the same language as the outside connection, Routers bridge that gap and allow different protocols on different NWs to communicate

Routers use NAT (NW Address Translation) allows internal NW clients to share a single public IP address for access to the outside world. A router has two interfaces: one for outside world & one for internal NW

The public side is assigned a public IP address purchased from Local ISP; The internal side is connected to the local intranet, which contains all of your internal IPs & protected resources; internally, you can create your own IP schemes. When an internal client makes a request to an outside resource, the router receives the traffic & sends it out the public side with its public IP safeguarding the client’s internal IP address

NAT is great for security and also conserves IP addresses cutting cost for ISP

34
Q

Switches

MAC

Finding MAC address

A

Switches creates multiple broadcast (multicasted) domains & collosion domains for each port, it delivers data or frames based on HW addresses (MAC Address) of the destination computers/devices; considered Layer 2 device (few modern switches operate Layer 2 & 3)

MAC or Media Access Control addresses are permanent identifiers burned into each NIC by manufacturer; Broken down into 6 pair hexadecimal, i.e. c0-cb-38-ad-2b-c4, the 1st half (3 pair) identifies vendor, 2nd half identifies NIC or device

Finding Mac Address: cmd command for windows –> ipconfig/all

for linux: ifconfig

35
Q

Hubs

A

Hubs are similar to swtiches but are considered dumb devices,

they operate at layer 1 physical layer, they forward the data they receive, no filtering or directing of traffic which is why they are considered layer 1

36
Q

Switches: Understanding broadcast domains & collosion domains

Hubs

A

A broadcast domain allow traffic to be broadcast to all connected nodes

ARP requests (Address Resolution Protocol), which are sent to the NW to resolve HW addresses, are an example of broadcast domain

Collosion domains are NW segments in which traffic sent will potentially collide w/ other traffic; In a collion domain, traffic will not be sent to a broadcast, it will collide w/ other traffic on the wire

So what this means is when you throw your little penetration testing laptop on a wire & connect to a switch, no matter how promicious your NIC is, your captured traffic will be limited to the collosion domain

In current modern day technology, sniffing a wi-fi NW allows you to capture traffic from all of its clients; not limited to particular switchport CD

Hubs: similar to switches but are dumb devices that make no decision in data direction or addressing

37
Q

Proxies (& Firewalls)

A

These are the device deliberately put in place to prevent unauthorized access; only as effective as their configuration, & configuration is only as effected as the admin creating them

Proxies work at the Layer 7 application layer, & can be used for caching & filtering of web content. Itwork in the middle of the traffic scene. acts as an intermediary between internal NW client systems & outside untrusted entities; prevent client from communicating directly with outside source

Benefits of Proxies - protection of internal client systems, reducing exposure & risk

Acts as middleman, protecting clients from themselves

Speed up browsing by caching frequently visited websites & resources

38
Q

(Proxies) & Firewalls

A

Includes proxy firewalls; filter outgoing traffic requests & verify legitimate traffic; firewall attacks intended to circumvent rather then head-on assult;

Mainly broken into these categories

  1. Packet Filtering
    • Packet filtering firewalls look at the header information (such as IP address or port) of packets to determine legitimate traffic; inspects packets at most granular level possible & improving traffic efficiency
  2. Stateful packet filtering (keeps records of interaction)
    • determine legitimacy based on state of connection from which traffic originated
  3. (web) Application proxies (mentioned in last card, client to outside untrusted entities)
39
Q

IPS & IDS

A

both used to cover your tracks, keep a low profile

IDS - intrusion detection system - detect any suspicious NW activity & notifies admin, passive in nature; similar to a burglar alarm that alerts you, but doesn’t stop the burglar

IPS - intrusion prevention system - proactive & preventive, senses potential malicious activity on NW & takes steps to prevent further damage and thwart further attacks

40
Q

Holistic vs focused process

A

securing a NW is a holistic process where the entire system as a whole is more important then the individual tools that create the system

breaking into a NW however is a focused process, you have to consider each part of the system & plan accordingly; could sabatoge an entire NW if you take the right steps in preparing

41
Q

Typical Enterprise NW

A
42
Q

Archive

Archive bit

A

Archive - used to compress files to use less space or to organize several files into one for portability or storage

Archive Bit - used in certain OSs, it indivates whether or not a file needs to be backed up

43
Q

Backup

Types of backups

A

backup - making extra copies

  1. Full backup - full back up resets the archive bit of all files & backs them up accordingly
  2. Differential backup - backs up all changed files since last successful full backup. Does not reset archive bit; creates one large file and fully restores off of latest differential backup (full is not needed)
  3. Incremental Backup - backs up all changed files since last full back up OR since the last incremental; does not reset archive bit; creates several small backup jobs; last full back up + incrementals are needed to restore
    4.
44
Q

Windows Vs. Linux (regarding port scans)

A

Windows systems respond to port scans, but Linux does not!!!