A Protocol Layer Survey of Network Security Flashcards
_____ is the lowest layer in the TCP/IP hierarchy.
link layer
_____ is the term applied to the basic unit of data that passes through the link layer.
frames
_____ is the second lowest layer in the TCP/IP hierarchy.
network layer
(T/F) TCP is a connectionless protocol
false
(T/F) IP is a connection-oriented protocol.
true
_____ is the transport layer protocol within TCP/IP.
TCP
_____ enables the receiving TCP/IP stack to reconstruct the data stream at the destination in the correct order.
the sequence number
_____ and _____ are two transport layer protocols within TCP/IP.
hypertext transport protocol (HTTP) and (FTP)
_____ is the top layer of the TCP/IP stack.
application layer
List three physical layer protocols.
ethernet, token ring, and DSL
If a network interface is placed in _____ mode, it will receive all network traffic irrespective of source or destination.
promiscuous
_____ and _____ are the two address types that correspond to a networked computer.
Media Access Control (MAC) and Internet Protocol (IP)
_____ is the protocol that resolves IP addresses into MAC ID’s.
Address Resolution Protocol (ARP)
Explain how the following Teardrop attack works.
hacker. net 22 > target.org 33: UDP (frag 123:64@0++)
hacker. net > target.org(frag 123:20@24)
Two UDP packets are sent where the second overwrites bytes 21-45 in the original packet to camouflage the packet signatures.
_____ is the goal of a Teardrop attack.
avoid static firewalls and older intrusion detection systems
In a Smurf attack, which of the two IP addresses are spoofed?
(a) source
(b) destination
(a) source
What is the procedure used to establish a TCP/IP connection between two hosts?
Server waits for connection request from client. Client sends TCP segment specifying information. Server responds with a segment specifying information. Client sends final segment with ACK flag set.
_____ spoofing occurs when the attacker’s computer is on the same subnet as the victim.
non-blind (TCP)
_____ spoofing occurs when the attacker has to guess how the victim TCP layer generates sequence numbers.
blind (TCP)
_____ attacks employ spoofing in order to intercept network traffic and/or take over the network session.
Man in the Middle (MITM)
_____ compromise an operating systems kernel.
kernel-mode rootkits
If we describe the complexity of a password as R**L, where R is the radix of the symbol set and L is the length of the password string, in most practical situations increasing _____ adds more security than increasing _____.
L, R
The fact that HTTP is _____ requires the storage of transaction information in order to create online shopping carts.
state dependent
_____ is an HTML image tag occurring within a web page that may result in malicious activity.
A web bug
