Chapter 11- Secure Network Architecture and Securing Network Components Flashcards
1
Q
- What is protocol
A
Protocol is a set of rules and restrictions that determine how data is transmitted over a network medium
2
Q
- OSI Model divides networking into 7 distinct layers, name them:
A
Please do Not Throw Sausage Pizza Away
Application 7
Presentation 6
Session 5
Transport 4
Network 3
Data 2
Physical 1
3
Q
- What is encapsulation
A
encapsulation occurs as data moves down through OSI Model Layers from Application to Physical. It is the addition of a header and possibly a footer to the data received by each layer from the layer above before it is handed to the layer below
4
Q
- What is de-encapsulation
A
De-encapsulation occurs when data moves up through OSI model layers from Physical to Application
5
Q
- What happens at the presentation layer during encapsulation
A
The presentation layer encapsulates the message by adding information to it, information is added at the beginning of the message i.e. a header.
6
Q
- How do ISO Layers change data
A
D3SPFB
Application Data Stream
Presentation Data Stream
Session Data Stream
Transport Segment (TCP)/Datagram (UDP)
Network Packet
Data Frame (Link)
Physical Bits
7
Q
- What is physical layer:
A
accepts frame from the data link layer and converts frame into bits for transmission over the physical connection medium. It also receives bits from the physical connection medium and converts them into frame to be used by the data link layer.
8
Q
- Through device drivers and standards list the things that physical layer controls:
A
Throughput rates
It handles synchronisation
Manages line noise and medium access
Determines whether to use analogue or digital signals
9
Q
- List network hardware devices that function at layer 1:
A
(NHRCA) Network Interface Cards (NICs), hubs, repeaters, concentrators and amplifiers.
10
Q
- What is data layer
A
Data Layer is responsible for formatting the packet from the Network layer into the proper format for transmission. data link layer includes adding the hardware source and destination addresses to the frame. The hardware address is the Media Access Control Address (MAC)
11
Q
- List protocols found in the data link layer:
A
SPALLPI
Serial Line Internet Protocol (SLIP)
Point to Point Protocol (PPP)
Address Resolution Protocol (ARP)
Layer 2 Forwarding (L2F)
Layer 2 Tunnelling Protocol (L2TP)
Point to Point Tunnelling Protocol (PPTP)
Integrated Services Digital Network (ISDN)
12
Q
- What is ARP?
A
Address Resolution Protocol (ARP) is a protocol the datalink Layer. It can be viewed as operating in layer 2 or 3 of the OSI model. It depends on the ethernet’s source and destination MAC addresses. ARP is used to resolve IP addresses into MAC addresses.
13
Q
- ARP is carried as a _____ of the ______:
A
Payload, the Ethernet Frame
14
Q
- ARP operates in what layer?
A
Tricky question! some think it operates on Layer 2,anyway choose 2. Layer 2
Layer 3 – Network layer but it does not operate as a true layer 3 protocol as it does not use a source destination addressing scheme to direct communications. It depends on the Ethernet source and the destination MAC addresses.
15
Q
- Hardware technology used in data layer
A
Ethernet (IEEE802.3), Token Ring (IEEE 802.5), Asynchronous Transfer Mode (ATM), Fibre Distributed Data Interface (FDDI), Copper Distributed Data Interface (CDDI)
16
Q
- Data link layer contains 2 sublayers they are
A
Logical Link Control and Media Access Control (MAC) Sublayer
17
Q
- List Network Hardware that function at layer 2
A
at datalink layer… switches and bridges
18
Q
- Explain Network Layer
A
Network layer is responsible for adding routing and addressing information to data. Packet includes source and destination addresses. The Network layer is responsible for providing routing or delivery information, but it is not responsible for verifying guaranteed delivery
19
Q
- List routing protocols under network layer:
A
BORI5NS
Internet Control Message Protocol (ICMP)
Routing Information Protocol (RIP)
Open Shortest Path First (OSPF)
Border Gateway Protocol (BGP)
Internet Group Management Protocol (IGMP)
Internet Protocol (IP)
Internet Protocol Security (IPSec)
Internetwork Packet Exchange (IPX)
Network Address Translation (NAT)
Simple Key Management for Internet Protocols (SKIP)
20
Q
- What are routers
A
routers determine the best logical paths for the transmission of packets based on speed, hops, preference and so on.
routers use destination IP addresses to guide the transmission of packets.
21
Q
- List some network hardware devices that function at layer 3:
A
Routers and bridge routers (brouters)
22
Q
a
A
a
23
Q
- What are brouters:
A
Bridge routers (brouters) works primarily in layer 3 but in layer 2 when necessary.
24
Q
- What is the transport layer
A
. Transport layer is responsible for managing the integrity of a connection and controlling the session. A PDU Payload Data Unit from the session layer is converted into segment. This layer includes mechanisms for segmentation, sequencing, error checking, controlling the flow of data, error correction, multiplexing and network service optimisation.
25
25. PDU acronym means
Payload Data Unit, Protocol Data Unit, Packet Data Unit.
26
27. List Protocols that operate on the transport layer:
the following operate on the transport layer, Transport Control Protocol (TCP),
User Datagram Protocol (UDP),
Sequenced Packet Exchange (SPX),
Secure Socket Layer (SSL),
Transport Layer Security (TLS).
27
26. What is PDU
means Payload Data Unit, Protocol Data Unit, Packet Data Unit. PDU is a container of information or data passed btw network layers.
28
28. Explain Session Layer:
Session Layer (Layer 5) is responsible for establishing, maintaining and terminating communication sessions between 2 computers. It manages dialogue discipline or dialogue control (simplex, half duplex, full duplex).
29
29. List Protocols that operate within the session Layer:
Network File System (NFS), Structured Query Language (SQL), Remote Procedure Call (RPC).
30
30. Communication sessions can operate in one of three diff control modes in the session layer, list them:
Simplex- one way communication, half-duplex- 2 way communications; but only one direction can send data at a time, full-duplex- 2 way communication, in which data can be sent in both directions simultaneously.
31
31. What is presentation layer
presentation layer is responsible for transforming data received from application layer into a format that any system following the OSI model can understand.
32
32. Which layer is responsible for encryption and compression:
Presentation Layer (Layer 6).
33
33. What is application layer:
it is responsible for interfacing user applications, network services, or operating system with protocol stack. The application is not located in this layer rather protocols and services required to transmit files, exchange messages, connect to remote terminals are found here
34
34. Protocols found in the presentation layer are?
American Standard for Code Information Interchange (ASCII)
Extended Binary Coded Decimal Interchange Mode (EBCDICM)
Tagged Image File Format (TIFF)
Joint Photographic Experts Group (JPEG)
Moving Picture Experts Group (MPEG)
Musical Instrument Digital Interface (MIDI)
35
35. Protocols found in the application layer are:
35. Protocols found in the application layer are: Hypertext Transfer Protocol (HTTP)
File Transfer Protocol (FTP), Line Print Daemon (LPD), Simple Mail Transfer Protocol (SMTP), Telnet, Trivial File Transfer Protocol (TFTP),Electronic Data Interchange (EDI), Post Office Protocol version 3 (POP3),Internet Message Access Protocol (IMAP), Simple Network Management Protocol (SNMP), Network News Transport Protocol (NNTP), Secure Remote Procedure Call (S-RPC),Secure Electronic Transaction (SET
36
36. Name the network device that works at the application layer:
Gateway.
37
37. TCP/IP Acronym
Transmission Control Protocol/ Internet Protocol
38
38. List the layers of TCP/IP:
Application, Transport, Internet and Link
39
39. Compare the OSI model to TCP/IP Model
Application Application
Presentation Application
Session Application
Transport Transport
Network Internet
Data Link Link
Physical Link
40
40. Compare the Application mode of the TCP/IP model to OSI:
Application Mode is also known as the process. The application mode of the TCP/IP Model is synonymous to the Application, Presentation and Session modes of the OSI.
41
41. Compare the transport mode of the TCP/IP to OSI model:
The transport mode is also known as host to host and it is likened to the transport mode of the OSI model
42
42. Compare the Network mode of the OSI model to TCP/IP:
this model is known as the internet or internetworking.
43
43. Compare Data Link and Physical Mode of the OSI model to the TCP/IP Model:
the data link and physical layers of the OSI model are likened to the link model of the TCP/IP
44
44. TCP/IP can be secured using……:
Virtual Private Networks
45
45. Advantages of VPN:
VPN links are encrypted to add privacy, confidentiality and authentication.
46
46. List Protocols used to establish VPNs:
Point to Point Tunneling Protocol (PPTP), Layer 2 Tunneling Protocol (L2TP), Secure Shell (SSH), Open VPN (SSL/TLS VPNs) and Internet Protocol Security (IPSec).
47
47. List Protocol in Application state of TCP/IP:
: File Transfer Protocol FTP, Telnet, Simple Network Management Protocol SNMP, Line Print Daemon LPD, Trivial File Transfer Protocol TFTP, Simple Mail Transfer Protocol SMTP, NFS, X Window
48
48. What are TCP wrappers?
TCP wrappers is an application that can serve as a basic firewall by restricting access to ports and resources based on user IDs or system IDs.
49
49. List 2 TCP/IP Transport Layer Protocols:
Transmission Control Protocol (TCP) and User Datagram Protocol (UDP).
50
50. Explain TCP (TCP/IP) Protocol:
Transmission Control Protocol (TCP) Internet Protocol is a full duplex connection oriented protocol. Operates at transport layer of the OSI model.
51
51. Explain UDP (TCP/IP) Protocol:
User Datagram Protocol (UDP) is a simplex connectionless protocol. It operates at transport layer of the OSI model, it offers no error detection or correction, does not use sequencing, does not use flow control mechanism, does not use preestablished session and is considered unreliable.
52
52. What is a port?
Port is a little more than an address number that both ends of the communication link agree to use when transferring data within the transport layer. Ports allow a single IP address to be able to support multiple simultaneous communications each using a different port no
53
53. What is socket?
A combination of IP address and port number is known as socket
54
54. Ports 0 -1023 are known as:
Well known ports or service ports
55
55. Ports 1024 to 19151 are known as:
registered software ports
These are ports that have one or more networking software products specifically registered with International Assigned Numbers Authority (IANA).
56
56. Ports 49152 to 65535 are known as
Random, Dynamic Ephemeral Ports as they are randomly and temporarily used by clients as a source port. The IANA recommends that ports 49152 to 65535 be used as dynamic and/or private ports.
57
57. Explain the TCP three-way handshake:
1 the client sends a SYN (synchronise) flagged packet to the client. 2. The server responds with a SYN/ACK (synchronise and acknowledge) flagged packet back to the client. 3. The client responds with an ACK (acknowledge) flagged packet back to the server
58
58. List TCP headers flag field:
Unskilled Attackers Pester Real Security Folk. CWR, ECE, URG, ACK, PSH,RST,SYN,FIN) i.e. Congestion Window Reduced, Explicit Congestion Notification-Echo, Urgent, Acknowledgement, Push, Reset, Synchronize, Finish.
59
59. What is UDP used for:
UDP is often employed by real time or streaming communications for audio and video.
60
60. Describe UDP Header
: UDP header is 8bytes (64 bits) long. The header is divided into 4 sections or fields (each 16 bits long). Source Port, Destination Port, message length and checksum.
61
61. Describe TCP/IP Internet Protocol:
it operates at the Network Layer of the OSI model and is known as the Internet Protocol (IP). IP provides route address for data packets.it provides means of identity and prescribes transmission paths. It is similar to UDP, IP is connectionless and unreliable.
62
62. Compare IPv4 to IPv6:
IPv4 IPV6
32bits addressing 128bits addressing
63
63. List some IPv6 features that are not present in \IPv4:
Scoped Addresses, autoconfiguration and Quality of Service
64
64. Describe advantage of IPv6 scoped addressing:
IPv6 scoped addresses give the administrators the ability to group and then block or allow access to network services such as file servers or printing.
65
65. What is IPv6 autoconfiguration?
IPv6 Autoconfiguration removes the need for both Dynamic Host Configuration Protocol (DHCP) and Network Address Translation (NAT).
66
38. List the layers of TCP/IP
Application, Transport, Internet and Link
67
39. Compare the OSI model to TCP/IP Model
Application Application
Presentation Application
Session Application
Transport Transport
Network Internet
Data Link Link
Physical Link
68
40. Compare the Application mode of the TCP/IP model to OSI:
Application Mode is also known as the process. The application mode of the TCP/IP Model is synonymous to the Application, Presentation and Session modes of the OSI.
69
41. Compare the transport mode of the TCP/IP to OSI model:
The transport mode is also known as host to host and it is likened to the transport mode of the OSI model
70
42. Compare the Network mode of the OSI model to TCP/IP:
: this model is known as the internet or internetworking.
71
43. Compare Data Link and Physical Mode of the OSI model to the TCP/IP Model:
the data link and physical layers of the OSI model are likened to the link model of the TCP/IP.
72
44. TCP/IP can be secured using……:
Virtual Private Networks
73
45. Advantages of VPN:
VPN links are encrypted to add privacy, confidentiality and authentication.
74
46. List Protocols used to establish VPNs:
Point to Point Tunneling Protocol (PPTP), Layer 2 Tunneling Protocol (L2TP), Secure Shell (SSH), Open VPN (SSL/TLS VPNs) and Internet Protocol Security (IPSec).
75
47. List Protocol in Application state of TCP/IP
: File Transfer Protocol FTP, Telnet, Simple Network Management Protocol SNMP, Line Print Daemon LPD, Trivial File Transfer Protocol TFTP, Simple Mail Transfer Protocol SMTP, NFS, X Window
76
48. What are TCP wrappers?
TCP wrappers is an application that can serve as a basic firewall by restricting access to ports and resources based on user IDs or system IDs.
77
49. List 2 TCP/IP Transport Layer Protocols:
Transmission Control Protocol (TCP) and User Datagram Protocol (UDP).
78
50. Explain TCP (TCP/IP) Protocol:
Transmission Control Protocol (TCP) Internet Protocol is a full duplex connection oriented protocol. Operates at transport layer of the OSI model
79
51. Explain UDP (TCP/IP) Protocol:
User Datagram Protocol (UDP) is a simplex connectionless protocol. It operates at transport layer of the OSI model, it offers no error detection or correction, does not use sequencing, does not use flow control mechanism, does not use preestablished session and is considered unreliable
80
52. What is a port?
Port is a little more than an address number that both ends of the communication link agree to use when transferring data within the transport layer. Ports allow a single IP address to be able to support multiple simultaneous communications each using a different port no.
81
53. What is socket?
A combination of IP address and port number is known as socket
82
54. Ports 0 -1023 are known as:
registered software ports
These are ports that have one or more networking software products specifically registered with International Assigned Numbers Authority (IANA).
83
55. Ports 1024 to 19151 are known as: registered software ports
These are ports that have one or more networking software products specifically registered with International Assigned Numbers Authority (IANA).
84
56. Ports 49152 to 65535 are known as
Random, Dynamic Ephemeral Ports as they are randomly and temporarily used by clients as a source port. The IANA recommends that ports 49152 to 65535 be used as dynamic and/or private ports.
85
57. Explain the TCP three-way handshake
1 the client sends a SYN (synchronise) flagged packet to the client. 2. The server responds with a SYN/ACK (synchronise and acknowledge) flagged packet back to the client. 3. The client responds with an ACK (acknowledge) flagged packet back to the server
86
58. List TCP headers flag field
Unskilled Attackers Pester Real Security Folk. CWR, ECE, URG, ACK, PSH,RST,SYN,FIN) i.e. Congestion Window Reduced, Explicit Congestion Notification-Echo, Urgent Acknowledgement, Push, Rest, Synchronize, Finish.
87
59. What is UDP used for
UDP is often employed by real time or streaming communications for audio and video.
88
60. Describe UDP Header
UDP header is 8bytes (64 bits) long. The header is divided into 4 sections or fields (each 16 bits long). Source Port, Destination Port, message length and checksum.
89
61. Describe TCP/IP Internet Protocol
: it operates at the Network Layer of the OSI model and is known as the Internet Protocol (IP). IP provides route address for data packets.it provides means of identity and prescribes transmission paths. It is similar to UDP, IP is connectionless and unreliable.
90
62. Compare IPv4 to IPv6:
IPv4 IPV6
32bits addressing 128bits addressing
91
63. List some IPv6 features that are not present in IPv4:
Scoped Addresses, autoconfiguration and Quality of Service
92
64. Describe advantage of IPv6 scoped addressing
IPv6 scoped addresses give the administrators the ability to group and then block or allow access to network services such as file servers or printing.
93
65. What is IPv6 autoconfiguration?
IPv6 Autoconfiguration removes the need for both Dynamic Host Configuration Protocol (DHCP) and Network Address Translation (NAT).
66. What is IPv6 Quality of Service? IPv6 Quality of Service (QoS) priority values allow for traffic management based on prioritized content.
94
66. What is IPv6 Quality of Service
IPv6 Quality of Service (QoS) priority values allow for traffic management based on prioritized content
95
67. Describe Internet Control Message Protocol (ICMP):
Internet Control Message Protocol is used to determine the health of a network or a specific link
96
68. ICMP Acronym means:
Internet Control Message Protocol
97
69. Internet Control Message Protocol (ICMP) is utilised by:
Ping, traceroute, pathping and any other network management tools.
98
70. Describe ping in Internet Control Message Protocol (ICMP):
ping utility employs ICMP echo packets and bounces them off remote systems. Ping can be used to check is a remote system is online.
99
71. Internet Control Message Protocol (ICMP) are exploited by
Denial of Service (DoS), ping of death, smurf attacks and ping floods.
100
72. Explain Ping of Death
Ping of Death sends a malfunctioned ping larger than 65,535 bytes to a computer in order to crash it.
Note: Malfunctioned ping is an IP packet that lacks order or contains a code that is expected to confuse or disrupt computers, firewalls, routers or any service present on a network.
101
73. Explain Smurf Attacks
Smurf attacks generate enormous amounts of traffic on a target network by spoofing broadcast pings. It is a Distributed Denial of Service attack (DDoS)
Wiki: It is a distributed denial of service attack in which large numbers of internet control message protocol (ICMP) packets with the intended victim’s spoofed source IP are broadcast to a computer network using an IP broadcast address.
Spoofing involves creating of an IP packet with false IP address for the purpose of impersonating another computer system.
102
74. Describe Internet Group Management Protocol
Internet Group Management Protocol (IGMP) allows systems to support multicasting. it is used by hosts to register their dynamic multicast group membership. Multicasting is the transmission of data to multiple specific recipients. It is also used by connected routers to discover these groups
103
75. What is multicasting
multicasting is the transmission of data to multiple specific recipients.
104
76. What is Address Resolution Protocol (ARP):
Address Resolution Protocol is essential to the interoperability of logical and physical addressing schemes. ARP uses caching and broadcasting to perform its operations. The basis of ARP is Media Access control.
ARP should:
Accept Request: A new device asks to join the LAN, providing and IP address
Translate: Devices on the LAN don’t communicate via IP address
Send Requests:
105
77. Term for Address Resolution Protocol abuse is
Address Resolution Protocol cache (ARP) Poisoning.
106
78. Define ARP cache poisoning:
ARP cache poisoning is where an attacker inserts bogus information into the ARP cache. It is also known as ARP Spoofing
107
79. Describe Telnet
this is a terminal emulation network application that supports remote connectivity for executing commands and running applications but not support transfer of files.
108
80. What is port for Telnet:
TCP Port 23
109
81. Describe File Transfer Protocol (FTP
File Transfer Protocol: This is a network application that supports an exchange of files that requires anonymous or specific authentication
110
82. Acronym for FTP means:
File Transfer Protocol
111
83. File Transfer Protocol Port:
TCP Port 20 for passive data or active (ephemeral) data and data transfer and Port 21 for control connection
112
84. Acronym for TFTP means:
Trivial File Transfer Protocol
113
85. Describe Trivial File Transfer Protocol (TFTP):
Trivial File Transfer Protocol is a network application that supports the exchange of files that does not require authentication
114
86. Trivial File Transfer Protocol (TFTP) Port
UDP Port 69
115
87. Describe Simple Mail Transfer Protocol (SMTP)
this is a protocol used to transmit email messages from a client to an email server and from one email server to another.
88. SMTP acronym means- Simple Mail Transfer Protocol
116
88. SMTP acronym means
Simple Mail Transfer Protocol
117
89. SMTP_ Simple Mail Transfer Protocol operates from which port
TCP Port 25
118
90. ICMP and IGMP operate in which layer of the OSI model?
Network Layer- Layer 3.
119
91. POP3 Means
Post Office Protocol
92. POP3 Port- TCP Port 110
120
93. Describe POP3:
This is a protocol used to pull email messages from inbox on an email server down to an email client. TCP Port 110
121
94. IMAP Means
Internet Message Access Protocol
122
POP3 Port
TCP Port 110
123
95. IMAP (Internet Message Access Protocol) Port-
TCP Port 143
124
96. Describe Internet Message Access Protocol
This is a protocol used to pull messages from an inbox on an email server down to an email client. IMAP is more secure than POP3
125
97. DHCP means
Dynamic Host Configuration Protocol (DHCP
126
98. Dynamic Host Configuration Protocol (DHCP) uses ports
UDP ports 67 and 68. Port 67- as destination port on server to receive client communications and port 68 as source for client requests. It is used to assign TCP/IP configuration settings to systems upon bootup.
127
99. HTTP means
Hypertext Transfer Protocol
128
100. HTTP uses port-
TCP Port 80
129
101. SSL means
Secure Socket Layer
130
102. SSL Port
TCP Port 443 (for HHP encryption)
131
103. Describe SSL
Secure Socket Layer (SSL) is a VPN like security protocol that operates in the transport layer. It was originally designed to support web communications (HTTPS) but is capable of securing any Application later protocol communications
132
104. LPD means
Line Print Daemon (LPD)
133
105. Line Print Daemon (LPD) Port-
TCP Port 515
134
106. Define Line Print Daemon (LPD)-
Line Print Daemon (LPD)This is a network service that is used to spool print jobs to and send print jobs to printers.
135
X window uses port
TCP Ports 6000-6063
136
108. Describe X Window-
This a GUI API for command line operating systems
137
109. Network File System (NFS) uses Port-
TCP Port 2049
138
110. NFS- means
Network File System
139
111. Describe NFS
This is a network service used to support file sharing between dissimilar systems.
140
112. Simple Network Management Protocol (SNMP) Port is? Also Explain
112. Simple Network Management Protocol (SNMP) UDP Port 161 (UDP Port 162 for trap messages) this is a network used to collect network health and status information by polling monitoring devices from the polling station.
141
113. Uses Of SNMP
SNMP Means Simple Network Management Protocol
SNMP is a standard network supported by most network devices and TCP/IP compliant hosts.
142
114. SNMP port-
UDP Ports 161 and 162
143
115. Uses of SNMP Ports are:
UDP 161 is used by SNMP agent to receive requests and UDP Port 162 is used by the management console to receive responses and notifications
144
116. What are trap messages:
Simple Network Management Protocol (SNMP) trap messages inform the management console when an event or threshold violation occurs on a monitored system. UDP Port 162 is used for this.
145
117. Explain Multilayer Protocol with an example:
TCP/IP is a protocol suite that comprises of individual protocols spread across various protocol stack layers
146
118. Benefits of Multilayer Protocol
TCP/IP benefits from its mechanism of encapsulation e.g.
• A wide range of protocol can be used at higher layers
• Encryption can be incorporated at various layers
• Flexibility and resilience in complex network structures is supported
147
119. Disadvantage of Multilayer Protocol:
covert channels are allowed, filters can be bypassed
148
120. DNP means
Distributed Network Protocol
149
121. Explain DNP
Distributed Network Protocol is used in electric and water utility management industries. It is used to support communications between data acquisition systems and system control equipment.
150
122. List some TCP/IP Vulnerabilities:
to buffer overflows,
SYN flood attacks, various
denial-of-service (DoS) attacks,
fragment attacks, o
versized packet attacks,
spoofing attacks,
man-in-the-middle attacks,
hijack attacks,
and coding error attacks
151
123. DNS means
Domain Name System
152
124. Explain DNS:
DNS is made up of 3 layer:
• Third layer or bottom layer is the MAC address. MAC address or hardware address is a permanent physical address
• Middle layer is the IP address. IP address is a temporary logical address
• The top layer is the domain name: domain name is the computer name and it is a temporary human friendly convention assigned over or onto the IP address.
DNS links IP address and human friend Fully qualified Domain Names (FQDN): FQDN contains 3 parts i.e.
• Top Level Domain (TLD) the .com, org, edu, mil, gov
• Registered Domain name the google
• Subdomains or host name the www
153
125. DNS operates in which ports:
Domain Name System operates over TCP and UDP Port 53
154
126. DNSSEC means
Domain Name System Security Extensions
155
127. What is the primary function of DNSSEC
Domain Name System Security Extensions primary function is to provide reliable authentication between devices during DNS operations.
156
128. Explain DNS Poisoning:
Domain Name System (DNS) Poisoning is the act of falsifying the DNS information used by a client to reach a desired system.
157
129. The act of deploying a rogue DNS server is known
as DNS Spoofing or DNS Pharming
158
130. Explain DNS Spoofing or DNS Pharming
DNS Spoofing or DNS Pharming occurs when A rogue DNS server can listen in on network traffic for any DNS query or specific DNS queries related to a target site. Then the rogue DNS server sends a DNS response to the client with false IP information. This attack requires that the rogue DNS server get its response back to the client before the real DNS server responds. Once the client receives the response from the rogue DNS server, the client closes the DNS query session, which causes the response from the real DNS server to be dropped and ignored as an out-of-session packet.
159
131. Explain DNS Poisoning:
DNS Poisoning involves attacking the real DNS server and placing incorrect information into its file zone
160
132. List some ways to attack or exploit DNS
DNS Poisoning, DNS Pharming or Spoofing, Alter host files, corrupt IP configuration.
161
133. How can DNS threats be reduced:
Limit zone transfers from internal DNS servers to external DNS Severs.
• Deploy Network intrusion Detection Systems (NIDS) to watch for abnormal DNS traffic
• Harden all DNS Servers
• Use DNSSEC to secure your DNS infrastructure
• Require internal clients to resolve all domain names through internal DNS.
162
134. What is pharming?
Pharming is the malicious redirection of a valid website’s URL or IP address to a fake website that holds a false version of the original valid site.
163
135. Explain Domain Hijacking:
Domain Hijacking or Domain Theft is the malicious action of changing the registration of a domain name without the authorization of the valid user. Sometimes when another person registers a domain name immediately after the original owner’s registration expires, it is called domain hijacking.
164
136. What is converged protocols:
converged protocols is the merging of specialty or proprietary protocols with standard protocols e.g. those from TCP/IP suite.
165
137. List some converged protocols:
• Fibre Channel over Ethernet (FCoE)
• Multiprotocol Label Switching (MPLS)
• Internet Small Computer System Interface (iSCSI)
• Voice over IP (VoIP)
166
138. Advantages of Multiprotocol Labelling Switches (MPLS
Saves time
• Designed to handle a wide range of protocols through encapsulation
167
139. What is Multiprotocol Labelling Switches (MPSL):
Multiprotocol Labelling Switches (MPSL) is a high throughput high performance network technology that directs data across a network based on short path labels rather than longer network addresses.
168
140. What is internet Small Computer System Interface (iSCSI)?
Internet Small Computer System Interface (iSCSI) is a networking storage standard based on IP.
169
141. Advantage of internet Small Computer Systems Interface:
it can be used to enable location independent storage, transmission and retrieval over LAN etc.
• It is viewed as a low cost alternative to Fibre Channel
170
142. Explain VoIP:
Voice over IP is a tunnelling mechanism used to transmit voice and or data over TCP/IP.
171
143. Advantages of VoIP:
: it is cheap
• Can be used as phone replacement
• Supports video and data transmission
• Available in commercial and open source options e.g. skype
172
144. What is Software Defined Networking (SDN):
): Software Defined Networking (SDN) is a unique approach to network operation, design and management. It is based on the theory that complexities in the traditional network device configuration often force an organisation to stick with a single device.
173
145. Advantages of Software Defined Networking (SDN):
Software Defined Networking (SDN) is network Neutral.
• Cost effective as it is vendor neutral.
• It is effectively Network Virtualization.
174
146. What is Content Distribution Network:
Content Distribution Network or Content Delivery Network is a collection of resource services deployed in numerous data centers across the internet in order to provide low latency, high performance and high availability of hosted content example of CDN Service providers are Akamai, Amazon etc.
175
147. What are Wireless Networks:
: this is a popular method of connecting corporate and home systems because of the ease of deployment and relatively low costs
176
148. List wireless vulnerabilities
distance eavesdropping, packet sniffing, DoS, Intrusion
177
149. What is data emanation?
Data emanation is a form of electronic eavesdropping. When data travels within a computer or through the network wires, an electromagnetic field is generated. By reading the magnetic field, unauthorized users can get the confidential data. This act is known as data emanation.
178
150. What are wireless cells?
Wireless cells are areas within a physical environment where a wireless device can connect to a wireless access point
179
151. Wireless Access Points should be deplored to use_______ rather than _____________.
Infrastructure MODE, Ad hoc mode
180
152. Wireless systems configured in ad hoc mode means:
Ad hoc mode means that any 2 networking devices including 2 NICs can communicate without a central control authority.
181
153. List the variations of Infrastructure mode:
stand alone mode, wired extension, enterprise extended, bridge.
182
154. Explain stand alone infrastructure mode
Stand alone infrastructure mode is when a wireless access point connecting wireless clients to each other but not to any wired resources
183
155. Explain wired extension mode infrastructure
Wired extension mode occurs when the wireless access points act as a connection point to link the wireless clients to a wired network.
184
156. Explain Enterprise Extended mode infrastructure:
Enterprise Extended mode infrastructure occurs when multiple wireless access point (WAPs) are used to connect a large physical area to the same wired network.
185
157. ESSID means
Extended Service Set Identifiers
186
158. What is Bridge Mode Infrastructure
Bridge Mode Infrastructure occurs when a wireless connection is used to link 2 wired networks.
187
159. SSID means
Service Set Identifier
188
160. List the 2 types of Service Set Identifiers (SSID):
Extended Service Set Identifiers (ESSID) and Basic Service Set Identifier (BSSID)
189
161. What is Extended Service Set Identifier (ESSID):
Extended Service Set ID is the name of the wireless network when a wireless base station or WAP is used (Infrastructure Mode).
190
162. What is ISSID:
Independent Service Set Identifier is the name of the wireless network when in ad hoc peer to peer mode (i.e., when Wireless Access Point WAP is not used)
191
163. Securing Service Set Identifiers (SSIDs):
SSIDs should be changed to something unique before deployment.
• SSID broadcast by WAP via a special transmission called beacon frame should be disabled. (not effective though! WPA2 should be used)
192
164. What is site survey?
Site Survey is the process of investigating the presence, strength and reach of wireless access point deployed in an area.
193
165. List 2 IEEE 802.11 ways of authenticating wireless clients to WAPs:
Open System Authentication (OSA) and Shared Key Authentication (SKA)
194
166. Explain Open System Authentication (OSA):
Open Systems Authentication (OSA) means no real authentication is needed. As long as radio system is transmitted from the client and WAP, communications is allowed.
195
167. Wireless Equivalent Privacy is defined by ________:
IEEE 802.11 standard
196
168. Advantages of WEP are:
Wireless Equivalent Privacy (WEP) provides protection from packet sniffing and eavesdropping
• Can be configured to prevent unauthorised access.
• A hash value is used to verify that received packets weren’t modified or corrupted while in transit; thus WEP also provides integrity protection.
197
169. WEP means
Wireless Equivalent Privacy (WEP)
198
170. WEP encryption uses _________ Cipher:
Rivest Cipher 4 (RC4 cipher)
199
171. Describe Wi-Fi Protected Access (WPA
Wi-Fi Protected Access was designed as the replacement for WEP.
200
172. LEAP means
Lightweight Extensible Authentication Protocol (LEAP).
201
173. Wi-Fi Protected Access (WPA) is based on _____ and _______:
Lightweight Extensible Authentication Protocol (LEAP) and Temporal Key Integrity Protocol (TKIP)
202
174. _____ often requires a single passphrase for authentication.
Wifi Protected Access (WPA
203
175. Name 1 Wi-Fi Protected Access (WPA) vulnerability:
Brute Force Attack
204
176. WPA means
Wi-Fi Protected Access
205
177. Another name for Wifi Protected Access 2 (WPA2)
802.11i
206
178. What is Wifi Protected Access 2:
WPA2 is a new encryption scheme known as the Counter Mode Cipher Block Chaining Message Authentication Code Protocol (CCMP), which is based on the AES encryption scheme.
207
179. EAP means
Extensible Authentication Protocol
208
180. PEAP means
Protected Extensible Authentication Protocol
209
181. Explain 802.1X/EAP
WPA and WPA2 support the enterprise authentication known as 802.1X/EAP, a standard port- based network access control that ensures that the clients cannot communicate with a resource until proper authentication has taken place.
210
182. Advantage of Extensible Authentication Protocol (EAP):
Extensible Authentication Protocol (EAP) allows for new authentication technologies to be compatible with existing wireless point to point connection.
211
183. Explain Protected Extensible Authentication Protocols (PEAP):
PEAP encapsulates EAP methods within a TLS tunnel that provides authentication and potentially encryption.
• Used for securing communications over 802.11
• Can be emploted by WPA or WPA2
212
184. What is Lightweight Extensible Authentication Protocol (LEAP)?
Lightweight Extensible Authentication Protocol (LEAP) is a Cisco proprietary alternative to Temporary Key Integrity Protocol (TKIP) for WPA. It was developed to address deficiencies in TKIP before 802.11i/WPA2 was ratified as a standard.
213
What is MAC filter
MAC filtering on a network permits and denies network access to specific devices through the use of blacklists and whitelists
214
186. What is Temporal Key Integrity Protocol (TKIP)?
Temporal Key Integrity Protocol (TKIP) improvements include key mixing function that combines Initialization Vector (IV) with the secret root key before using that key with RC4 to perform encryption
215
187. What is Counter Mode with Cipher Block Chaining Message Authentication Code Protocol CCMP?
Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP) uses AES (Advanced Encryption Standard) with 128-bit key. It is a preferred standard security protocol and no attacks have been successful yet against CCMP/AES.
216
188. What is Captive Portal?
Captive Portal is an authentication technique that redirects a newly connected wireless web client to a portal access control page. E.g. redirection to acceptable use policy, privacy policy etc.
217
189. List some wireless attacks that you know
• War driving
• War chalking
• Replay Attack
• Initialization Vector (IV)
• Rogue Access Points
• Evil Twin
218
190. What is War Driving?
War Driving is the act of using a detection tool to look for wireless networking signals by someone who does not have authorized access to such networks.
219
191. What is war chalking?
War chalking is the act of physically marking an area with information about the presence of a wireless network. closed circle indicated a closed or secured wireless network, and two back-to-back half circles indicated an open network.
220
192. What is Replay Attack?
A Replay Attack is the act of retransmission of captured communications in the hope of gaining access to the targeted system.
221
193. How to mitigate replay attack:
Use Network Intrusion Detection Systems
222
194. What is Initialization Vector?
Initialization Vector is a term for a random number.
223
195. What is Initialization Vector Attack?
Initialization Vector attack is an exploitation of how Initialization Vector is handled.
224
196. What are rogue access points?
A rogue access point is a wireless access point that has been installed on a secure network without explicit authorization from network owner, whether added by a well-meaning employee or by a malicious attacker.
225
197. What is Evil Twin?
An evil twin is a fraudulent Wi-Fi access point that appears to be legitimate but is set up to eavesdrop on wireless communications
226
198. Vulnerability attack of evil twin are:
spoofing attack, man in the middle. Man in The Middle (MITM) attacks can lead to session hijacking, data manipulation and credential theft and identity theft.
227
199. What is Intranet
Intranet is a private network that is designed to host the same information services found on the internet.
228
200. What is extranet?
An extranet is a cross between the internet an intranet. An extranet is a section of an organisation’s network that has been sectioned off so that it acts as an intranet for the private network but also serves information to the public internet. An extranet for public consumption is typically labelled a demilitarized zone (DMZ) or perimeter network
229
201. To boost performance on a network use………….:
Network Segmentation
230
202. List some advantages of network segmentation
boost performance.
• Reduce communication problems
• Providing security
231
203. What is Network Access Control:
Network Access Control is a concept of controlling access to an environment through strict adherence to implementation of security policy
232
204. Goals of NAC are:
• Prevent zero day attacks
• Enforce security policy throughout the network
• Use identities to perform access control
233
205. What are firewalls?
Firewalls are essential tools for controlling and managing network traffic. It is typically deployed between a private network and link to the internet.
234
206. List some types of firewalls:
SACS
Static Packet Filtering Firewalls,
• Application- Level Gateway Firewalls,
• Circuit Level Gateway Firewalls
• Stateful Inspection Firewalls
• Deep Packet Inspection Firewalls
235
207. What is Static Packet Filtering Firewalls
Static Packet filtering firewalls filters traffic by examining data from the message header.
• Unable to provide user authentication
• Known as fist generation firewalls
• Operate at Network Layer (Layer 3)
236
208. What is Application Level Gateway Firewall?
An Application level gateway firewall is called proxy firewall. A Proxy is a mechanism that copies packets from one network into another.
• Copy process also changes the source and destination addresses to protect the identity of internal or private network.
• They are known as second generation firewalls
• They operate at Application layer (Layer 7)
237
209. What are Circuit-Level Gateway Firewalls?
Circuit-level Gateway Firewalls are used to establish communication sessions between trusted partners.
• They operate in Session Layer (Layer 5)
• They manage communications based on the circuit
238
210. What are stateful Inspection Firewalls?
Stateful Inspection firewalls evaluate the state and the context of network traffic. They are also known as dynamic state firewalls.
• stateful inspection firewalls are able to grant a broader range of access for authorized users and activities and actively watch for and block unauthorized users and activities.
• They are known as third generation firewalls
• Operate in Network and transport layers (Layer 3 and 4)
239
211. What are deep packet inspection firewalls?
Deep Packet Inspection Firewalls is a filtering mechanism that operates typically at the application layer in order to filter payload contents of a communication rather than only on the header values.
• DPI is often integrated with application layer firewalls or stateful inspection firewalls
240
212. What are Next Gen Firewalls?
Next Gen Firewalls are multifunction device (MFD) composed of several security features in addition to firewall e.g. IDS, IPS, TLS/SSL proxy, VPN anchoring.
241
213. What are Multihomed firewalls?
Multihomed firewalls (aka dual homed firewalls) must have 2 interfaces to filter traffic.
242
214. What are bastion hosts
Bastion Hosts is a computer or appliance that is exposed on the internet and has been hardened by removing all the unnecessary elements.
243
215. What is screened host?
Screened host is a firewall protected system logically positioned just inside a private network.
244
216. What is a screened subnet?
A screened subnet is a firewall protected system logically positioned inside a private network with a subnet placed between the 2 routers or firewalls and the bastion hosts is located within the subnet. This is the concept of a DMZ.
245
217. List Firewall Deployment Architectures:
single tier, two tier, and three tier (multiplier)
246
218. What is endpoint security?
End Point Security is the concept that each individual device
247
219. Collision occurs when:
2 systems transmit data at the same time onto a connection medium that supports only a single transmission path.
248
220. What is broadcast:
Broadcast occurs when a single system transmits data to all possible recipients.
249
Describe a collision domain:
Collision domain is a group of networked systems that could cause a collision if any 2 (or more) of the systems in that group transmitted simultaneously.
250
222. Describe a broadcast domain:
broadcast domain is a group of networked system in which all other members receive a broadcast signal when one of the members of the group transmits it.
251
223. List some network devices:
hubs, modems, repeaters, amplifiers and concentrators
252
224. What do repeaters, amplifiers and concentrators do?
Repeaters, concentrators, and amplifiers are used to strengthen the communication signal over a cable segment as well as connect network segments that use the same protocol. They operate at the physical layer (layer 1)
253
225. What do hubs do?
Hubs are used to connect multiple systems and connect network segments that use the same protocol. They operate at the physical layer (layer 1)
254
226. What are bridges?
A Bridge is used 2 connect 2 networks together, even network of different topologies, cabling types, speeds, in order to connect network segments that use the same protocol. They operate at Data Layer (layer 2).
255
227. What are switches?
Switches know the addresses of the systems connected on each out bound port. Switches operate on Data Layer (Layer 2). Switches with additional features like routing operate in layer 3.
256
228. What are routers?
Routers are used to control traffic flow on networks and are often used to connect similar networks and control traffic flow between the two. They operate in the network layer (Layer 3)
257
229. What are brouters?
Brouters are combination devices comprising a router and a bridge. A brouter attempts to route first, but if that fails, it defaults to bridging. Thus, a brouter operates primarily at layer 3 but can operate at layer 2 when necessary.
258
230. What is a gateway?
A gateway connects networks that are using different network protocols. It is also known as translators. They operate on the Application layer (Layer 7)
259
231. What are proxies?
A proxy is a form of gateway that does not translate across protocols.
260
What are LAN extenders?
A LAN extender is a remote access, multilayer switch used to connect distant networks over WAN link
261
233. Name the 2 basic types of networks:
LAN & WAN
262
234. What is LAN?
Local Area Network (LAN) is a network spanning a single floor or building
263
235. What is WAN?
Wide Area Network (WAN) is assigned to long distance connections between geographically remote networks.
264
236. Types of coaxial cables
thinnet and thicknet
265
what is network topology?
Network topology refers to the physical layout and organisation of computers and networking devices
266
238. What is logical topology
logical topology refers to the grouping of networked systems into trusted collectives.
267
239. List 4 typical network topologies:
ring, bus, star, mesh
268
240. Ring topology means:
Ring topology connects each system points in a circle. The connection acts as a unidirectional transmission loop.
• Only one system can transmit at a time
• Traffic management is performed by a token
269
241. Explain bus topology:
bus topology connects each system to a trunk or backbone cable.
• All systems on the bus can transmit data at a time
• It is collision prone
• To avoid collision, buses listen for other currently occurring traffic
270
242. There are 2 types of bus topologies:
linear and tree
271
243. What is linear (bus) topology:
Linear topology employs a single trunk line with all systems directly connected to it.
272
244. What is tree (bus) topology
tree topology employs a single trunk line with all branches that can support multiple systems
273
245. What is star topology:
Star topology employs a centralized connection device. This can be a hub or switch.
• The central point is a single point of failure
274
246. What is mesh topology?
Mesh topology connects systems to other systems using numerous paths.
• It adds redundancy to the systems.
275
247. What is Frequency Hopping Spread Spectrum (FHSS)?
Frequency Hopping Spread Spectrum (FHSS) transmits data in a series while constantly changing the frequency in use.
276
248. What is Direct Sequence Spread Spectrum
Direct Sequence Spread Spectrum employs all the available frequencies simultaneously in parallel.
277
249. What is Orthogonal Frequency-Division Multiplexing?
Orthogonal Frequency-Division Multiplexing (OFDM) employs a digital multicarrier modulation scheme that allows for a more tightly compacted transmission.
278
250. What is IEEE 802.15?
IEEE 802.15 refers to Bluetooth.
279
251. What are Personal Area Networks (PAN)?
Personal Area Networks (PAN) connects electronic devices within the user’s immediate area e.g. Bluetooth
280
252. List some Bluetooth vulnerabilities:
Bluejacking, Bluesnarfing, Bluebugging
281
253. What is bluejacking:
Bluejacking allows the attacker to transmit Short Message Service (SMS) like messages to your device using Bluetooth.
282
What is bluesnarfing?
Bluesnarfing allows hackers to connect to your Bluetooth devices without your knowledge and extract information.
• This attack offer hackers access to your contact list, data and conversations
283
255. What is bluebugging?
Bluebugging offer attackers remote control over features and function of a Bluetooth device.
284
256. What is the range of Bluetooth?
30feet but some devices can function more than 100 meters away.
285
257. RFID means
Radio Frequency Identification (RFID)
286
258. What is Radio Frequency Identification?
Radio Frequency Identification (RFID) is a tracking technology based on the ability to power a radio transmitter using current generated in an antenna when placed in a magnetic field.
• RFID can be attached to devices or integrated into their structure
• There is some concern that RFID can be a privacy-violating technology
287
259. What is Near Field Communications (NFC)?
Near Field Communications (NFC) is a standard that establishes radio communications between devices in close proximity.
288
260. List some Near Field Communications (NFC) Vulnerabilities
Man in the middle, eavesdropping, data manipulation and replay attacks.
289
POD means
Personal Owned Device
290
262. PED means
Personal Electronic Device
291
263. PMD means
Personal Mobile Device
292
264. 2 Points about coaxial cables:
Coaxial cables have a centre core of copper wire surrounded by a layer of insulation, which is surrounded by a conducive braided shielding and encased in final shielding.
• The design makes it fairly resistant to electromagnetic interference (EMI)
293
266. List the 2 types of coaxial cables:
thinnet and thicknet
294
267. Use of thinnet coaxial cable:
Thinnet coaxial cable (aka base 5) is used to connect systems to backbone trunks of thicknet cabling and can span 185meters.
295
268. Use of thicknet cable:
span 500meters
296
269. Problems of coaxial cables:
bending can break the centre conductor
• Deploying cable in length greater than the recommended length.
• Not properly terminating the ends of the coaxial cable
• Not grounding at least one end of a terminated coaxial cable.
297
270. What is twisted pair cable:
twisted pair cable is thinner than the coaxial cable and more flexible. It consists of four pairs of wires that are twisted around each other and then sheathed in a PVC insulator.
298
271. List the 3 main LAN technologies:
Ethernet, token and Federated Distributed Data Interfaces (FDDI)
299
272. Describe Ethernet:
Ethernet is a shared LAN technology. It allows numerous devices to communicate over the same medium but requires that the device take turns communicating and performing collision detection and avoidance.
• Ethernet can support full duplex communications i.e. (full 2 way).
• It is employed in star and bus topologies
300
273. Describe Token Ring:
Token Ring employs a token passing mechanism to control which system can pass over a network medium.
• Token travels in a logical loop among all members
• Can be employed in star or ring topology
• Higher cost than ethernet
• Difficult to manage and deploy.
301
274. Difference between analogue and digital communications:
analogue communications occur with a continuous signal that varies in voltage etc
• Digital communications occur through the use of discontinuous electrical signal.
302
275. What is baseband?
Baseband support a single communication channel. It uses a direct current applied to the cable
303
276. What is broadband?
Broadband support multiple simultaneous signals.
• Broadband uses multiple simultaneous signals
304
277. Describe multicast, unicast and broadcast:
• Broadcast technology supports communications to all possible recipients.
• Multicast technology supports communications to multiple specific recipients.
• Unicast technology supports only a single communication to a specific recipient.
305
A
A
306
A
A
307
A
A
308
A
A
