Chapter 3 Flashcards

(37 cards)

1
Q

Sniffing attack.

A

Attackers often use a protocol analyzer to capture data sent over a network. After capturing the data, attackers can easily read the data within the protocol analyzer when it has been sent in cleartext.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

DoS A denial-of-service (DoS)

A

service attack from a single source that attempts to disrupt the services provided by another system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

A distributed DoS (DDoS) attack

A

attack includes multiple computers attacking a single target.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Poisoning attack.

A

Many protocols store data in cache for temporary access. Poisoning attacks attempt to corrupt the cache with different data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Transmission Control Protocol/Internet Protocol (TCP/ IP)

A

provide basic connectivity. Other protocols, such as Hypertext Transfer Protocol (HTTP) and Simple Mail Transfer Protocol (SMTP), support specific types of traffic.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

default port for HTTP

A

80

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

TCP. Transmission Control Protocol

A

provides connection-oriented traffic

TCP uses a three-way handshake and To start a TCP session, the client sends a SYN (synchronize) packet. The server responds with a SYN/ACK (synchronize/acknowledge) packet, and the client completes the third part of the handshake with an ACK packet to establish the connection.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

UDP. User Datagram Protocol

A

provides connectionless sessions (without a three- way handshake). While TCP traffic provides guaranteed delivery, UDP makes a best effort to deliver traffic without using extra traffic to ensure delivery.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

IP. The Internet Protocol (IP)

A

identifies hosts in a TCP/IP network and delivers traffic from one host to another using IP addresses.

IPv4 uses 32-bit addresses represented in dotted decimal format, such as 192.168.1.100.

IPv6 uses 128-bit addresses using hexadecimal code, such as FE80:0000:0000:0000:20D4:3FF7:003F:DE62.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

ICMP. Internet Control Message Protocol

A

is used for testing basic connectivity and includes tools such as ping, pathping, and tracert.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

ARP. Address Resolution Protocol

A

resolves IPv4 addresses to media access control (MAC) addresses.

ARP is required once the packet reaches the destination subnet.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

ARP poisoning attacks

A

use ARP packets to give clients false hardware address updates and attackers use it to redirect or interrupt network traffic.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

NDP. Neighbor Discovery Protocol

A

performs several functions on IPv6. For example, it performs functions similar to IPv4’s ARP. It also performs autoconfiguration of device IPv6 addresses and discovers other IPv6 devices on the network such as the address of the default gateway.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Which is used underlying protocol with voice and video streaming.

A

UDP. User Datagram Protocol

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

The Real-time Transport Protocol (RTP)

A

delivers audio and video over IP networks. This includes Voice over Internet Protocol (VoIP) communications, streaming media, video teleconferencing applications, and devices using web-based push-to-talk features.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

The Secure Real-time Transport Protocol (SRTP)

A

provides encryption, message authentication, and integrity for RTP.

helps protect the confidentiality of data from these attacks while also ensuring the integrity of the data transmissions. This provides protection against replay attacks.

17
Q

FTP. File Transfer Protocol

A

uploads and downloads large files to and from an FTP server. By default, FTP transmits data in cleartext, making it easy for an attacker to capture and read FTP data with a protocol analyzer.

18
Q

TFTP. Trivial File Transfer Protocol

A

uses UDP port 69 and is used to transfer smaller amounts of data, such as when communicating with network devices. Many attacks have used TFTP, but it is not an essential protocol on most networks. Because of this, administrators commonly disable it.

19
Q

SSH. Secure Shell

A

Uses TCP port 22

encrypts traffic in transit and can be used to encrypt other protocols such as FTP. Linux administrators often used Telnet when remotely administering systems, but this is not recommended because Telnet sends traffic over the network in cleartext.

20
Q

SSL. The Secure Sockets Layer

A

was the primary method used to secure HTTP traffic as Hypertext Transfer Protocol Secure (HTTPS). SSL can also encrypt other types of traffic, such as SMTP and Lightweight Directory Access Protocol (LDAP). However, it has been compromised and is not recommended for use.

Secure Shell (SSH) encrypts traffic over TCP port 22.

21
Q

TLS. The Transport Layer Security

A

protocol is the designated replacement
for SSL and should be used instead of SSL.

Additionally, many protocols that support TLS use STARTTLS. STARTTLS looks like an acronym, but it isn’t. Instead, it is a command used to upgrade an unencrypted connection to an encrypted connection on the same port.

22
Q

IPsec. Internet Protocol security

A

is used to encrypt IP traffic. It is native to IPv6 but also works with IPv4. IPsec encapsulates and encrypts IP packet payloads and uses Tunnel mode to protect virtual private network (VPN) traffic.

23
Q

SFTP. Secure File Transfer Protocol

A

is a secure implementation of FTP. It is an extension of Secure Shell (SSH) using SSH to transmit the files in an encrypted format. SFTP transmits data using TCP port 22.

Secure FTP (SFTP) uses SSH to encrypt traffic.

24
Q

FTPS. File Transfer Protocol

A

an extension of FTP and uses TLS to encrypt FTP traffic. Some implementations of FTPS use TCP ports 989 and 990. However, TLS can also encrypt the traffic over the ports used by FTP (20 and 21).

FTP Secure (FTPS) uses TLS to encrypt traffic.

25
SMTP. Simple Mail Transfer Protocol
transfers email between clients and SMTP servers. SMTP uses TCP port 25. SMTP unofficially used port 465 with SSL and port 587 with TLS. However, it is now recommended that SMTP use STARTTLS to initialize a secure connection.
26
POP3 and Secure POP. Post Office Protocol v3 (POP3)
transfers emails from servers down to clients. POP3 uses TCP port 110. Secure POP3 encrypts the transmission with SSL or TLS and can use TCP port 995. However, STARTTLS is now recommended to create a secure connection on port 110.
27
IMAP4 and Secure IMAP.
Internet Message Access Protocol version 4 (IMAP4) is used to store email on an email server. IMAP4 allows a user to organize and manage email in folders
28
HTTP. Hypertext Transfer Protocol
transmits web traffic on the Internet and in intranets. Web servers use HTTP to transmit web pages to clients’ web browsers. Hypertext Markup Language (HTML) is the common language used to display the web pages. HTTP uses TCP port 80.
29
HTTPS. Hypertext Transfer Protocol Secure
encrypts web traffic to ensure it is secure while in transit. Web browsers commonly indicate that a secure session is using HTTPS by displaying a lock icon and by including HTTPS in the Uniform Resource Locator (URL) field. HTTPS is encrypted with either SSL or TLS and it uses TCP port 443.
30
Microsoft Active Directory Domain Services (AD DS).
provides the means for administrators to create user objects for each authorized user and computer objects for each authorized computer.
31
Kerberos.
used in Windows domains and some Unix environments. It uses a Key Distribution Center (KDC) to issue timestamped tickets. Kerberos uses UDP port 88.
32
LDAP. Lightweight Directory Access Protocol(
protocol used to communicate with directories such as AD DS. LDAP provides a clear syntax for object identification and management. LDAP uses TCP port 389.
33
LDAP Secure (LDAPS)
encrypts data with TLS using TCP port 636.
34
Group Policy Objects (GPOs)
to configure settings. They can then apply these GPOs to users and computers within the domain.
35
Remote Desktop Protocol (RDP)
connect to other systems from remote locations. Microsoft uses RDP in different solutions such as Remote Desktop Services and Remote Assistance. RDP uses either port TCP 3389 or UDP 3389, though TCP port 3389 is more common.
36
Network Time Protocol (NTP).
the most commonly used protocol for time synchronization, allowing systems to synchronize their time to within tens of milliseconds.
37
Simple NTP (SNTP) protocol
can also be used for time synchronization. However, NTP uses complex algorithms and queries multiple time servers to identify the most accurate time. SNTP does not use these algorithms, so it might not be as accurate as the result from NTP.