Chapter 3 Flashcards
(37 cards)
Sniffing attack.
Attackers often use a protocol analyzer to capture data sent over a network. After capturing the data, attackers can easily read the data within the protocol analyzer when it has been sent in cleartext.
DoS A denial-of-service (DoS)
service attack from a single source that attempts to disrupt the services provided by another system.
A distributed DoS (DDoS) attack
attack includes multiple computers attacking a single target.
Poisoning attack.
Many protocols store data in cache for temporary access. Poisoning attacks attempt to corrupt the cache with different data.
Transmission Control Protocol/Internet Protocol (TCP/ IP)
provide basic connectivity. Other protocols, such as Hypertext Transfer Protocol (HTTP) and Simple Mail Transfer Protocol (SMTP), support specific types of traffic.
default port for HTTP
80
TCP. Transmission Control Protocol
provides connection-oriented traffic
TCP uses a three-way handshake and To start a TCP session, the client sends a SYN (synchronize) packet. The server responds with a SYN/ACK (synchronize/acknowledge) packet, and the client completes the third part of the handshake with an ACK packet to establish the connection.
UDP. User Datagram Protocol
provides connectionless sessions (without a three- way handshake). While TCP traffic provides guaranteed delivery, UDP makes a best effort to deliver traffic without using extra traffic to ensure delivery.
IP. The Internet Protocol (IP)
identifies hosts in a TCP/IP network and delivers traffic from one host to another using IP addresses.
IPv4 uses 32-bit addresses represented in dotted decimal format, such as 192.168.1.100.
IPv6 uses 128-bit addresses using hexadecimal code, such as FE80:0000:0000:0000:20D4:3FF7:003F:DE62.
ICMP. Internet Control Message Protocol
is used for testing basic connectivity and includes tools such as ping, pathping, and tracert.
ARP. Address Resolution Protocol
resolves IPv4 addresses to media access control (MAC) addresses.
ARP is required once the packet reaches the destination subnet.
ARP poisoning attacks
use ARP packets to give clients false hardware address updates and attackers use it to redirect or interrupt network traffic.
NDP. Neighbor Discovery Protocol
performs several functions on IPv6. For example, it performs functions similar to IPv4’s ARP. It also performs autoconfiguration of device IPv6 addresses and discovers other IPv6 devices on the network such as the address of the default gateway.
Which is used underlying protocol with voice and video streaming.
UDP. User Datagram Protocol
The Real-time Transport Protocol (RTP)
delivers audio and video over IP networks. This includes Voice over Internet Protocol (VoIP) communications, streaming media, video teleconferencing applications, and devices using web-based push-to-talk features.
The Secure Real-time Transport Protocol (SRTP)
provides encryption, message authentication, and integrity for RTP.
helps protect the confidentiality of data from these attacks while also ensuring the integrity of the data transmissions. This provides protection against replay attacks.
FTP. File Transfer Protocol
uploads and downloads large files to and from an FTP server. By default, FTP transmits data in cleartext, making it easy for an attacker to capture and read FTP data with a protocol analyzer.
TFTP. Trivial File Transfer Protocol
uses UDP port 69 and is used to transfer smaller amounts of data, such as when communicating with network devices. Many attacks have used TFTP, but it is not an essential protocol on most networks. Because of this, administrators commonly disable it.
SSH. Secure Shell
Uses TCP port 22
encrypts traffic in transit and can be used to encrypt other protocols such as FTP. Linux administrators often used Telnet when remotely administering systems, but this is not recommended because Telnet sends traffic over the network in cleartext.
SSL. The Secure Sockets Layer
was the primary method used to secure HTTP traffic as Hypertext Transfer Protocol Secure (HTTPS). SSL can also encrypt other types of traffic, such as SMTP and Lightweight Directory Access Protocol (LDAP). However, it has been compromised and is not recommended for use.
Secure Shell (SSH) encrypts traffic over TCP port 22.
TLS. The Transport Layer Security
protocol is the designated replacement
for SSL and should be used instead of SSL.
Additionally, many protocols that support TLS use STARTTLS. STARTTLS looks like an acronym, but it isn’t. Instead, it is a command used to upgrade an unencrypted connection to an encrypted connection on the same port.
IPsec. Internet Protocol security
is used to encrypt IP traffic. It is native to IPv6 but also works with IPv4. IPsec encapsulates and encrypts IP packet payloads and uses Tunnel mode to protect virtual private network (VPN) traffic.
SFTP. Secure File Transfer Protocol
is a secure implementation of FTP. It is an extension of Secure Shell (SSH) using SSH to transmit the files in an encrypted format. SFTP transmits data using TCP port 22.
Secure FTP (SFTP) uses SSH to encrypt traffic.
FTPS. File Transfer Protocol
an extension of FTP and uses TLS to encrypt FTP traffic. Some implementations of FTPS use TCP ports 989 and 990. However, TLS can also encrypt the traffic over the ports used by FTP (20 and 21).
FTP Secure (FTPS) uses TLS to encrypt traffic.