Chapter 3 Exploring network technologies and tools Flashcards
What does the Data Link Layer do? and what Level of the OSI(Open systems interconnection model) is it? How might attacks focus on this?
Ensuring data is sent to specific devices by adding a header to it. Including MAC (Source+destination). Attacks can disrupt it by faking a MAC address OR the ARP.
How does TCP work? what are the steps? and what makes it special?
3 way handshake, sends a SYN, recieves a SYN/ACK and sends back an ACK. It guarantees delivery.
What about UDP? steps? special?
Connectionless, no 3 way handshake, it finds the best route.
At what stage of the process is ARP used?
Once it gets into the correct subnet, ARP then converts the IP into a MAC address of the appropriate device/host.
What protocols for Voice (and the protocol that maintains, starts and terminates it)
SRTP, SIP (session initiation protocol)
What protocols would be used for encrypting data in transit (file transferring) and which is the one protocol we don’t use anymore?
FTP, SSH, TLS, IPsec, SFTP (Ssh+ftp), FTPS (TLS+FTP), not in use anymore SSL (replaced by TLS)
List the protocols used for emails and their ports as well as a small description of what they do.
SMTP (Simple Mail Transfer Protocol): TCP port 587 for encrypted emails. Between Clients to SMTP servers.
POP3 (Postoffice protocol v3): TCP Port 995. Between Servers to Clients.
IMAP4: Used for storing emails on an email server. TCP 993
HTTPS: for encrypting webtraffic, could be used if emails are sent from webservers to other webservers. Port 443.
What protocol queries dictionaries? give an example and port number as well.
Lightweight directory access protocol (LDAP). Port TCP 389. Microsoft active directory. LDAP is encrypted with TLS (LDAPS).
Port 3389
Remote Desktop Protocol
Open source suite of tools used by many companies? What are some of it’s uses?
OpenSSH, may use to establish an ssh connection to remote servers, create a public+private key pair (ssh-keygen -t rsa), copy this public key to remote server, after this can connect without password.
SNTP/NTP use case?
May be used for things like kerebos that requires times to be sync’d and accurate.
What does DHCP do?
Dynamic Host Communication Protocol, used by routers and networks - assigns IP address, subnet mask, DNS servers etc to hosts.
How does DHCP server work? 4 steps.
- DHCP host asks a DHCP server for a lease.
- Server answers, offers lease, gives IP etc.
- DHCP client responds by requesting this lease.
- DHCP ack lease, provides
How is DNS poisoning prevented?
Through the use of DNSSEC, uses a digital signature to provide validation for DNS responses.
Difference between Unicast and Broadcast traffic? and how do switches and routers differ?
Unicast directs traffic to a particular IP address. Other hosts will not process/recieve it. Broadcast is when traffic is sent from one to all devices on the subnet. Switches can pass broadcast traffic between ports, routers do not.
How does a switch work initially and why are switches good from a security stand point?
Switches send out broadcast, learning the MAC addresses of each device on each port, updating it to a table. After this, switches relay information between ports, unicast traffic between port 3 and 4 will not be affected if a malicious analyzer is installed on port 1. Also increases efficiency.
In security, what do ports present? issues? benefits?
Unusued ports can present challenges if someone connects. Ports can be filtered based on MAC to only accept connections from XYZ & limit how many connections per port.
How to prevent switch loops? broadcast storms and loop prevention.
Using protocols called STP (Spanning tree protocol) and RapidSTP
When preventing loops in a switch, how does it work?
STP sends out Bridge Protocol Data Unit (BPDU) messages which detect loops. It then shuts down or blocks traffic from switch ports sending redunant traffic.
Physical vs logical ports?
Physical, can plug a cable into it. A logical is a port number within a packet, it identifies services or protocols.
Describe Implicit deny and what context this is used for
Implicit deny is traffic that is not specified on an access control list, is denied. This is used within firewalls and routers.
When do use the route command?
Any situation that you require a display or modification of a system’s routing table, it will show all the paths known by the computer to other networks.
Host-based vs Network based firewalls?
Host based for hosts, servers or work stations. Network-based often dedicated servers and provide protection for the entire network.
Stateless vs stateful differences
Stateless, does not care of state, works on ACLs. Stateful will examine traffic context, is it part of an established session, was there a 3 way handshake? really looks at the details of the packets.
