Chapter 3: Secure Network Architecture and Securing Network Components Flashcards Preview

CISSP > Chapter 3: Secure Network Architecture and Securing Network Components > Flashcards

Flashcards in Chapter 3: Secure Network Architecture and Securing Network Components Deck (182):
1

What is OSI?

Open Systems Interconnect

2

What are the layers of the OSI model?

1. Physical
2. Data Link
3. Network
4. Transport
5. Session
6. Presentation
7 Application

3

What does the Physical Layer in the OSI model do?

The physical layer accepts the frame from the data link layer and converts it into bits for transmission over the physical media, and vice versa. It contains device drivers.

4

What are some examples of specifications or protocols that operate at the physical layer?

EIA/TIA-232 and EIA/TIA-449, X.21, High-Speed Serial Interface (HSSI), Synchronous Optical Network (SONET), V.24 and V.35

5

What network hardware devices operate at the phyical layer?

NICs, hubs, repeaters, concentrators, amplifiers.

6

What is the Data Link Layer?

This layer is responsible for formatting the packet from the Network layer into the proper format for transmission, and vice versa.

7

What are some examples of protocols that operate at the data link layer?

SLIP, PPP, ARP, RARP, L2F (Layer 2 Forwarding), L2TP (Layer 2 Tunneling Protocol), PPTP (Point-to-Point Tunneling Protocol), ISDN.

8

What network hardware devices operate at the data link layer?

Switches and bridges. These support MAC-based traffic routing.

9

Which are the 2 protocols we need to be familiar with at the Data Link Layer?

ARP and RARP

10

What does ARP do?

ARP is the Address Resolution Protocol. It maps IP addresses to MAC addresses.

11

What does RARP do?

RARP is the Reverse Address Resolution Protocol. It maps MAC addresses to IP addresses.

12

What is the Network Layer?

The Network Layer is responsible for adding routing and addressing information to the data. It is not responsible for guaranteeing delivery, but does manage error detection and traffic control.

13

What protocols operate at the Network Layer?

Internet Control Message Protocol (ICMP)
Routing Information Protocol (RIP)
Open Shortest Path First (OSPF)
Border Gateway Protocol (BGP)
Internet Group Management Protocol (IGMP)
Internet Protocol (IP)
Internet Protocol Security (IPSec)
Internetwork Packet Exchange (IPX)
Network Address Translation (NAT)
Simple Key Management for Internet Protocols (SKIP)

14

What hardware devices operate at layer 3?

Routers and bridge routers (brouters).

15

What is the Transport Layer?

The layer responsible for managing the integrity of a connection and controlling the session. This layer defines how much data a segment can contain, how to verify data integrity, and how to determine if data has been lost.

16

What protocols operate at the Transport Layer?

TCP, UDP, Sequenced Packet Exchange (SPX), SSL, TLS.

17

What is the session layer?

The layer responsible for establishing, maintaining, and terminating communications sessions between computers. Controls simplex/duplex. Retransmits lots or damaged segments.

18

What protocols operate at the session layer?

NFS, SQL, RPC

19

What is the presentation Layer?

The layer responsible for transforming data received from the Application layer into a format that any system following the OSI model can understand. Imposes common or standardized structure and formatting rules onto the data. Responsible for encryption and compression.

Most file or data formats are at this layer.

20

What protocols operate at the Presentation Layer?

ASCII, EBCDICM (Extended Binary-Coded Decimal Interchange Mode), TIFF, JPEG, MPEG, MIDI

21

What is the Application Layer?

The application layer is responsible for interfacng user applications, network services, or the operating system with the protocol stack. It determines whether a remote communcations partner is available, and whether sufficient resources are available to support the requested communications.

22

What protocols operate at the Application layer?

HTTP, FTP, LPD, SMTL, TFTP, EDI (Electronic Data INterchange), POP3, IMAP, SNMP, NNTP, S_RPC, SET (Secure Electronic Transaction).

23

What hardware pr services operate at the application layer?

Gateways, application layer firewalls, some filtering software.

24

What are the layers of the TCP/IP model?

Application
Transport
Internet
Link

25

How do the TCP/IP layers map to the OSI layers?

Application: Application/Presentation?Session
Transport: Transport
Internet: Network
Link: Data Link/Physical

26

What TCP/IP protocols operate at the Application Layer?

FTP, Telnet, SNMP, LPD, TFTP, SMTP, NFS, X Windows

27

What TCP/IP protocols operate at the Transport layer?

TCP, UDP

28

What TCP/IP protocols operate at the Internet Layer?

ICMP, IGMP, IP

29

What TCP/IP protocols operate at the Link Layer?

Ethernet, Fast Ethernet, Token Ring, FDDI

30

What are the first 1024 TCP/UDP ports called?

Well-known ports or service ports.

31

What does the ACK TCP header flag mean?

Acknowlegement - Acknowledges a synchronization or shutdown request

32

What does the RST TCP header flag mean?

Reset - Causes immediate disconnect of the TCP session

33

What does the SYN TCP header flag mean?

Synchronization - Requests synchronization with new sequencing numbers

34

What doe sthe FIN TCP header flag mean?

Finish - Requests graceful shutdown of the TCP session

35

What is IP?

IP is the Internet Protocol. It is a connectionless and unreliable datagram protocol. It contains ICMP, IGMP, and ARP.

36

What is IGMP for?

Multicasting

37

What are class D networks?

Class D networks have addresses starting with 1110, or decimal 224-239, and are for multicast traffic.

38

What are class E networks?

Class E networks have addresses starting with 1111, or decimal 240-255, and are for experimental use.

39

What is the CIDR equivalent of a class A network?

/8

40

What is the CIDR equivalent of a class B network?

/16

41

What is the CIDR equivalent of a class C network?

/24

42

What is ICMP?

Internet Control Message Protocol. ICMP is used to determine the health of a network or specific link. Applications: ping, traceroute, pathping

43

What port does telnet operate on?

23/tcp

44

What is typically on port 23/tcp?

telnet

45

What port(s) does ftp operate on

20, 21

46

What is typicall on ports 20/tcp and 21/tcp

FTP.

47

What ports does TFTP operate on

69/udp

48

What is typically on port 69/udp

TFTP

49

What port does SMTP operate on?

25/tcp

50

What is typically on port 25/tcp

SMTP

51

What port does POP3 operate on?

110/tcp

52

What is typically on port 110/tcp

POP3

53

What port does IMAP operate on?

143/tcp

54

What is typically on port 143/tcp

IMAP

55

What port does DHCP operate on?

67/tdp and 68/udp

56

What is typically on ports 67/udp and 68/udp

DHCP/bootp

57

What port does HTTP operate on?

80

58

What is typically on port 80/tcp

HTTP

59

What port does SSL operate on?

443

60

What is typically on port 443?

SSL

61

What port does LPD operate on?

515/tcp

62

What is typically on port 515/tcp?

LPD

63

What ports does X Windows use?

6000-6063/tcp

64

What is typically on port 6000-63/tcp

X Windows

65

What ports does bootp/DHCP use?

67/udp, 68/udp

66

What port does NFS use?

2049/tcp

67

What is typically on port 2049/tcp?

NFS

68

What port doe SNMP use?

161/udp, 162/udp for trap messages

69

What is typically on port 161/udp?

SNMP

70

What is typically on port 162/udp?

SNMP trap messages

71

What is an intranet?

An intranet is a private network that is designed to host the same information services found on the Internet.

72

What is an extranet?

An extranet is a section of an organization's network that has been sectioned off so that it acts as an intranet for the private network, but also serves information to the public Internet. It's often reserved for use by specific partners or customers, and is rarely on a public network. Often requires a VPN for access.

An extranet for public consumption is typically called a DMZ or perimeter network.

73

Why segment networks?

Boost performance by localizing communications.
Reduce communications problems like congestion or broadcast storms.
Provide security by isolating traffic and user access to those segments where they are authorized.

74

How do you segment a network?

Switch-based VLANs, routers, firewalls.

75

What are firewalls for?

Blocking malicious traffic from the internet from entering a private network.

76

What are firewalls typically not able to do?

Block viruses or malicious code

77

What, beyond network traffic, should firewalls log?

Rebooting the firewall
Proxies or other dependencies not starting
Proxies or other important services crashing or restarting
Changes to the firewall configuration
A configuration or system error while the firewall is running.

78

Are there risks to reliance on firewalls?

Yes. Typically, they are a single point of failure.

79

What are the four basic types of firewalls?

Static packet-filtering firewalls
Application-level gateways
Circuit-level gateways
Stateful inspection firewalls

80

What is a static packet-filtering firewall?

Filters traffic by examining the message header, typically source, destination, and port. Can be spoofed. Layer 3.

81

What is an application-level gateway firewall?

A firewall that filters traffic based on the Internet service used to transmit or receive the data. Each type of application has to have its own proxy server. An application-level gateway firewall comprises numerous individual proxy servers. Second generation. Operates at layer 7. Also known as proxy firewalls.

82

What is a circuit-level gateway?

Used to establish communication sessions between trusted partners. Layer 5.

83

What is a stateful-inspection firewall?

Evaluates the state or context of network traffic. More efficient than application-level gateway firewalls. Third generation firewalls, operate at Network and Transport layers (3/4).

84

What are Multihomed Firewalls?

Firewalls with more than one interface

85

What is a dual-homed firewall?

A firewall with two interfaces. All useful firewalls must be dual-homed (or more).

86

Describe the Single-tier firewall deployment architecture.

Internet -> Border router -> Firewall -> Private Network

87

Describe the Two-tier I firewall deployment architecture.

Internet -> Border router -> Firewall -> DMZ and Private network

88

Describe the Two-tier II firewall deployment architecture.

Internet -> Border router -> Firewall -> DMZ -> Firewall -> Private Network.

Basically, instead of having the DMZ and Private Network both behind one firewall, there's a firewall between the DMZ an Private Network.

89

Describe the Three-tier I firewall deployment architecture.

Internet -> Router -> Firewall -> DMZ -> Firwall -> Transaction Subnet -> Firewall -> Private Network

90

Describe the Three-tier II firewall deployment architecture

Internet -> Router ->Firewall -> DMZ and Transaction Subnet -> Firewall -> Private Network

91

What is a DMZ for?

A DMZ is used to host information server systems that external users should have access to.

92

What is Endpoint Security?

Endpoint security is the concept that each individual device must maintain local security whether or not its network or telecommuncations channels also provide or offer security.

93

What is a hub?

A hub is a network device that connects multiple systems that use the same protocol by repeating inbound traffic over all outbound ports. Layer 1.

94

What is a switch?

A switch is a network device that repeats inbound traffic only on outbound ports on which the destination is known to exist. Layer 2.

95

What is a router?

Used to control traffic flow on networks, often used to control traffic flow between two similar networks. Level 3.

96

What is a brouter?

A combination router and bridge. Primarily operates at layer 3, can operate at layer 2.

97

What is a gateway?

A network device that connects networks that use different network protocols. Layer 7.

98

What is a proxy?

A gateway that doesn't translate across protocols. They serve as mediators, filters, caching servers, NAT/PAT servers for a network.

99

What is the max speed of 10Base2?

10Mbps

100

What is the max speed of 10Base5?

10Mbps

101

What is the max speed of 10BaseT (UTP)?

10 Mbps

102

What is the max speed of STP?

155 Mbps

103

What is the max speed of 100Base-T/100Base-TX?

100 Mbps

104

What is the max speed of 1000Base-T?

1 Gbps

105

What is the max speed of fiber-optic?

2+ Gbps

106

What is the max distance of 10Base-2?

185 meters

107

What is the max distance of 10Base-5?

500 meters

108

What is the max distance of 10Base-T (UTP)?

100 meters

109

What is the max distance of STP?

100 meters

110

What is the max distance of 100Base-T/TX?

100 meters

111

What is the max distance of 1000Base-T?

100 meters

112

What is the max distance of fiber-optic?

2+ km

113

What is the relative installation difficulty of 10Base2?

Medium

114

What is the relative installation difficulty of 10Base5?

High

115

What is the relative installation difficulty of 10Base-T (UTP)?

Low

116

What is the relative installation difficulty of STP?

Medium

117

What is the relative installation difficulty of 100Base-T/TX?

Low

118

What is the relative installation difficulty of 1000Base-T?

Low

119

What is the relative installation difficulty of fiber-optic?

Very high

120

What is the relative EMI susceptibility of 10Base2?

Medium

121

What is the relative EMI susceptibility of 10Base5?

Low

122

What is the relative EMI susceptibility of 10Base-T?

High

123

What is the relative EMI susceptibility of STP?

Medium

124

What is the relative EMI susceptibility of 100Base-T/TX?

High

125

What is the relative EMI susceptibility of 1000Base-T?

High

126

What is the relative EMI susceptibility of fibre-optic?

None

127

What is the relative cost of 10Base2?

Medium

128

What is the relative cost of 10Base5?

High

129

What is the relative cost of 10BaseT (UTP)?

Very Low

130

What is the relative cost of STP?

High

131

What is the relative cost of 100Base-T/TX?

Low

132

What is the relative cost of 1000Base-T?

Medium

133

What is the relative cost of fibre-optic?

Very high

134

Describe Cat 1

Voice only. Not suitable for networks, usable by modems

135

Describe Cat 2

4 Mbps, not suitable for most networks, often used for host-to-terminal connections on mainframes

136

Describe Cat 3

10 Mbps. Primarily used in 10Base-T Ethernet. Only 4 Mbps when used for token ring. Also for telephone cables.

137

Describe Cat 4

16 Mbps. Primarily used in token ring networks

138

Describe Cat 5

100 Mbps. 100Base-TX, FDDI, ATM

139

Describe Cat 6

1,000 Mbps. Used in high speed networks

140

Describe Cat 7

10 Gbps. Used on 10 gig networks

141

What is the frequency range of radio waves?

3 Hz to 300 GHz.

142

What is the most commonly used frequencies for wireless products, and why?

900 Mhz, 2.4 GHz, 5 GHz. They are unlicensed.

143

What is Spread Spectrum?

Communication occurs over mulitple frequencies at the same time. Essentially parallel communication.

144

What is Frequency Hopping Spread Spectrum

An early implementation of the spread spectrum concept, it transmits data in series while constantly changing frequency. Minimizes interference because interference will probably not affect all the frequencies in use.

145

What is Direct Sequence Spread Spectrum?

A Spread Spectrum implementation that uses all the frequencies available at the same time. Uses a chipping code to allow the receiver to reconstruct missing data if part of it is corrupted in transit.

146

What is Orthogonal Frequency-Division Multiplexing?

Employs a digital multicarrier modulation scheme that allows for more tightly compatcted transmission. Signals within the transmission don't interfere with one another. Uses a smaller freuency set but can offer greater throughput.

147

What is IEEE 801.20?

A 4G wireless phone standard for mobile broadband.

148

What is LTE?

"Long Term Evolution", a 4G wireless phone network.

149

What is WAP?

Wireless Application Protocol. Cell phones communicate with the carrier network and are gatewayed to the Internet. It's a suite of protocols that work together. Mostly not used anymore, having been supplanted by 3G/4G technologies like GSM, EDGE, HPDSA, LTE).

This is not the WAP that your home router uses.

150

What is WTLS?

A security protocol that works with WAP analagously to how SSL and TLS work.

151

What is "the gap in the WAP"?

CALEA requires all telcos to make it possible to wiretap voice and data communications when a search warrant is provided. To do this, WAP encrypted traffic is decrypted at the telco before being reencapsulated by SSL, TLS, IPSec, etc.

152

What is bluetooth?

A "personal area network" technology. Generally devices connect by pairing, usually using a 4 digit PIN. Should generally not be used for anything sensitive as its security is usually poor.

153

What is bluejacking?

An attack on bluetooth devides that allows an attacker to transmit SMS like messages to a device.

154

What is bluesnarfing?

An attack on bluetooth devices that allows hackers to connect with a bluetooth device without the user's knowledge and extract information from them.

155

What is bluebugging?

An attack that grants remote attackers control over the features and functions of a bluetooth device.

156

What is the typical range of bluetooth?

Generally less than 30 feet, but sometimes as much as 100 meters or more.

157

What are the benefits of 802.11 wireless networking?

Easy to deploy, and low cost.

158

What are the two kinds of wireless networks?

ad-hoc and infrastructure

159

What is an ad-hoc wireless network?

One in which wireless clients connect directly without the use of a wireless access point.

160

What is an infrastructure wireless network?

One in which wireless clients connect to a wireless access point.

161

What is a stand-alone mode infrastructure wireless network?

One in which the wireless devices aren't connected to any wired networks.

162

What is a wired extension mode wireless network?

One in which the wireless access point acts as a connection point to link the wireless clients to the wired network.

163

What is n enterprise extended mode infrastructure wireless network?

Multiple WAPs are used to connect clients to the same network over a wider geographic area.

164

What is a bridge mode infrastructure?

A wireless network is used to link two wired networks.

165

What is SSID?

Service Set Identifier. It's used to differentiate one wireless network from another.

166

What are the two methods wireless clients can use to authenticate to WAPs?

Open System Authentication (OSA) == no real authentication required.
Shared Key Authentication (SKA) == challenge handshake authentication must happen before network communication can occur

167

What optional encryption technique does 802.11 define?

WEP, or Wired Equivalent Privacy, which uses RC4, a symmetric stream cipher.

168

What are the problems with WEP?

It uses static keys, weak initialization vectors, and doesn't maintain true packet integrity. It can be cracked in under a minute.

169

What is WPA?

WPA is an interim solution to the problems of WEP. Vulnerable to brute force guessing.

170

What is WPA2?

An effective mechanism for securing wireless networks. Uses AES.

171

How should you secure a wireless network?

1. Change the default administrator password
2. Disable SSID broadcast
3. Change the SSID to something unique
4. Enable MAC filtering if the pool of wireless clients is relatively small and static
5. Consider using static IP addresses, or configure DHCP with reservations
6. Turn on the highest form of authentication and encryption supported (prefereably WPA-2)
7. Treat wireless as remote access, and manage using 802.1X.
8. Treat wireless as external access, and separate the WAP from the wired network using a firewall.
9. Treat wireless as an entry point for attackers, and monitor all WAP to wired network communcations with an IDS.
10. Require all transmissions between wireless clients and WAPs to be encrypted (VPN link)

172

What are the 4 802.11 amendments that definte unqiue frequencie and speeds of transmission?

802.11a, 802.11b, 802.11g, 802.11n

173

What is the speed and frequency of 802.11a?

54 Mbps, 5 GHz

174

What is the speed and frequency of 802.11b

11 Mbps, 2.4 GHz

175

What is the speed and frequency of 802.11g?

54 Mbps, 2.4 GHz

176

What is the speed and frequency of 802.11n?

600 Mbps, 2.4 or 5 GHz

177

Define network topology?

The physical layout and organization of computers and networking devices.

178

What are the four basic network topologies?

ring, bus, star, mesh

179

What is a ring topology?

Each system is a point on a circle. Only one system can transmit at a time. Token-based traffic management.

180

What is a bus topology?

Each system connects to a trunk or backbone. All systems can transmit at any time, which can cause collisions.

181

What is a star topology?

Each system is connected to a central hub or switch. The hub is a single point of failure, but the link between any one device and the hub can only impact that device. Usually has less cabling than other topologies.

182

What is a mesh topology?

Systems are connected to other systems using numerous paths. A full mesh topology means every system is connected to every other system. Primary benefit is redundancy.