Flashcards in Chapter 3: Secure Network Architecture and Securing Network Components Deck (182):
What is OSI?
Open Systems Interconnect
What are the layers of the OSI model?
2. Data Link
What does the Physical Layer in the OSI model do?
The physical layer accepts the frame from the data link layer and converts it into bits for transmission over the physical media, and vice versa. It contains device drivers.
What are some examples of specifications or protocols that operate at the physical layer?
EIA/TIA-232 and EIA/TIA-449, X.21, High-Speed Serial Interface (HSSI), Synchronous Optical Network (SONET), V.24 and V.35
What network hardware devices operate at the phyical layer?
NICs, hubs, repeaters, concentrators, amplifiers.
What is the Data Link Layer?
This layer is responsible for formatting the packet from the Network layer into the proper format for transmission, and vice versa.
What are some examples of protocols that operate at the data link layer?
SLIP, PPP, ARP, RARP, L2F (Layer 2 Forwarding), L2TP (Layer 2 Tunneling Protocol), PPTP (Point-to-Point Tunneling Protocol), ISDN.
What network hardware devices operate at the data link layer?
Switches and bridges. These support MAC-based traffic routing.
Which are the 2 protocols we need to be familiar with at the Data Link Layer?
ARP and RARP
What does ARP do?
ARP is the Address Resolution Protocol. It maps IP addresses to MAC addresses.
What does RARP do?
RARP is the Reverse Address Resolution Protocol. It maps MAC addresses to IP addresses.
What is the Network Layer?
The Network Layer is responsible for adding routing and addressing information to the data. It is not responsible for guaranteeing delivery, but does manage error detection and traffic control.
What protocols operate at the Network Layer?
Internet Control Message Protocol (ICMP)
Routing Information Protocol (RIP)
Open Shortest Path First (OSPF)
Border Gateway Protocol (BGP)
Internet Group Management Protocol (IGMP)
Internet Protocol (IP)
Internet Protocol Security (IPSec)
Internetwork Packet Exchange (IPX)
Network Address Translation (NAT)
Simple Key Management for Internet Protocols (SKIP)
What hardware devices operate at layer 3?
Routers and bridge routers (brouters).
What is the Transport Layer?
The layer responsible for managing the integrity of a connection and controlling the session. This layer defines how much data a segment can contain, how to verify data integrity, and how to determine if data has been lost.
What protocols operate at the Transport Layer?
TCP, UDP, Sequenced Packet Exchange (SPX), SSL, TLS.
What is the session layer?
The layer responsible for establishing, maintaining, and terminating communications sessions between computers. Controls simplex/duplex. Retransmits lots or damaged segments.
What protocols operate at the session layer?
NFS, SQL, RPC
What is the presentation Layer?
The layer responsible for transforming data received from the Application layer into a format that any system following the OSI model can understand. Imposes common or standardized structure and formatting rules onto the data. Responsible for encryption and compression.
Most file or data formats are at this layer.
What protocols operate at the Presentation Layer?
ASCII, EBCDICM (Extended Binary-Coded Decimal Interchange Mode), TIFF, JPEG, MPEG, MIDI
What is the Application Layer?
The application layer is responsible for interfacng user applications, network services, or the operating system with the protocol stack. It determines whether a remote communcations partner is available, and whether sufficient resources are available to support the requested communications.
What protocols operate at the Application layer?
HTTP, FTP, LPD, SMTL, TFTP, EDI (Electronic Data INterchange), POP3, IMAP, SNMP, NNTP, S_RPC, SET (Secure Electronic Transaction).
What hardware pr services operate at the application layer?
Gateways, application layer firewalls, some filtering software.
What are the layers of the TCP/IP model?
How do the TCP/IP layers map to the OSI layers?
Link: Data Link/Physical
What TCP/IP protocols operate at the Application Layer?
FTP, Telnet, SNMP, LPD, TFTP, SMTP, NFS, X Windows
What TCP/IP protocols operate at the Transport layer?
What TCP/IP protocols operate at the Internet Layer?
ICMP, IGMP, IP
What TCP/IP protocols operate at the Link Layer?
Ethernet, Fast Ethernet, Token Ring, FDDI
What are the first 1024 TCP/UDP ports called?
Well-known ports or service ports.
What does the ACK TCP header flag mean?
Acknowlegement - Acknowledges a synchronization or shutdown request
What does the RST TCP header flag mean?
Reset - Causes immediate disconnect of the TCP session
What does the SYN TCP header flag mean?
Synchronization - Requests synchronization with new sequencing numbers
What doe sthe FIN TCP header flag mean?
Finish - Requests graceful shutdown of the TCP session
What is IP?
IP is the Internet Protocol. It is a connectionless and unreliable datagram protocol. It contains ICMP, IGMP, and ARP.
What is IGMP for?
What are class D networks?
Class D networks have addresses starting with 1110, or decimal 224-239, and are for multicast traffic.
What are class E networks?
Class E networks have addresses starting with 1111, or decimal 240-255, and are for experimental use.
What is the CIDR equivalent of a class A network?
What is the CIDR equivalent of a class B network?
What is the CIDR equivalent of a class C network?
What is ICMP?
Internet Control Message Protocol. ICMP is used to determine the health of a network or specific link. Applications: ping, traceroute, pathping
What port does telnet operate on?
What is typically on port 23/tcp?
What port(s) does ftp operate on
What is typicall on ports 20/tcp and 21/tcp
What ports does TFTP operate on
What is typically on port 69/udp
What port does SMTP operate on?
What is typically on port 25/tcp
What port does POP3 operate on?
What is typically on port 110/tcp
What port does IMAP operate on?
What is typically on port 143/tcp
What port does DHCP operate on?
67/tdp and 68/udp
What is typically on ports 67/udp and 68/udp
What port does HTTP operate on?
What is typically on port 80/tcp
What port does SSL operate on?
What is typically on port 443?
What port does LPD operate on?
What is typically on port 515/tcp?
What ports does X Windows use?
What is typically on port 6000-63/tcp
What ports does bootp/DHCP use?
What port does NFS use?
What is typically on port 2049/tcp?
What port doe SNMP use?
161/udp, 162/udp for trap messages
What is typically on port 161/udp?
What is typically on port 162/udp?
SNMP trap messages
What is an intranet?
An intranet is a private network that is designed to host the same information services found on the Internet.
What is an extranet?
An extranet is a section of an organization's network that has been sectioned off so that it acts as an intranet for the private network, but also serves information to the public Internet. It's often reserved for use by specific partners or customers, and is rarely on a public network. Often requires a VPN for access.
An extranet for public consumption is typically called a DMZ or perimeter network.
Why segment networks?
Boost performance by localizing communications.
Reduce communications problems like congestion or broadcast storms.
Provide security by isolating traffic and user access to those segments where they are authorized.
How do you segment a network?
Switch-based VLANs, routers, firewalls.
What are firewalls for?
Blocking malicious traffic from the internet from entering a private network.
What are firewalls typically not able to do?
Block viruses or malicious code
What, beyond network traffic, should firewalls log?
Rebooting the firewall
Proxies or other dependencies not starting
Proxies or other important services crashing or restarting
Changes to the firewall configuration
A configuration or system error while the firewall is running.
Are there risks to reliance on firewalls?
Yes. Typically, they are a single point of failure.
What are the four basic types of firewalls?
Static packet-filtering firewalls
Stateful inspection firewalls
What is a static packet-filtering firewall?
Filters traffic by examining the message header, typically source, destination, and port. Can be spoofed. Layer 3.
What is an application-level gateway firewall?
A firewall that filters traffic based on the Internet service used to transmit or receive the data. Each type of application has to have its own proxy server. An application-level gateway firewall comprises numerous individual proxy servers. Second generation. Operates at layer 7. Also known as proxy firewalls.
What is a circuit-level gateway?
Used to establish communication sessions between trusted partners. Layer 5.
What is a stateful-inspection firewall?
Evaluates the state or context of network traffic. More efficient than application-level gateway firewalls. Third generation firewalls, operate at Network and Transport layers (3/4).
What are Multihomed Firewalls?
Firewalls with more than one interface
What is a dual-homed firewall?
A firewall with two interfaces. All useful firewalls must be dual-homed (or more).
Describe the Single-tier firewall deployment architecture.
Internet -> Border router -> Firewall -> Private Network
Describe the Two-tier I firewall deployment architecture.
Internet -> Border router -> Firewall -> DMZ and Private network
Describe the Two-tier II firewall deployment architecture.
Internet -> Border router -> Firewall -> DMZ -> Firewall -> Private Network.
Basically, instead of having the DMZ and Private Network both behind one firewall, there's a firewall between the DMZ an Private Network.
Describe the Three-tier I firewall deployment architecture.
Internet -> Router -> Firewall -> DMZ -> Firwall -> Transaction Subnet -> Firewall -> Private Network
Describe the Three-tier II firewall deployment architecture
Internet -> Router ->Firewall -> DMZ and Transaction Subnet -> Firewall -> Private Network
What is a DMZ for?
A DMZ is used to host information server systems that external users should have access to.
What is Endpoint Security?
Endpoint security is the concept that each individual device must maintain local security whether or not its network or telecommuncations channels also provide or offer security.
What is a hub?
A hub is a network device that connects multiple systems that use the same protocol by repeating inbound traffic over all outbound ports. Layer 1.
What is a switch?
A switch is a network device that repeats inbound traffic only on outbound ports on which the destination is known to exist. Layer 2.
What is a router?
Used to control traffic flow on networks, often used to control traffic flow between two similar networks. Level 3.
What is a brouter?
A combination router and bridge. Primarily operates at layer 3, can operate at layer 2.
What is a gateway?
A network device that connects networks that use different network protocols. Layer 7.
What is a proxy?
A gateway that doesn't translate across protocols. They serve as mediators, filters, caching servers, NAT/PAT servers for a network.
What is the max speed of 10Base2?
What is the max speed of 10Base5?
What is the max speed of 10BaseT (UTP)?
What is the max speed of STP?
What is the max speed of 100Base-T/100Base-TX?
What is the max speed of 1000Base-T?
What is the max speed of fiber-optic?
What is the max distance of 10Base-2?
What is the max distance of 10Base-5?
What is the max distance of 10Base-T (UTP)?
What is the max distance of STP?
What is the max distance of 100Base-T/TX?
What is the max distance of 1000Base-T?
What is the max distance of fiber-optic?
What is the relative installation difficulty of 10Base2?
What is the relative installation difficulty of 10Base5?
What is the relative installation difficulty of 10Base-T (UTP)?
What is the relative installation difficulty of STP?
What is the relative installation difficulty of 100Base-T/TX?
What is the relative installation difficulty of 1000Base-T?
What is the relative installation difficulty of fiber-optic?
What is the relative EMI susceptibility of 10Base2?
What is the relative EMI susceptibility of 10Base5?
What is the relative EMI susceptibility of 10Base-T?
What is the relative EMI susceptibility of STP?
What is the relative EMI susceptibility of 100Base-T/TX?
What is the relative EMI susceptibility of 1000Base-T?
What is the relative EMI susceptibility of fibre-optic?
What is the relative cost of 10Base2?
What is the relative cost of 10Base5?
What is the relative cost of 10BaseT (UTP)?
What is the relative cost of STP?
What is the relative cost of 100Base-T/TX?
What is the relative cost of 1000Base-T?
What is the relative cost of fibre-optic?
Describe Cat 1
Voice only. Not suitable for networks, usable by modems
Describe Cat 2
4 Mbps, not suitable for most networks, often used for host-to-terminal connections on mainframes
Describe Cat 3
10 Mbps. Primarily used in 10Base-T Ethernet. Only 4 Mbps when used for token ring. Also for telephone cables.
Describe Cat 4
16 Mbps. Primarily used in token ring networks
Describe Cat 5
100 Mbps. 100Base-TX, FDDI, ATM
Describe Cat 6
1,000 Mbps. Used in high speed networks
Describe Cat 7
10 Gbps. Used on 10 gig networks
What is the frequency range of radio waves?
3 Hz to 300 GHz.
What is the most commonly used frequencies for wireless products, and why?
900 Mhz, 2.4 GHz, 5 GHz. They are unlicensed.
What is Spread Spectrum?
Communication occurs over mulitple frequencies at the same time. Essentially parallel communication.
What is Frequency Hopping Spread Spectrum
An early implementation of the spread spectrum concept, it transmits data in series while constantly changing frequency. Minimizes interference because interference will probably not affect all the frequencies in use.
What is Direct Sequence Spread Spectrum?
A Spread Spectrum implementation that uses all the frequencies available at the same time. Uses a chipping code to allow the receiver to reconstruct missing data if part of it is corrupted in transit.
What is Orthogonal Frequency-Division Multiplexing?
Employs a digital multicarrier modulation scheme that allows for more tightly compatcted transmission. Signals within the transmission don't interfere with one another. Uses a smaller freuency set but can offer greater throughput.
What is IEEE 801.20?
A 4G wireless phone standard for mobile broadband.
What is LTE?
"Long Term Evolution", a 4G wireless phone network.
What is WAP?
Wireless Application Protocol. Cell phones communicate with the carrier network and are gatewayed to the Internet. It's a suite of protocols that work together. Mostly not used anymore, having been supplanted by 3G/4G technologies like GSM, EDGE, HPDSA, LTE).
This is not the WAP that your home router uses.
What is WTLS?
A security protocol that works with WAP analagously to how SSL and TLS work.
What is "the gap in the WAP"?
CALEA requires all telcos to make it possible to wiretap voice and data communications when a search warrant is provided. To do this, WAP encrypted traffic is decrypted at the telco before being reencapsulated by SSL, TLS, IPSec, etc.
What is bluetooth?
A "personal area network" technology. Generally devices connect by pairing, usually using a 4 digit PIN. Should generally not be used for anything sensitive as its security is usually poor.
What is bluejacking?
An attack on bluetooth devides that allows an attacker to transmit SMS like messages to a device.
What is bluesnarfing?
An attack on bluetooth devices that allows hackers to connect with a bluetooth device without the user's knowledge and extract information from them.
What is bluebugging?
An attack that grants remote attackers control over the features and functions of a bluetooth device.
What is the typical range of bluetooth?
Generally less than 30 feet, but sometimes as much as 100 meters or more.
What are the benefits of 802.11 wireless networking?
Easy to deploy, and low cost.
What are the two kinds of wireless networks?
ad-hoc and infrastructure
What is an ad-hoc wireless network?
One in which wireless clients connect directly without the use of a wireless access point.
What is an infrastructure wireless network?
One in which wireless clients connect to a wireless access point.
What is a stand-alone mode infrastructure wireless network?
One in which the wireless devices aren't connected to any wired networks.
What is a wired extension mode wireless network?
One in which the wireless access point acts as a connection point to link the wireless clients to the wired network.
What is n enterprise extended mode infrastructure wireless network?
Multiple WAPs are used to connect clients to the same network over a wider geographic area.
What is a bridge mode infrastructure?
A wireless network is used to link two wired networks.
What is SSID?
Service Set Identifier. It's used to differentiate one wireless network from another.
What are the two methods wireless clients can use to authenticate to WAPs?
Open System Authentication (OSA) == no real authentication required.
Shared Key Authentication (SKA) == challenge handshake authentication must happen before network communication can occur
What optional encryption technique does 802.11 define?
WEP, or Wired Equivalent Privacy, which uses RC4, a symmetric stream cipher.
What are the problems with WEP?
It uses static keys, weak initialization vectors, and doesn't maintain true packet integrity. It can be cracked in under a minute.
What is WPA?
WPA is an interim solution to the problems of WEP. Vulnerable to brute force guessing.
What is WPA2?
An effective mechanism for securing wireless networks. Uses AES.
How should you secure a wireless network?
1. Change the default administrator password
2. Disable SSID broadcast
3. Change the SSID to something unique
4. Enable MAC filtering if the pool of wireless clients is relatively small and static
5. Consider using static IP addresses, or configure DHCP with reservations
6. Turn on the highest form of authentication and encryption supported (prefereably WPA-2)
7. Treat wireless as remote access, and manage using 802.1X.
8. Treat wireless as external access, and separate the WAP from the wired network using a firewall.
9. Treat wireless as an entry point for attackers, and monitor all WAP to wired network communcations with an IDS.
10. Require all transmissions between wireless clients and WAPs to be encrypted (VPN link)
What are the 4 802.11 amendments that definte unqiue frequencie and speeds of transmission?
802.11a, 802.11b, 802.11g, 802.11n
What is the speed and frequency of 802.11a?
54 Mbps, 5 GHz
What is the speed and frequency of 802.11b
11 Mbps, 2.4 GHz
What is the speed and frequency of 802.11g?
54 Mbps, 2.4 GHz
What is the speed and frequency of 802.11n?
600 Mbps, 2.4 or 5 GHz
Define network topology?
The physical layout and organization of computers and networking devices.
What are the four basic network topologies?
ring, bus, star, mesh
What is a ring topology?
Each system is a point on a circle. Only one system can transmit at a time. Token-based traffic management.
What is a bus topology?
Each system connects to a trunk or backbone. All systems can transmit at any time, which can cause collisions.
What is a star topology?
Each system is connected to a central hub or switch. The hub is a single point of failure, but the link between any one device and the hub can only impact that device. Usually has less cabling than other topologies.