Chapter 6 - Network Security

Question 0

What is the tcp/ip model

Answer 0

Predecessor to the OSI model, had 4 layers instead of 7 application is one instead of 3 layers

Question 1

What ISO is the OSI model

Answer 1

ISO 7498

Question 2

What are the OSI layers?

Answer 2

Physical
Data link
Network
Transport
Session
Presentation
Application

Question 3

Open network architecture

Answer 3

A non proprietary architecture no one owns

Question 4

Encapsulation

Answer 4

Appending data to a packet one OSI layer at a time in a wrapper

Question 5

Application Layer 7

Answer 5

Application protocol layer, software accesses API to common protocols like HTTP SMTP FTP each of which starts the OSI process and hands off to the presentation layer

Question 6

Presentation layer 6

Answer 6

Data is converted to a standard and may be encrypted and/or compressed.

Ex word 2010 document is made in application layer, at presentation layer this becomes ASCII and at another workstation this ASCII is opened in open office to view the file

Question 7

Session Layer 5

Answer 7

This is where the data is sent from application to application.. This is where the server/client pieces have relevant association. The session is controlled by the software still at this point, authentication requirements live here

Question 8

Transport layer 4

Answer 8

TCP/UDP type network sessions are handled and maintained at this layer

SSL resides here due to network level encryption

Question 9

Network layer 3

Answer 9

IP and routing protocols live here

Question 10

Data link layer 2

Answer 10

Logical link control - LLC

Media access control - MAC

Question 11

Logical link control

Answer 11

Interprets network data and converts it to a MAC addressing aware format

Question 12

Media access control MAC

Answer 12

This is what specifies the appropriate voltage output. MAC addressing is also encapsulated in the packet. Different media requires different voltages, these decisions occur here

Question 13

Physical layer 1

Answer 13

Transmits the voltage specified by the MAC into or from the wire

Question 14

What are the port ranges?

Answer 14

Well known 0-1024
Registered 1024-49151
Dynamic 49152-65535

Question 15

SYN proxy

Answer 15

Software that will hold onto the connection until the tcp handshake is complete

Question 16

TCP session hijacking

Answer 16

This is done by predicting the sequence number and inserting packets into the stream

Question 17

Protocol data units

Answer 17

Data - application layer
Transport - segments
Network - packets
Data link - frames
Physical - bits

Question 18

CIDR

Answer 18

Classless inter domain routing / supernetting

Question 19

Type of service

Answer 19

QoS?

Question 20

IPng

Answer 20

IPv6

Question 21

Jumbo grams

Answer 21

Massive oversize packets, aka jumbo packets

Question 22

Automatic tunneling

Answer 22

A technique used to autonegotiate and build tunnels

Question 23

6to4

Answer 23

Embeds ipv4 in ipv6 remotely

Question 24

Teredo

Answer 24

Remote UDP tunneling

Question 25

ISA-TAP

Answer 25

Ip4 to ip6 virtual map used for local association

Question 26

Security issues with ipv6

Answer 26

Biggest is having tunneling on and accessible and not knowing it

Question 27

802.1AE

Answer 27

MACSec - switch to switch encryption

Question 28

802.1AR

Answer 28

Provides unique iD that can be used for authentication 802.1AE

Question 29

802.1X

Answer 29

EAP-TLS

Question 30

Bandwidth vs throughput

Answer 30

Bandwidth is the maximum amount of throughput possible

Question 31

Multistation access unit

Answer 31

Used in token ring as a central switch

Question 32

Carrier sense multiple access / collision detection CSMA/CD

Answer 32

Used to sense if a line is free and if collisions are occurring on the wire

Question 33

Back off algorithm

Answer 33

When a collision is sensed all systems wait a random amount of time before sending a new frame

Question 34

CSMA/CA

Answer 34

CSMA with collision avoidance.. It waits till it's clear then tells everyone to shut up and it transmits Used by 802.11

Question 35

Collision Domain

Answer 35

A set of systems contending for the same piece of physical media

Question 36

What protocol assigns the group in multicast?

Answer 36

IGMP

Question 37

DORA

Answer 37

Discover Offer Request Ack

Question 38

RARP

Answer 38

A MAC is sent out and a server sends an IP to the requester Reverse arp This evolved into bootp then dhcp

Question 39

Arp poisoning

Answer 39

Modifying he arp table to send data to an attacker

Question 40

Ping of death

Answer 40

When oversized sized packets are sent to ddos a system

Question 41

Smurf attack

Answer 41

A spoofed icmp echo is sent to a broadcast address and all machines on a network will reply to the spoofed address, ie the ddos machine

Question 42

Fragile attack

Answer 42

Same as smurf, over udp

Question 43

Managed information base MIB

Answer 43

A logical group of managed objects that contain management task data

Question 44

Communities

Answer 44

Establish a trust between MIB agents/server

Question 45

Community string

Answer 45

A community password

Question 46

DNSSEC

Answer 46

Secure DNS that requires a digital signature before responding and caching

Question 47

Split DNS

Answer 47

External queries are handled by wan side servers only, internal queries are only handled by internal servers are are not accessible externally, these should forward recursion to the external servers

Question 48

URL Hiding

Answer 48

Hiding a URL in an HTML link

Question 49

SASL

Answer 49

Framework for protocol independent authentication for SMTP

Question 50

Email spoofing

Answer 50

Using an email address that looks like it is legitimate but is not

Question 51

SMTP-AUTH

Answer 51

Used to verify the sender of a message

Question 52

Sender Policy Framework SPF

Answer 52

A DNS entry that is generated to associate a specific server to the email server

Question 53

Whaling attack

Answer 53

Targeting largely important people in a company and very specifically engineer an email to trick then

Question 54

Autonomous System (AS)

Answer 54

An internal network isolated by BGP

Question 55

Distance Vector Routing Protocol

Answer 55

Uses # hops and distance as a decision maker for the route

Question 56

Link state routing protocols

Answer 56

Chooses routes based on link speed, packet size, delay, load and reliability

Question 57

VRRP

Answer 57

A virtual interface that is mapped to two different actual routers

Question 58

Exterior Gateway Protocols

Answer 58

eBGP

Question 59

Routing policy

Answer 59

An administrative weight override

Question 60

Bridge

Answer 60

Used to extend a LAN segment

Question 61

Source routing

Answer 61

Routing information is put into the packet at creation, this is dangerous

Question 62

How are layer 3 switches more efficient than routers?

Answer 62

They use hardware based port tagging

Question 63

802.1Q

Answer 63

VLAN

Question 64

VLAN Hopping Attacks

Answer 64

VLAN tags are inserted into the headers to fake VLAN access

Question 65

Private branch exchange

Answer 65

PBX system used to translate phone data streams

Question 66

Phreakers

Answer 66

Phone hackers

Question 67

How does MPLS work?

Answer 67

It uses packet tagging just like a layer 3 switch, which is why it is more reliable

Question 68

Egress vs ingress

Answer 68

Ingress is inbound | Egress is outbound

Question 69

How do stateful firewalls work?

Answer 69

They keep track of a connection state in a state table. This scans headers and verify protocol rules are not being broken

Question 70

What is the difference between circuit level and application level proxy?

Answer 70

Circuit level is layer 1-4 inspection Application level is layer 1-7 inspection Both recreate the traffic

Question 71

SOCKS firewall?

Answer 71

Look it up, no idea

Question 72

What is a dynamic packet filtering firewall?

Answer 72

A firewall that dynamically add outbound source based rules for requests from inside to specific systems outside, this assists with avoid any out rules

Question 73

Appliances

Answer 73

OS layer software used for a specific and isolated purpose. Everything is locked down other than that one purpose

Question 74

Kernel firewalls

Answer 74

This is a firewall specific kernel design to interface directly with hardware

Question 75

Bastion Host

Answer 75

A highly exposed system that is most likely to get targeted and most hardened

Question 76

Screened host

Answer 76

A firewall behind a router that has packet analysis

Question 77

Screened subnet

Answer 77

Fancy name for DMZ

Question 78

Silent rule

Answer 78

Drop noisy traffic to reduce logs

Question 79

Stealth rule

Answer 79

Disallows traffic from unauthorized systems to firewall software

Question 80

Cleanup Rule

Answer 80

Log traffic allowed

Question 81

Negate rule

Answer 81

Specific deny rules

Question 82

Forwarding proxy

Answer 82

Handles the traffic on behalf of another computer

Question 83

Open proxy

Answer 83

Anonymous proxy

Question 84

Reverse proxy

Answer 84

A proxy that does not hide the identity of the source and handles inbound traffic

Question 85

Honeypot

Answer 85

A sweet server to hack into that detracts attention away from priority systems long enough to discover the offender

Question 86

Tarpit

Answer 86

A system with ultra slow response that will cause timeouts and inconsistency for the automated hacking tools

Question 87

Extranet

Answer 87

An internal network that extends to other companies, like EDI

Question 88

Value added network

Answer 88

A company between companies handling EDI traffic

Question 89

Sonet

Answer 89

Synchronous optical network Used in MANs by ISPs to handle city and nationally wide infrastructure

Question 90

Synchronous digital hierarchy

Answer 90

This is the world wide standard used version of sonet ring (US only) and varies in speed and density

Question 91

Multiplexing

Answer 91

Running multiple channels at once sending data per channel per frame, One frame has 8 bits of each channel being multiplexed in a T1 (24 channels)

Question 92

What is an E carrier?

Answer 92

This is the world standard instead of T lines in the US E1 - 2.048 Mbps

Question 93

OC - x

Answer 93

This is the optical carrier used for the Internet backbone Scale has 4 OC - 192s

Question 94

Statistical time division multiplexing

Answer 94

STDM - transmit several types of data over a cable (T1)

Question 95

Frequency division multiplexing

Answer 95

FDM - an available wireless channel is split up into smaller multiple channels then used for multiplexing

Question 96

Wave division multiplexing

Answer 96

Laser wavelength multiplexing

Question 97

CSU/DSU

Answer 97

Used by T telecom to multiplex data into separate channels per frame

Question 98

Circuit switching

Answer 98

Switching changes made within an ISP to simulate a dedicated line

Question 99

Packet switching

Answer 99

This is how the interwebs works

Question 100

Committed information rate

Answer 100

Higher cost to guarantee services

Question 101

Frame relay

Answer 101

Switching based dedicated links

Question 102

Permanent virtual circuit

Answer 102

This is a dedicated line connected to a frame relay cloud

Question 103

Switched virtual circuits

Answer 103

Dynamically makes a dedicated switch circuit as needed

Question 104

ATM

Answer 104

Asynchronous transfer mode Like frame relay but better Uses 53B fried frames to optimize switching

Question 105

What are the bit rates for QOS?

Answer 105

Constant - prioritize connection oriented Variable - de-prioritize connection oriented Unspecified - no specification Available - the bit rate changes by availability

Question 106

What are the levels of QoS?

Answer 106

Best effort - no guarantees Differentiated - shorter delays Guaranteed - first in line

Question 107

Traffic shaping

Answer 107

uses QoS to maintain bandwidth levels

Question 108

Switched multimegabit data service

Answer 108

Antiquated packet switching service

Question 109

Synchronous data link protocol

Answer 109

Mainframe datalink layer switching protocol used between mainframes

Question 110

High level data link control

Answer 110

Mainly used for device to device communication like router to router

Question 111

LCP/NCP

Answer 111

LCP is link control protocol and handles the connection of a PPP NCP is network control protocol and controls the authentication

Question 112

SLIP

Answer 112

Serial line internet protocol - old technology used to connect serial lines. PPP replaced it

Question 113

High speed serial interface HSSI

Answer 113

Used for an interface to connect multiplexers and routers to high speed ATM and frame relay

Question 114

Multiservice access technology

Answer 114

Running several services at the same time like voice and data

Question 115

PSTN - public switched telephone network

Answer 115

Old technology that used circuit switching instead of packet switching .. Think of POTS

Question 116

H.323

Answer 116

Conversion gateways between the circuit based PSTN to the packet based VOIP

Question 117

Vishing

Answer 117

A telephone phishing attack where people call you trying to get information

Question 118

SIP

Answer 118

Three way handshake used to establish IP telephony connections for conferences and VOIP

Question 119

SIP process

Answer 119

``` Caller Invite Server sends Trying Receiver Ringing Receiver sends Ok Caller Ack ```

Question 120

What is RTP?

Answer 120

Standardized packet format for delivering audio / video

Question 121

What is a VoIP registrar used for?

Answer 121

Keeps a centralized record of the updated locations

Question 122

What is RTCP?

Answer 122

Provided feedback on RTP RTP control protocol

Question 123

Is SIP encrypted?

Answer 123

Nope!

Question 124

SPIT

Answer 124

Spam over ip telephony This is VoIP spam and causes voicemail overload and wasted time

Question 125

What is an ISDN bri/pri?

Answer 125

BRI - 2 channel home quality ISDN 144kbps | PRI - 23 channel commercial quality ISDN often used as an on demand redundant connection

Question 126

What are the types of DSL?

Answer 126

``` Sdsl - slow symetrical service Adsl - faster asymetrical service Hdsl - faster yet asymetrical Vdsl - fastest asymetrical service Radsl - rate adaptive based in media ```

Question 127

What is DOCSIS?

Answer 127

A standard for adding high speed data transfer over existing cable infrastructure

Question 128

Layer 2 tunneling protocol

Answer 128

Used to traverse layer 2 point to point (PPP) networks like MPLS

Question 129

How does IPSec work?

Answer 129

IP Tunnel Encryption Protocol

Question 130

Authentication header (AH)

Answer 130

Used for data integrity, data origin, protection from replay

Question 131

Encapsulating security payload (ESP)

Answer 131

Provides confidentiality, and integrity

Question 132

ISAKMP

Answer 132

Provides a framework for security

Question 133

IKE

Answer 133

Authentication Ceritcifcate keys

Question 134

HAIPE

Answer 134

A layer 3 VPN tunneling protocol used mostly by the NSA as a replacement for PPP/L2TP devices and methods

Question 135

Transport adjacency

Answer 135

More then one security policy used in a VPN.

Question 136

Iterated tunneling

Answer 136

Tunnels within tunnels

Question 137

What is PAP?

Answer 137

Clear text authentication used over PPP

Question 138

How does CHAP work?

Answer 138

It is a challenge response authentication.. A random number (challenge) is encrypted with a predefined password and sent for verification

Question 139

EAP

Answer 139

Is a framework to enable authentication and has many variants like EAPGSS - generic security service using Kerberos EAPTLS - digital certificate based authentication

Question 140

Spread Spectrum

Answer 140

Parrellel wireless over multiple frequencies

Question 141

Frequency hopping spread spectrum - FHSS

Answer 141

Frequency hopping is when sub-spectrums are used in a particular order to reduce the possibility of collision 1-2 Mbps

Question 142

Direct sequence spread spectrum -DSSS

Answer 142

A chipping number is placed in each transmission and randomized only the proper chipping sequence can interpret the data, offers resend capability 11 Mbps

Question 143

Orthogonal frequency division multiplexing OFDM

Answer 143

Used to tightly and precisely pack signals near each other using different perpendicular modulation 52 Mbps +

Question 144

What is open system authentication?

Answer 144

Non-encrypted wireless ssid

Question 145

Shared key authentication

Answer 145

Wireless that used challenge / response to encrypt the communication

Question 146

802.11i

Answer 146

Standard for wireless security

Question 147

802.1x

Answer 147

Allows for authentication as a separate process since it is at the networking level

Question 148

Bluejacking

Answer 148

Sending a user something like a contact or message via Bluetooth connection

Question 149

Bluesnarfing

Answer 149

Getting access to personal information through a Bluetooth connection

Question 150

What allows wireless mobile devices to use the limited frequency of radio?

Answer 150

Each tower uses a different frequency and no adjacent tower can use the same

Question 151

FDMA

Answer 151

1G - first gen. Used sub band frequencies per call, this ran out quickly.

Question 152

TDMA

Answer 152

Time slice of a frequency allows no one user to hog a frequency - GSM

Question 153

CDMA

Answer 153

3G - spread spectrum using the entire bandwidth for each user call

Question 154

OFDMA

Answer 154

Frequencies are extremely closely packet using narrow sub channels to get the most bandwidth.. This is where 4G comes in.

Question 155

Cell phone cloning

Answer 155

The use of someone's cell phone credentials to utilize calls on their account