Communication and Network Security

Question 1

Protocol

Answer 1

Set of rules or restrictions that define how data is transmitted over a network medium

Question 2

Open Systems Interconnection (OSI) Model

Answer 2

Developed by International Organization for Standardization (ISO) in late 1970s/early 1980s. ISO 7498 defines OSI Model.

Question 3

TCP/IP

Answer 3

Most widely used protocol today. Based on DARPA model (TCP/IP model)- developed in early 1970s.

Question 4

7 Layers of OSI Model

Answer 4

7- Application- Data Stream
6- Presentation- Data Stream
5- Session- Data Stream
4- Transport- Segment (TCP)/Datagram (UDP)
3- Network- Packet
2- Data Link- Frame
1- Physical- Bits

Question 5

Encapsulation

Answer 5

Addition of a header and possibly a footer to the data received by each layer from the layer above before it’s handed off to the layer below. As the message is encapsulated at each layer, the previous layer’s header and payload combine to become the payload of the current layer. Inverse action is called Deencapsulation.

Question 6

Encapsulation/Deencapsulation Process

Answer 6

1. Application layer creates a message.
2. Application layer passes the message to Presentation layer.
3. Presentation layer encapsulates message by adding information to it. Information is usually added only at the beginning of the message (called a header); however, some layers (Data Link, Physical) also add material at the end of the message (called a footer).
4. The process of passing the message down and adding layer-specific information continues until the message reaches the Physical layer.
5. At the Physical layer, the message is converted into electrical impulses that represent bits and is transmitted over the physical connection.
6. The receiving computer captures the bits from the physical connection and re-creates the message in the Physical layer.
7. The Physical layer converts the message from bits into a Data Link frame and sends the message up to the Data Link layer.
8. The Data Link layer strips its information and sends the message up to the Network layer.
9. This process of deencapsulation is performed until the message reaches the Application layer.
10. When the message reaches the Application layer, the data in the message is sent to the intended software recipient.

The information removed by each layer includes instructions, checksums, and so on that can be understood only by the peer layer that originally added or created the info.

Question 7

Data Stream and Packet Transformation Down the Stack

Answer 7

Message sent into protocol stack at the Application layer, retains the label of data stream until it reaches the Transport layer (4) where it is called a segment (TCP protocols) or datagram (UDP protocols). In the Network layer, it is called a packet. In the DL Layer (2), it is called a frame. In the Physical layer (1), it is referred to as bits for transmission over the physical connection medium.

Question 8

Physical Layer

Answer 8

Contains the device drivers that tell the protocol how to employ the hardware for the transmission and reception of bits. Contains: EIA/TIA-232 and EIA/TIA-449, X.21, High-Speed Serial Interface (HSSI), Synchronous Optical Network (SONET), V.24 and V.35.

Controls throughput rates, handles synchronization, manages line noise and medium access, and determines to use digital or analog signals or light pulses to transmit or receiver data over the physical hardware interface.

Network hardware devices that function here include network interface cards (NICs), hubs, repeaters, concentrators, and amplifiers.

Question 9

Data Link Layer

Answer 9

Ethernet (IEEE 802.3), Token Ring (IEEE 802.5), asynchronous transfer mode (ATM), File Distributed Data Interface ( FDDI), and Copper DDI (CDDI). Only Ethernet remains a common DL layer technology in use in modern networks. Protocols found here include: Serial Line Internet Protocol (SLIP), Point-to-Point Protocol (PPP), Address Resolution Protocol (ARP), Reverse ARP (RARP), Layer 2 Forwarding (L2F), Layer 2 Tunneling Protocol (L2TP), Point-to-Point Tunneling Protocol (PPTP), Integrated Services Digital Network (ISDN).

This layer includes adding the hardware sources and destination addresses to the frame. Hardware address is the Media Access Control (MAC) address, which is a 6-byte (48-bit) binary address written in hexadecimal notation. First 3 bytes (24 bits) denotes to the vendor or manufacturer of the physical network interface, known as the OUI, which is registered with IEEE, which controls their issuance. Last 2 bytes represent a unique number assigned to that interface by the manufacturer. EUI-48 replaced MAC-48 (IEEE 802). Converting to EUI-64 where 2 octets of FF:FF are added between cc and ee octets for MAC-48; in the case of EUI-48, 2 octets of FF:FE are added between cc and ee octets.

cc:cc:cc:FF:FF:ee:ee:ee

ARP- used to resolve IP addresses into MAC addresses
RARP- used to resolve MAC addresses into IP addresses

2 sublayers of DL Layer- Logical Link Control (LLC) and MAC

Switches and bridges function here, and support MAC-based traffic routing. Switches receive a frame on one port and send it out another port based on the destination MAC address. MAC address destinations are used to determine whether a frame is transferred over the bridge from one network to another.

Question 10

Network Layer

Answer 10

Responsible for adding routing and addressing information to the data. Accepts the segment from the Transport later and adds information to it to create a packets, which includes source and destination IP addresses. Routing protocols found here include: Internet Control Message Protocol (ICMP), Routing Information Protocol (RIP), Open Shortest Path First (OSPF), Border Gateway Protocol (BGP), Internet Group Management Protocol (IGMP), Internet Protocol (IP), Internet Protocol Security (IPSec), Internetwork Packet Exchange (IPX), Network Address Translation (NAT), Simple Key Management for Internet Protocols (SKIP).

Responsible for providing routing or delivery information. Not responsible for guaranteeing or verifying delivery (that is the responsibility of the Transport layer).

Manages error detection and node data traffic, or traffic control.

Routers and bridge routers (brouters) are among the network hardware devices that function at this layer. Routers determine the best logical path for the transmission of packets based on speed, hops, preference, and so on. Routers use the destination IP address to guide the transmission of packets. A brouter, working primarily in layer 3 but in layer 2 when necessary, is a device that attempts to route first, but defaults to bridging if routing fails.

2 broad categories of routing protocols- distance vector and link state. Distance vector protocols maintain a list of destination networks along with metrics of direction and distance as measured in hops (number of routers hit to reach destination). Link state protocols maintain a topography map of all connected networks and use this map to determine the shortest path to the destination.

Distance vector examples- RIP, IGRP, and BGP
Link state example- OSPF

Question 11

Non-IP Protocols

Answer 11

IPX, AppleTalk, NetBEUI

Question 12

Transport Layer

Answer 12

Responsible for managing the integrity of a connection and controlling the session. Accepts a Protocol Data Unit (PDU) from the Session Layer and converts it into a segment.

Controls how devices on the network are addressed or referenced, establishes communication connections between nodes or devices, and defines the rules of a session. Session rules are established through SYN/ACK handshake.

Establishes a logical connection between two devices and provides end-to-end transport services to ensure data delivery. This layer includes mechanisms for segmentation, sequencing, error checking, controlling the flow of data, error correction, multiplexing, and network service optimization.

Protocols found here include: Transmission Control Protocol (TCP), User Datagram Protocol (UDP), Sequenced Packet Exchange (SPX), Secure Sockets Layer (SSL), and Transport Layer Security (TLS).

Question 13

Session Layer

Answer 13

Responsible for establishing, maintaining, and terminating communication sessions between 2 CPUs. Manages dialogue discipline or dialogue control (simplex, half duplex, full duplex), establishes checkpoints for grouping and recovery, and retransmits PDUs that have failed or been lost since the last verified checkpoint.

Protocols include Network File System (NFS), Structured Query Language (SQL), Remote Procedures Call (RPC).

Simplex- One way direction communication
Half Duplex- Two way communication, but only one direction can send data at a time
Full Duplex- Two way communication, in which data can be sent in both directions at the same time

Question 14

Presentation Layer

Answer 14

Responsible for transforming data received from the Application layer into a format that any system following the OSI model can understand. Imposes common or standardized structure and formatting rules onto the data. Responsible for encryption and compression. Acts as an interface between the network and applications. Most file or data formats operate within this later, including formats for images, video, sound, documents, email, web pages, control sessions, and so on.

Format standards found here: American Standard Code for Information Interchange (ASCII), Extended Binary Coded Decimal Interchange Mode (EBCDICM), Tagged Image File Format (TIFF), Joint Photographic Experts Group (JPEG), Moving Picture Experts Group (MPEG), Musical Instrument Digital Interface (MIDI).

Question 15

Application Layer

Answer 15

Responsible for interfacing user applications, network services, or the operating system with the protocol stack. Allows applications to communicate with the protocol stack. Determines whether a remote communication partner is available and accessible. Ensures that sufficient resources are available to support requested communication.

Transmits files, exchanges messages, and connects to remote terminals.

Protocols found here include:
Hypertext Transfer Protocol (HTTP)
File Transfer Protocol (FTP)
Line Print Daemon (LPD)
Simple Mail Transfer Protocol (SMTP)
Telnet
Trivial File Transfer Protocol (TFTP)
Electronic Data Interchange (EDI)
Post Office Protocol Version 3 (POP3)
Internet Access Message Protocol (IMAP)
Simple Network Management Protocol (SNMP)
Network News Transport Protocol (NNTP)
Secure Remote Procedure Call (S-RPC)
Secure Electronic Transaction (SET)

Network device, or service, that works at this layer is called the gateway. Application layer gateway serves as a protocol translation tool.

Question 16

TCP/IP Model

Answer 16

DARPA or DOD Model.

4. Application (Application, Presentation, Session of OSI)
5. Transport (Transport of OSI)
6. Internet (Network of OSI)
7. Link (Data Link, Physical of OSI)

Question 17

TCP/IP

Answer 17

Platform independent protocol based on open standards. Consumes a significant amount of resources and is easy to hack into. Designed for ease of use rather than security. Not just a single protocol- is a protocol stack comprising dozens of individual protocols.

Can be secured using VPN links between systems. VPN links are encrypted to add privacy, confidentiality, and authentication to maintain data integrity. Protocols used to establish VPNs are PPTP, L2TP, and IPSec.

Question 18

TCP/IP Protocols

Answer 18

Application Layer- FTP, Telnet, SNMP, LPD, TFTP, SMTP, NFS, X Window
Transport Layer- TCP, UDP
Internet Layer- ICMP, IGMP, IP
Link Layer- Ethernet, Fast Ethernet, Token Ring, FDDI

Question 19

TCP Wrapper

Answer 19

Provides protocol level security. An application that can serve as a basic firewall by restricting access to ports and resources based on user IDs or system IDs. Form of port based access control.

Question 20

TCP

Answer 20

Full-duplex connection-oriented protocol. Has 65,536 ports. Operates at layer 4 (Transport). Employs reliable sessions. Connection oriented because of the handshake process employed.

Two methods to disconnect session- FIN, finish, and RST, or reset.

FIN- FIN, ACK, FIN, ACK. Takes 4 packets to gracefully tear down a TCP session. RST- causes an immediate and abrupt session termination.

Segments of TCP transmission are tagged with a sequence number. Transmission window- number os packets transmitted before an ACK packet is sent.

Data flow is controlled through sliding windows.

Question 21

UDP

Answer 21

Simplex connectionless protocol. Has 65,536 ports. Operates at Layer 4 (Transport). Offers no error detection or correction, does not use sequencing, does not use flow control mechanisms, does not use preestablished session, and is unreliable. Often used for audio and video, employed by real time or streaming communications.

IP header protocol field value- 17 bits (0 * 11)

Question 22

Port

Answer 22

Also called a socket. An address number that both ends of the communication link agree to use when transferring data. Allows a single IP address to be able to support multiple simultaneous communications, each using a different port number.

Question 23

Well Known Ports

Answer 23

The first 1,024 ports (0-1,023). Has standardized assignments for services they support. I.e. HTTP is Port 80.

Question 24

Registered Software Ports

Answer 24

Ports 1,024 to 49,151. Has one or more networking software products specifically registered with the International Assigned Numbers Authority, or IANA.

Question 25

Random, Dynamic, Ephemeral Ports

Answer 25

Ports 49,152 to 65,535. Often used random or temporarily by clients as a source port. Associated with common FTP. Berkeley Software Distribution (BSD)- Ports 1,024 to 4,999 Linux Kernels- 32,768 to 61,000 Microsoft up to Windows Server 2003- 1,025 to 5,000 All Windows After- IANA range FreeBSD since version 4.6- IANA

Question 26

TCP Header

Answer 26

Relatively complex compared to UDP. 20 to 60 bytes long. ``` (Size in Bits) Source Port- 16 Destination Port- 16 Sequence Number- 32 Data Offset- 4 Reserved for Future Use- 4 Flags- 8 Window Size- 16 Checksum- 16 Urgent Pointer- 16 ```

Question 27

TCP Header Flag Field Values

Answer 27

``` CWR- Congestion Window Reduced ECE- ECN- Echo (Explicit Congestion Notification) URG- Urgent ACK- Acknowledgement PSH- Push RST- Reset SYN- Synchronization FIN- Finish ``` X X U A P R S F 0 0 0 1 0 0 1 0 SYN, ACK flag set "Unskilled Attackers Pester Real Security Folk" IP Header Protocol Field Value for TCP- 6

Question 28

UDP Header

Answer 28

8 bytes long (64 bits). Divided into 4 sections, each 16 bits long: Source Port Destination Port Message Length Checksum

Question 29

Network Layer Protocols

Answer 29

IP. Provides route addressing for data rackets. Connectionless and is an unreliable datagram service. Does not guarantee that packets will be delivered or that they will be delivered in correct order and does not guarantee only one time delivery. You must employ TCP on IP to gain reliable and controlled communication sessions.

Question 30

IPv4 vs. IPv6

Answer 30

IPv4- most widely used around the world. Uses a 32-bit addressing scheme. Being taken over by IPv6. IPv6- supported by most operating systems released since 2000 but is slowly adopted. Uses 128 bits for addressing. Features include scoped addresses, autoconfiguration, and Quality of Service (QoS) priority values. Scope Addresses- gives admins the ability to group and then block or allow access to network services, such as file serivces or printing Autoconfig- removes the need for both DHCP and NAT QoS Priority Values- allow for traffic management based on prioritized content

Question 31

IP Classes

Answer 31

Full Class A Subnet- supports 16,777,214 hosts Full Class B Subnet- supports 65,534 hosts Full Class C Subnet- supports 254 hosts Class D- used for multicasting Class E- reserved for future use

Question 32

IP Classes Continued

Answer 32

Class First Binary Digits Decimal Range of 1st Octet A 0 1-126 B 10 128-191 C 110 192-223 D 1110 224-239 E 1111 240-255

Question 33

IP Classes Default Subnet Masks

Answer 33

Class Default Subnet Mask CIDR Equivalent A 255.0.0 /8 B 255.255.0.0 /16 C 255.255.255.0 /24

Question 34

Classless Inter Domain Routing (CIDR)

Answer 34

Notation that uses mask bits rather than a full dotted-decimal notation subnet mask. Instead of 255.255.0.0, a CIDR is added to the IP address after a slash, as in 172.16.1.1/16.

Question 35

Network Layer Protocols (ICMP)

Answer 35

ICMP- Internet Control Message Protocol. Used to determine the health of a network or specific link. Utilized by ping, traceroute, pathping, and other network management tools. Ping employs ICMP echo packets and bounces them off remote systems. Ping is used to determine whether the remote system is online, responding promptly, whether the intermediary systems are supporting communications, and the level of performance efficiency at which the intermediary systems are communicating. Ping includes the redirect function, which allows the echo responses to be sent to a different destination than the system of origin. ICMP was exploited in DOS attacks. ``` IP header- 1 Type field in ICMP header- defines the type or purpose of the message contained within the ICMP payload More than 40 defined types, but only 7 are commonly used: 0- Echo reply 3- Destination unreachable 5- Redirect 8- Echo request 9- Router advertisement 10- Router solicitation 11- Time exceeded ```

Question 36

Network Layer Protocols (IGMP)

Answer 36

Internet Group Management Protocol allows systems to support multicasting, or the transmission of data to multiple recipients. RFC 1112 discusses the requirements to perform IGMP multicasting. Used by IP hosts to register their dynamic multicast group membership. Used by connected routers to discover these groups. Single initial signal is multiplied at the router if divergent pathways exist to the intended recipient. IP header protocol field value- 2

Question 37

Network Layer Protocols (ARP, RARP)

Answer 37

ARP- used to resolve IP addresses (32 bit binary number for logical addressing) into MAC addresses (48 bit number for physical addressing) or EUI 48 or EUI 64. Traffic on a network segment, i.e. across a hub, is directed from its source system to its destination system using MAC addresses. RARP- used to resolve MAC addresses into IP addresses Both function using caching and broadcasting. First step into resolving IP addresses into MAC addresses is to check local ARP cache. ARP Cache Poisoning is when an attacker inserts bs information into the ARP cache. If not in local cache, requested will be broadcast and if owner of queried address is not in local subnet, router or default gateway will perform the process of ARP request.

Question 38

Common Application Level Protocols

Answer 38

Telnet- TCP Port 23. Terminal emulation network application that supports remote connectivity for executing commands and running apps but does not support file transfer. FTP- TCP Ports 20 and 21. Network app that supports an exchange of files that requires anonymous or specific authentication. TFTP- UDP Port 69. Network app that supports file exchange but does not require authentication. SMTP- TCP Port 25. Used to transmit email messages from a client to an email server and from one email server to another. POP3- TCP Port 110. Used to pull email messages from an inbox to en email server down to an email client. IMAP- TCP Port 143. Used to pull email messages from an inbox on an email server down to an email client. More secure than POP3 and offers the ability to pull headers down from the email server as well as to delete messages directly off the email server without having to download to the local client first. DHCP- UDP Ports 67 and 68. Uses port 67 for server point to point response and port 68 for client request broadcasts. Used to assign TCP/IP configuration settings to systems upon bootup. Enable centralized control of network addressing. HTTP- TCP Port 80. Used to transmit web page elements from a web server to web browsers. SSL- TCP Port 443 for HTTP encryption. VPN-like security protocol that operates at the Transport layer. Originally designed to support secured web communications (HTTPS) but is capable of securing any Application layer protocol communications. LPD- TCP Port 515. Network service used to spool print jobs and to send print jobs to printers. X Window- TCP Ports 6000 to 6003. GUI API for command line operating systems. BootP/DCHP- UDP Ports 67 and 68. Used to connect diskless workstations to a network through autoassignment of IP configuration and download of basic OS elements. BootP is the forerunner to DHCP. NFS- TCP Port 2049. Network service used to support file sharing between dissimilar systems. SNMP- UDP Port 161, 162 for Trap Messages. Collects network health and status information by polling monitoring devices from a central monitoring station.

Question 39

Multilayer Protocols

Answer 39

Wide range of protocols and encryption can be used at higher and various layers. Flexibility and resiliency in complex network structures is supported. Drawbacks include allowing covert channels, filters can be bypassed, and logically imposed network segment boundaries can be overstepped.

Question 40

Distributed Network Protocol 3

Answer 40

DNP 3. Used in electric and water utility and management industries. Used to support communications between data acquisition systems and the system control equipment. This includes substation computers, RTUs- remote terminal units, IEDs- intelligent electronic devices, and SCADA control centers. Multilayer protocol that functions similarly to TCP/IP and has link, transport, and transportation layers.

Question 41

Domain Name Resolution

Answer 41

Top Layer- Domain name, a temporary human friendly convention assigned over or onto the IP address 2nd or Middle Layer- IP address, a temporary logical address assigned over or onto the MAC address 3rd/Bottom layer- MAC address, or hardware address, the permanent physical address

Question 42

Domain Name System

Answer 42

DNS. Resolves a human friendly domain name into its IP address equivalent. Then, ARP resolves the IP address into its MAC address equivalent. Inverse- DNS reverse lookups and RARP

Question 43

Converged Protocols

Answer 43

The merging of specialty or proprietary protocols with standard protocols, such as those from the TCP/IP suite. Uses existing TCP/IP supporting network infrastructure to host special or proprietary services without the need for unique deployments of alternate networking hardware. Provides cost saving benefits.

Question 44

Converged Protocol- Fibre Channel over Ethernet (FCoE)

Answer 44

Form of network data-storage solution (SAN (storage area network) or NAS (network attached storage) that allows for high speed file transfers at upward of 16Gbps). Originally designed to operate over fiber optic cablesl support for copper cables was later added to offset less expensive options. Used to encapsulate Fibre Channel communications over Ethernet networks. Requires 10 Gbps Ethernet in order to support the Fibre Channel protocol. Operates as a Network layer protocol, replacing IP as the payload of a standard Ethernet network.

Question 45

Converged Protocol- Multiprotocol Label Switching (MPLS)

Answer 45

High throughput high performance technology that directs data across a network based on short path labels rather than longer network addresses. Saves significant time over traditional IP based routing processes. Designed to handle a wide range of protocols through encapsulation. Thus, the network is not limited to TCP/IP and compatible protocols. Enables the use of many other networking technologies, including T1/E1, ATM, Frame Relay, SONET, and DSL.

Question 46

Converged Protocol- Internet Small Computer System Interface (iSCSI)

Answer 46

Networking storage standard based on IP. Used to enable location independent file storage, transmission, and retrieval over LAN, WAN, or public Internet connections. Often viewed as a low cost alternative to Fibre Channel.

Question 47

Converged Protocol- Voice over IP (VoIP)

Answer 47

Tunneling mechanism used to transport voice and/or data over a TCP/IP network. Potential to replace PSTN because it's less expensive and has more options and features. Can be used as a direct telephone replacement on computer networks as well as mobile devices. Also supports video and data transmission to allow videoconferencing and remote collaboration on projects. Skype, magicjack

Question 48

Converged Protocol- Software Defined Networking (SDN)

Answer 48

Based on the theory that the complexities of a traditional network with on device configuration (routers and switches) force an organization to stick with a single vendor and limit the flexibility of the network to respond to changing physical and business conditions. Separates the infrastructure layer from the control layer. Removes the traditional networking concepts of IP addressing, subnets, routing, and so on from needing to be programmed into or be deciphered by hosted applications. SDN control layer- programmable from a central location- allows network virtualization and multiple vendors

Question 49

Content Distribution Network

Answer 49

CDN. Collection of resource services deployed in numerous data centers across the Internet in order to provide low latency, high performance, and high availability of hosted content. Distributed data hosts. Eliminates need for media content stored in one single location. CloudFlare, Akamai, Amazon CloudFront, CacheFly, and Level 3 Communications P2P- client based CDN- BitTorrent

Question 50

Data Emanation

Answer 50

Transmission of data across electromagnetic signals. Eavesdropping can occur to capture and read magnetic fields to recreate original data stream.

Question 51

TEMPEST Project

Answer 51

U.S. Government research regarding data emanation since 1950s

Question 52

Wireless Cells

Answer 52

Areas within a physical environment where a wireless device can connect to a wireless access point.

Question 53

802.11

Answer 53

IEEE standard for wireless network communications.

Question 54

802.11 Wireless Networking Amendments

Answer 54

Amendment Speed Frequency 802. 11 2 Mbps 2.4GHz 802. 11a 54 Mbps 5 GHz 802. 11b 11 Mbps 2.4 GHz 802. 11g 54 Mbps 2.4 GHz 802. 11n 200+ Mbps 2.4 GHz or 5 GHz 802. 11ac 1 Gbps 5 GHz

Question 55

Infrastructure Mode vs. Ad Hoc Mode

Answer 55

Wireless Network Configurations. Infrastructure Mode- a wireless access point is required, wireless NICs on systems can't interact directly, and restrictions of the wireless access point for wireless network access are enforced. Stand Alone- Wireless clients connect to each other but not to any wired resources Wired Extension- WAP acts as a connection point to link the wireless clients to the wired network Enterprise Extended- multiple WAPs are used to connect a large physical area to the same wired network. Same Extended Service Set Identifier (ESSID) is used by each WAP Bridge- wireless connection is used to link two wired networks Ad Hoc Mode- any two wireless networking devices can communicate without a centralized control authority. Always use Infrastructure mode!

Question 56

ESSID

Answer 56

Name of a wireless network when a wireless base station or WAP is used, like in infrastructure mode

Question 57

BSSID

Answer 57

Name of a wireless network when in ad hoc or peer to peer mode. When operating in infrastructure mode, the BSSID is the MAC address of the base station hosting the ESSID.

Question 58

SSID

Answer 58

Broadcast by the WAP via a special transmission called a beacon frame. This allows any wireless NIC within range to see the wireless network and make connecting as simple as possible. Default broadcasting of SSID should be disabled to keep the wireless network secret. However, discovery of SSID is prone to sniffing. Thus, it is essential to use WPA2 as a reliable authentication and encryption solution rather than hiding the existence of a network via disabling the SSID.

Question 59

Site Survey

Answer 59

Process of investigating the presence, strength, and each of wireless access points deployed in an environment. Used to discover areas of a physical environment where unwanted wireless access might be possible.

Question 60

IEEE 802.11

Answer 60

Defines 2 methods that wireless clients can use to authenticate to WAPs before normal network communications can occur across wireless link. Open System Authentication (OSA)- no real authentication required. Transmits everything in clear text Shared Key Authentication (SKA)- some form of authentication must take place before network communication can occur- WEP is one optional technique- later amendments added WPA, WPA2, and others

Question 61

Wired Equivalent Privacy (WEP)

Answer 61

Was designed to provide same level of security and encryption on wireless networks as found in wired and cabled networks. Provides protection from packet sniffing and eavesdropping against wireless transmissions. Can be configured to prevent unauthorized access to the wireless network. Uses a predefined shared secret key. Provides integrity protection through use of hash values. Knowledge of key is essential for authentication. Was cracked instantly because of use of same static key for encryption of all communication. WPA negotiates a unique key set with each host. A passphrase is used to authorize the association with the base stations, the passphrase must be long for security. WEP encryption employs RC4, a symmetric stream cipher. Poor implementation of IVs and the shared static key make WEP useless. Attack performed in less than 60 seconds.

Question 62

WPA

Answer 62

Replacement for WEP. Can be used on most devices, whereas the features of WPA2 exclude some lower end hardware. Based on the LEAP and TKIP cryptosystems and often employs a secret passphrase for authentication. Use of a single static passphrase is the weakness with WPA. Also, both the LEAP and TKIP encryption options for WPA are now crackable using a variety of cracking techniques. No longer provides long term reliable security.

Question 63

WPA2

Answer 63

Also known as 802.11i. New encryption scheme known as the Counter Mode cipher Block Chaining Message Authentication Code Protocol (CCMP), which is based on AES encryption scheme. No real world attack has compromised WPA2 to date.

Question 64

802.1X/EAP

Answer 64

Supported by both WPA and WPA2. Standard port based network access control that ensures clients can't communicate with a resource until proper authentication has taken place. Hand off system that allows the wireless network to leverage the existing network's infrastructure's authentication services. Through its use, other techniques and solutions such as RADIUS, TACACS, certificates, smart cards, token devices, and biometrics can be integrated into wireless networks providing techniques for both mutual and multifactor authentication. EAP (Extensible Authentication Protocol)- not a specific mechanism of authentication- is an authentication framework. Allows for new authentication technologies to be compatible with existing wireless or point to point connection technologies. Different EAP methods of authentication include LEAP, EAP TLS, EAP SIM, EAP AKA, and EAP TTLS. Not all are secure. EAP-MD5 and LEAP are crackable.

Question 65

PEAP

Answer 65

Protected Extensible Authentication Protocol. Encapsulates EAP methods within a TLS tunnel that provides authentication and potentially encryption. Provides encryption for EAP methods.

Question 66

LEAP

Answer 66

Lightweight. Cisco proprietary alternative to TKIP for WPA. Offers weak protection. Should be avoided. Use of EAP TLS as an alternative is recommended. If LEAP is used, a complex password is recommended.

Question 67

MAC Filter

Answer 67

List of authorized wireless client interface MAC addresses that is used by a WAP to block access to all non authorized devices. Difficult to manage and tends to be used only in small and static environments. Prone to an attacker spoofing a valid MAC address.

Question 68

Temporal Key Integrity Protocol

Answer 68

TKIP. Designed as replacement for WEP without requiring replacement of legacy wireless hardware. Implemented into 802.11 wireless networking under the name WPA. Includes a key mixing function that combines the IV with the secret root key before using that key with RC4 to perform encryption. A sequence counter is used to prevent packet replay attacks. A strong integrity check name Michael is used. TKIP and WPA were replaced in 2004 by WPA2.

Question 69

CCMP

Answer 69

Created to replace WEP and TKIP/WPA. Uses AES with a 128 bit key. The preferred standard security protocol of 802.11 wireless networking indicated by 802.11i.

Question 70

Determining Antenna Placement

Answer 70

When deploying a wireless network: Use a central location Avoid solid physical obstructions Avoid reflective or other flat metal surfaces Avoid electrical equipment External omnidirectional antennas should be pointing straight up vertically. Directional antennas should point the focus toward the area of desired use.

Question 71

Standard Straight or Pole Antenna

Answer 71

Omnidirectional antenna that can send and receive signals in all directions perpendicular to the line of the antenna itself. Found on most base stations and some client devices. called a base antenna or a rubber duck antenna because they're covered in flexible rubber coating.

Question 72

Directional Antennas

Answer 72

Focus their sending and receiving capabilities in one primary direction. Yagi, cantenna, panel, and parabolic. Yagi- similar in structure to traditional roof TV antennas. Crafted from a straight bar with cross sections to catch specific radio frequencies in the direction of the main bar. Cantennas- constructed from tubes with one sealed end. Focus along the direction of the open end of the tube. First ones were crafted from Pringles cans. Panel- flat devices that focus from only one side of the panel. Parabolic- used to focus signals from very long distances or weak sources.

Question 73

Captive Portals

Answer 73

Authentication techniques that redirect a newly connected wireless Web client to a portal access control page. Portal page may require user input such as payment info, login credentials, or input of an access code. Also used to display an accessible use policy, privacy policy, and tracking policy to the user who must consent to the policies before being able to communicate across the network. Most often located on wireless networks intended for public use such as hotels, restaurants, etc. Also can be used on cable Ethernet connections.

Question 74

General WiFi Security Procedure

Answer 74

1. Change the default admin password. 2. Disable the SSID broadcast. 3. Change the SSID to something unique. 4. Enable MAC filtering if the pool of wireless clients is relatively small and static. 5. Consider using static IP addresses, or configure DHCP with reservations. 6. Turn on the highest form of authentication and encryption supported. 7. Treat wireless as remote access, and manage access using 802.1x. 8. Treat wireless as external access, and separate the WAP from the wired network using a firewall. 9. Treat wireless as an entry point for attackers, and monitor all WAP-to-wired-network communications with an IDS. 10. Require all transmissions between wireless clients and WAPs to be encrypted. Require a VPN link.

Question 75

Wardriving

Answer 75

Discovers that a wireless access is present. Uses a wireless interface to a wireless detector to locate wireless network signals.

Question 76

Intranet

Answer 76

Private network that is designed to host the same information services found on the Internet. Provides users with access to the Web, email, and other services on internal servers that are not accessible to anyone outside the private network.

Question 77

Extranet

Answer 77

Cross between Internet and Intranet. Section of an organization's network that has been sectioned off so that it acts as an intranet for the private network but also serves information to the public Internet. Extranet is rarely used on public network. If it is on a public network it is a DMZ or perimeter network.

Question 78

Network Segmentation

Answer 78

Also known as subnetting, network is divided into smaller organization segments and units. Boosting Performance- Improves performance through an organizational scheme in which systems that communicate often are located in the same segment, while noncommunicative systems are located in other segments. Reduces Communication Problems- Reduces congestion and contains communication problems, such as broadcast storms, to individual subsections of the network. Provides Security- Improves security by isolating traffic and user access to those segment where they are authorized.

Question 79

Segment Creation

Answer 79

Using switch based VLANs, routers, or firewalls, individually or in combination. A private LAN or intranet, a DMZ, and an extranet are all types of network segments.

Question 80

Network Access Control (NAC)

Answer 80

Controlling access to an environment through strict adherence to an implementation of security policy. Prevents/reduces zero day attacks Enforces security policy throughout the network Uses identities to perform access control Acts an an automated detection and response system that can react in real time to stop threats as they occur and before they cause damage. 802.1X provides port based NAC, but is considered only a simple form of NAC or just one component. Can be admitted with: Preadmission philosophy- requires a system to meet all current security requirements before communicating with the network Postadmission- allows and denies access based on user activity, which is based on a predefined authorization matrix Issues with NAC include client/system agent versus overall network monitoring (agent less), out of band versus in band monitoring, and resolving any remediation, quarantine, or captive portal strategies.

Question 81

Static Packet Filtering Firewalls

Answer 81

Filters traffic by examining data from a message header. Usually, the rules are concerned with source, destination, and port addresses. Using static filtering, a firewall is unable to provide user authentication or to tell whether a packet originated from inside or outside the private network, and is easily fooled with spoof packets. Known as first generation firewalls; they operate at layer 3 (network layer). Also called screening routers or common routers.

Question 82

Application level gateway firewalls

Answer 82

Aka proxy firewall. Proxy is a mechanism that copies packets from one network into another: The copy process also changes the source and destination addresses to protect the identity of the internal or private network. Filters traffic based on the internet service (the application) used to transmit or receiver the data. Each type of app just have its own unique proxy server. Comprises numerous individual proxy servers. Negatively affects network performance. Each packet must be examined and processed as it passes through the firewall. Known as second generation firewalls. Operate at layer 7 (application).

Question 83

Circuit level gateway firewalls

Answer 83

Establishes communication sessions between trusted partners. Operate at the session layer (5). SOCKS from socket secure, as in tcp/ip ports, is a common implementation of a circuit level gateway firewall. Also known as circuit proxies. Manage communications based on the circuit and not traffic content. Permit or deny forwarding decisions based solely on the endpoint designations of the communication circuit. Considered second generation firewalls because they represent a modification of the application level gateway firewall concept.

Question 84

Stateful inspection firewalls

Answer 84

Aka dynamic packet filtering firewalls. Evaluate the state or context of network traffic. By examining source and destination addresses, app usage, source of origin, and relationship between current packets and previous packets of the same session, they are able to grant a broader range of access for authorized users and activities. Actively watches for and blocks unauthorized users and activities. Operate more efficiently than application level gateway firewalls. Known as third generation firewalls. Operate at the network and transport layers (3 and 4).

Question 85

Bastion host

Answer 85

A self-sacrificing firewall. Serves as an intermediary between a trusted network such as the Internet and a trusted network. Related to DMZs. Located behind the router. Connects the private network to the on trusted network. All inbound traffic is routed to the bastion host, which in turn acts as a proxy for all the trusted systems within the private network. Responsible for filtering traffic coming into the private network as well as for protecting the identity of the internal client.

Question 86

Single tier firewall deployment

Answer 86

Internet, router, firewall, private network. Offers minimal protection.

Question 87

Two tier firewall deployment

Answer 87

Two tier 1: Internet, router, firewall, private network and DMZ Two tier 2: Internet, router, firewall, DMZ, firewall, private network.

Question 88

Three tier deployment

Answer 88

Three tier 1: Internet, router, firewall, DMV, firewall, transactions subnet, firewall, private network. Three tier 2:: Internet, router, firewall, transaction subnet and DMZ, firewall, private network.

Question 89

Endpoint security

Answer 89

All single devices within the network infrastructure must be individually secure and responsible for their own endpoint protection. The device is responsible for its own security. Each individual device must maintain local security whether or not its network or telecommunications channels also provide or offer security.

Question 90

Collision

Answer 90

Occurs when two systems transmit data at the same time onto a connection medium that supports only a single transmission path. A collision domain is a group of networked systems that could cause a collision if any two or more of the systems in that group transmitted simultaneously.

Question 91

Broadcast

Answer 91

Occurs when a single system transmits data to all possible recipients. A broadcast domain is a group of networked systems in which all other members receive a broadcast signal when one of the members of the group transmits it.

Question 92

Repeaters, concentrators, and amplifiers

Answer 92

Used to strengthen the communication signal over a cable segment as well as connect network segments that use the same protocol. Used to extend the maximum length of a specific cable type by deploying one or more repeaters along a lengthy cable run. Operate at layer one the physical layer.

Question 93

Hubs

Answer 93

Used to connect multiple systems and connect network segment that use the same protocol. They repeat inbound traffic over all outbound ports. This ensures that the traffic will reach its intended host. A hub is a multiport repeater. Hubs operate at layer one the physical layer.most organizations have a no hub security policy due to sniffing attacks.

Question 94

Modems

Answer 94

A traditional land line modem is a communications device that covers or modulates between an analog carrier signal and digital information in order to support computer communications of public switched telephone network PSTN lines. Used to be a common means of WAN communications. Now they are replaced by routers such as cable, dsl, isdn, wireless.

Question 95

Bridges

Answer 95

Used to connect to network's together even networks of different topologies, cabling types, and speeds – in order to connect network segments that use the same protocol. Forwards traffic from one network to another. May have a buffer to store packets until they can be forwarded to a slower network, known as the store and forward device. Operates at layer 2.

Question 96

Switches

Answer 96

Rather than using a hub you might consider using a switch or an intelligent hub. Switches know the addresses of the systems connected on each outbound port. Instead of repeating traffic on every outbound port switch repeats traffic only out of the port on which the destination is known to exist. Operate at layer 2 and 3 when routing features are enabled. Offer greater efficiency for traffic delivery, create separate collision domains, and improve the overall throughput of data. Switches can also create separate broadcast domains when used to create VLANs.

Question 97

Routers

Answer 97

Used to control traffic flow on networks and are used to connect similar networks and control traffic flow between the two. They can function using statically define routing tables, or they can employ a dynamic routing system. There are numerous dynamic routing protocols, such as RIP, OSPF, And BGP. Operate at OSI layer 3

Question 98

Brouters

Answer 98

Combination devices comprising a router and a bridge. Attempt to route first, but if that fails, it defaults to bridging. Thus, it operates at layer 3 but can operate at layer 2 when necessary. Used to connect network segments that use the same protocol.

Question 99

Gateways

Answer 99

Connects networks that are using different network protocols. Responsible for transferring traffic from one network to another by transforming the format of that traffic into a form compatible with the protocol or transport method used by each network. Also known as protocol translators. Can either be standalone hardware devices or a software service. Many types of gateways include data, mail, application, secure, and Internet. Operate at OSI layer 7 the application later.

Question 100

Proxies

Answer 100

A form of gateway that does not translate across protocols. Proxies serve as mediators, filters, cashing service, and even NAT/PAT servers for a network. Performs a function or requests at service on behalf of another system and connects network segment that use the same protocol.

Question 101

LAN extenders

Answer 101

A remote access, multilayer switch used to connect distant networks over W AN links. Creates WANs. Same as a W AN switch or W AN router.

Question 102

Local area network

Answer 102

L AN. Network typically spanning a single floor or building. A limited geographical area.

Question 103

Wide area network

Answer 103

W AN. Term usually assigned to the long distance connections between geographically remote networks. W AN connections and communication links can include private circuit technologies and packet switching technologies. Common private circuit technologies include dedicated or leased lines and PPP, SLIP, ISDN, and DSL connections. Packet switching technologies include X.25, frame-relay, Asynchronous transfer mode ATM, synchronous data link control SDLC, and high-level data link control HDLC. Packet switching technologies use virtual circuits instead of dedicated physical circuits. Virtual circuit is created only when needed, which makes for efficient use of the transmission medium and is extremely cost-effective

Question 104

Common causes of network failure

Answer 104

Violation of availability. Cable failures or misconfigurations.

Question 105

Coaxial cable

Answer 105

A.k.a. coax. Popular networking cable type used in the 1970s. Quickly declined in the 1990s because of the popularity and capabilities of twisted-pair wiring. Coaxial cable has a center core of copper wire surrounded by layer of insulation, which is in turn surrounded by a conductive braided shielding and encased in a Final insulation sheath. The center copper core in the braided shielding layer act as two independent conductors allowing two way communications over a coaxial cable. The design makes it fairly resistant to EM I and makes it able to support high-bandwidth's and offers longer usable lengths than twisted-pair it failed to retain its place because of twisted-pairs much lower cost and ease of installation. Requires the use of segment terminators, where is twisted pair cabling does not. Bulkier and has a larger minimum arc radius then twisted pair. Thinnet- 10base2, can span distances of 185 m and provide throughput up to 10 Mbps. Thicknet- 10base5, can span 500 m and provide throughput up to 10 Mbps. Most common problems are as follows: bending the coaxial cable past its maximum arc radius and thus breaking the center conductor, deploying the coaxial cable in the length greater than its maximum recommended length, or not properly terminating the ends of the coaxial cable with a 50 OHM resistor.

Question 106

Baseband cables

Answer 106

Transmits only a single signal at a time. More used than broadband cables.

Question 107

Broadband cables

Answer 107

Transmit multiple signals simultaneously. Most networking cables are baseband cables not broadband. However, when used in specific configuration's, coaxial cable can be used as a broadband connection, such as with cable modems.

Question 108

Twisted pair cable

Answer 108

Extremely thin and flexible compared to coaxial cable. Consists of four pairs of wires that are twisted around each other and then sheathed in a PVC insulator. If there is a metal foil wrapper around the wires underneath the external sheath, the wire is known as shielded twisted pair STP. The foil provides additional protection from external EMI. Twisted pair cable line without the foil is known as unshielded twisted pair UTP. UTP is most often used to refer to 10BaseT, or 1000BaseT, which are now considered outdated references mostly outdated technology. The wires that make up UTP and STP are small thin copper wires that are twisted in pairs. The twisting of the wires provides protection from external radio frequencies and electric and magnetic interference and reduce his cross talk between pairs. Crosstalk occurs when data transmitted over one set of wires is picked up by another set of wires do to radiating electromagnetic fields produced by the electrical current. Each wire pair within the cable is twisted at a different rate, twists per inch. Therefore, the signals traveling over one pair of wires cannot cross onto another pair of wires at least within the same cable. The tighter the twist the more resistant the cable is to internal and external interference and cross talk, and thus the capacity for throughput is higher, a.k.a. bandwidth.