Brainscape's Knowledge GenomeTM


Top Flashcards (Certified)
All Flashcards

Studying > Domain 4 > Flashcards

Domain 4 Flashcards

(110 cards)

Start Studying
1
Q

What is a protocol?

A

It is an agreed upon set of rules. It defines the format and order of messages and actions taken upon receipt of the messages

Network protocols:

  • determine how computers communicate with each other
  • standards-based approach increase interoperability

Layered Models

  • Divides networking processes into manageable layers
  • Can modify one layer without affecting the others
  • Easier to understand communication functions
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is encapsulation?

A

Encapsulates data into TCP segment into an IP packet, into a frame, into bits, across the wire.

Think 7 layers - encapsulate and decapsulate the message through the 7 layers

  • Divide the network communications into 7 layers
  • Divide tasks of communication into pieces for easier implementation
  • Appending data around the information from on data packet to the data of another packet
  • Each layer encapsulates information around the packet it received from the layer immediately above it, then sent to the layer below
  • When the packed is received, the information that pertains to each layer is stripped from the packet as it moves up the protocol stack
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are the layers of the OSI model, in order?

A

The Open systems interconnect (OSI) model is a layered model showing the flow of information from one application on a system to another across a network. There are 7 layers in the model.

Please Do Not Throw Sausage Pizza Away

1) Physical -0’s and 1’s - bits - handles transmission across the physical media - includes such things as electircal pulses on wires, connection specifications between the interface hardware, and the network cable and voltage regulation
2) Data Link - Ethernet address and switches- Connects the physical part of the network (cables, electrical signals) with the abstract part (packets and data streams)
3) Network - IP addresses and routing - interaction with the network address scheme and connectivity over multiple network segments. Describes how systems on different network segments find and communicate with each other
4) Transport - Ports, TCP and UDP headers - interacts with you information and prepares it to be transmitted across the network. It is this layer that ensures reliable connectivity from end to end. The transport layer also handles the sequencing of packets in a transmission
5) Session - Data - hands the establishment and maintenance of connections between systems. It negotiates the connection, sets it up, maintains it and makes sure that information exchanged across the connection is in syn on both sides
6) Presentation - Data - present the data to the application in a way it makes sense - makes sure that the data sent from one side of the connection is received in a format that is useful to the other side (compresses, decompresses)
7) Application - application and its data - interacts with the application to determine which network services will be required. When a program requires access to the network, the application layer will manage requests from the program to the other layers down the stack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are the attributes of the OSI model Layer 7 - Application Layer

A
  • This is the layer that is closest to the users and programs.
  • Identification of communication partners
  • Determines security aspects of communication
  • When a program requires access to the network, the Application Layer will manage request from the program to the other layers down the stack
  • PDF, adobe, browser, etc live here
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What are the attributes of the OSI model Layer 6 - Presentation Layer

A
  • Provides representation of information to be processed by the application
  • Provides translation services, such as EBCDIC to ASCII
  • Performs encoding, compression and decompression
  • makes sure that the data sent from on side of the connection is received in a format that is useful to the other side
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What are the attributes of the OSI model Layer 5 - Session Layer

A
  • Establishment and maintenance of connections between systems.
  • Organizes and synchronizes communication
  • Management of data exchange
  • Establishes lines of communication and initial contact to destination computers
  • Maintains the session allowing recovery and Restoration
  • Allows both half-duplex and full-duplex communications
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What are the attributes of the OSI model Layer 4 - Transport Layer

A
  • TCP and UDP
  • Optimizes network service usage
  • Uniquely identifies endpoints by transport address
  • ports live here
  • Reliable and cost-effective data transfer and connectivity
  • Maintains communication integrity
  • Sequence control of packets in transmission, error detection and possible error recovery
  • Prepares your information to be transmitted across the networ.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What are the attributes of the OSI model Layer 3 - Network Layer

A
  • IPv4 and IPv6
  • Routers
  • Handles interaction with the network address scheme and connectivity over multiple network segments. It describes how systems on different network segments find and communicate with each other
  • Provides network addressing to identify endpoints
  • Performs routing and flow control
  • Establishes network connection allowing transfer of data from one network endpoint to another
  • Provides network path
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What are the attributes of the OSI model Layer 2 - Data Link Layer

A
  • Ethernet
  • MAC addresses
  • Switches
  • Maps IP addresses to MAC addresses
  • Connects the physical part of the network with the abstract part
  • formats messages to allow for transfer of physical media
  • Provides addressing for physical hardware
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What are the attributes of the OSI model Layer 1 - Physical Layer

A
  • Bits
  • Cables
  • Radio Waves
  • Electrcity
  • Light (fiber optics)
  • Handles transmission across the physical media
  • Provides for mechanical and electrical activation, maintenance and deactivation of physical connections for transmission
  • Converts bits into electrical signals or light impulses for transmission
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What are the layers of TCP/IP?

A

Application = layer 7, 6, 5
Host to Host transport = layer 4
Internet = layer 3
Network Access = Layer 2, 1

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is the Internet Protocol (IP)?

A

Most common Layer 3 protocol

  • Works at the internet layer of the TCP/IP stack
  • Deals with transmission of packets between endpoints
  • The fundamental protocol of the internet

IPv4 - 32 bit source and desitnation addresses

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is Classless Inter-Domain Routing (CIDR)?

A

This is an IPv4 address class that allows for more flexible network sizes than those allowed by classful addresses. It allows for many network sizes beyond the arbitrary classful network sizes.

  • Slash notation, for example /8 of /20 or /10
  • Helps conserve IP addresses by allowing flexible subnet sizes

Once networks are in CIDR notation, additional routable network sizes are possible. Need 128 IP addresses? Chop Class C (/24) in half, resulting in two /25 networks. Need 64 IP addresses? Chop a /24 network into quarters resulting in four /26 networks with 64 IP addresses each

Designed to cut networks up more finely

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is classful addressing: A through E

A

Class A: 16.7M addresses – /8
Class B: /16
Class C: /24 - the first 24 bits describe the network and the remaining 8 describe the host
Class D: Multicast
Class E: Reserved (formally experimental)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is IPv4 Broadcast Address and a SMURPH attack?

A

One to all type of address
- Sender will send ping to all hosts on a given network segment

Two Types:

1) Directed Broadcast - you direct to a specific network and the host portion is set to all 1s (255) which means it will send to all
2) Limited Broadcast - sends to everyone on the internet - all 1s which is 255.255.255.255. Routers block this by default otherwise you will ping the entire internet and if you get responses back its bad

SMURPH ATTACK: When you forge the address a ping is coming from to someone elses address. You ping the whole internet or a very large network. When the responses are received, it creates DOS for the address you forged the ping was coming from

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is Private Network Addressing

A

Maps private addresses to public addresses

Private IP addresses are only used internally, they are not used publically on the internet - your router assignes a private IP

IPv4 address space is scarce
- how do we solve this problem?

Set aside private addresses and marry this with NAT (network address translation). When you cross the firewall, the firewall will map you to a public address through NAT. Many people can use the public address. CIDR also allows smaller networks.

RFC 1918 is the private addresses

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What is network address translation?

A

NAT - translates one IP address to another. It maps IPs and ports. It maps public to private and private to public so that not all IPv4 public addresses are used up for every single device. One router will

  • One to one - one internal maps to one external
  • Many to one - multiple map to one external
  • Pool NAT - maps to a set of public addresses. Commonly used in large. If you have too much traffic and you fill the NAT table, new connections will break. Pool NAT throws in something like a firewall to increase the number addresses available to avoid losing connection because of an overflow from too much traffic.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What is the Domain Name System (DNS)?

A

The DNS is the protocol for translating IP addresses to domain names and back again.

Root level servers for top-level domains (.com, .org,, .edu, .gov, etc.).

www.microsoft.com translates to the IP address.

Various networks on the internet are divided up into groups called domains. The domains are structured in a hierarchy like a tree. The top level of the tree is called the root or top level domain. There are a handful of these like .com. EAch level down the hierarchy tree ads another level to the domain. Each level can be another domain or a host computer itself

DNS has security issues:

  • no built-in security
  • Attacker can spoof responses by guessing or brute forcing the DNS transaction ID and client source port. Once this is done, the network will cache that website so anyone on the network will automatically be brought to the spoofed website instead. This is a cache poisoning attack.
  • Domain hijacking. It allows an attacker to take over a domain and redirect communications from a good domain to a bad one

**DNSSEC: Protect against DNS spoofing with DNSSEC (Domain name system security extentions). protect against cache poisoning and DNS spoofing. It uses encryption and PKI to provide origin authority and data integrity. It does not provide confidentiality. It authenticates the DNS server as the sender. Also has denial of existence check proving a DNS record does not exist. It is a digital signature for a packet - it can tell what you requested did not change

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What are the DNS queries?

A

1) gethostbyname: when you have the fully qualified domain name or the local name within your private network and need the address
2) gethostbyaddr: When you have the address and need the name

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What is IPv6?

A

Designed to meet addressing growth

  • 128 bits = 340 undecillion addresses (7 addresses for each atom of every human)
  • offers greater flexibility in allocating addresses
  • Faster than V4 - every packet had to check a check sum in v4. Router would check the check sum at every hop, server would check the checksum at the TCP layer. So the check was done by the server. For v6 - they said drop the layer 3 checksum - routers dont check the check sum so it passes through the router faster.

Features:

  • Tunnel v6 over v4 - carry the packet right over there TCP goes.
  • If you tunnel v6 over v4 IDS have a terrible time detecting stuff
  • You should detect v6 over v4 tunneling in your environment
  • can support v4 on v6 backbone by translating v4 to v6
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What is IPv6 addressing

A
  • use hexidecimal notation
  • No more NAT - and no more DHCP - how do systems assign themselves addresses?
  • Autoconfiguration - use your MAC address which is unique and embed it in your address and assign the network prefix

Network prefix - represented in the first 48 bits (6 bytes)
Subnet ID - configured according to the addressing needs of the org.
Interface identification - uniquely identifies the v6 node. With v6 autoconfiguration, the MAC address of the client populates the interface identification portion of the v6 address.

Take the MAC and split it in half and append the network prefix.

They now added DHCP.

Packet: - The header information has changed to accommodate the v6 protocol:
- Hop Limit - renamed time to live (TTL) - was described as seconds. But now its more a accurate because its not seconds its a hop limit.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

What is UDP? User datagram protocol

A

Connectionless communications

  • sends packets out, doesnt care if they get there
  • Much less overhead
  • Good if small amount of packet loss is acceptable
  • used for things like streaming audio because can afford to lose one or two packets - do less error checking so can move faster

Testable***:

  • UDP ports:
  • — DNS (53)
  • — NTP - Network Time protocol) (123)
  • — BOOTP/DHCP (dynamic host configuration protocol) (67 and 68)
  • — SNMP (161)

It has an 8 byte header

  • source port
  • destination port
  • message length
  • checksum (only for v6)

So simple, build what you want

Faster and less reliable and is often the basis for query-type applications (NTP, DNS, NFS)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

What is TCP - transmission control protocol?

A

Connection oriented communications

  • ensures reliable packet delivery
  • expensive overhead
  • 3 way handshake
    • — SYN
    • — SYN-ACK
    • — ACK
  • establishes a virtual connection known as a session between hosts
  • reliable connection over unreliable networks
  • you waste 6 packets on every connection sending no data - you have SYN and FIN (which is used for shut down)

Header:

  • urgent porter is useless (2 bytes)
  • sequence number makes sure packets stay in sync - so you know if something is missing or out of order
  • 20 bytes total
  • a lot more in the header than UDP and IPv6
  • *Key fields you need to know:
  • Source port
  • Destination port
  • sequence number - track packets and provide reliable delivery of information
  • acknowledgement number - used to acknowledge the receipt of information
  • SYN bit - establish the connection
  • ACK bit - system acknowledges the receipt of information

Slower but offers reliable delivery and is the basis for most internet applications

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Well known TCP protocols memorize

A

Know that FTP classical uses 2 ports (active FTP)

**Active FTP - clients port connects to server 21. Then download from server 20 to client. Brand new connection. - firewall would break the connection.

Passive FTP works normally - not a backwards connection with a separate session

1) 20 - FTP data - download data from a server source is 20 - active FTP - broke firewalls. second connection. firewall views second connection as an unrelated connection and broke firewalls. Its a separate connection but for the same session you are trying to perform
2) 21 - FTP - connect to a server from port 21

3) 22 - SSH
4) 23 - Telnet
5) 25 - SMTP
6) 53 - Domain Name System (DNS)
7) 79 - Finger
8) 80 - HTTP
9) 443 - HTTPS

you can use any ports you want but if you use your own port assignments, no one will be able to communicate with you.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
What are the TCP Code Bits
U - URG (urgent) - lets the other end of the connection know that some important data is coming. most applications never use URG flag. A - ACK (acknowledgement) - indicate that the sender is acknowledging receipt of some data - look in the acknowledgement number field to see which data is being ACKed P - PSH (push) - TCP stacks usually buffer incoming data until a certain amount has been collected and then pass it in a chunk to the application. The push flag indicates that a packet shouldnt be buffered but instead it should be passed immediately to the remote application for processing. R - RST (Reset) - upon receipt of a packet with a reset flag, a host should terminate the connection that contained that packet - tear it down, things were out of synch S - SYN (synchronize) - synchronize flag indicates a connection request F - FIN (Finish) - indicates that a connection is being shut down in an orderly fashion. gracefully closes down the connection vs. RST terminates it
26
What is TCP Port Scanning?
Attempt to determine all open TCP or UDP ports on a system. Sending a TCP SYN packet may result in: - SYN / ACK: port is open and unfiltered - RST / ACK: port is closed and unfiltered - host received the packet and said no - no response: unknown - a filter may be blocking the request - cannot determine if the port is actually open or closed in this case NMAP is a port scanning tool used to conduct a port scan
27
What is a socket pair?
It uniquely identifies a connection so that you can tell the difference between two separate connections. Consists of the following: - source IP address - source port number - destination IP address - destination port number If you connect to port 80 for two separate connections, everything above will be the same except for the source port number
28
What is ICMP? Internet control message protocol
It is a helper protocol to help IP run Two purposes is: 1) to report errors - rather than transfer information - network troubleshooting 2) to provide network information. Ping and traceroute are the best known IMP applications - echo request/echo reply or ping. Ping is used to find whether a given internet host is reachable or not. Traceroute is built on ping and used to plot out the path a packet took through the network It can also be used for flow control, rerouting packets and collecting network information Each packet has a code and type field. Helps troubleshoot errors
29
What is a ping?
A Ping is used to see whether a host is active. It sends an ICMP echo request and waits for an ICMP echo reply.
30
What is a traceroute?
Trace the route across the network hop by hop using ICMP - see the path taken Shows you the path packets may take to get to a destination. May tell you the external router for a site and therefore, be used to map a network. Cannot tell if my packets are going through all the hops. Traceroute is what does this. it lists the routers. traceroute uses combination of TTL and ICMP replies to map out the route packets take from one computer to another. The command works by sending a series of packets all going to the same destination with TTL values starting at 1. They will receive a TTL expire at the first hop so they now know the first router. Then they will do TTL 2 and learn the second router and so on.
31
What is Secure Shell (SSH)?
An application layer security protocol. - It is TCP port 22 - supports authentication, compression, confidentiality and integrity - RSA certificate exchange for authentication - Supports a wide variety of ciphers, including Triple DES, AES, Blowfish and many others - SSH version 1 was vulnerable to a man in the middle attack, version 2 is strongly recommended
32
What is Secure Multipurpose Internet Mail Extensions? (S/MIME)
Secure email. Allows users to easily exchange encrypted and digitally signed messages, even if they use different email programs.
33
What is SSL and TLS?
Secure Socket Layer and Transport Layer Security They are both application layer protocols - SSL was released by Netscape in 1994 - TLS version 1.0 is SSL version 3.1 - TLS is an upgrade to SSL 3.0 - Retains backward-compatibility with SSL - Current version of TLS is 1.2 - TLS may be used as a tunneling protocol - not just encryption for web traffic but also email, chat, etc.
34
What are some other TCP/IP protocols?
1) Telnet - Terminal emulation across a network. Cleartext authentication and data transfer - no confidentiality 2) File Transfer Protocol (FTP) - allows file transfer over network. cleatext authentication and data transfer. No confidentiality - only cleartext. TCP port 21. Extra TCP port for data channel * *Note that FTP uses two ports. - --- TCP port 21 where commands are sent - --- TCP port 20 where data is transferred - Active **** Many firewalls will block the active FTP data connection. Passive FTP addresses this issue by keeping all communication from client and server -- active gets blocked by firewalls and passive does not --passive maintains client server order. active changes the client server order 3) Simple Mail Transfer Protocol (SMTP) - used to send and receive email between mail servers. TCP Port 25 4) Trivial File Transfer Protocol (TFTP) - allows file transfer over network. Not authentication or confidentiality - only cleartext UDP port 69
35
What is SNMP? - Simple Network Management Protocol
Primary use-case involves monitoring of network devices for performance metrics and error conditions SNMP uses read and write strings to act as passwords. Version 2 and older use cleartext community strings - allows you to read the device. If you have access to the read string it allows read access to the managed device. Write access allows modification of a device such as changing the router configuration. Version 3 support encryption - V3 is is strongly recommended Very dangerous if you dont secure it. especially the write strings UDP port 161
36
What are multilayer protocols?
1) SMTP 2) TCP/IP 3) DNP3 - distributed network protocol is - --- open protocol that supports the smart grid - used to provide interoperability between various vendors SCADA systems - --- became an IEEE standard in 2010 - IEEE 1815-2010 and allowed pre-shared keys is now deprecated - --- IEEE 1815-2012 is the current standard that supports PKI
37
What is Network Attached Storage? (NAS)
Network attached storage (NAS) provides file and directory access via ethernet and reading and writing entire files over a network. Uses TCP/IP Historically, computers used DAS, such as IDE or SATA drives and directly connected disk controllers which provide block level access. NAS does not provide direct access to blocks or clusters NAS allows reading/writing entire files via a network
38
What is Storage Area Network (SAN)
SAN gives block level access - it acts like a disk that is in your computer but it is over the network. SAN is block access via the network NAS is reading and writing entire files These are the key distinctions. Common SAN solutions include Fibre channel (FC), FCoE, iSCSI Storage is called fabric
39
What is iSCSI (Internet Small Computer System Interface
It offers SCSI disk access via the network (TCP/IP) - routed via IP - can span large areas It is a type of SAN
40
What is FCoE - Fibre Channel over Ethernet?
It expands Fibre Channel (FC) which was designed for high-performance directly attached storage over the internet through ethernet netowrks Unlike NAS - TCP/IP is not used. It runs directly on top of layer 2 (Ethernet) It is a type of SAN - forms a network called fabric Three flavors of Fibre Channel: 1) FC - does not use Ethernet at all. does not scale well uses channels like a telephone circuit which allows high speed with low overhead. 2) FCoE - uses custom cabling and switches. It encapsulates fibre channel frames via ethernet for layer 2 transport. This allows FCoE to use typical networking equipment such as ethernet switches, which typically offer higher speeds for lower costs compared to FC. Does not use TCP/IP - it is not routable through IP. Local subnet only. Cannot route 3) FCIP - fibre channel over IP - allows you to route
41
What is VoIP? Voice over internet protocol
Technology that allows phone calls to be routed and transmitted using a data network (IP). Voice traffic is digitized before it is sent over IP. Attributes: - Can be used between any combination of analog telephone adapters, IP phones, and computers - Reduce operating costs - combines data - is cost effective - allows for redundancy (you can have VoIP and telephone lines) - Exposure and Security issues - Private Branch Exchange systems - contain maintenance hooks for providing remote maintenance capabilities over the phone line. If an attacker learns the number for connecting to the back door and is able to authenticate, the attacker may be able to make calls on the company's account or access sensitive voicemail messages.
42
What is the VoIP architecture? indicating he wishes
What are the ways you can integrate VoIP? 1) PSTN (public switch telephone network) PBX (private branch exchange) / VoIP integration - --- Integrate PBX connected to a public switched telephone network with a VoIP network. This allos for a phased approach to a VoIP network leveraging existing traditional voice services in conjunction with new VoIP deployment. - --- common and phased approach - --- Combines traditional and VoIP networks 2) IB PBX/PSTN integration - --- Use IP PBX and connect to PSTN network directly. All local users utilize VoIP phones to connect to the IP PBX which provides direct connectvity to the PSTN for outbound calls - --- Users must use VoIP phones - --- IP PBX (soft switch) routes call 3) Pure VoIP networks: - --- VoIP peers only - --- Call to PSTN is not available - --- also known as walled garden approach only provides connectivity to other VoIP callers 4) VoIP / PSTN integration provider services - --- cost effective and minimal investment approach - --- IP PBX on a server or workstration using commercial or free software and pay a VoIP integration provider to provide PSTN connectivity with a block of direct inbound dial (DID) phone number. The service is provided over the internet.
43
What are the component you need for VoIP?
1) Media gateways - converts traffic between a packet-switched network and a circuit switched network 2) Registration and location servers 3) proxy servers 4) messaging servers 5) end-user devices (Voip phones, soft phones)
44
What are VoIP traffic patterns?
- Call setup involves registration and location servers - Packetized audio travels between two VoIP entities directly - two phones or a VoIP phone and gateway - Traffic patterns may differ Two data streams are created: a call setup stream and a voice stream. The call setup stream is where the caller contacts his local registration server indicating he wishes to initiate a call. The registration server contacts the recipients registration server who in turn contacts the call recipient. The callers do not communicate directly in the call setup phase but exchange messages through the registration servers. Once the call setup phase is completed, the caller create a direct connection to the recipient to establish the voice stream.
45
What are the protocols of VoIP? (note these are all plaintext)
1) Signaling (H.323,SIP) - set up and tear down calls, locate users negotiate protocols (H. anything is old legacy. SIP is modern design, they NAT and firewall nicely) - Signaling is calling, hanging up - --- Signaling protocols are H.323 and SIP - --- H.323 - legacy protocol to handle AV call establishment (call setup) and call tear down functions. Uses TCP or UDP. Supports both voice and video traffic. Does not tolerate NAT or Firewall - --- SIP (session initialization protocol) - Plaintext lightweight protocol using HTTP like expressions. Primarily UDP based but can use TCP. easy debugging with ngrep, tcpdump. This is an alternative to H.323. Allows for new functions to be created but also have backward compatibility. 2) Media (RTP) - the actual voice- transport of packetized voice traffic between two VoIP devices. - --- Media Protocol is RTP - plaintext voice. commonly uses UDP but can use TCP. RTCP is used for statistics reporting. SRTP is a secure real-time transport protocol which is an alternative supporting encryption (AES). transmits voice content between VoIP devices. 3) Supporting protocols - used to support VoIP signaling and media protocols including IP, TCP, UDP, and many others Note that not all VoIP networks are based on standards based protocols. Sometimes, the supporting signaling and media protocols is proprietary and not open to public scrutiny. While proprietary protocols may boast feature of simplified deployment and use models over open standards, the security of these protocols is always suspect. By using a proprietary protocol, you rely on the vendor offering the protocol as a measure of the quality and security of the implementation
46
What is wireless - 802.11
**What is the fundamental risk with wireless? - you have lost physical control of the network - lost control of the physical network - signal is leaving your four walls. with wires the network is in the building but with wireless it goes out. Also - we used to have little security 802. 11 is the standard that supports two physical layers - infrared - radio frequency (FHSS and DSSS) Types: - 802.11b - most common for us on wireless LANs - uses DSSS - 11 mbps at 2.4 GHz - 802.11a - 54 mbps at 5 GHz - 802.11g - 54 mbps at 2.4 GHz - 802.11n - 300 mbps at 2.4 GHz and 5 GHz - 802.11ac - 1.3+ Gbps at 5 GHz
47
What are 802.11 network modes?
1) managed mode - aka client mode - how wireless clients connect to wireless access points 2) Master mode - aka infrastructure mode - How wireless access points operate and communicate 3) Ad hoc - peer to peer client only mode with no central access point - also called independent basic service set (IBSS) network configuration 4) Monitor mode - read only mode that sees the entire wireless frame - used for passive sniffing
48
What is WEP? Wired equivalent privacy protocol?
WEP was one of the first wireless protocols. Do not use it anymore This is very insecure. initially it was plain text but the encryption now is not strong Inability to rotate WEP keys produced stagnant shared secret implementations
49
What is Wi-Fi protected access? WPA
WPA - improvement of WEP. designed for older hardware. simpler version of WPA2 but still has flaws. better than WEP but still not as strong as you would want. Choose WPA2 WPA2 - 802.11i - vast improvement over WEP, requires NIC and AES - this is the best, real deal security - solid solution
50
What is the difference between internet, intranet and extranet?
1) Internet - runs on TCP/IP - global network of public networks - operated either for public access of private data exchange 2) Intranet - based on organizations internal physical network infrastructure - TCP/IP and HTTP standards - Web browsers - intranet is owned by you - you own the routers and servers 3) Extranet - private network using internet protocols - accessible by partners and vendors outside of the organization but not by the general public - I have an intranet and you have an intranet and we vpn together - this is an extranet - when you link two intranets
51
What are the types of networks
1) PAN - personal area network - one room 2) LAN - local area network - one building 3) CAN - campus area network - 4) MAN - metropolitan area network - office park 5) WAN - wide area network - can be public or private 6) GAN - global area network - internet
52
What are the LAN transmission methods?
Unicast - packet is transmitted from the source to a single network destination - one to one - when you surf to google Multicast - packet is transmitted from a source to multiple, selected destination network addresses - one to a pre-selected many - voice over IP uses this - streaming server that is sending a stream of hold music to 1,000 phones. you use multicast - it sends one stream and it reaches a router and the router has multicast devices and then splits. Broadcast - packed is transmitted from from a source to all network addresses - 255.255.255.255
53
What are the types of physical topologies?
Physical: Defines how systems are connected together via cables or wireless devices. 1) Bus - legacy ethernet - all network nodes are connected by a common media bus. Straight line across each device. Any break in the bus breaks connectivity for all systems. - --- Tree - multiple branches with nodes on each branch - used to connect multiple buses togeter 2) Ring - legacy. Data passes through all nodes in a circle. The ring fails when broken. FDDI added a 2nd ring for fault tolerance 3) Star - most common on modern networks - all network nodes are directly connected to a central host. Multiple point to point connections to a central device (hub or switch) with good fault tolerance, traffic isolation provided by certain hardware, scales well, high wiring cost for large installations 4) Mesh - --- Fully connected mesh - all network nodes are connected to every other node - --- Partially connected mesh - not all nodes are directly connected
54
What are the types of logical topologies?
Logical: After the systems have been interconnected by a physical topology, they need to know the rules for sending signals to each other. These rules are specified by media access protocols. The Logical topology defines the rules of communication across the physical topology (media access technology). Makes sure that the signal sent by the system makes it way to the destination. Types: 1) Ethernet 2) ATM (Asynchronous Trasnfer Mode 3) High-Level Data Link Control (HDLC) 4) Integrated Services Digital Network (ISDN) 5) X.25
55
What is LAN Transmission Protocols?
Carrier Sense Multiple Access (CSMA) - The computer continously monitors the common transmissionline and transmits when the line appears to be unused. If the transmission conflicts with another transmission, one of the following two behaviors occur: 1) Persistent carrier sense - If there is no acknowledgment the computer re-sends the frame 2) Non-Persistent carrier sense - The computer waits a random amount of time before resending the frame
56
What is Carrier Sense Multiple Access Collision Detection (CSMA/CD)?
It is used to immediately detect collisions within a network. This is how modern ethernet runs. requires systems that can send and receive simultaneously It takes the following steps: 1) Monitor the network to see if it is idle 2) If the network is not idle, wait a random amount of time 3) If the network is idle, transmit 4) While transmitting, monitor the network If more electricity is received than sent, another station is sending: As you are transmitting on the send pair, you are monitoring on the receive pair. You monitor the voltage coming back in. If you get back more than you are sending you Jam (tell the nodes to stop transmitting. Then wait a random amount of time before retransmitting
57
What is Carrier Sense Multiple Access with Collision Avoidance? (CSMA / CA)
802. 11 wireless networks employ CSMA/CA - avoidance rather than detection of collisions Transmission occurs only if the communication medium was determined to be available with another node not already transmitting Use this if you cannot send and receive simultaneously - not as fast as CD
58
What is Polling?
If you have two systems on one cable you have an ethernet network. No need for server, master, primary, etc. Polling needs a polling server. You only speak when given a slot. You can only send when given permission. Secondary computers are assigned a specific period of time to transmit by a primary computer If a secondary computer does not have any data to transmit, the primary computer moves on and provides another secondary computer with the opportunity to transmit This is legacy on LAN but still used on some WAN
59
What is Ethernet?
Ethernet is a "baseband" or shared media. it is by far the most popular media access protocol used in LANs. A chunk of data transmitted by Ethernet over the wire is called a frame. On an Ethernet network, only a single node should transmit a frame at a time. If multiple systems transmit simultaneously, a collision will occur. - only one station is allowed to transmit at any given time within a single collision domain - All stations are required to monitor their transmission to check for collisions- - data is transmitted using CSMA/CD bus technology Three cable standards: - Thinnet - 10base2, 10 mbps - bus technology - Thicknet - 10base5, 10 mbps - bus technology - Twisted pair - three types - we twist because electricity creates magnetism - the message would jump from wire to wire. twisting creates magnetic fields so that they dont jump and cancel each other out - --- 10baset - 10mbps - --- 100baset - 100 mbps - --- 10000 baset - 1 gbps
60
What are WAN technologies?
Connections among greater distances comprise and are better served by a Wide area network (WAN). The following are WAN technologies: - Circuit vs. packet switching - Leased lines - SDLC and HDLC - Integrated Services Digital Networks (ISDN) - DSL and cable modems - X 25 - Frame Relay - ATM - MPLS
61
What are circuit switched networks?
Switches establish a dedicated physical circuit between sender and receiver for a communication session. For communications that need to have a constant connection Provides a single transmission path Before packet switch and not as resilient
62
What is a packet switched network?
For bursty communications. Data to be transmitted is partioned into packets, where each packet is assigned sequence numbers as they are transmitted. These packets are sent to the destination through router fault tolerant
63
What is a virtual circuit?
Path through intermediate devices and bridges to set up communication with a partner station. The path is used for duration of a session. can run virtually over packet switched networks They are not like bridged networks where forwarding decisions are made on a frame by frame basis and there is no concept of a communication session Two types: 1) switched virtual circuit - dynamically established as required. disconnected when transmission is complete. Three phases - establishment, transfer, termination 2) permanent virtual circuit - permanently connected eliminates overhead of establishment and breakdown
64
What are leased lines?
***Memorize the Speeds! Leased lines are permanent connections established between nodes - Circuit or channel dedicated for point to point even when not is use Types: - T1: DS1 formatted data transmitted at 1.544 mbps through the telephone network - T3: DS3 formatted data transmitted at 44.736 mbps through the telephone network - E1: Wide area digital data transmission at 2.048 mbps (used in Euroope) - E3: Wide area digital data transmission at 34.368 mbps
65
What is SDLC and HDLC?
SDLC = Synchronous Data Link Control - Operates at Data link layer, Layer 2 - Uses a polling media-access method - Primary station controls all communications with secondary stations - speak when given a slot to speak HDLC = High level data link control - successor to SDLC - Operates at layer 2 - Controls data flow and provides error correction - Uses synchronous serial links - Supports point to point multipoint communications. Used by X.25 and Frame Relay to move packets across the WAN cloud. - I designates a primary and secondary station in its communication and can operate in three modes: - --- Normal response Mode (NRM) - primary station initiates communications with the secondary. The secondary transmits only as a responder when instructed by the primary - classing polling - what SDLC does , speak when given a slot to speak - --- Asynchronous Response Mode (ARM) - secondary can transmit without permission from the primary and can initiate communications itself. Primary retains the responsibility of error recovery, link setup and link term - --- Asynchronous Balanced Mode (ABM) -both stations have equal responsibilities and can transmit and receive messages independently over a duplex line
66
What is ISDN?
Integrated Services Digital Network (ISDN) Leverage the telephone lines into homes for data rather than just voice. ISDN tied up the phone line High cost and low speed DSL later provided broadband speed over existing telephony networks Wanted to ride at was already built. First attempt was ISDN - but it was not heavily implemented and DSL came into play which was more advanced
67
What is DSL?
Digital subscriber line: - can use the same cable for analog and digital data - came after ISDN and was more successful - high speed broadbadn connectivity over existing phone lines - lower cost and higher speed than ISDN DSL can be either : ***Know the numbers*** 1) Symmetric (upload / download) - uses one cable - --- Symmetric Digital Subscriber Line (SDSL) (one pair and one cable at symmetric speeds)- symmetrical upload and download; 1.544 mbit/s (t1); proprietary technology - --- High bit rate digital subscriber line (HDSL) - Symmetrical upload/download rates including both T1 equivalent and E1 equivalent 2.048 mbit/s - --- Single-pair high speed - digital subscriber line (SHDSL) - standardized version of symmetric DSL that laregely replaced SDSL and HDSL implementations. Higher speeds up to 5.696 mbit/s were possible 2) asymmetric (faster download) - uses two cables and has quicker speeds - more common than SDSL - --- Asymmetric Digital Subscriber Line (ADSL) - 12 mbit/s down; 2.5 mbit/s up - --- ADSL2+ - 24 mbit/s down; 3.5 mbit/s up - --- Very high speed digital subscriber line (VDSL) - 52 mbit/s down; 16 mbit/s up - --- VDSL+ - Interoperable with ADSL2+; 100 mbit/s split across up and down possible at 1,600 ft (distance to central office); performance extremely dependent upon distance to provider
68
What is a cable modem?
- Provides broadband internet connection - Cable modems in a geo area share a single coaxial cable to access the internet - Data rate is a function of the number of concurrent users - Operating range: 1,000 - 4,5000 to the powered building/room
69
What is X.25
Packet switched network that is global and not the internet. It is privately controlled by telecom companies. This is legacy but still exists You want to send 100 mgb data from london to DC, if you both have internet you can do that. but in 1992 that was unlikely. Try to analog modem call is slow. X.25 is POP - point of presence - pool of modems. Every city has a POP. Dial into local POP in London and traverse the X.25 network, and then dial out of the local pop in london to call DC Provides error checking, windowing and re transmission services that are not available in frame relay but is slower
70
What is Asynchronous Transfer mode
ATM - another way of sending signals over the wire. Uses virtual path identifiers (VPI) to create end-to end connectivity. Uses fixed data cell size (48 bytes) for better quality of service and fixed header size (5 bytes) coupled with small data cells which result in significant overhead Used for establishing high speed backbones that interconnect smaller networks and can carry signals over significant distances.
71
What is MPLS - multiprotocol label switching
common technology for providing WAN access between networks. MPLS networks are often thought of as VPNs, but it is important to note that MPLS does not provide any encryption. This must be done separately (IPsec). It applies labels to packets
72
What are WAN technologies?
'1) Modem - modulates digital binary data to be carried over analog networks; receiver demodulates analog data to digital binary. 2) CSU/DSU - converts lan protocols to allow transfer over WAN equipment- the demarc equipment - where you hit the ISP cloud. 3) DTE/DCE - DTE - data terminal equipment associated with customer end of a WAN connection - DCE - data communications equipment - assocaited with ISP network These are the two routers that connect across the demarc - DTE is yours and the DCE is the ISPs first router - the cable swings across the demarc
73
What are repeaters?
Layer 1 device Signals deteriorate with distance Repeaters recreate signals before retransmitting
74
What are hubs?
Repeats data it receives on on port to its other ports. Data sent by one system is repeated to all other systems on the hub. Does not have traffic monitoring capabilities and cannot control which ports should or should not receive the framd, forming a large collision and sharing data that is destined for someone else - replicate or amplify data - connect multiple LAN devices together - No security
75
What is a bridge?
Lyer 2 device used to connect two physical segments of a network, When it receives a frame on one of its ports, it decides if the data should be sent to the other port. This allows a bridge to automatically control the flow of data between network segments that it connects Learns which systems reside on which network segment by recording the MAC address of frames that pass through it to construct a table that maps MAC addresses to network segments. Splits larger networks into smaller segments. It does not forward traffic unless necessary
76
What is a switch?
Layer 2 device Learns the MAC address of each system and associates it with its port. It provides physical and logical traffic isolation which makes sniffing ineffective It re-transmits data to multiple ports but can monitor and control traffic between ports. It forwards information only to its destined location. Physical and logical traffic isolation
77
What is a VLAN?
Virtual local area network: - defines LANs logically, not physically - provides traffic isolation - each system on a vlan will see other vlan members broadcast traffic - two systems on different vlans will not see the others braodcast traffic allows multiple lans on one switch you have to also filter - they cant see each others broadcast but they can talk to each other so to avoid that you need to filter
78
What are routers?
Layer 3 - network layer - basis of the Internet - Examines IP source and destination addresses in packets and forwards packets to the intended network. - Maintain tables with routing information that point to all reachable networks they are perimeter devices because they interconnect logical networks. A switch or a bridge connects physical segments that reside on the same logical network. Routers determine which path packets should take to get from one network to another. A router makes decisions where to direct data that passes through it. A router makes decisions by looking at IP addresses to forward packets. Main focus is that they process IP traffic that originates from or is destined to an Ethernet based network
79
LAN Cabling - coaxial cable
- Used for high-speed analog and digital transmission with high immunity to interference - 50 ohm cable for digital signaling - 75 ohm cable for high speed data and analog signals - can transmit for longer distances without amplification two types of transmission schemes - baseband - single channel of information - broadband - multiple channels of information
80
LAN Cabling - twisted pair
- two insulated wires twisted in opposing rotations - this provides for cancellation of common mode noise and interference Two kinds: unshielded twisted pair and shielded twisted pair Unshielded twisted pair types: - category 1 - standard telephone wiring - category 2 - <4 mbps; EIA/TIA - 586 standard - category 3 - 10 mbps; in 10baset networks - category 4 - 16 mbps; applied in token ring networks - category 5 - 100 mbps; standard for LANs - category 6 / 5e - 1000 mbps; now being specified instead of category
81
LAN Cabling - fiber optic and crossover
Fiber-optic - cable comprising bundles of optical fibers - information transmitted as light signals - resistant to electromagnetic interference Crossover cable - wire two ethernet devices without hub, swtich or bridge - two and only two devices - cross +TX to +RX o r-TX to -RX
82
Asynchronous Communications
data is sent by changes in levels of voltage or current in a sequential fashion start bit or bits indicate the beginning of the sequence stop bits indicate the end of the sequence modems and dial up operate this way. the transmitting and receiving equipment agree upon and operate at the same data rate - start and stop bits help reduce any issues from with clock synchronizations between devices
83
Synchronous Communications
Transmitting and receiving stations are synchronized each unit of data does not need a start or stop bit transmission is more efficient transmits at high data rates and is synchronized with electronic clock signals
84
In order to route traffic, you need how many addresses and what are they?
1) MAC Address 2) IP Address There is no relationship or direct connection between a MAC or an IP IP gets the data to the router and MAC gets it to the system. If you are given one address there would be no way to know what the other address is. If given one address, you can find out the other address by sending out a packet. The protocols to do this are ARP and RARP
85
What is a MAC address?
Media Access Control: - 48 bit address written as 12 hexadecimal digits grouped in pairs of two - 64 bit now exists - MAC address is hard coded into a Network interface card (NIC) and does not change - Every MAC address is unique - Vendors have a code that is the first 6 digits and the same for all of their products (first 24 bits (organizationally unique identifier (OUI) and then the second 6 digits are assigned by the vendor and unique - They are designed to be globally unique in hardware* *** a hardware MAC is unique across the internet at all times
86
What is an IP address?
An IP address is - 32 bit (IPv4) and 128 bit (IPv6) - Part network and part host (CIDR) - configured by the user - changes based on location
87
What is ARP and RARP?
1) ARP = Address resolution protocol - Given an IP address, it will find out what the corresponding MAC address is. Broadcast messages are sent to all the machines on a network. The source host sends the aRP request and includes its source MAC and IP address. ARPs will not pass through a router. * ***IP to MAC 2) RARP = Reverse Address Resolution Protocol - Given a MAC address, it will find out what the corresponding IP address is * ***MAC to IP
88
What are routing protocols?
Routing protocol learns the best routes, all the routes, fastest routes, low latency, less hops, high bandwidth, the routing protocol should choose the best route. If that route is unavailable, the routing protocol should re-route so quickly and automatically 1) Distance Vector - --- RIP 2) Link State - --- OSPF 3) Border Gateway Protocol (BGP)
89
What is distance vector? and RIP?
Each router identifies all of its neighbors or routers to which it has a direct connection. Any router that it is directly connected to has a distance of 0. By using the information it receives from its neighbors, it buils a routing table based on metrics to determine how many hops it would take to get to a destination network. Figures out distance metrics to each network Problems - routing loops if convergence problems happen Solutions (applicable to RIP) - define a maximum hop count - split horizon - never send something back from where you got it - dont argue back. When NYC says down, dont argue up back - poison reserve - variation of split horizon where router entries are not modified until all routers have had a chance to make the update - instead of deleting the route, make it infinite. Dont delete it because you dont want to forget it - hold down timers - tell routers to hold any changes that might impact routes for a period of time - once you decide to make the route infinite, hold it down - I have made a decision and I am not changing it - timer will make you stuck to the decision and then hopefully you re-converge at that time RIP - a distance vector protocol - ****worst protocol - Hop count is used as the metric - Finds the minimum hop count but doesnt mean that is the fastest route - Max hop count is 15 - Routing updates are every 30 seconds - waste of energy and time - Can load balance over multiple paths - Native routing protocol on UNIX - got a longer shelflife because UNIX could do it by default - Only knows about its directly connected links, you want a router to know everything in the network, not only what it is near it. - used internally only
90
What is the SPF protocol? (link state)
Shortest Path First algorithm - Software is OSPF - open shortest path first - shortest path - not by hops but shortest in time - event driven updates - not constant updates - it is open source which is favored by the exam**** - Maintains topology information - Has full knowledge of all routers and how they connect - each router has a map of the entire network it is routing for - the entire AREA - the area is the network you are routing for - knows entire network and entire routers in it - All routers have similar picture of the entire network - used internally only (IGP) interior gateway protocol
91
What is BGP?
Border Gateway Protocol - Specifies routing between autonomous systems or networks that are very large (autonomous is a network or groups of networks that are under the control of a single entity) - the internet is composed of a large number of autonomous systems that are interconnected * **autonomous system means route to the organization, not to the network. Dont treat my network as a network address, treat it as an org. I have multiple entry points, send it to the best one - internal and external and is the routing protocol for the internet - Is an exterior gateway protocol (EGP) - Issue - who can send updates? Need to authenticate the updates but with BGP, this is not done and it is essentially trust based How to decide on the internet, whose route is best? If you do not own all the routers, it is hard - Performs three types of routing - --- interautonomous system routing - occurs between two of more BGP routers in different autonomous systems. Peer routers in these systems use BGP to maintain a consistent view of the internetwork topology. BGP neighbors communicating between autonomous systems must reside on the same physical network - internet public routing - --- intra-autonomous system routing - between two or more BGP routers located within the same autonomous system. Peer routers within the same autonomous system use BGP to maintain a consistent view of the system topology. BGP also is used to determine which router will serve as the connection point for specific external autonomous systems - intranet routing, internal - --- Pass-through autonomous system routing - between two or more BGP peer routers that exchange traffic across an autonomous system that does not question and run BGP. In a pass-through autonomous system environment, the BGP traffic did not originate within the autonomous system and is not destined for a node in the autonomous system - extranet - between two intranets
92
What are the key difference between distance vector and link state?
- Distance Vector: - --- has information only on neighbors - --- Simple metric, such as hop count - --- frequent updates - --- slow convergence Link State: - --- view of entire network - --- calculates shortest path to each router - --- event triggered updates - --- fast convergence
93
What is software defined networking?
Routers do one of two things: 1) sends packets 2) decides where to route and send packets - each router is an independent agent following a protocol but its the routers decision SDN - router only forwards packets and the SDN tells it how to route. it makes the decisions centrally - the routers become simpler. - You can centrally control routes and filtering. - separates a routers control plan from the data (forwarding) plane This leads to 0 trust networks SDN is a building block to this. 0 trust = Network is always assumed to be hostile. Ability to filter and firewall between every connection - everywhere. Encrypt and log all traffic. Google embraces - trust OpenFlow protocol - used for remote management of the data plane in SDN. TCP that uses TLS encryption
94
What is CDN?
Content Distribution Networks - They improve performance and availability by bringing data closer to users - They use a series of distributed caching servers - They determine servers closest to end users - AKA Content Delivery Networks If you are downloading a video from youtube, your ISP may push the content closer to you. If the content is in the ISPs cloud, they will deliver it to you locally instead of going back over the internet.
95
What is remote access?
It is access to the network remotely using data networking technologies. - Protects confidentiality, availability and integrity - Restricted address: - --- authenticates user node (not the user) - --- determines authorized users based on source IP address - --- Allows access to addresses on approved list
96
What are VPNs?
Virtual private network: - data is encrypted at one end of the VPN from cleartext into ciphertext - ciphertext is transmitted over the internet - Data is decrypted at the other end of the VPN They are an alternative to costly inflexible private circuits. Set up virtual circuits across public networks such as the internet. Establish secure communication between different remote organization offices and can be used to establish remote access to internal network resources by employees from their homes or while they travel. Advantages: - improved flexibility - can be set up rapidly - good VPN supports quality of service - lower costs Disadvantages: - Cannot guarantee bandwidth and latency - Encrypts the stuff you want to protect but also encrypts the bad stuff and is harder to see Solution - Multiprotocol Label Switching (MLPS) - alternative over traditional layer 3 routing. allows forwarding of messages across the internet without requiring examination of the message contents.
97
What are some modes of remote acces?
Client to site VPN - laptop dial up connection to remote access server at HQ. Provide remote access from a remote client Site to site VPN - LA office connection to DC office location. Provide connectivity to networks, such as headquarters and a remote office. gateway Devices are located in front of both networks
98
What is IPsec?
Standard for establishing VPNs: - It is an Open standard (RFC 2401), promoting multivendor interoperability - Offers CIA and replay attack prevention - Enables encrypted communication between users and devices - Implemented transparently into network infrastrcuture - Scales from small to very large networks - Commonly implemented IPSEC is a collection of protocols used singly or together to implement its various network security services. Primarily, IP SEC is composed of the Authentication Header (AH) protocol, Encapsulating Security Payload (ESP), and the internet key exchange, protocol. AH provides message integrity, anti replay, and source authentication. ESP is the companion protocol to AH. Like AH, it offers message integrity, anti-replay, and authentication features but it also offers confidentiality by being able to encrypt the contents of the message
99
What is the IPsec header
1) Authentication Header: - data integrity - no modification of data in transit - origin authentication: identifies where data originated - No confidentiality - adds authentication information into each IP packet which includes: a hash of source destination IP address and length. This is the AH and goes after the source IP address and before the data 2) Encapsulating Security Payload (ESP): - data integrity: no modification of data in transit - origin authentication: identifies where data originated - confidentiality - all data encrypted - does not pay attention to IP header but only the contents of the packet Tunnel does not only mean confidentiality. You can have an AH tunnel that is not encrypted. AH protects the header, I know who sent it I know if anything has changed. No confidentiality ESP protects the payload and gives confidentiality
100
What is tunnel vs. Transport mode
Tunnel - If I sniff IPsec tunnel traffic, I do not know who the sender and receiver is. Sender of the data sends, hits a concentrator and the receiver receives it and two systems act as encrypters and decyrpters (concentrators. If you sniff you know the concentrators but not the senders. Sender encrypts and sends packet and then it goes to a gateway to decrrypt and then send to the receiver. - Outer IP header specifies IP sec processing destination and inner header specifies ultimate packet destination - encrypt the data and the IP header - add a new IP header then IPsec header Transport mode - between two PCs / hosts - no other concentrators involved. PC talks to PC and no concentrator involved. Get the sender of the data and the encrypter of the data - Header after IP header, before TCP UDP header - encrypt the data
101
How do we authenticate VPN users?
AAA services (RADIUS) to ensure the remote client can be appropriately authenticated and determine authorization Once connected, protocols or technologies for remote access to data or systems using technologies such as RDP or NVC User and endpoint authentication protocols (EAP, 802.1x) - TACAS - RADIUS - DIAMETER - PAP AND CHAP - PPP - EAP - 802.1X - NAC
102
What is TACAS?
- TCP based - Authentication: start, continue, reply - Authorization: request attribute value pairs (AVP), response AVP - Accounting: start, stop, more, watchdog common way of doing routers - single sign on across many routers. TACAS+ --> allows dual factor AAA system
103
What is RADIUS (remote authentication dial in user service)
- UDP based Authentication: access request, access accept, access reject, accounting request, accounting response, access challenge, status server, status client AAA system (authentication, authorization, accountability) Used mainly for authentication
104
What is DIAMETER?
True AAA and newer but less supported - draft RFC - overcomes limitations of Radius (strongly recommended over Radius - authentication - authorization - accounting significant improvement of radius
105
What is PAP and CHAP?
PAP (Password authentication protocol)- answer is that is the wrong answer**** - worst thing on the list - sends the actual password plaintext over the wire - vulnerable to a replay attack CHAP (Challenge handshake authentication protocol) - more secure - password never traverses the network - not vulnerable to replay attack - The client initiates communication with the server, the server sends a challenge back to the client, the user enters the password the client uses the challenge and the password to create a response, the client transmits the response to the server nonce - a short random string - server can send a new challenge, a new nonce - not the same it has sent before.
106
What is SLIP and PPP?
Route IP through a modem and enter SLIP Serial Line IP (SLIP) - defacto standard developed in 1984 to support TCP/IP based asynchronous dial up connections - does not have error detection - replaced by point to point protocol Point to Point (PPP) - used for transmitting over dial up - allows multivendor operability - improves on SLIP - builds on slip by adding login, password and error correction - data link layer protocol - incorporates authentication methods - --- CHAP - --- PAP
107
What is PPTP and L2TP?
PPTP - point to point tunneling protocol - tunnels PPP via IP - uses Generic Routing encapsulation (GRE) to pass PPP via IP - provides confidentiality L2TP (Layer 2 tunneling protocol)j - combines PPTP and L2F (layer 2 forwarding, designed to tunnel PPP) - L2TP focuses on authentication and does not provide confidentiality
108
What is Extensible authentication Protocol (EAP)
****very testable - Authentication mechanism - Extension to PPP - Supports a variety of authentication mechanisms - New authentication methods used as desired - Defined in RFC 2284 - wireless authentication TESTABLE DETAILS: - ****EAP-MD5: one of the weakest forms of EAP. It offers client to server authentication only. It is vulnerable to man in the middle attacks and password cracking attacks. one of the weakest and only one way authentication. not mutual - LEAP - CIsco proprietary protocol and shouldnt be used - EAP-FAST (EAP-Flexible Authentication via Secure Tunneling): designed by Cisco to replace LEAP. USes Protected Access Credential which acts as a pre shared key - ****EAP-TLS (EAP-Transport Layer Security) - uses PKI, requiring both server-side and client side certificates. It establishes a secure TLS tunnel used for authentication. It is very secure due to the use of PKI but is complex and costly for the same reason. Requires certificates - testable point - ****EAP-TTLS (EAP-Tunneled Transport Layer Security): developed by Funk Software and Certicome, simplifies EAP TLS by dropping the client side certificate requirement allowing other authentication methods for client side authentication. It is easier to deploy but less secure when omitting the client-side certificate. Can use a password or pre-shared key - ****PEAP - Protected EAP - similar to EAP TTLS including not requiring client side certification. Whether it needs a cert or not is a big testable point
109
What is 802.1X Authentication?
- Addresses layer 2 authentication - unauthorized user plugs an infected laptop into a typical network - --- laptop requests DHCP address and receives IP address, DNS settings and default gateway - --- Lack of layer 2 authentication means the malware on laptop may attach other network devices - An unauthorized user plugs an infected laptop into a switch supporting 802.1x - --- switch requests authentication from client supplicant before granting any layer 3 access - --- Unauthorized user is unable to receive IP address - --- Malware on laptop is unable to attach other network devices You must authenticate at layer 2 - you are on an isolated VLAN. You enter your user name and password and if you are who you say you are you will move from isolated to production. You do not get an IP until you authenticate and identify yourself
110
What is Network Access Control (NAC)?
It builds on top of 802.1X - Microsoft uses the term Network Access Protection (NAP) In addition to authentication: - are patches up to date? - is the antivirus running with current signatures? - is the firewall enabled? If the client passes tests, access is granted If the client fails tests, placed on isolated VLAN - patches and antivirus updates may be provided there Show a statement of health before you can get on the network as part of your authentication

Studying (9 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions