Domain 4: Communication and Network Security

Question 1

OSI Reference Model

Answer 1

Open Systems Interconnect Model
Promotes interoperability between vendors
Enables standardization
Describes the encapsulation of data to enable it to get from point A to point B
Application has least encapsulation, Physical has most encapsulation
“All People Seem to Need Data Processing”
“People Don’t Need to See Paula Abdul”

Question 2

OSI Physical Layer (Layer 1)

Answer 2

Least Complex
Concerned with Physical connectivity and sending electric signals over a medium
Cables, Hubs, Network Card (partially), Devices (partially)
Threats: Theft, vandalism, interference, etc.

Question 3

OSI Data Link Layer (Layer 2)

Answer 3

Has 2 Sublayers, LLC and Media access
Where MAC Address is assigned/utilized (used for internal communication)
Utilizes ARP protocol
Switches are layer 2

Question 4

OSI Network Layer (Layer 3)

Answer 4

Isolate traffic into broadcast domains and use IP addressing to direct traffic (Router)
VLANs
Protocols: IP, ICMP (ping), IGMP (message), IGRP, IPSEC, IKE, ISAKMP
If a protocol starts with I it is layer 3

Question 5

OSI Transport Layer (Layer 4)

Answer 5

End to End deliver
Provides end-to-end data transport services
Adds port info to PDU
Protocols used: 
SSL/TLS (4-7)
TCP 
UDP

Question 6

OSI Session Layer (Layer 5)

Answer 6

Responsible for establishing a connection between two applications
Dialogue control
Release Connections

Question 7

OSI Presentation Layer (Layer 6)

Answer 7

present the data in a format that all computers can understand
Does not have any protocols
Concerned with encryption, formatting and compression

Question 8

OSI Application Layer (Layer 7)

Answer 8

Defines a protocol (way of sending data) that two different programs or applications understand
HTTP, FTP, SMTP, SNMP, etc (a lot of protocols)
Application Proxies
non-repudiation
certificates
Directory services
Time awareness

Question 9

ARP

Answer 9

Maps an IP address to a MAC Address

Question 10

ARP

Answer 10

Maps an IP address to a MAC Address

Question 11

Devices at Layer 1

Answer 11

Hub - send all data out all ports all the time (Obsolete)

Question 12

Devices at Layer 2

Answer 12

Switch - Uses MAC addressing to address traffic out the appropriate port
Collision Domain Isolation for each port

Question 13

Devices at Layer 3

Answer 13

Router - Uses IP addressing
Broadcast Domain Isolation for each port
Creates subnets

Question 14

Devices at Layer 3

Answer 14

Router - Uses IP addressing
Broadcast Domain Isolation for each port
Creates subnets

Switches can Create VLANs to isolate broadcast traffic on a switch

Question 15

Devices at Layer 3

Answer 15

Router - Uses IP addressing
Broadcast Domain Isolation for each port
Creates subnets

Switches can Create VLANs to isolate broadcast traffic on a switch
Layer 3 Switch to allow inter-VLAN communications

Question 16

Devices at Layer 3

Answer 16

Router - Uses IP addressing
Broadcast Domain Isolation for each port
Creates subnets

Switches can Create VLANs to isolate broadcast traffic on a switch
Layer 3 Switch to allow inter-VLAN communications

Question 17

Common Layer 3 attack

Answer 17

ICMP based: 
Loki, hide messages in ICMP messages
PING of death, oversized ping
Ping flood, DoS with Ping
SMURF, use a spoofed source address to launch a DDoS
Fraggles, SMURF but with UDP

Question 18

TCP Protocol

Answer 18

Connection oriented guaranteed delivery
Advantages; easier to program with, implements a session, adds security
Disadvantages; more overhead/slower, SYN floods (attack)

Question 19

TCP Handshake

Answer 19

Client -> Server - Synchronize (SYN)
Server -> Client - Synchronize Acknowledge (SYN-ACK)
Client -> Server - Acknowledge (ACK)

Question 20

UDP Protocol

Answer 20

Connectionless
Unreliable
No handshaking
Desirable when real time transfer is essential
Media streaming, gaming, live chat

Question 21

File Transfer Protocol (FTP) uses what protocol

Answer 21

TCP

Question 22

Trivial File Transfer Protocol (TFTP) uses what protocol

Answer 22

UDP

Question 23

TCP vs OSI model

Answer 23

TCP only has 4 layers
TCP Network Layer is Physical and Data Link
TCP Internet is Network
TCP Transport is Transport
TCP Application is Application, Presentation, Session

Question 24

Firewalls

Answer 24

Isolates traffic/networks into security zones
3 different layers; 3 5 and 7
Software or Hardware Based
Provide isolation and separation
Create zones based on trust
Use rule-based access control (RBAC)

Question 25

Security Zone

Answer 25

Different security levels in different zones

Question 26

DMZ

Answer 26

buffer zone between an unprotected network and a protected network that allows for the monitoring and regulation of traffic between the two

Question 27

Stateless Firewall (Layer 3)

Answer 27

``` Stateless inspection packet filtering screening routers Inspect Layer 3 and Layer 4 Headers (Source and Destination IP, Port, Protocols) ```

Question 28

Stateful Firewall (Layer 5)

Answer 28

Stateful inspection Awareness of the initiation of the session and the state Can block unsolicited replies Can understand syntax of lower layer protocols and can block "misbehaving" traffic

Question 29

Application Firewall

Answer 29

Called Application proxies/firewalls Direct access to the data Deep packet inspection Forward proxy inspects traffic from inside going out Reverse proxy inspects traffic from outside going in Can inspect on content, time, application-awareness, certificates Specific to the application protocol

Question 30

Network Address Translation (NAT)

Answer 30

Router function Translates internal to external IP addresses Assigns internal IP addresses 1 to 1 translations

Question 31

Port Address Translation (PAT)

Answer 31

Router Function | Does what a NAT does but appends port numbers to each internal device so traffic can be routed back properly

Question 32

RFC 1918 Internal IP Address Ranges

Answer 32

10. x.x 172. 16.x.x-172.31.x.x 192. 168.x.x

Question 33

Firewall best practices

Answer 33

``` block unnecessary ICMP Keep ACLs Simple Use Implicit deny Block directed IP broadcasts Perform ingress and egress filtering (block traffic leaving from a non-internal address; block all traffic entering from an internal address) Enable logging Drop fragments or re-assemble fragments Firewalls process ACLs in order. The first rule is valid to the access attempt will be applied (no other rules will be applied) ```

Question 34

Circuit switching (WAN)

Answer 34

Phone based networks PSTN - Public Switched Telephone Network ISDN - Integrated service Domain Network DSL T-carriers

Question 35

Packet switching (WAN)

Answer 35

``` Packets are created and find their own way to the destination that is fasted X.25 Frame Relay ATM IP Networks* VOIP* MPLS* Cable ```

Question 36

Multi Protocol Labeled Switching (MPLS)

Answer 36

Label edge router - entry and exit point of your network Provider router - routers to the vpn Label distribution protocol

Question 37

Voice over IP (VoIP)

Answer 37

``` Telephony - analog to digital voice transmission Uses RTP (Real-time protocol) ```

Question 38

VoIP Security Issues

Answer 38

Eavesdropping, toll fraud, vishing, SPIT (Spam over IT) | Performance issues: Latency (Fixed), jittering (variable)

Question 39

point to point protocol (PPP)

Answer 39

Provides layer 2 framing for dial-up | needs other protocols for security

Question 40

PPP Authentication Protocols

Answer 40

Password Access Protocol (PAP) - Clear Text (Dead) Challenge Handshake Authentication Protocol (CHAP) - Client responds to a challenge from the server; only way the client can answer correctly is if the password has been entered Extensible Authentication Protocol (EAP) - Extends the capabilities beyond passwords to smart cards, biometrics, tokens, etc.

Question 41

Tunneling

Answer 41

A function of VPNs - tunnel encapsulates one protocol within another creating a virtual network Can encrypt original IP headers Can encrypt data Allows for routing non-routable protocols and IP addresses Can provide remote/internal IP addresses

Question 42

Tunneling Protocols

Answer 42

Point to Point Tunneling Protocol (PPTP) Layer 2 Tunneling Protocol (L2TP) IP Security (IPSEC) Generic Routing Encapsulation (GRE)

Question 43

PPTP

Answer 43

Point to Point Tunneling Protocol Still uses PAP, CHAP, or EAP for authentication Adds Microsoft Point to Point Encryption (MPPE) For encryption Only works across IP networks Remote user connects to ISP, gets IP address; Establishes VPN Conncetion to VPN Server gets internal IP address; sends private IP packets encrypted with other IP Packets

Question 44

L2TP

Answer 44

based on Cisco Proprietary Layer 2 Forwarding (L2F) protocol Combination of L2F and PPTP Designed to be implemented in software solutions THERE IS NO SECURITY, must use IPSEC

Question 45

IPSec for Tunneling

Answer 45

Can be used on its own in Tunnel mode

Question 46

Generic Routing Encapsulation (GRE)

Answer 46

point to point link between two networks. Adds extra IP header to original packet. More frequently used the past for AppleTalk, IPX and older protocols

Question 47

Data Encapsulation

Answer 47

GRE tunnels encapsulate packets that allow protocols to traverse an incompatible network

Question 48

Simplicity of GRE

Answer 48

lack mechanisms related to flow control and security by default

Question 49

Multicast traffic forwarding with GRE

Answer 49

GRE tunnels can be used to forward multicast traffic, whereas a VPN cannot

Question 50

Mobility (wireless)

Answer 50

wireless communication system allows users to conduct business from anywhere

Question 51

Reachability (wireless)

Answer 51

Wireless communication systems enable people to stay connected and be reachable regardless of location

Question 52

Simplicity (wireless)

Answer 52

Systems are easy and fast to deploy in comparison to acabled networks

Question 53

maintainability (wireless)

Answer 53

in a wireless system, you do not have to spend too much cost and time to maintain network

Question 54

Roaming services (wireless)

Answer 54

Provide service any where any time

Question 55

Additional Services (wireless)

Answer 55

various smart services like SMS and MMS

Question 56

Wireless Security Problems

Answer 56

Unauthorized access Sniffing War Driving (Driving around looking for vulnerable access points) Unauthorized access points (MITM)

Question 57

Wireless Security

Answer 57

Encryption & Authentication

Question 58

WEP Encryption

Answer 58

``` Shared authentication passwords Weak Initialization vector transmitted in clear text RC-4 (Stream cipher) Easily crackable Only option for 802.11b (old) ```

Question 59

WPA Encryption

Answer 59

Stronger IV Introduced TKIP (Temporal Key Integrity Protocol) Still used RC-4

Question 60

WPA2 Encryption

Answer 60

AES CCMP (replaced TKIP) Not backwards compatible

Question 61

Wireless Authentication

Answer 61

WPA and WPA2 uses 802.1X authentication to have individual passwords for individual users (RADIUS)

Question 62

802.1x

Answer 62

Remote authentication dial-in user service Centralized authentication server (RADIUS) Supplicants (Clients) Authenticators (Server) Uses EAPoL (Extensible Access Protocol over LAN)

Question 63

Bluetooth

Answer 63

Personal area network protocol designed to free devices from physical wires To secure, just turn it off.