Domain 4 - Communication and Network Security

Question 1

Virtual extensible LAN (VXLAN)

Answer 1

network virtualization enabling high scale segmentation, can make MILLIONS versus just 4096 VLANS, tunneling protocol that encapsulates an ethernet frame (layer 2) in a UDP packet, layer 2 can typically only be attacked from within ie MAC spoofing or flooding, RFC 7348 is the vxlan rfc

Question 2

Software defined networks (SDN)

Answer 2

enables network to be centrally controlled using software, can reprogram the data plane at any time, SD-LAN and SD-WAN, typically uses ABAC!! separate control plane from data plane and create sec challenges, vulns include man in the middle attacks and DoS, secure with TLS!

Question 3

SDWAN

Answer 3

enables users in branch offices to remotely connect to an enterprises network, enables use of many network services MPLS, LTE, broadband, etc. Sec is based largely on VPN tunnels, Ipsec, next gen firewalls (NGFWs), and micro-segmentation of application traffic, uses secure access service edge (SASE) to decentralize connectivity

Question 4

Li-Fi

Answer 4

uses LED to transmit data, can function in areas susceptible to electromagnetic interference, can theoretically transmit up to 100gbit/s, only requires working LEDs but walls are a barrier, still in development

Question 5

Zigbee

Answer 5

short range wireless personal area network (PAN), supports automation/ machine to machine comms/ remote control/ monitoring of IOT devices, supports centralized/ distributed models and mesh topology, assumes that symmetric keys used are transmitted securely (encrypted in transit), IOT smart home hubs

Question 6

5G

Answer 6

faster speed lower latency, doesn’t identify users through SIM cards = can assign identity through device, standalone (SA) version of 5G will be more secure than non-standalone (NSA) version, anchors control signaling of 5G networks to the 4G core, Diameter protocol provides authentication/ authorization/ accounting (AAA), DDoS is a concern due to scale of IoT endpoints

Question 7

Content delivery networks (CDN)

Answer 7

geographically distributed network of proxy servers and their data centers, goal is fast and highly available content delivery by distributing content spatially relative (close to) users, CDN networks serving Javascript have been targeted to inject malicious content into pages, vendors in CDN space offer DDoS protection and web application firewalls (WAFs), video/ audio streaming

Question 8

The OSI MODEL

Answer 8

All People Seem To Need Data Processing

Question 9

Physical (layer 1 OSI)

Answer 9

contains device drivers that tell the protocol how to use the hardware for tramission/ reception of bits. 802.11 - Wifi, ethernet, bluetooth, EIATIA-232, EIA/TIA-449, X21, HSSI, SONET

Question 10

Data Link (layer 2 OSI)

Answer 10

• Frames!! are the transmission type, formatting packet from Network layer in proper format for transmission, ARP, PPP, L2F, L2TP, PPTP, FDDI, ISDN, SLIP

Question 11

Network (layer 3 OSI)

Answer 11

• PACKETS!! routing and addressing information (source and destination) ICMP, IP, IPSec, NAT, SKIP, IPX, RIP, OSPF, IGMP

Question 12

Transport (layer 4 OSI)

Answer 12

• manages integrity of a connection and controlling the session (segment or diagram), TLS, TCP, UDP, SPX, SSL

Question 13

Session (layer 5 OSI)

Answer 13

• establishing/ maintining/ terminating communication sessions between computers, SMB, RPC, NFS, SQL

Question 14

Presentation (layer 6 OSI)

Answer 14

• transforms data received from application layer into a format that any system following the model can understand, encryption protocols and format types such as ASCII, EBCDICM, TIFF, JPEG, MPEG, MIDI

Question 15

Application (layer 7 OSI)

Answer 15

• interfacing user applications, network services, or the OS with the protocol stack, HTTP, SSH, FTP, SMTP, POP3, IMAP, SNMP, SET, telnet

Question 16

TCP/IP stack vs OSI

Answer 16

Application = Application/presentation/session

Transport = Transport

Internet = Network

Link = Datalink / Physical

Question 17

Common ports

Answer 17

FTP = TCP 20/21
SSH = TCP 22
Telnet = TCP 23
SMTP = TCP 25
DNS = TCP/UDP 53
DHCP = UDP 67/68
TFTP = UDP 69
HTTP = TCP 80
Kerberos = TCP/UDP 88
POP3 = TCP 110
NTP = UDP 123
NetBIOS = TCP/UDP 137/138/139
iMAP = TCP 143
SNMP = TCP/UDP 161/162
BGP = TCP 179
Syslog = UDP 514
LDAP = TCP 636
FTP over TLS = TCP 989/990

Question 18

TCP

Answer 18

connection oriented, byte stream= every byte matters, does NOT support multicasting/ broadcasting, supports full duplex transmission, reliable service of data transmission, packet is called a segment , provides error detection

Question 19

UDP

Answer 19

connection-less protocol, message stream, supports multi-casting and broadcasting, NO support for full duplex (simultaneouse bidirectional), unreliable service of data transmission, packet is called a datagram, no support for error detection, media streaming!!

Question 20

Cabling types

Answer 20

CAT 5 = 100mb
CAT 5e = 1gb
CAT 6 = 10gb 55meters
CAT6e = 10gb 55meters
CAT7 = 10gb 100 meters

Question 21

Star (network topology)

Answer 21

• central connection device (can be hub or switch), each system is connected to central hub by a dedicated segment, MODERN ETHERNET

Question 22

Mesh (network topology)

Answer 22

connects systems to all other systems using numerous paths, partial mesh connects many systems to many other systems, redundant connections allow for multiple segment failures

Question 23

Ring (network topology)

Answer 23

connects each system as points on a circle, connection medium acts as a unidirectional transmission loop, only one system can transmit data at a time, traffic management is performed by a token, token ring is a ring based network, “collision avoidance”

Question 24

Bus (network topology)

Answer 24

connects each system to a trunk, all systems on a bus can transmit simultaneously which can result in collisions (when 2 systems transmit data at the same time and signals interfere)

Question 25

Analog

Answer 25

continuous signal that varies in frequency/ amplitude/ phase etc. variances in continuos signal produce a wave shape as opposed to square shape of digital, comms become altered and corrupted because of attenuation over long distances

Question 26

Digital

Answer 26

comms occur through electrical signal and state change (0s and 1s), more reliable over distance or when interference is present, uses current voltage that creates binary data

Question 27

Synchronous

Answer 27

comms rely on timing or clocking mechanism, high rates of data transfer, i.e. networking

Question 28

Asynchronous

Answer 28

comms rely on a stop and start delimiter bit to manage transmission of data, small amounts of data, i.e. public switched telephone network (PSTN)

Question 29

Baseband

Answer 29

single comm channel, form of digital signal, direct current applied to cable. i.e. ETHERNET

Question 30

Broadband

Answer 30

supports multiple simultaneous signals, suitable for high throughput and multiplexing several channels, form of ANALOG signal. Ie TV, cable modem, ISDN, DSL, T1, T3

Question 31

Broadcast,Multicast,Unicast

Answer 31

determine how many destinations a single transmission can reach. Broadcast=all possible, Multicast=multiple specific recipients ie windows OS deployment, Unicast=single communication to specific recipient

Question 32

Carrier sense multiple access (CSMA)

Answer 32

• decreases chances of collisions when 2 or more stations start sending signals over datalink layer.

-Each state must check the state of the medium.

-CSMA/CA=collision avoidance=grants single comm at any given time ie ring networks with token/ wireless/ used in 802.11 standard,

-CSMA/CD=collision detection=responds to collisions by having each member of the collision domain wait for a short but random period of time before restarting process the resends data frame ie wired networks/ 802.3 standard

Question 33

Token passing

Answer 33

performs comms using digital token, releases token once transmission is complete, prevents collisions in ring networks

Question 34

Polling

Answer 34

performs comms using master-slave config, primary system polls the secondary system in turn when they have to transmit data, used by synchronous datalink control (SDLC)

Question 35

Network segmentation

Answer 35

boosts performance, dedicated environment to reduce comm problems, security via isolating traffic

Question 36

Intranet

Answer 36

private network

Question 37

Extranet

Answer 37

sectioned off portion of network to act as intranet for private network, but also serves information to public internet

Question 38

DMZ

Answer 38

extranet for public consumption aka perimeter network

Question 39

Bluetooth (IEEE 802.15)

Answer 39

• connects wireless devices, connections are paired with 2.4ghz radio, often a 4 digit code to pair

Question 40

Bluejacking

Answer 40

pushing unsolicted messages to nearby bluetooth users, more of an annoyance

Question 41

Bluesnarfing

Answer 41

• data theft, wirelessly connecting to some early BT enabled mobile devices without owners knowledge to download data

Question 42

Bluebugging

Answer 42

grants hackers remote control over the feature and functions of a BT device

Question 43

Wi-Fi versions (latest 802.11)

Answer 43

802.11n = 200+ mb/s > 2.4ghz
802.11ac = 1gb/s > 5ghz

Question 44

SSID broadcast

Answer 44

• wireless networks announces SSID on regular basis with a beacon frame, any device can try to connect, hiding SSID is considered “security through obscurity”

Question 45

Temporal key integrity protocol/ WPA (TKIP)

Answer 45

• commonly known as WPA, was designed as replacement for WEP without need to replace legacy hardware

Question 46

CCMP

Answer 46

• used with WPA2, counter mode with cipher block chaining message authentication code protocol, created to replace WEP and TKIP/WPA, uses AES with 128bit

Question 47

WPA2

Answer 47

• encryption scheme with CCMP, AES encryption, modern day wireless uses this

Question 48

Fibre channel

Answer 48

• form of network data storage solution ie SAN (storage area network) or NAS (network attached storage) that allows for high speed file transfers

Question 49

FCoE (fiber channel over ethernet)

Answer 49

• encapsulate fiber channel communications over ethernet networks

Question 50

iSCSI (internet small computer system interface)

Answer 50

• networking storage standard based on IP, high speed but not as fast as fiber

Question 51

Site survey

Answer 51

• process of investigating the presence, strength and reach of wireless access points deployed in environment, usually walking around with portable network device and marking on a map/ floor plan

Question 52

Extensible authentication protocol (EAP)

Answer 52

• authentication framework, brings new auth technologies to existing hardware

Question 53

Protected extensible authentication protocol (PEAP)

Answer 53

• encapsulates EAP methods within a TLS tunnel

Question 54

Lightweight extensible authentication protocol (LEAP)

Answer 54

• cisco proprietary, developed to replace WPA BEFORE WPA2

Question 55

MAC filtering

Answer 55

• uses list of authorized wireless client interface MAC addresses, used by a WAP to block access to all non-authorized devices

Question 56

Captive portals

Answer 56

• portal is an auth technique that redirects a newly connected wireless web client to a portal access control page

Question 57

Antenna types

Answer 57

omnidirectional (loop, monopole, dipole) vs unidrectional (panel, parabolic, yagi, cantenna)

Question 58

Firewall

Answer 58

• manage/ control/ filter network traffic at the perimeter

Question 59

Static packet filtering (firewalls)

Answer 59

• filters traffic by examing data from MESSAGE HEADER, layer 3 and up

Question 60

Application level (firewalls)

Answer 60

• filters based on single internet service, protocol, or application, operates at layer 7

Question 61

Circuit level (firewalls)

Answer 61

• establish comm sessions between trusted partners, session layer 5 of the OSI model, SOCKS is an example

Question 62

Stateful inspection (firewall)

Answer 62

• evaluate state, session, or context of network traffic, watch traffic streams from end to end, can implement various IP security functions such as tunnels and encryption, identify forged/ unauthorized communications

Question 63

Deep packet inspection (firewall)

Answer 63

• filtering mechanism that operates at the application layer in order to filter the payload contents of a communication rather than only header values, looks at both header and payload, detects protocol compliance/ spam/ viruses/ intrusions

Question 64

Stateless (firewalls)

Answer 64

• restrict or block traffic based on source/ destination or other static values, not aware of patterns or session information, FASTER and perform better under load than stateful because they are doing less

Question 65

Web application firewalls (WAF)

Answer 65

• protect web apps by filtering and monitoring HTTP/S traffic between web app and internet, protects against XSS, CSRF, and SQL injection, come preconfigured with OWASP rulesets often

Question 66

Next gen firewall (NGFW)

Answer 66

• deep packet inspection, adds application level inspection, intrusion prevention, and brings threat intelligence from outside the firewall

Question 67

Unified Threat Management (UTM)

Answer 67

• multifunction device (MFD) composed several sec features including firewall, may include IDS/IPS/ TLS proxy/ web filtering/ QoS management/ bandwidth throttling/ NAT/ VPN anchoring/ antivirus, doesn’t scale well so more common in small to medium businesses

Question 68

Network address translation gateway (NAT)

Answer 68

allows private subnets to communicate with other cloud services and the internet but hides the internal network from internet users, has the network access control list (NACL) for the private subnets ,used for browsing internet to hide users behind NAT gateway

Question 69

Content/ URL filter

Answer 69

looks at content on requested web and blocks based on filters, associated with deep packet inspection

Question 70

Open source firewall

Answer 70

-license freely available, access to source code, no vendor support, pfsense

Question 71

Proprietary firewalls

Answer 71

• expensive but more functionality and support than open source, cisco/ checkpoint/ palo alto/ barracuda, no source code access

Question 72

Hardware (firewall)

Answer 72

• purpose built network hardware, often has superior throughput because it is DESIGNED to

Question 73

Software (firewall)

Answer 73

• install on your own hardware and place it anywhere, “host based” can be more vulnerable

Question 74

Application (firewall)

Answer 74

• catered to app level comms, HTTP or web traffic, example is a next gen firewall (NGFW)

Question 75

Host based (firewall)

Answer 75

installed on a host OS ie windows/ linux

Question 76

Virtual (firewall)

Answer 76

• cloud firewalls implemented as a virtual network appliance (VNA), available from CSP directly and 3rd party partners (commercial vendors)

Question 77

Switch

Answer 77

• repeats traffic out of port where the destination is, create separate collision domains and improve throughput of data, usually layer 2, sometimes layer 3 if it’s a hybrid “routing” switch

Question 78

Routers

Answer 78

• control traffic flow on networks, connect networks and control flow between the 2, can function with static routing tables or dynamic routing system, layer 3 with IP

Question 79

Gateways

Answer 79

-connects networks that are using different protocols aka protocol translators, ie IPv4 to IPv6, can be standalone hardware devices or a software service, work at layer 3

Question 80

Repeaters/ concentrators/ amplifiers

Answer 80

• layer 1, strengthen signal over a cable segment and connect segments that use the same protocol

Question 81

Bridges

Answer 81

• connect 2 networks using the same protocol, layer 2

Question 82

Hubs

Answer 82

• connect multiple systems/ segments that use the same protocol, multiport repeater, layer 1, not really used in businesses anymore

Question 83

LAN extenders

Answer 83

• remote access, multilayer switch used to connect distant networks over WAN links

Question 84

Sensors/ Collectors

Answer 84

• place on network to alert NIDS of changes in traffic patterns, if you place on internet side of network it can scan ALL TRAFFIC but will need to be very beefy hardware

Question 85

WAN

Answer 85

• wide area network, can provide private circuit and packet switching

Question 86

Private circuit (WAN technology)

Answer 86

• use dedicated physical circuits, expensive, ie dedicated lines/ point to point (PPP) protocol/ SLIP (serial line internet protocol)/ ISDN (integrated services digital network)/ DSL (digital subscriber line)

Question 87

Packet-Switching (WAN technology)

Answer 87

• uses virtual circuits instead of physical, efficient and cost effective, ie X.25 frame relay/ asynchronous transfer mode (ATM)/ synchronous data link control (SDLC)/ high-level data link control (HDLC)

Question 88

Intrusion Detection Systems (IDS)

Answer 88

• analyzes whole packets (header and payload), looking for known events. When a known event is detected a log message is generated, both host (HIDS) and network (NIDS) can be a combination of behavior and knowledge based

Question 89

Intrusion Prevention System (IPS)

Answer 89

• analyzes whole packets, both header and payload, looking for known events, when a known event is detected the packet is rejected

Question 90

Behavior based (IDS/ IPS)

Answer 90

• creates a baseline of activity to identify normal behavior and then measures system performance against baseline to detect abnormal, can detect previously unknown attack methods

Question 91

Knowledge based (IDS/ IPS)

Answer 91

• uses signatures similar to the signature definition used by anti-virus, only effective against known attacks

Question 92

Host based (IDS/ IPS)

Answer 92

• software form installed on a host, often a server

Question 93

Network based (NIDS/ NIPS)

Answer 93

• network level, often in hardware form as a purpose built appliance

Question 94

Inline mode (NIDS/ NIPS)

Answer 94

• in band, traffic runs through it, placed on or near firewall as additional layer of security

Question 95

Passive mode (NIDS/ NIPS)

Answer 95

• traffic does not run through it, “out of band”, uses sensors/ collectors to forward logs

Question 96

Bastion host

Answer 96

• hardened!! Computer or appliance that is exposed on the internet, all unnecessary elements removed such as services/ programs/ protocols/ ports

Question 97

Screened host

Answer 97

• MOST SECURE, firewall protected system logically positioned inside a private network

Question 98

Screened subnet

Answer 98

• similar to screened host in concept except a subnet is placed between routers/ firewalls and the bastion host is located within the subnet

Question 99

Proxy server

Answer 99

functions on behalf of a client requesting service, masking the true origin of the request to the resource

Question 100

Honeypot

Answer 100

• lure bad people into doing bad things so we can watch them, only ENTICE not ENTRAP, not allowed to let them download items, ie allowing download of a fake payroll file would be entrapment, goal is to distract from real assets and isolate in a padded cell until they can be tracked down

Question 101

Teardrop attack

Answer 101

denial of service attack that involves sending FRAGMENTED PACKETS to a target machine, machine cannot reassemble them due to a bug in TCP/IP fragmention reassembly, the packets overlap and crash the machine

Question 102

Fraggle attack

Answer 102

• DoS attack that sends large amount of SPOOFED UDP TRAFFIC to a routers broadcast address within a network, similar to SMURF attack which uses spoofed ICMP traffic

Question 103

Land attack

Answer 103

• layer 4 DoS, attacker sets SOURCE AND DESTINATION of a TCP packet to be the same value, a vulnerable machine will crash due to the packet being repeatedly processed by the TCP stack

Question 104

SYN Flood

Answer 104

• DoS attack, attacker sends a succession of SYN REQUESTS to target system to make it unresponsive to legit traffic

Question 105

Ping of death

Answer 105

-DoS attack, oversized ping packet, bigger than 65,536 bytes which is the usual max

Question 106

TCP 3 way handshake

Answer 106

• SYN > SYN-ACK > ACK.

Question 107

Internal segmentation firewall (ISFW)

Answer 107

used to segment a network

Question 108

ad hoc wireless mode

Answer 108

directly connect 2 wireless clients ie tablet and laptop

Question 109

standalone wireless mode

Answer 109

connects 2 clients together using a wap, but not to wired resources like a central network, ie laptop and tablet communicating through wap

Question 110

infrastructure mode (wireless)

Answer 110

connects endpoints to a central network, not directly to each other

Question 111

wired extension mode

Answer 111

uses a WAP to link wireless clients to a central network

Question 112

Authentication Header (AH)

Answer 112

part of IPsec, provides authentication, integrity and nonrepudiation

Question 113

Encapsulating security payload (ESP)

Answer 113

part of IPsec, provides encryption and thus confidentiality, prevents replay attacks

Question 114

L2TP

Answer 114

independent VPN protocol

Question 115

IP Payload Compression (IPcomp)

Answer 115

used by IPsec to compress data prior to ESP it in order to attempt to keep up with wire speed transmission

Question 116

Internet Key Exchange (IKE)

Answer 116

IPsec mechanism that manages crypto keys and is composed of 3 elements: OAKLEY, SKEME, and ISAKMP