Domain 4. Networking Flashcards
1
Q
What is the function of ARP (Address Resolution Protocol)?
A
MAC to IP translation
2
Q
What is the function of IGMP (Internet Group Messaging Protocol)?
A
Used for multicasting
3
Q
What is the function of ICMP (Internet Control Messaging Protocol)?
A
Used for troubleshooting and error messaging - ping, tracert
4
Q
What is the function of IP (Internet Protocol)?
A
Used for addressing and routing
5
Q
How many bits is IPv4?
A
32-bit, 4-octet identifier
6
Q
How many bits in IPv6?
A
128-bit HEX identifier
7
Q
What is the function of UDP (User Datagram Protocol)?
A
Connection-less delivery, no handshaking
8
Q
What is the function of TCP?
A
Connection guaranteed delivery. Three-way handshake
9
Q
What is the port?
A
A port is an identifier for an application within a computer. Port is associated with either UDP or TCP.
10
Q
How many ports do we have?
A
65,535
11
Q
“Well known ports” are…
A
1 - 1023
12
Q
Dynamic ports (private ports) are …
A
49, 151 - 65,535
13
Q
Registered ports are…
A
1024 - 49,151
14
Q
DNSSEC
A
all responses from DNSSEC are digitally signed using public key encryption
15
Q
What is MPLS?
A
Multiprotocol Label Switching - used to create cost effective, private Wide Area Networks (WANs) faster and more secure than regular routed “public” IP networks like the internet
More secure than the public internet, because a “virtual” private network (end-to-end circuit)can be built just for your organization
Layer 3 technology
16
Q
Name 4 wireless network sizes
A
WPAN -> WLAN -> WMAN -> WWAN WPAN - personal area network WLAN - 802.11x network WMAN - connectst 802.11 network using 802.16 WWAN - point to point microwave links
17
Q
What is Bluejacking?
A
Sending spam to nearby bluetooth devices
18
Q
What is Bluesnarfing?
A
Copes information off remote device
19
Q
Name 802.11 Access Modes?
A
WEP, WPA, WPA2
20
Q
Name Wireless Attack Vectors
A
Passive:Sniffing, Eavesdropping, packet capture
MitM: Rogue Access Point, MAC impersonation, Replay Attack
DoS: Bogus requests, signal jamming, packet injection
21
Q
WEP
A
broken ecryption, no integrity
22
Q
WPA2
A
uses 801.11, EAP, AES and CBC-MAC
23
Q
Encryption can be used to ensure … ?
A
Confidentiality
24
Q
Hashing can be used to ensure … ?
A
Integrity
25
Digital signature can be used to ensure ... ?
non-repudiation
26
Digital certificates can be used to ensure ... ?
authentication
27
How S/MIME can be used?
digitally sign and encrypt emails
28
Eavesdropping
Violation of confidentiality
29
Tampering
Violation of integrity
30
Spoofing
violation of authenticity
31
Digital signature
Message Digest (MD) encrypted with the private key
32
DMZ
Semi-trusted network
33
Enclave network
Segment within a trusted network
34
NAT
used to translate internal IP
35
bridge
connects same protocol LANs
36
TEMPEST
Emanation certification network
37
What is the goal of CDN
Server content to end users with high availability and high performance
38
Name 4 VPN technologie
PPTP - point to point Tunneling Protocol
L2TP Layer 2 Tunneling Protocol
IPsec - internet protocol security
SSL - secure Socket Layer
39
IPsec two different modes
Transport mode - used for end-2-end protection between client and server. IP payload is encrypted. Headers are not encrypted
Tunnel mode - server to server, gateway-gateway. Everything is encrypted.
40
Name IPsec securitry services
Authentication - Kerberos or preshared key or digital cert
Integrity - HMAC - hash messaged auth code
Confidentiality - 3DES, AES
Non-repudiation - digital signature
41
IPsec Authentication Header (AH)
provide data integrity, data origin authentication, replay protection. Can be used as standalone IPsec protocol if confidentiality is not required
42
IPsec Encapsulating Security Payload (ESP)
All features of AH + symmetric encryption for payload
43
IPsec IKE
provides mechanism for device authentication and establishing security association
44
IPsec SPI
Security Parameter Index (SPI)
| includes algo that will be used (hashing encryption), key length and key information
45
What is the difference between IPsec transport mode and tunnel mode?
In transport mode only payload is encrypted, but in tunnel mode - entire packet is encrypted
46
What PDU (Protocol Data Unit) and protocols is used in Layer 7 Application?
Application layer, Datastream
| FTP, TFTP, SSH, IMAP, POP, HTTP, HTTPS
47
What PDU (Protocol Data Unit) and protocols is used at level 6 Presentation?
Presentation layer, Datastream
48
What PDU (Protocol Data Unit) and protocols is used at level 5 Session?
Session layer, Datastream
| SQL, RPC
49
What PDU (Protocol Data Unit) and protocols is used at level 4?
Transport layer, Segment
TCP
UDP
SSL/TLS
50
What PDU (Protocol Data Unit) and protocols is used at level 3?
Network layer, Packets
| IP, IPv6, IP NAT, ICMP, BGP
51
What PDU (Protocol Data Unit) and protocols is used at level 2?
Data link layer, Frames
| Token ring, PPTP, L2TP, WLAN, Wi-Fi
52
What PDU (Protocol Data Unit)and protocols is used at level 1?
Physical layer, Bits
53
What is encapsulation?
Takes information from higher network layer and adds a header to it, treating the higher-layer information as data
54
What layer 1 device provides basic physical connectivity?
Hub, modem, Wireless Access Point, cable, physical interface of NIC, repeater
55
Name 3 different types of cables
Coaxial, Twisted Pair, FiberOpitc
56
Name 4 Layer 1 network topolgies
Bus, Ring, Star, Mesh
57
What is the most fault tolerant and redundant topology?
Mesh
58
What threats exists in Physical Layer 1?
Sniffing, Interference, Data Emanation
59
Name 2 sub-layers of Data Link layer
LLC - Logical link Control - error detection
| MAC - Media Access Control
60
ARP
Address Resolution Protocol. Takes known IP address and maps it to unknown MAC address. IP to MAC resolution. Broadcast base.
61
RARP
Reverse Address Resolution Protocol.
| Takes known MAC address and provides IP (basis for DHCP)
62
ARP Poisoning, Cash Poisoning
Layer 2 attack. Uses unsolicited replies.
63
MAC (Media Access Control) Mechanisms - collision control
CSMA/CD - Collision Detection
CSMA/CA - Collision Avoidance
Token passing
64
How HUB works?
Sends all data out for all ports
65
Name Layer 2 device
Switch, Switch doesn't isolate broadcast, isolate collision domain
66
What layer has IP address?
Layer 3
67
What is Router?
Layer 3 device, router isolate broadcast domains
68
Ping flood
Lots of ping traffic
69
LOKI
sending data in ICMP messages - Covert Channel
70
Which layer uses following protocols: icmp, ipsec, igmp, igrp
Layer 3. All protocols starting from i - are layer 3 protocol. Except imap!
71
SMURF attack
uses spoofed source address (target) and direct broadcast to launch a DDoS
72
Ingreess
Incomming traffic
73
Egress
Outcomming address
74
What is the goal of Layer 4 (Transport)
Provides End to End data transportation services
75
Which protocols are used in Layer 4 (transport)?
SSL/TLS, TCP, UDP
76
Across which layers SSL/TLS operates?
Layer 4-7
77
What is the advantage of TCP?
Adds security
Easier to program with
Truly implements a sessio
78
What is the disadvantage of TCP?
SYN Floods
| Slower then UDP
79
Describe TCP handshake
SYN
SYN/ACK
ACK
Has a guaranteed delivery based on handshake process
80
Which protocol is used by TFTP
UDP
81
Which protocol is used by FTP
TCP
82
What is the function of Layer 5 (Session)?
Responsible for establishing a connection between two APPLICATIONS! (either on the same computer of two different coputers)
Create connection
Transfer data
Release connection
83
What is the function of Layer 6 (Presentation)?
Present data in a format that all computers can understand..
84
What OSI layer that doesn't have any protocols?
Layer 6, Presentation layer
85
What is the concern of Layer 6?
Concerned with encryption, compression and formatting
86
What is the function of Layer 7?
Defines a protocol that two different programs or applications understand
87
Name Layer 7 protocols
HTTP, HTTPS, FTP, TFTP, SMTP, SNMP,
88
What is the disadvantage of the deep packet inspection?
Performance and expensive
89
What is the key responsibility of Application layer?
User application service
90
What is the key responsibility of Presentation layer?
Data translation, Compression and encryption
91
What is the key responsibility of Session layer?
Session establishment, management and termination
92
What is the key responsibility of Transport layer?
End to end connection, segmentation and reassembly
93
What is the key responsibility of Network layer?
Logical Addressing, Routing, Datagram encapsulation, error handling
94
What is the key responsibility of Data Link layer?
Logical Link Control (LLC), MAC Media Access Control, Data framing, Addressing, Error Detection
95
What is the key responsibility of Physical layer?
Encoding & signaling, Physical data transfer, Topology and design
96
Salami attack
Many small attacks add up to equal a large attack
97
Data Diddling
Altering/Manipulation data, usually before entry
98
Session Hijacking
Attacker steps in between
99
Tear Drop
Sending Malformed packets which the Operating System does not know how to reassemble. Layer 3 attack
100
Buffer Overflow
Attacks that overwhelm a specific type of memory on a system—the buffers. Is best avoided with input validation
101
Bonk attack
Similar to the Teardrop attack. Manipulates how a PC reassembles a packet and allows it to accept a packet much too large.
102
Land Attack
Creates a “circular reference” on a machine. Sends a packet where source and destination are the same.
103
Syn Flood Attack
Type of attack that exploits the three way handshake of TCP. Layer 4 attack. Stateful firewall is needed to prevent
104
Smurf attack
Uses an ICMP directed broadcast. Layer 3 attack. Block distributed broadcasts on routers
105
Fraggle attck
Similar to Smurf, but uses UDP instead of ICMP. Layer 4 attack. Block distributed broadcasts on routers
106
At which layer of OSI proxy operates
Layer 7 Application
107
State full firewall
Keeps tracks of connections
108
What is DMZ?
A buffer zone between an unprotected network and a protected network that allows for the monitoring and regulation of traffic between the two.
109
What is multi-homed firewall
Multi-homed firewalls may be used to setup a DMZ with a single firewall.
110
Internal Private Addresses (RFC1918)
10. x.x.x
172. 16.xx-172.31.x.x
192. 168.x.x
111
Name circuit switching technologies
DSL, ISDN, PSTN, t-carriers
112
Name packet switching technologies
X.25, Frame relay, ATM, VOIP, MPLS, Cable modem
113
What is the greatest security threat to VOIP
Eavesdropping
114
Latency
Fixed Dely
115
Jittering
Variable delay
116
PPP description? What OSI layer?
Point to Point. Layer 2
117
PPTP
Point to Point Tunneling Protocol
Uses EAP for authentication
Work only with IP networks
118
L2TP
Layer 2 Tunneling Protocol
| There is no security in L2TP
119
Describe WEP Problems
```
Weak IV (24 bits)
IV transmitted in clear text
RC4 stream cipher
Easy crackable
No backward compatible
```
120
Describe WPA Problems
Stronger IV
Introduced TKIP (temporary key integrity protocol)
Still used RC4
121
Describe WPA2
AES
CCMP - key protection
Not backwards compatible
122
Blue bugging
Allows use of the phone
Allows one to make calls
Can eavesdrop on calls
123
WAP GAP
As the gateway decrypts from WTLS and encrypts as SSL/TLS, the data is plaintext. If someone could access the gateway, they could capture the communications
124
TCP/IP model
Application
Transport
Internet
Link
125
Common-mode noise (EMI)
Common-Mode noise occurs between hot and ground wires
126
Traverse-mode noise (EMI)
Traverse-mode noise occurs between hot and neutral wires.
