Exam Essentials Chap 11 & 12

Question 1

What makes up the fours layers of the TCP/IP model?

Answer 1

Application, Transport(Host-to-Host), Internet(Internetworking), and Link(Network Interface or Network Access)

Question 2

How can TCP/IP be secured?

Answer 2

It can be secured using VPN links between systems. VPN links are encrypted to add privacy, confidentiality, and authentication and to maintain data integrity. You can also use TCP Wrappers.

Question 3

What are the protocols used to establish VPNs?

Answer 3

Point-to-Point Tunneling Protocol (PPTP), Layer 2 Tunneling Protocol (L2TP), and Internet Protocol Security (IPsec).

Question 4

What is the difference between TCP and UDP?

Answer 4

TCP

• Supports Full-duplex communications
• Connection oriented
• Uses a handshake process(SYN, SYN/ACK, ACK)

UDP

• Simplex connectionless protocol
• Connectionless ‘best effort’
• Low overhead

Question 5

What is Telnet? What port does it operate at?

Answer 5

This is a terminal emulation network application that supports remote connectivity for executing commands and running applications but does not support transfer of files. TCP Port 23

Question 6

What is the File Transfer Protocol(FTP)? What port does it operate at?

Answer 6

This is a network application that

supports an exchange of files that requires anonymous or specific authentication. TCP Ports 20 and 21

Question 7

What is the Trivial File Transfer Protocol(TFTP)? What port does it operate at?

Answer 7

This is a network application that

supports an exchange of files that does not require authentication. UDP Port 69

Question 8

What is the Simple Mail Transfer Protocol(SMTP)? What port does it operate at?

Answer 8

This is a protocol used to transmit

email messages from a client to an email server and from one email server to another. TCP Port 25

Question 9

What is the Post Office Protocol(POP3)? What port does it operate at?

Answer 9

This is a protocol used to pull email messages

from an inbox on an email server down to an email client. TCP Port 110

Question 10

What is the Internet Message Access Protocol(IMAP)? What port does it operate at?

Answer 10

This is a protocol used to pull email messages from an inbox on an email server down to an email client. IMAP is more secure than POP3 and offers the ability to pull headers down from the email server as well as to delete messages directly off the email server without having to download to the local client first. TCP Port 143

Question 11

What is the Dynamic Host Configuration Protocol(DHCP)? What port does it operate at?

Answer 11

DHCP uses port
67 for server point-to-point response and port 68 for client request broadcasts. It is used to
assign TCP/IP configuration settings to systems upon bootup. DHCP enables centralized
control of network addressing. UDP Ports 67 and 68

Question 12

What is the Hypertext Transport Protocol(HTTP)? What port does it operate at?

Answer 12

This is the protocol used to transmit

web page elements from a web server to web browsers. TCP Port 80

Question 13

What is the Secure Sockets Layer(SSL)? What port does it operate at?

Answer 13

This is a VPN-like
security protocol that operates at the Transport layer. SSL was originally designed to support
secured web communications (HTTPS) but is capable of securing any Application
layer protocol communications. TCP Port 443 (for HTTP Encryption)

Question 14

What is Line Print Daemon(LPD)? What port does it operate at?

Answer 14

This is a network service that is used to spool

print jobs and to send print jobs to printers. TCP Port 515

Question 15

What is X Window? What port does it operate at?

Answer 15

This is a GUI API for command-line operating

systems. TCP Ports 6000–6063

Question 16

What is the Bootstrap Protocol(BootP)? What port does it operate at?

Answer 16

This is a protocol used to connect diskless workstations to a network through auto assignment of IP configuration and download of basic OS elements. BootP is the forerunner to Dynamic Host Configuration Protocol (DHCP). UDP Ports
67 and 68

Question 17

What is Network File System(NFS)? What port does it operate at?

Answer 17

This is a network service used to support file

sharing between dissimilar systems. TCP Port 2049

Question 18

What is the Simple Network Management Protocol(SNMP)? What port does it operate at?

Answer 18

This is a network service used to collect network health and status information
by polling monitoring devices from a central monitoring station. UDP Port 161 (UDP Port 162 for Trap
Messages)

Question 19

What are some benefits of Multilayer protocols? What are some drawbacks?

Answer 19

Benefits
-A wide range of protocols can be used at higher layers.
-Encryption can be incorporated at various layers.
-Flexibility and resiliency in complex network structures is supported.
Drawbacks
-Covert channels are allowed.
-Filters can be bypassed.
-Logically imposed network segment boundaries can be overstepped.

Question 20

What is Distributed Network Protocol(DNP3)?

Answer 20

It is used to support communications between data
acquisition systems and the system control equipment. This includes substation computers,
RTUs (remote terminal units) (devices controlled by an embedded microprocessor),
IEDs (Intelligent Electronic Devices), and SCADA master stations (i.e., control centers). DNP3 is an open and public standard. DNP3 is a multilayer protocol that functions similarly
to that of TCP/IP, in that it has link, transport, and transportation layers.

Question 21

What are some vulnerabilities of TCP/IP?

Answer 21

Improperly implemented TCP/IP stacks in various operating systems are vulnerable to buffer overflows, SYN flood attacks, various DoS attacks, fragment attacks, oversized packet attacks, spoofing attacks, man-in-the-middle attacks, hijack attacks, and coding error attacks. TCP/IP (as well as most protocols) is also subject to passive attacks via monitoring or sniffing.

Question 22

What are the three layers from top to bottom of addressing and naming when in use with TCP/IP networks?

Answer 22

Domain name, IP address, & MAC address

Question 23

What are the characteristics of 10Base2(Thinnet)?

Answer 23

Max Speed: 10 Mbps
Distance: 185 meters
Difficulty of Installation: Medium
Susceptibility to EMI: Medium
Cost: Medium

Question 24

What are the characteristics of 10Base5(Thicknet)?

Answer 24

Max Speed: 10 Mbps
Distance: 500 meters
Difficulty of Installation: High
Susceptibility to EMI: Low
Cost: High

Question 25

What are the characteristics of 10Base-T(UTP)?

Answer 25

``` Max Speed: 10 Mbps Distance: 100 meters Difficulty of Installation: Low Susceptibility to EMI: High Cost: Very low ```

Question 26

What are the characteristics of STP?

Answer 26

``` Max Speed: 155 Mbps Distance: 100 meters Difficulty of Installation: Medium Susceptibility to EMI: Medium Cost: High ```

Question 27

What are the characteristics of 100Base-T/100Base-TX?

Answer 27

``` Max Speed: 100 Mbps Distance: 100 meters Difficulty of Installation: Low Susceptibility to EMI: High Cost: Low ```

Question 28

What are the characteristics of 1000Base-T?

Answer 28

``` Max Speed: 1 Gbps Distance: 100 meters Difficulty of Installation: Low Susceptibility to EMI: High Cost: Medium ```

Question 29

What are the characteristics of Fiber-optic?

Answer 29

``` Max Speed: 2+ Gbps Distance: 2+ kilometers Difficulty of Installation: Very high Susceptibility to EMI: None Cost: Very high ```

Question 30

What are the Cat 1 characteristics of UTP?

Answer 30

Throughput: Voice only Notes: Not suitable for networks but usable by modems

Question 31

What are the Cat 2 characteristics of UTP?

Answer 31

Throughput: 4 Mbps Notes: Not suitable for most networks; often employed for host-to-terminal connections on mainframes

Question 32

What are the Cat 3 characteristics of UTP?

Answer 32

Throughput: 10 Mbps Notes: Primarily used in 10Base-T Ethernet networks (offers only 4 Mbps when used on Token Ring networks) and as telephone cables

Question 33

What are the Cat 4 characteristics of UTP?

Answer 33

Throughput: 16 Mbps Notes: Primarily used in Token Ring networks

Question 34

What are the Cat 5 characteristics of UTP?

Answer 34

Throughput: 100 Mbps Notes: Used in 100Base-TX, FDDI, and ATM networks

Question 35

What are the Cat 6 characteristics of UTP?

Answer 35

Throughput: 1,000 Mbps Notes: Used in high-speed networks

Question 36

What are the Cat 7 characteristics of UTP?

Answer 36

Throughput: 10 Gbps Notes: Used on 10 gigabit-speed networks

Question 37

What is the last six of the eight TCP header flags in the correct order?

Answer 37

URG, ACK, PHS, RST, SYN, FIN

Question 38

What are the three main types of LAN technologies?

Answer 38

Ethernet, Token Ring, and FDDI

Question 39

What are the two types of mechanisms to transmit signals over a physical medium, such as a cable?

Answer 39

Analog & Digital

Question 40

What is the difference between Analog and Digital communication?

Answer 40

Analog communication is measured in frequency and becomes more unreliable the longer the distance due to signal interference and degradation. Digital communication is measured in direct current voltage(on-off pulses or 1-0) resulting in a stream of binary data. Digital is more reliable over long distances or when interference is present.

Question 41

What is the difference between Synchronous and Asynchronous communication?

Answer 41

Synchronous communications - Uses a timing or clocking based on an independent clock or a time stamp embedded in the data stream - Typically able to support very high rates of data transfer Asynchronous communications - relies on a stop and start delimiter bit to manage the transmission of data - best suited for smaller amounts of data - Public switched telephone networks(PSTN) modems are a good example

Question 42

What are the sub technology characteristic's that describe how networks communicate?

Answer 42

- Mechanisms to transmit signals over a physical medium(Analog/Digital) - Mechanisms to sync with some sort of clock or timing activity(Sync/Async) - How many communications can occur over a cable segment(Base/Broadband) - Technologies that determine how many destinations a single transmission can reach(Broadcast/Multicast/Unicast) - LAN media access technologies that are used to avoid or prevent transmission collisions and define how multiple systems within a collision domain are to communicate(CSMA/CSMA-CD/CSMA-CA/Token Passing/Polling)

Question 43

What is the difference between Baseband and Broadband communication?

Answer 43

Baseband - Supports a single communication channel - Uses a direct current applied to the cable - Higher level current equals 1, lower level equals 0 - Digital signal - Ethernet is a baseband technology Broadband - Supports multiple simultaneous signals - Uses frequency modulation supporting numerous channels, each supporting a distinct communication session - Suitable for high throughput rates, especially when several channels are multiplexed - Analog signal - Cable television & modems, ISDN, DSL, T1, & T3 are broadband technologies

Question 44

What are the characteristics of Broadcast, Multicast, and Unicast technologies?

Answer 44

Broadcast technology supports communications to all possible recipients. Multicast technology supports communications to multiple specific recipients. Unicast technology supports only a single communication to a specific recipient.

Question 45

What are the five LAN media access technologies that are used to avoid or prevent transmission collisions?

Answer 45

CSMA, CSMA-CA, CSMA-CD, Token Passing, Polling

Question 46

What are the characteristics of Carrier-Sense Multiple Access (CSMA)?

Answer 46

- Does not directly address collisions | - Just listens, if no response sends again

Question 47

What are the characteristics of Carrier-Sense Multiple Access with Collision Avoidance (CSMA/CA)?

Answer 47

- Avoids collisions by granting only a single permission to communicate at any given time - Requires designation of master/primary system - Appletalk and 802.11 wireless networking

Question 48

What are the characteristics of Carrier-Sense Multiple Access with Collision Detection (CSMA/CD)?

Answer 48

- Allows a collision to occur but responds to it - Makes each member wait for a random but short period of time before communicating again - Results in a 40% loss in potential throughput - Ethernet

Question 49

What are the characteristics of Token Passing?

Answer 49

- Uses a digital token to perform communications - Used by Token Ring networks, such as FDDI - Prevents collisions since only the system possessing the token is allowed to transmit data

Question 50

What are the characteristics of Polling?

Answer 50

- Attempts to prevent collisions through a permission system - Uses master/primary like CSMA/CA but allows clients to request permissions - Allows one system higher priority over others

Question 51

What are some important considerations when designing and building a secure network?

Answer 51

Consideration of factors such as the topology and placement of hosts within the network, the selection of hardware and software technologies, and the careful configuration of each component. Applying secure design principles such as segmentation, evaluation of networking devices, conducting site surveys, etc.

Question 52

What should network security take into account?

Answer 52

- IP and non-IP protocols - Network access control - Using security services and devices - Managing multilayer protocols - Implementing endpoint security

Question 53

What are some examples of network segments or sub networks?

Answer 53

Intranet Extranet DMZ

Question 54

What is a Intranet?

Answer 54

Private network that is designed to host the same information services found on the Internet. Intranets provide users with access to the Web, email, and other services on internal servers that are not accessible to anyone outside the private network.

Question 55

What is a Extranet?

Answer 55

An Extranet is a cross between the Internet and an intranet. An extranet is a section of an organization’s network that has been sectioned off so that it acts as an intranet for the private network but also serves information to the public Internet. An extranet is often reserved for use by specific partners or customers. It is rarely on a public network.

Question 56

What is a DMZ?

Answer 56

An Extranet for public consumption

Question 57

What are some benefits of Network segmentation?

Answer 57

Improve performance, Manage traffic, enforce security

Question 58

How can Network segmentation be created?

Answer 58

They can be created individually or in combination by: Switched-based VLANs Routers Firewall

Question 59

What are the characteristics of Cell phone wireless communications?

Answer 59

- Uses a portable device over a specific set of radio wave frequencies to interact with the carrier network, other cell phone devices, or the Internet - Uses numerous technologies sorted by generation(1G, 2G, 3G, etc) - Uses the Wireless Application Protocol(WAP) protocol suite

Question 60

What are some key issues with cell phone wireless transmissions?

Answer 60

- Not all cell phone traffic is voice - Communications over a carrier network are not necessarily secure - Subject to sniffing through MITM attacks with the cell towers - Connectivity to the Internet provides attackers another avenue of attack

Question 61

What is the Wireless Application Protocol? What are some concerns with it?

Answer 61

It is a Industry driven protocol stack to allow users to communicate with the company network. WAP is a suite of protocols that includes Wireless Transport Layer Security (WTLS) which is similar to SSL/TLS. One very important issue is that you are unable to obtain true end-to-end encryption from your carrier using the protocol. Data must be returned to clear text before being resecured somewhere in the route using WTLS. If possible, feed pre-encrypted data into the link before using WTLS.

Question 62

What are some common Bluetooth attacks?

Answer 62

Bluesnarfing: allows hackers to connect with your Bluetooth devices without your knowledge and extract information from them Bluejacking: allows an attacker to transmit SMS-like messages to your device Bluebugging: An attack that grants hackers remote control over the feature and functions of a Bluetooth device