Network Security Flashcards
(95 cards)
1
Q
TCP/IP Protocols
A
TCP
UDP
IP
ICMP
2
Q
Addresses
A
IDs networks and devices on a network
3
Q
Port Numbers
A
IDs services running on a device
4
Q
Messages
A
Typically addressed to both the device and the port number of the service
5
Q
Socket
A
IP address:port number (147.63.12.2:8080)
6
Q
Socket Pairs
A
Client IP address:port number and the Servers IP address:port number
Eg. 177.41.72.6:3022 communicating to 41.199.222.3:80
7
Q
ICMP
A
Internet Control Message Protocol
Used for network troubleshooting Reports errors and reply to requests Ping and traceroute use ICMP Several types: * 0 - Echo Reply * 3 - Destination Unreachable * 8 - Echo * 30 - Traceroute
8
Q
Well-Known Ports
A
0-1023
9
Q
Registered Ports
A
1024-49151
10
Q
Dynamic Ports
A
49152-65535
AKA Ephemeral Ports
PAT
Used when an app does not bind to a specific port
11
Q
Port 20/21
A
FTP-Data/Control
12
Q
Port 22
A
SSH/SFTP/SCP
13
Q
Port 23
A
Telnet
14
Q
Port 25
A
SMTP
15
Q
Port 53
A
DNS
16
Q
Port 67/68
A
DHCP
17
Q
Port 69
A
TFTP
18
Q
Port 80
A
HTTP
19
Q
Port 88
A
Kerberos
20
Q
Port 110
A
POP3
21
Q
Port 889/890
A
FTPS (Implicit)
22
Q
Port 443
A
FTPS (Explicit), HTTPS, SSL, TLS
23
Q
Port 119
A
NNTP
24
Q
Port 137-139
A
NetBIOS
25
Port 445
NetBIOS/Directory Services
26
Port 143
IMAP4
27
Port 161/162
SNMP
28
Port 389
LDAP
29
Port 636
Secure LDAP
30
Port 1701
L2TP
31
Port 1812
RADIUS
32
Port 3389
RDP
33
Port 49
TACACS+
34
IPv4
```
32-bit addresses
Classes:
* A - 0-127
* B - 128-191
* C - 192-223
* D - 227-239
* E - 240-255
Subnetting/CIDR
```
Private IP Addresses:
A- 10.0.0.0 - 10.255.255.255
B- 172.16.0.0 - 172.31.255.255
C- 192.168.0.0 - 192.168.255.255
35
Blind FTP
User cannot see names of files in the directory
36
Anonymous FTP
Login = "anonymous" and password usually an email
| Limited privileges
37
IPv6
79 octillion addresses
128 bits: 8 blocks (4 hexadecimal digits)
Zero Compression ::
Link-Local: fe80
38
SFTP
Secure FTP
Uses SSH (TCP port 22)
39
FTPS
FTP over SSL
Uses SSL/TLS for security
Two Modes:
* FTPS: Implicit - SSL/TLS negotiated before FTP data is sent
* FTPES: Explicit - Client has control over what is encrypted
40
SSH
Secure Shell
Secures remote access and remote terminal commo
Secure replacement for Telnet/FTP
Symmetric cryptography
Uses TCP port 22
SSH Suite: SCP, SSH, SFTP, Slogin
41
SNMP
Simple Network Management Protocol
Manage/monitor devices in network
Application layer
Ability to send traps (if something happens alert server)
TCP Port 161/162
42
NetBIOS
Naming convention for resources
Broadcast oriented network protocol
Disable to reduce null sessions
Ports 137, 138, 139, 445
43
NetBEUI
NetBIOS Extended User Interface
Transports NetBIOS traffic on a LAN
Non-routable
Traffic easily intercepted
44
WINS
Windows Internet Naming Service
Translates NetBIOS names to IP addresses
Pre-Windows 2000
Runs as a service on a server
45
DNS
Domain Name Service
Translate FQDN to IP address
46
Local Host File
Stores info on nodes in a network
Maps hostnames to IP addresses
Supplement DNS
47
DNS Zones
Portion of the DNS domain space for which the server is responsible.
UDP 53 for queries
TCP 53 for zone transfers
48
Zone Transfers
Publishes information about the domain and the name servers of any domains subordinate.
49
DNS Record Types (4)
A/AAAA - Returns IPv4/6 address
CERT - Certificate Record
MX - Mail Exchange
NS - Name Server
50
DNS Poisoning
Incorrect DNS data
| Redirects to incorrect sites
51
Domain Name Kiting
Process of registering for a domain name using registered name for a 5 day grace. At the end of 5 days not paying.
Tasting=legit
Kiting=taking advantage
52
RDP
Remote Desktop Protocol
Allows user to control a networked computer
Software: RDC or TSC (terminal services client)
Port should always be blocked
TCP port 3389
53
PPP
Point-to-Point Protocol/Tunneling Protocol
Remote connection over serial/dial-up connection
No encryption
EAP, CHAP, or PAP Authentication
54
L2F
Layer 2 Forwarding (Cisco)
Used for Dial up
Authentication no data encryption
Mutual authentication
Operates at layer 2
UDP port 1701
55
PPTP
Point-to-Point Tunneling Protocol (Microsoft)
Encapsulates and encrypts PPP packets
Negotiation in the clear
* only after negotiation is channel encrypted
* uses MPPE to encrypt data
Authentication: PAP, CHAP, MS-CHAP, EAP-TLS
Operates at Layer 2
TCP Port 1723
56
L2TP
Layer 2 Tunneling Protocol
Hybrid of PPTP and L2F
No data encryption
* uses IPsec to provide data encryption/integrity
Authentication: PAP, CHAP, MS-CHAP, or EAP-TLS
Operates at Layer 2
Uses UDP port 1701
57
VPN
Virtual Private Network
```
Private network connection over a public network
Can provide security
Established via Tunneling Protocols:
* L2TP - IPsec
* PPTP (MPPE)
```
58
IPSec
```
Internet Protocol Security
Widely deployed VPN tech
Requirement for IPv6
Can encrypt any traffic supported by IP
Both encryption and authentication
Used with L2TP or along
Requires either certs or pre-shared keys
Operates at Layer 3
```
TCP port 500
59
2 Modes of Commo for IPSec
"Transport on the LAN and Tunnel on the WAN"
Transport - end to end encryption of data
Packet data is protected but header is not
Tunnel - used for link-to-link commo
Both packet contents and the header are encrypted
Memory Aid: Semi trucks open road vs in a tunnel
60
IPsec Protocols
Authentication Header (AH)
* Offers authentication/integrity
* HMCA with SHA-1 or MD5
* IP protocol #51
* Incompatible with NAT
Encapsulating Security Payload (ESP)
* Offers authentication, integrity and confidentiality
* Uses AES, 3DES, or DES
* IP protocol #50
61
SA
IP Sec Security Association
* Authenticates and negotiates end users and manages secret keys
* Established by IKE (tries forever.. no TTL) or manual user configuration
* Unidirectional (trust from both sides)
62
ISAKMP
Internet Security Association and Key Management Protocol
Part of IPSec
Defines procedures and packet formats
* Establish, negotiate, modify and delete Sec Assoc.
Defines payloads
Typically uses IKE for key exchange. Other methods can be used
UDP port 500
63
IKE
Internet Key Exchange
Standard automated method for negotiating shared secret keys in IPsec
Generates, exchanges and manages keys
Supports pre-shared keys and X.509 certs
Built on ISAKMP and Oakley
UDP port 500
64
Oakley Key Determination
Key agreement protocol
65
802.1W
RSTP/Rapid Spanning Tree Protocol
66
802.1D
STP/Spanning Tree Protocol
| Default on switches
67
802.1S
MSTP/Multiple Spanning Tree Protocol
68
802.1Q
VLAN Protocol
| * Helps decide which VLAN you belong to
69
ACL
Access Control List
```
Rule based access control set to regulate traffic
Applied inbound AND/OR outbound traffic
Usually simple packet filtering by:
* Source/Destination IP address
* Ports
* Protocol
Last line: Implicit deny statement
List rules specific to general
Standard (source address) 1-99
* 0.0.0.0 = wildcard subnet mask
Extended (protocols/destinations)100-199
* Permission, Protocol, Source, Destination
```
70
Firewall Rules
Allows computer to send/receive traffic from programs, system services, computers or users.
Created for both in and outbound
71
Packet Filtering Firewall
Filters traffic to specific address based on IP header
Compared against ACL
Works at Layer 3
72
Stateful Inspection Firewall
Tracks each connection
May examine header info and/or contents of packet
Filtering based on rules and on context established by prior packets
Works at Layers 3 and 4
73
Application Level Gateway
Traffic evaluated by user, group policies, etc.
Slowest form of firewall
Works at Layer 7
74
Circuit Level Proxy
Monitors traffic between trusted and un-trusted hosts via virtual circuit
Filtering based on sessions rather than content
Works at Layer 5
Eg. PuTTY
75
SOCKS
Network protocol designed to allow clients to communicated with internet servers through firewall
76
Proxy Server
Border device to protect security zones
77
One-to-One Address Mapping
NAT
78
Many-to-One Address Mapping
PAT
79
Bastion Host
Any hardened system located in the DMZ
80
Extranet
Segment of your network set aside for trusted partners, organization
Out in the Internet not DMZ or Intranet
81
VPN Concentrator
Device that handles large number of VPN tunnels
| SSL or IPSec
82
Flood Guards
Network device, firewall/router, that has the ability to prevent some flooding DoS attacks
83
Failover cluster
Group of independent computers that work together to increase availability of applications and services
84
Where is the best place to put an IDS
Behind the firewall
85
IDS Methods
Signature-based:
* Evaluates based on database of signatures written by the vendor
Anomaly-based (Heuristic):
* Looks for unexpected events
* Must learn what activities are normal and acceptable
86
NAC
Network Access Control
```
Evaluates system security status before connecting to network
Anti-virus status
System update level
Configuration settings
Software firewall enabled
```
87
WTLS
Wireless Transport Layer Security
Security layer for WAP
Provides authentication, encryption and data integrity
* Class 1: Anonymous authentication
* Class 2: Server authentication
* Class 3: Mutual client/server authentication
Used in older versions of WAP
TLS replaced WTLS
88
Rogue Access Points
WAP installed on a secure co network without authorization or has been created to allow a cracker to conduct a man in the middle attack.
Discovering: War Driving tools (Flying Squirrel, Air Snort, etc.)
89
Ransoware/Ransoming
Someone hacks in and will encrypt your information then email asking for a ransom.
90
Bluebugging
Take control of Bluetooth device for person gain
91
Bluejacking
Sending of unsolicited messages over Bluetooth.
92
Bluesnarfing
Theft of information from a Bluetooth device
93
Packet Sniffing
Capture all data that passes through network
Can be wired or wireless
Plaintext data
Toos: Wireshark, Cain and Able, snoopt, kismet, etc.
94
Promiscuous Mode
Sniffer is capable of capturing ALL packets traversing the network.
95
Hypervisor
Controls virtualization technology
Two Types:
* Type 1 (native, bare-metal)
* * run directly on the host's hardware
* Type 2 (hosted)
* * software applications running within conventional OS
