Section 15 OBJ 2.4: Network Services

Question 1

File Server

Answer 1

Can be configured to allow the clients on the network to access the network and be able to read and write to its disk (file share)

Question 2

Print Server

Answer 2

a server that could be a physical workstation or network infrastructure that provides printing functionality

Windows based file and print server:
relies on NETBIOS (137, 139) or SMB (445)

Linux or Unix based file and print server:
Samba - Provides the ability for a Linux or Unix server to be able to host files or printers that can then be used by Windows clients running the SMB protocol

Question 3

IP-based File and Print Server / Cloud Printing

Answer 3

allows for printing anywhere in the world

Question 4

Web Server

Answer 4

Any server that provides access to a website, generally through HTTP or HTTPS

Question 5

Internet Information Services (IIS)

Answer 5

Extensible web server software, created by Microsoft (HTTP, HTTP/2, HTTPS)

Question 6

Apache

Answer 6

Most popular way to run a webserver these days
Can use Linux, Unix, Mac, and Windows

Question 7

NGINX

Answer 7

Reverse proxy, load balancer, mail proxy, and HTTP cache
faster than IIS and Apache

Question 8

Uniform Resource Locator (URL)

Answer 8

combines the fully qualified domain name (FQDN) with a protocol at the beginning

Question 9

Email Server

Answer 9

Servers that are set up to compose a message and send it to another user

Question 10

Simple Mail Transfer Protocol (SMTP)

Answer 10

Specifies how emails should be delivered from one mail domain to another
Port 25

Question 11

Post Office Protocol version 3 (POP3)

Answer 11

Older email protocol where you connect to your server, download messages, and process them on your local machine
port 110

Question 12

Internet Message Access Protocol (IMAP)

Answer 12

Mail retrieval protocol capable of retrieving emails and keeping a copy on the server. Can also manage status of each email
Port 143

Question 13

Microsoft Exchange

Answer 13

Mailbox server environment designed for Windows based domain environments

Question 14

Authentication

Answer 14

occurs when a person’s identity is established with proof and is confirmed by the system

Five methods of authentication:
- something you know
- something you are
- something you have
- something you do
- somewhere you are

Question 15

802.1x

Answer 15

Standardized framework used for port based authentication on wired and wireless networks

Question 16

Lightweight Directory Access Protocol

Answer 16

a database used to centralize information about clients and objects on the network
port 389 unencrypted
port 636 encrypted

Question 17

Active Directory

Answer 17

used to organize and manage the network, including clients, servers, devices, users, and groups

Question 18

Remote Authentication Dial-In User Service (RADIUS)

Answer 18

provides centralized administration of dial-up, VPN, and wireless authentication services for 802.1x and the EAP
operates at the application layer
Uses UDP
Combines authentication and authorization
Does not support all network protocols
Has cross-platform compatibility

Question 19

Terminal Access Control Access-Control System Plus (TACACS+)

Answer 19

proprietary version of RADIUS from Cisco that can perform the role of an authenticator in 802.1x networks
Uses TCP
Separates authentication, authorization, and accounting
Supports all network protocols
Exclusive to Cisco devices

Question 20

Authorization

Answer 20

Occurs when a user is given access to a certain piece of data or certain areas of a building

Question 21

Kerberos

Answer 21

Authentication protocol used by Windows to provide for two-way (mutual) authentication using a system of tickets

Question 22

Accounting

Answer 22

Ensures the tracking of data, computer usage, and network resources is maintained
Typically kept in a log file

Question 23

Telnet

Answer 23

Sends text-based commands to remote devices and is a very old networking tool
Not secure because everything is sent in plain text
Port 23

Question 24

Secure Shell (SSH)

Answer 24

Encrypts everything that is being sent and received between the client and the server
Port 22

Question 25

Remote Desktop Protocol (RDP)

Answer 25

Provides graphical interface to connect to another computer over a network connection Use remote desktop gateway (RDG) to create a secure connection tunnel into the RDP Port 3389

Question 26

Virtual Network Computing (VNC)

Answer 26

designed for thin client architectures Port 5900

Question 27

Terminal Emulator (TTY)

Answer 27

Any kind of software that replicates the TTY I/O functionality to remotely connect to a device

Question 28

Syslog

Answer 28

Enables different appliances and software applications to transmit logs to a centralized server It is the de facto standard for logging events When mentioned, it can refer to the protocol, server, or the log entries themselves Old Syslog: Relied on UDP Lacked security controls New Syslog: Uses TCP Uses TLS Uses MD5 and SHA1

Question 29

Simple Network Management Protocol (SNMP)

Answer 29

TCP/IP protocol that aids in monitoring network-attached devices and computers 3 components: Managed Devices - computers and other network-attached devices monitored through the use of agents by a network management system Agent - software that is loaded on a managed device to redirect information to the network management system Network Management Systems - running on one or more servers to control the monitoring of network attached computers

Question 30

Proxy Server

Answer 30

Devices that create a network connection between an end user's client machine and a remote resource (web server) Can cache websites to save bandwidth Increased security by whitelisting and blacklisting sites Increase auditing capabilities by keeping logs

Question 31

Load Balancer/Content Switch

Answer 31

Distributes traffic across a number of servers inside a server farm or cloud infrastructure

Question 32

Denial of Service (DoS)

Answer 32

a continuous flooding of requests to crash the system

Question 33

Distributed Denial of Service (DDoS)

Answer 33

Multiple machines simultaneously launch attacks on the server to force it offline

Question 34

Blackholing/Sinkholing

Answer 34

Identifies any attacking IP address and routes their traffic through a null interface

Question 35

Intrusion Prevention System (IPS)

Answer 35

Works for small-scale attacks against DoS

Question 36

Elastic Cloud

Answer 36

Allows to scale up the demand as needed

Question 37

Access Control List (ACL)

Answer 37

Rule sets placed on the firewalls, routers and other network devices that permit or allow traffic through a particular interface Actions always performed top-down in an ACL, so specific rules on top, generic on bottom

Question 38

Firewall

Answer 38

Inspect and control traffic trying to enter or leave a network Types include: Packet-filtering Stateful Proxy Dynamic packet-filtering Kernel Proxy

Question 39

Unified Threat Management (UTM)

Answer 39

Provides the ability to conduct security functions within a single device or network appliance

Question 40

Information Technology (IT)

Answer 40

Includes computers, servers, networks, and cloud platforms

Question 41

Operational Technology (OT)

Answer 41

Communications network designed to implement an ICS Technology that interacts with the real world, no computer needed

Question 42

Industrial Control Systems (ICS)

Answer 42

Provides the mechanisms for workflow and process automation by controlling machinery using embedded devices

Question 43

Fieldbus

Answer 43

Digital serial data communication protocol used in OT networks to link different programmable logic controllers (PLCs)

Question 44

Programmable Logic Controller (PLC)

Answer 44

Type of digital computer used in industrial settings that enables automation and assembly lines, autonomous field operations, robotics, and other applications

Question 45

Human-Machine Interface (HMI)

Answer 45

Can be a local control panel or software that runs on a computer

Question 46

Supervisory Control and Data Acquisition (SCADA)

Answer 46

Type of ICS used to manage large scale multi-site devices and equipment in a geographic region from a host computer

Question 47

Embedded System

Answer 47

Computer system that is designed to perform specific or dedicated functions Considered static environments, where frequent changes are not allowed

Question 48

Real-time Operating System (RTOS)

Answer 48

Type of OS that prioritizes deterministic execution of operations that ensure consistent response for time critical tasks

Question 49

System-on-a-Chip

Answer 49

processor integrates the platform functionality of multiple logic controllers on a chip ex: raspberry-pi

Question 50

Legacy system

Answer 50

computer system that is no longer supported by its vendor and is no longer provided with security updates and patches Must identify legacy systems and put mitigations in place

Question 51

Proprietary System

Answer 51

System that is owned by its developer or vendor