Telecom and Network Sec Flashcards
1
Q
hub
A
repeater with more than 2 ports; has 1 collision domain; half-duplex device
2
Q
LLC
A
Link Layer Control: handles LAN communications; touches layer 3
2
Q
Telnet
A
application layer TCP/IP protocol: provides terminal emulation over a network; port 23; weka, no confidentiality; data tx in plaintext
3
Q
packet-switched networks
A
data is broken into packets, each sent individually. Unused bandwidth is available for other connections
3
Q
OSI Layer 4
A
Transport: handles packet sequencing, flow control, error detection; protocols include TCP, UDP
3
Q
SNMP
A
simple network management protocol: application layer TCP/IP protocol; used to monitor network devices; port UDP 161; SNMPv3 provides CIA via encryption
3
Q
Token Ring
A
attached resource computer network: LAN Tech/protocol; legacy LAN technology; pass network traffic via tokens
4
Q
FDDI
A
Fiber Distributed Data Interface: LAN Tech/protocol; legacy LAN using fiber and token bus
4
Q
BGP
A
border gateway protocol: routing protocol used on internet between autonomous systems; considered a path vector routing protocol
4
Q
802.11
A
most common form of wireless data networking standard
5
Q
DCE
A
Data circuit-terminating equipment: aka data communcations equip; networks DTEs (ie router); DCE marks end of ISP’s network and connects to the DTE
5
Q
CHAP
A
challenge handshake authentication protocol: more secure, not susceptible to replay attacks; relies on shared secret password
5
Q
RSN
A
robust security network: allows changs to cryptographic ciphers as new vulnerabilities arise; aka WPA2 and uses AES encryption (or TKIP)
6
Q
OSI Model
A
network model with 7 layers: physical, data link, netork, transport, session, presentation, and application
6
Q
broadcast
A
one-to-all on a LAN
6
Q
HDLC modes
A
NRM (normal response mode)2ndary nodes transmit when given permission by primary; ARM (asynchronous response mode)2ndary nodes may inititate comm with primary; ABM (asynchronous balanced mode)nodes may act as primary or 2ndary initiating tx w/o permission
6
Q
circuit-level proxies
A
operate at layer 5; filters more protocols
7
Q
TCP/IP Layer 1
A
Network access layer=OSI layer 1/2; describes bits and medium used to carry them, converting bits into protocol units (like ethernet frames, MAC addresses, NICs)
8
Q
Ipv4
A
32-bit addresses in dotted quad format
8
Q
WAP
A
wireless application protocol: designed to provide secure web services to handheld devices
8
Q
RFID
A
radio frequency identification: 3 types: active (has battery broadcasts), semi-passive (has battery but uses reader’s signal for power), passive (uses readers signal for power)
9
Q
802.11n
A
144+ Mbps - 2.4/5 GHz
10
Q
SSID
A
service set identifier: acts as a network name; normally broadcast
12
Q
broadband networks
A
mhave multiple channels and can send multiple signeals at a time
13
bastian host
any host placed on the internet not protected by another device; must protect themselves and be hardened; usually provide a specific service
14
classless inter-domain routing
/8 for Class A because first 8 bits are for network. /16 for class B; class C /24; Class D /32
14
screened host
older flat network design using one router to filter external traffic to and from a bastion host via an ACL
15
TCP/IP Layer 4
Application Layer=OSI layer 5/6/7; most protocols here use client-server architecture
16
AS
authentication server: server that authenticates a supplicant
17
traceroute
uses ICMP time exceeded to tace a network route
17
TLS
transport layer security: latest version of SSL
18
loopback addresses
127.0.0.0 or ::1
18
802.11a
54 Mbps - 5 GHz
19
analog
continuous wave of information
20
EUI-64
standard for 64 bit MAC addresses; OUI still 24 bits, but serial number is 40 bits
21
convergence
all routers on a network agree on the state of routing
22
DHCP
Dynamic Host Configuration protocol: application layer TCP/IP protocol; designed to replace and improve BOOTP; pool of IP addresses
22
IPS
intrusion protection system: preventive device designed to prevent malicious actions
23
full-duplex
communication sends and receives simultaneously (like a phone)
24
802.11i
first 802.11 standard with reasonable security
25
digital
communications transfer data in bits (1's and 0's)
25
DTE
Data terminal equipment; network terminal (desktop, server, etc)
26
socket pair
unique connection between two nodes: sorce port, source IP, Destination port, destination IP
27
DNS
Domain Name Server: application layer TCP/IP protocol; distributed global hierarchical database that translates names to IP addresses and back; uses TCP and UDP; unreliable; no authentication
27
RIP
routing information protocol: maximum hop count=15; distance vector routing protocol using hops as metric; used split horizon to help avoid routing loops; ; limited protocol; slow convergence
28
TCP flags
URG-Urgent; ACK-acknowledge data; PSH-push data to application layer; RST-reset (teardown) connection; SYN-synchronize connection; FIN-finish connection; CWR-congestion window reduced; ECE-explicit congestion notification echo; NS-Nonce sum
29
Fiber Optic
long distance (\> 50 mi), no EMI; multimode=shorter distance, multiple paths of light; singlemode=longer distance, high speed network
29
IDS
intrusion detection system: detective device designed to detect malicious actions
29
Anomaly detction
anomaly detection IDS works by establishing a baseline of normal traffic, then ignores that traffic
29
DSSS
direct sequence spread spectrum: uses entire band at once, spreading the signal throughout the band
30
tree
LAN physical topology; aka hierarchical network; n/w with root node and branch nodes that are at least 3 levels deep (2 levels make a star)
31
RDP
remote desktop protocol: different session
32
AutoRun
best practice to disable AutoRun on microsoft operating systems (in association with removable media)
32
bluejacking
sending unsolicited messages
33
ring
LAN physical topology; dominant plysical topology; better fault tolerance; more expensive;
34
DSL
digital Subscriber Line: copper pair; 10 Mbs+
35
antivirus
most commonly deployed endpoint security product
37
IPv6
128-bit addresses
37
protocol behavior
protocol behavior IDS works by modeling the way protocols should work, often analyzing RFC
39
promiscuous
allows access to all unicast traffic on a newtork segment
40
NIPS
network intrusion prevention system: main difference in NIDS and NIPS is NIPS alters traffic
41
SLIP
serial line internet protocol: layer 2 protocol provides IP connectivity via asynchronous connections such as serial lines and modems
42
bluesnarking
taking info via bluetooth network
43
mesh
LAN physical topology; interconnects nodes with each other; high availability
44
packet filter and stateful firewalls
devices that filter traffic based on OSI layer 3 (IP addresses) and layer 4 (ports); packet less secure, stateful more secure but slower
44
ACL
access control List: tells who can gain access to a resource
45
WPA2
wi-fi-protected access 2: aka RSN
46
HDLC
high-level data link control: WAN technology/protocol; successor to SDLC; adds error correction and flow control
47
MPLS
multiprotocol label switching: WAN technology/protocol; uses labels and carries ATM, rame relay, IP and others
47
authenticator
device such as an access point that allows a supplicant to authenticate and connect
48
Pool NAT
reserves a number of public IP addresses in a pool; these are used, then returned to the pool
49
VNC
virtual network computing: same session
50
DNS cache poisoning attack
triacks a cachign DNS server into caching a forged response
51
Baseband networks
one channel and can send only one signal at a time (Ethernet is baseband)
53
OSI Layer 2
data link: handles access to the physical layer as well as LAN communication; includes ethernet card (and MAC address), switches, bridges; divided in 2: Media Access Control (MAC) and Logical Link Control (LLC)
53
routers
layer 3 device that routes traffic from one LAN to another; are default gateways
55
Ping
sends an ICMP echo request to a node and listens for a reply
56
bluetooth
802.15; PAN technology; operates in 2.4 GHz; short distances; must pair devices
58
IMAP
internet message access protocol: application layer TCP/IP protocol; client-server e-mail access
59
listen
socket that is waiting for a connection
60
encapsulation
takes information from a higher layer and addes header to it
61
Ipsec
designed to privde CIA via encryption for IPv6 and now ported to IPv4; suite of protocols: ESP and AH
62
OSI Layer 7
application: where you interface with your computer application; web browser, word processor; protocols include Telnet, FTP
64
malware
malicious software
65
TCP/IP Layer 2
Internet Layer=OSI layer 3; IP address/routing live here
67
network model
description of how a network protocol suite operates (such as OSI or TCP/IP models)
69
explain 100base T
100=speed base=baseband T=twisted pair
70
OSPF
open shortest path first: open link state routing protocol learns the entire network topology for their area; send event driven updates; fast convergence
71
HTTP/HTTPS
Hypertext transfer protocol (secure): application layer TCP/IP protocol; used to transfer web=based data (secure via SSL/TLS); HTML used to display web content
72
802.11g
54 Mbps - 2.4 GHz
74
switch
layer 2 device that carries traffic on one LAN based on media access control (MAC) addresses
75
ARP
Address resolution protocol: used to translate between layer 2 MAC address and layer 3 IP address
76
MAC
Media Access Control: transfers data to and from physical layer; touches layer 1; unique hardware address of an Ethernet NIC; 48 bits long, 1st 24 form Organizationally Unique Identifier, 2nd 24 form serial #
78
Internet
global collection of peereed networks running TCP/IP providing best-effort service
79
UDP scans
sends UDP packets to ports and listens for answers; harder and slower then TCP scans
81
half-duplex
communication sends or receives at one time only (walkie talkie)
81
TCP/IP Layer 3
Host-to-Host Transport Layer=OSI layer 4; connects inernet layer to application layer; where applications are addressed on a network, via ports; TCP and UDP are 2 transport layer protocols of TCP/IP
81
pattern matching
pattern matching IDS works by comparing events to static signatures
82
SSH
Secure shell: application layer TCP/IP protocol; secure replacement for telnet, FTP and "r" commands; provides confidentiality, intregrity, and secure authentication; port 22
83
VLAN
virtual LAN: aka virtual switch
85
TCP/IP model
simplet network model with 4 layers: network access, Internet, transport, and application
86
types of Scans
attackers scan networks from layers 2-7
87
roaming infected laptop
addressed by EAP
88
NAT
network address translation: used to translate RFC 1918 addresses as they pass from intranets to the internet; 3 types: static NAT, Pool NAT, Port Address Translation (PAT); hides origin of a packet
89
honeypot
system designed to attract attackers; consult with legal before deploying honeypots
91
POPv3
post office protocol version 3: application layer TCP/IP protocol; client-server e-mail access
93
SONET
synchronous optical network uses multiple T carrier circuits via fiber; physical fiber ring for redundancy
95
CSMA
Carrier Sense Multiple access: method used by ehternet networks to allow shared usage of a baseband network and avoid collisions
95
802.11i
wireless security standard; describes RSN
96
Difference between a Smurf attack and Fraggle attack
Both are denial of service attacks: smurf=TCP; Fraggle=UDP
96
802.11b
11 Mbps - 2.4 GHz
98
router
layer 3 device that routes traffic from one LAN to another based on IP addresses
99
Extranet
connection between private intranets
100
DMZ
demilitarized Zone: implies 2 firewall DMZ; servers that receive traffic from untrusted networks should be on DMZ networks
101
PPTP
point-to-point tunneling protocol: tunnels PPP via IP; uses generic routing encapsulation to pass PPP via IP and TCP for a control channel
103
OSI Layer 6
presentation: presents data to the application (and user); ASCII, JPEG, GIF, TIFF exist here
104
RTP
real-time Transport protocol: designed to carry streaming audio and video
105
supplicant
an 802.1x client
107
bridge
layer 2 device with two ports and connets network segments together; has two collision domains
108
coaxial cable
inner copper core, insulator, shield, plastic sheath; used for satellite/cable tv; more resistant to EMI; higher bandwidth; longer connections than UTP
108
TKIP
temporal key integrity protocol: uses River Cipher 4 (RC4); used by WPA2
109
PDA
personal digital assistant: two major issues: loss of data due to theft, wireless security
110
FTP
File Transfer Protol: application layer TCP/IP protocol used to transfer files to/from servers; no confidentiality or integrity; ports 20/21
112
Bus
LAN physical topology; connects network nodes in a string; one break brings down entire network
113
LAND attack
single packet denial of service attack
114
VPN
virtual private network: secure data sent via insecure networks
116
UTP categories
Unshielded Twisted Pair: Cat 1
116
SPAN ports
switched port analyzer: mirrors traffic from multiple switch ports to one SPAN port; drawback is port bandwidth overload
117
application whitelisting
determines in advance which binaries are considered safe to execute on a given system, denies all other binaries tyring to executre
118
FHSS
frequency hopping spread spectrum: uses a number of small freq channels throughout the bnd and hops through them in pseudo random order
119
QoS
Quality of Service: often applied to Voice over IP; gives specific traffic precedence over other traffic
120
SMTP
simple mail trasnfer protocol: application layer TCP/IP protocol; used to transfer email between servers
121
IGP
interior gateway protocol (RIP, OSPF); routing protocol; support layer 3
123
UDP
user datagram protocol: simplet and faster; no handshake, session, or reliability "send and pray"; used with applications that can handle loss
124
T1, T3, E1, E3
WAN technology/protocol; T1=1.544 mb/24 64-bit channels; T3=28 bundled T1's (45 Mb); E1=2.048 mb/30 channels; E3=16 E1 (34.368 Mb)
125
types of IDS events
true positive, true negative, false positive, false negative
126
tripwire
well known HIDS
126
hacker
someone who uses technology in ways the creators did not intend
127
dual-homed host
has 2 NIC?one to trusted network, one to untrusted network
129
OSI Layer 1
physical: describes units of data as bits; devices include hubs and repeaters, cabling standards like thinknet, thicknet, UTP
130
TCP
Transmission Control Protocol: reliable layer 4 protocol; uses a 3-way handshake to create reliable connections; can reorder out of order segments
131
network stack
network protocol suite programmed in software or hardware
132
proxy firewall
act as intermediary servers; terminates connections
133
SIP
session initiation protocol: includes session teardown
134
IPv4 Classes
Class A: 0.0.0.0-127.255.255.255 Class B: 128.0.0.0-191.255.255.255 Class C: 192.0.0.0-223.255.255.255 Class D: 224.0.0.0-239.255.255.255 Class E: 240.0.0.0-255.255.255.255
136
static NAT
makes a one-to-one translation between addresses
137
802.1x
port-based network access control and includes EAP,
137
three Ipsec architectures
host-to-gateway; gateway-to-gateway; host-to-host
139
OSI Layer 3
Network: moving data from a asystem on one LAN to a system on another; IP addresses and routers exists here; protocols include IPv4, IPv6
140
VoiP
voice over internet protocol: carries voice via data networks; can easedrop easily with wireshark
142
PAT
many-to-one translations
143
OSI Layer 5
Session: manages sessnios; remote procedure calls exist here; "Connections between applications"; uses simples, half/full duplex
145
static route
fixed routing entries; great for simple network with limited or no redundancy
146
HIPS
host intrusion prevention system: like NIPS only for a host
148
demarc
where DTE and DCE meet?marks the end of ISP responsibility and beginning of users responsibility
149
x.25
WAN technology/protocol; older packet-switched WAN protocol; cost effective over long distances
150
ARP scan
layer 2 scan that sends ARP requests for each IP address on subnet learning MAC addresses of systems that answer
152
SOCKS
circuit-level proxy uses TCP port 1080
153
SSL
secure socket layer: designed to protect HTTP data
155
FF:FF:FF:FF:FF:FF
ethernet broadcast address
155
MODEM
modulator/demodulator: takes binary data and modulates it into analog sound, then reverses it
157
nonce
small random string server sends as a challenge in CHAP
158
DSL speeds
ADSL 1.5-9 Mbps down - 16-640 kbps up - 18k ft SDSL & HDSL 1.544 Mbps down - 1.5444 Mbps up - 10k ft VDSL 20-50 Mbps down - up to 20 Mbps up - \< 5k ft
159
TFTP
Trivial FTP: application layer TCP/IP protocol; simpler way to transfer files; no authentication, confidentiality, or integrity; port UDP 69
160
DNSSEC
Domain name server security extensions: provides authentication and integrtiy via PKI; no confidentiality
161
EAP
extensible authentication protocol: very secure; layer 2, port based
162
CSMA/CA & CD
Collision detection (ethernet) and collision avoidance (wireless)
164
ATM
Asynchronouse transfer mode: WAN technology/protocol; uses fixed length cells of 53 bytes; reliable
165
RFC 1918
private IPv4 addresses that may be sued for internal traffic that does not route via the Internet
167
NIDS
network intrusion detection system: detects malicious traffic on a network; usually require promiscuous network access; passive devices
167
802.11
2 Mbps - 2.4 GHz
168
unicast
one-to-one traffic like client surfing the web
169
TCP Scan
sends a TCP SYN and records who responds, then leaves half-open connections
171
ICMP
internet control message protocol: helper protocol at layer 3 used to troubleshoot and report error conditions; echo request, echo reply, time to live are here
172
Faraday cage
shields things from EMI
173
ARCNET
attached resource computer network: LAN Tech/protocol; legacy LAN technology; pass network traffic via tokens
175
PPP
point-to-point protocol: layer 2 protocol replaced SLIP; HDLC based and adds CIA via point-to-point links; support synchronous links and asynchronous links
176
simplex
one-way communication
178
snort
open source NIDS and NIPS
179
multicast
one-to-many and the many is preselected
180
firewall
filter traffic between networks; TCP/IP packet filter and stateful firewalls=layer3/4; proxy firewalls=layer 5/6/7; they are multi-homed and have multiple NICs
181
WEP
wired equivalent privacy: critically weak; new attacks can break WEP key in minutes; little integrity or confidentialiyt; 24 bit initialization vector
182
Protocol Data Units
TCP/IP - Layer 4= TCP segment, Layer 3=IP Packet, Layer 2=Ethernet Frame, Layer 1=bits
183
Ethernet
LAN Tech/protocol; dominant LAN technology transmits network data via frames
184
switch
bridge with more than two ports; provides traffic isolation
185
HIDS
host intrusion detection system: like NIDS only for a host
186
repeater
layer 1 device; receives bits on one pot and repeats them out on the other; no understanding of protocols; they extend a network
187
ISDN
integrated services digital network: early attmpt to provide digital service via "copper pair"
189
packet-switched network
form of networking where bandwidth is shared and data is carried in units called packets
190
EGP
exterior gateway protocol (BGP): routing protocol; support layer 3
191
OFDM
orthogonal frequency division multiplexing: allows simultaneous transmission using multiple independent wireless feqs that don't interfer with each other
192
TCP SYN flood
TCP denial of service attack; attacker sends many SYN, but never ACK resulting in half-open connections
193
Intranet
privately owned network running TCP/IP (like a company network)
194
L2TP
layer 2 tunneling protocol: combines PPTP and layer 2 forwarding; focuses on authentication and does not provide confidentiality; frequirently used with Ipsec to provide encryption
195
TPM
trusted platform module: installed on motherboard dedicated to carrying out security functions that involve storage and processing of keys, hashes, digital certs
196
circuit-switched networks
provide dedicated bandwidth to point to point connections, such as a T1 connecting 2 offices
197
teardrop attack
denial of service attack that relies on fragmentation reassembly; attacker sends multiple large overlapping IP fragments
198
application-layer proxy firewall
operate up to layer 7
199
BOOTP
Bootstrap protocol: application layer TCP/IP protocol; used for bootstrappig via a network by diskless systems
200
demultiplexing/de-encapsulation
removal of header info as data moves up the stack
201
PAP
password authentication protocol; very weak authentication protocol; sends username/password in clear text
202
LAN, MAN, WAN, GAN, PAN
Local Area Network, Metro Area Network, Wide Area Network, Global Area Network, Personal Area Network
203
socket
combination of an IP address and TCP/UDP port on one node
204
network taps
preferred way to provide promiscuous network access; can "Fail open" so traffic will pass in event of a failure
205
SDLC
synchronous data link control: WAN technology/protocol; layer 2 WAN protocol that uses polling to transmit data
206
Frame relay
WAN technology/protocol; packet-switched layer 2 WAN protocol provides no error recovery and focuses on speed; multiplexes multiple logical connnections over a single physical connection
