Windows Networking Flashcards
1
Q
RPC
A
Remote Procedure Call
2
Q
Will RPC work cross networks?
A
It can if not configured to be blocked
3
Q
Mailslots
A
One-way Interprocess Communication Implemented in Kernel32.dll and msfs.sys Acts as a file kept in memory Useful for a single process sending broadcases to multiple processes Max single message size of 424 bytes
4
Q
RPC - Description
A
Applications load a DLL containing stub procedures for remote functions
The stub then calls RPC run-time procedures to locate where the remote procedure resides
The stub negotiates a transport mechanism
It then calls the procedure on the remote system with the parmeters
Reverse happens to return data
5
Q
SMB
A
Server Message Block
6
Q
CIFS
A
Common Internet File System
7
Q
SMB - Description
A
Primary remote file-access protocol on Windows Clients and Servers
8
Q
CIFS v1
A
cleartext
9
Q
CIFS v2
A
Encrypted
10
Q
CIFS v3
A
Encrypted with AES
11
Q
SMB/CIFS CMD command
A
nbtstat
12
Q
NetBIOS
A
Network Basic Input/Output System
13
Q
RDN
A
Relative Distinguished Name
14
Q
SMB Port
A
445
15
Q
NetBIOS Ports
A
137-139
16
Q
Port 139
A
SMB over NetBIOS
17
Q
Port 137
A
NetBIOS Naming Service
18
Q
Port 138
A
NetBIOS Datagram Service
19
Q
SRM
A
Security Reference Monitor
20
Q
ntoskrnl
A
Security Reference Monitor Kernel Mode
21
Q
LSASS
A
Local Security Authority Subsystem
22
Q
SAM
A
Security Accounts Manager
23
Q
SAM database registry path
A
HKLM\SAM
24
Q
Winlogon
A
Interactive Logon Service
25
CP
Credential Providers
26
Netlogon
Network Logon Service
27
Kernel Security Device Driver
KSecDD
28
Security Reference Monitor (SRM): Kernel Mode (ntoskrnl) Description
defines access token structure, performs object security access checks, generate security audit messages
29
Local Security Authority Subsystem (LSASS): User-mode (lsass.exe) description
local system security policy, user authentication, sending security audit messages to Event Log. Loads Local Security Authority service (LSA, lsasrv.dll)
30
LSASS policy database
registry area under HKLM\Security that stores security policy settings
31
Security Accounts Manager (SAM): Loaded in LSASS (samsrv.dll) description
manages users and groups on local machine
32
SAM database: HKLM\SAM description
local users and groups along with passwords (encrypted)
33
Active Directory: Loaded in LSASS (ntdsa.dll) description
Contains a database with information about domain objects
34
Authentication Packages description
DLLs that run through LSASS that verify user account credentials and respond to LSASS which generates a token
35
Interactive Logon Mangaer (Winlogon): Winlogon.exe - description
Grabs secure attention sequence (SAS), manages interactive logon, creates first process
36
Logon User Interface (LogonUI): LogonUI.exe - description
Provides user interface to authenticate to system
37
Credential Providers (CP): COM objects running inside LogonUI - Description
Obtains different logon credentials, smartcard, user/pass, biometrics
38
Network Logon Service (Netlogon): (Netlogon.dd) - Description
Secures channel to domain controller passes logon
39
Kernel Security Device Driver (KSecDD): (Ksecdd.sys) - description
implements Advanced Local Procedure CAll (ALPC) interfaces which kernel components user to communicated with user-mode LSASS
40
AppLocker: Driver (AppId.sys) Service (AppIdSvc.dll) - Description
Specifies which files, DLLs, scripts can be run by whom
41
When does the machine Security Indentifier (SID) get generated
At Install
42
SIDs are issued to what?
User Accounts, Groups, Domains, and Services
43
SID-500
Admin Account
44
SID-501
Guest Account
45
User Accounts SIDs start where?
1000
46
Where do you find the RID
Appended to the end of the SID
47
How are local account SIDs generated
The Local Machine SID appended with a RID
48
How are fomain account SIDs generated
The Active Directory SID appended with a RID
49
Local logon uses what to verify username/password credentials by default
```
LAN Manager (LM) (msv1_0.dll),
Includes LM, NTLM, and NTLMv2 hashing methods
```
50
Domain logon uses what protocol for authentication by default
Kerberos (kerberos.dll) Port 88
51
As of Windows Vista, what is used to add extensible logon methods?
Credential Providers
52
Active Directory Schema
defines objects that can be stored in Active Directory. Is a list of definitions that determine the kinds of objects and types of information about those objects can be stored in Active Directory.
Objects can be administered in the same manner as the rest of the objects in AD.
53
Active Directory Schema 2 Object Types
```
Class object (schema class)
Attribute object (schema attribute)
```
54
Global Catalog - description
The AD Domain relies on a global catalog database which contains a global listing of all objects in the forest.
55
Global Catalog is held on DCs configured as what?
global catalog servers
56
Global Catalog contains what subset of information?
User's First and Last name
| Distinguished name of the object so your client can contact the proper domain controller if you need more information
57
Distinguished Name
The full address of an object in the directory
58
AD Feature - Centralized Data Storage
All data in AD resides in a single, distributed data repository, allowing users easy access to the information from any location.
A single distributed data store requires less administration and duplication and improves the availability and organization of the data.
59
AD Features - Scalability
AD enables you to scale the directory to meet business and network requirements through the configuration of domains and tress and the placement of domain controllers
AD allows millions of objects per domain and uses indexing technology and advanced replication techniques to speed performance.
60
AD Features - Extensibility
The structure of the AD database (the schema) can be expanded to allow customized types of information
61
AD Features - Manageability
Based on hierarchical organizational structures.
These organizational structures make it easier to control administrative privileges and other security settings, and to make it easier to locate network resources, such as files and printers.
62
AD Features - Integration with DNS
AD uses DNS, an internet standard service that translates easily readable host names to numeric Internet Protocol (IP) addresses
Although separate and implemented differntly for different purposes, AD and DNS have the same hierarchical structure.
AD clients use DNS to locate domain controllers.
Primary DNS zones are stored in AD, enabling replication to other AD Domain Controllers.
63
AD Features - Client Configuration Management
AD provides new technologies for managing client configuration issues, such as user mobility and hard disk failures, with a minimum of administration and user downtime.
64
AD Features - Policy-Based Administration
In AD, policies are used to define the permitted actions and settings for user and computers across a given domain, or organizational unit.
Policy-based management simplifies tasks such as operating system updates, application installation, user profiles, and desktop-system lock down.
65
AD Features - Replication of Information
AD provides multi-master replication technology to ensure information availability, fault tolerance, load balancing, and other performance benefits.
Multi-Master replication allows you to update the directory at any domain controller and replicates directory changes to any other domain controller.
Because multiple domain controllers are employed, replication continues, even if any single domain controller stops working.
66
AD Features - Flexible, Secure Authentication and Authorization
AD authentication and authorization services provide protection for data while minimizing barriers to doing business over the internet.
AD supports multiple authentication protocols, such as Kerberos version 5 protocol, Secure Sockets Layer (SSL) version 3, and Transport Layer Security (TLS) using x.509 version 3 certificates.
AD provides security groups that span domains.
67
Domains
A domain is a collection of computers and their associated security groups that are managed as a single entity.
The domain is the core unit of logical structure in Active Directory It can be used to store millions of objects (these objects are considered vital to the network)
Microsoft recommends:
using as few domains as possible
relying on Organizational Units (OUs) for structure
Domains can contain multiple nested OUs.
68
Organizational Units
An Organizational Unit (OU) is a container which gives a domain hierarchy and structure.
It is used for ease of administration and to create an AD structure in the company’s geographic or organizational terms.
An OU can contain OUs, allowing for the creating of a multi-level structure
69
Trees
A tree is a grouping or hierarchical arrangement of one or more domains.
Trees are created by adding one or child domains to a parent domain.
In a tree, all domains share the same contiguous namespace and naming structure.
By adding domains to a tree, you can retain the security configuration through the tree (domain), and allow for administration to be delegated to a single OU or a single domain.
The tree structure easily accommodates organizational changes.
70
Forest
Are at the top of the Active Directory Structure.
A forest holds all objects, organizational units (OUs), domains, and attributes in its hierarchy
A forest is a grouping or hierarchical arrangement of one or more separate, completely independent domain trees.
Under a forest are one or more trees which hold domains, OUs, objects, and attributes.
Forests have the following characteristics:
All domains in a forest share a common schema.
All domains in a forest share a common global catalog.
All domains in a forest are linked by implicit two-way transitive trust.
Trees in a forest have different naming structures, according to their domains.
Domains in a forest operate independently, but the forest enables communication across the entire organization.
71
Sites
An Active Directory site object represents a collection of IP subnets, usually constituting a physical Local Area Network (LAN).
Multiple sites are connected for replication by site links.
Typically, sites are used for:
Physical Location Determination: Enables clients to find local resources such as printers, shares, or domain controllers.
Replication: You can optimize replication between domain controllers by creating links.
By default, Active Directory uses automatic site coverage, though you can purposefully setup sites and resources.
72
AD Structure - Domain Controllers
In Active Directory, You have multiple Domain Controllers which are equal peers.
Each DC in the Active Directory domain contains a copy of the AD database and synchronizes changes with all other DCs by multi-master replication.
Replication occurs frequently and on a pull basis instead of a push one.
A server requests updates from a fellow domain controller.
If information on one DC changes (e.g. a user changes their password), it sends signal to the other domain controllers to begin a pull replication of the data to ensure they are all up to date.
Servers not serving as DCs, but in the Active Directory domain, are called ‘member servers.’
Active Directory requires at least one Domain Controller, but you can install as many as you want (and it’s recommended you install at least two domain controllers in case one fails).
73
DSADD
Add specific types of objects to the directory
74
DSGET
display the selected properties of a specific object in the directory
75
DSMOD
modify existing objects in the directory
76
DSQUERY
query the directory according to specific criteria
77
Describe GPO
GPO is divided into two major Nodes types, User and Computer. Computer node object relate to policies that affect the computer system, ie. startup scripts, firewall configuration, Name Resolution Policy. User nodes relate to user policies and are relevant to only the currently logged on user.
