-
TCP
- Transmission Control protocol
- provides connecting oriented traffic with a guaranteed delivery
- uses 3way handshake
-
UDP
- User Datagram Protocol
- provides connectionless sections
- many network based Dos attacks are UDP
-
IP
- internet protocol
- identifies host in a tcp and ip network and delivers the traffic from one host to another
-
ICMP
- Internet control message protocol
- used for testing basic connectivity
- includes ping, panthping, and tracert
-
Address Resolution Protocol
- ARP
- resolves IPv4 addresses
-
what is an arp poisoning attack?
uses arp packets to give clients false hardware address updates and attackers use it to redirect or interrupt network traffic
-
SSH
- encryption protocol used to encrypt data-in-transit
- Secure Shell encrypts traffic in transit and can be used to encrypt other protocols such as FTP
- TCP port 22
-
SSL
- Encryption protocol used to encrypt data-in-transit
- Secure Sockets Layer was the primary method used to secure http traffic
- currently compromised
-
TLS
- Transport Layer Security
- Encryption protocol used to encrypt data-in-transit
- replaced ssl
- used to encrypt different protocols
-
IPsec
- Internet Protocol Security
- used to encrypt IP traffic
- encryption protocol used to encrypt data-in-transit
-
SFTP
- Secure file transfer protocol
- encryption protocol used to encrypt data-in-transit
- secure implementation of FTP and and extension of ssh
-
FTPS
- File Transfer Protocol Secure
- extension of ftp and uses TLS to encrypt FTP traffic
- encryption protocol used to encrypt data-in-transit
-
FTP TFTP SSH SSL TLS IPsec SFTP and FTPS are what type of use case?
File transfer Use Case
-
SMTP POP3 and Secure POP IMAP4 and Secure IMAP HTTP HTTPS are all examples of what type of use case?
Email and Web Use Case
-
Denial of service attack
Service attack from a single source that attempts to disrupt the services provided by another system
-
Distributed Denial of service attack
A denial of service attack that includes multiple computers attacking a single target
-
SMTP
- Simple mail transfer protocol
- Transfers email between clients and SMTp servers
- Uses port 25
-
pop3
- Transfers emails from servers down to clients
- Uses ports 110
-
STARTTLS
Uses for both Ports to transmit data in clear text and ciphertext
-
imap4
- Internet message access protocol
- Is used to store email on an e-mail server
- Allows a user to organize and manage email in folders and server
- Uses port 143
-
http
- Hyper text transfer protocol
- Transmits web traffic on the Internet and in intranets
- This uses port 80
-
https
- Hypertext transfer protocol secure
- And Encrypts web traffic to ensure it is secure while in transit
- Uses SSL or TLS and port 443
-
kerberos
- Authentication protocol used in windows domains and some UNIX environments
- It uses a key distribution center to issue timestamp tickets
- Uses UDP port 88
-
LDAP
- Lightweight directory access protocol
- This uses port 389
- LDAP secure encrypted data with TLS using TCP port 636
-
Administrators often implement SSH and Remote desktop protocol to meet use of supporting remote access
Interfaces administrators use virtual private networks to connect to remote systems
-
Network Address allocation
The First two allocating IP addresses to hosts within network
-
IPV4 uses 32-bit IP addresses expressed in dotted the small format
-
Private networks should only have private IP addresses these are different formally defined in RFC 1918
-
Instead of private IP addresses IPv6 uses unique local addresses
-
DNS
- The primary purpose of this is for domain name resolution
- DNS resolves host names to IP addresses
- This uses U DP Port 53
-
Zone transfer
When DNS servers share information with each other
-
Where does the DNS servers host data?
Zones
-
A (DNS Zone)
- This is also called the host record
- This record holds the hostname and IPV4 address and is mostly used
-
AAAA (DNS Zone)
This record holds the host name an IPv6 address
-
Most Internet based DNS servers run BIND software on UNIX or linux next servers and it's common to configure DNS servers to only use secure zone transfers
-
DNS poisoning
This is when attackers modify the IP address of a malicious site
-
DNSSEC
- Domain name system security extensions
- This is a suite of extensions to DNS that provides validation for DNS responses by adding a digital signature
- Helps with DNS poisoning
-
nslookup
This is a command line to troubleshoot problems related to DNS
-
dig
This is a command line tool that has replaced nslookup on linux
-
Well-known ports
- 0-1023
- This is where most attacks occur
-
Registered ports
- 1024-49,151
- For example Microsoft SQL server uses port 1433 for database servers
-
Dynamic and private ports
- 49,152-65,535
- These ports are available for use by any application
-
The servers IP address is used to get the requesting packets from your computer to the server
The server gets the response packets back to your computer using your IP address
-
port security
- disabling unused ports and limiting number of mac addresses per port
- can also restrict each physical port to only a single specific Mac address
-
What can a network administrator implement to prevent?
Spanning tree protocol and rapid spending training protocol
-
What is a Mac flood attack?
When an attack attempts to overload a switch with different addresses associated with each physical port
-
How can a network administrator protect against a mac flood attack
Implement flood guard
-
Router
- Connects multiple network segments together into a single networking routes traffic between segments
- directs network traffic based on the destination IP address
-
ACL
- Access control lists
- Rules implemented on a router to identify what traffic is allowed and what traffic is denied
- can control traffic based on networks, subnets, IP addresses, ports, and some protocols
-
Implicit deny
- In the case that all traffic that isn't explicitly allowed his implicitly denied
- this is the last rule on a router and firewall
-
Antispoofing methods block traffic using ACL rules
-
bridge
connects multiple networks together and can be used instead of a router
-
Aggregation Switch
Connects multiple switches together in a network
-
firewall
This filter is incoming and outgoing traffic for a single host or between networks
-
Routers and status firewalls perform basic filtering with in access control list
- access control lists identify what traffic is allowed and what traffic is blocked
- access control lists can control traffic based on networks subnets IP addresses ports and some protocols
-
Host-based firewalls provide protection for individual hosts such as servers or workstations
- A host based firewall provides intrusion detection for the host
- linux system support X tables for firewall capabilities
- Network-based firewalls are often dedicated servers for appliances and provide protection for the network
-
Firewalls use a deny any any, deny any, or a drop all statement at the end of the ACL to enforce an implicit deny strategy
- forces the firewall to block any traffic that wasn't previously allowed
- like a bouncer at a club
-
The implicit deny strategy provides a secure starting point for a firewall
-
A stateless firewall blocks traffic using in access control list
A state full firewall blocks traffic based on the state of the packet within the session
-
Web application firewall's provide strong protection for what?
Web servers
-
What is an intranet?
- An internal network
- People use the Intranet to communicate and share content with each other
-
Extranet
- In extranet is part of a network that can be accessed by authorized entities from outside of the network
- For example it's common for organizations to provide access to authorize business partners customers vendors and others
-
What is a DMZ?
a demilitarized zone is a buffered zone between a private network and Internet
-
DMZ allows access to services while segmenting access to the Internal network
-
What does a company do if they want to allow access for other services to get to the Internet without getting to the internal network?
Apply a demilitarized zone for DMZ
-
NAT
- Network address translation
- A protocol that translates public IP addresses to private IP addresses and back
- A common form of this is port address translation
-
What is the difference between dynamic NAT and static NAT?
Dynamic uses multiple public IP addresses while static uses a single public IP address
-
What is a VLAN?
- The virtual local area network
- Uses a switch to the group several different computers into a virtual network
-
What is a VLAN good for?
- Good for separating traffic on physical networks
- You can create multiple VLANs with the single layer three switch
- Used to separate traffic types
- VLAN can logically group several different computers together regardless of the location
-
Media gateway
- A device that converts data from the format using one network to the format used on another
- This is like a translator
|
|
