1. TCP
    • Transmission Control protocol
    • provides connecting oriented traffic with a guaranteed delivery
    • uses 3way handshake
  2. UDP
    • User Datagram Protocol 
    • provides connectionless sections
    • many network based Dos attacks are UDP
  3. IP
    • internet protocol
    • identifies host in a tcp and ip network and delivers the traffic from one host to another
  4. ICMP
    • Internet control message protocol
    • used for testing basic connectivity
    • includes ping, panthping, and tracert
  5. Address Resolution Protocol
    • ARP
    • resolves IPv4 addresses
  6. what is an arp poisoning attack?
    uses arp packets to give clients false hardware address updates and attackers use it to redirect or interrupt network traffic
  7. SSH
    • encryption protocol used to encrypt data-in-transit
    • Secure Shell encrypts traffic in transit and can be used to encrypt other protocols such as FTP
    • TCP port 22
  8. SSL
    • Encryption protocol used to encrypt data-in-transit
    • Secure Sockets Layer was the primary method used to secure http traffic
    • currently compromised
  9. TLS
    • Transport Layer Security
    • Encryption protocol used to encrypt data-in-transit
    • replaced ssl
    • used to encrypt different protocols
  10. IPsec
    • Internet Protocol Security
    • used to encrypt IP traffic
    • encryption protocol used to encrypt data-in-transit
  11. SFTP
    • Secure file transfer protocol
    • encryption protocol used to encrypt data-in-transit
    • secure implementation of FTP and and extension of ssh
  12. FTPS
    • File Transfer Protocol Secure
    • extension of ftp and uses TLS to encrypt FTP traffic
    • encryption protocol used to encrypt data-in-transit
  13. FTP TFTP SSH SSL TLS IPsec SFTP and FTPS are what type of use case?
    File transfer Use Case
  14. SMTP POP3 and Secure POP IMAP4 and Secure IMAP HTTP HTTPS are all examples of what type of use case?
    Email and Web Use Case
  15. Denial of service attack
    Service attack from a single source that attempts to disrupt the services provided by another system
  16. Distributed Denial of service attack
    A denial of service attack that includes multiple computers attacking a single target
  17. SMTP
    • Simple mail transfer protocol
    • Transfers email between clients and SMTp servers
    • Uses port 25
  18. pop3
    • Transfers emails from servers down to clients
    • Uses ports 110
    Uses for both Ports to transmit data in clear text and ciphertext
  20. imap4
    • Internet message access protocol
    • Is used to store email on an e-mail server
    • Allows a user to organize and manage email in folders and server
    • Uses port 143
  21. http
    • Hyper text transfer protocol
    • Transmits web traffic on the Internet and in intranets
    • This uses port 80
  22. https
    • Hypertext transfer protocol secure
    • And Encrypts web traffic to ensure it is secure while in transit
    • Uses SSL or TLS and port 443
  23. kerberos
    • Authentication protocol used in windows domains and some UNIX environments
    • It uses a key distribution center to issue timestamp tickets
    • Uses UDP port 88
  24. LDAP
    • Lightweight directory access protocol
    • This uses port 389
    • LDAP secure encrypted data with TLS using TCP port 636
  25. Administrators often implement SSH and Remote desktop protocol to meet use of supporting remote access
    Interfaces administrators use virtual private networks to connect to remote systems
  26. Network Address allocation
    The First two allocating IP addresses to hosts within network
  27. IPV4 uses 32-bit IP addresses expressed in dotted the small format
  28. Private networks should only have private IP addresses these are different formally defined in RFC 1918
  29. Instead of private IP addresses IPv6 uses unique local addresses
  30. DNS
    • The primary purpose of this is for domain name resolution
    • DNS resolves host names to IP addresses
    • This uses U DP Port 53
  31. Zone transfer
    When DNS servers share information with each other
  32. Where does the DNS servers host data?
  33. A (DNS Zone)
    • This is also called the host record
    • This record holds the hostname and IPV4 address and is mostly used
  34. AAAA (DNS Zone)
    This record holds the host name an IPv6 address
  35. Most Internet based DNS servers run BIND software on UNIX or linux next servers and it's common to configure DNS servers to only use secure zone transfers
  36. DNS poisoning
    This is when attackers modify the IP address of a malicious site
  37. DNSSEC
    • Domain name system security extensions
    • This is a suite of extensions to DNS that provides validation for DNS responses by adding a digital signature
    • Helps with DNS poisoning
  38. nslookup
    This is a command line to troubleshoot problems related to DNS
  39. dig
    This is a command line tool that has replaced nslookup on linux
  40. Well-known ports
    • 0-1023
    • This is where most attacks occur
  41. Registered ports
    • 1024-49,151
    • For example Microsoft SQL server uses port 1433 for database servers
  42. Dynamic and private ports
    • 49,152-65,535
    • These ports are available for use by any application
  43. The servers IP address is used to get the requesting packets from your computer to the server
    The server gets the response packets back to your computer using your IP address
  44. port security
    • disabling unused ports and limiting number of mac addresses per port
    • can also restrict each physical port to only a single specific Mac address
  45. What can a network administrator implement to prevent?
    Spanning tree protocol and rapid spending training protocol
  46. What is a Mac flood attack?
    When an attack attempts to overload a switch with different addresses associated with each physical port
  47. How can a network administrator protect against a mac flood attack
    Implement flood guard
  48. Router
    • Connects multiple network segments together into a single networking routes traffic between segments
    • directs network traffic based on the destination IP address
  49. ACL
    • Access control lists
    • Rules implemented on a router to identify what traffic is allowed and what traffic is denied
    • can control traffic based on networks, subnets, IP addresses, ports, and some protocols
  50. Implicit deny
    • In the case that all traffic that isn't explicitly allowed his implicitly denied
    • this is the last rule on a router and firewall
  51. Antispoofing methods block traffic using ACL rules
  52. bridge
    connects multiple networks together and can be used instead of a router
  53. Aggregation Switch
    Connects multiple switches together in a network
  54. firewall
    This filter is incoming and outgoing traffic for a single host or between networks
  55. Routers and status firewalls perform basic filtering with in access control list
    • access control lists identify what traffic is allowed and what traffic is blocked
    • access control lists can control traffic based on networks subnets IP addresses ports and some protocols
  56. Host-based firewalls provide protection for individual hosts such as servers or workstations
    • A host based firewall provides intrusion detection for the host
    • linux system support X tables for firewall capabilities
    • Network-based firewalls are often dedicated servers for appliances and provide protection for the network
  57. Firewalls use a deny any any, deny any, or a drop all statement at the end of the ACL to enforce an implicit deny strategy
    • forces the firewall to block any traffic that wasn't previously allowed
    • like a bouncer at a club
  58. The implicit deny strategy provides a secure starting point for a firewall
  59. A stateless firewall blocks traffic using in access control list
    A state full firewall blocks traffic based on the state of the packet within the session
  60. Web application firewall's provide strong protection for what?
    Web servers
  61. What is an intranet?
    • An internal network
    • People use the Intranet to communicate and share content with each other
  62. Extranet
    • In extranet is part of a network that can be accessed by authorized entities from outside of the network
    • For example it's common for organizations to provide access to authorize business partners customers vendors and others
  63. What is a DMZ?
    a demilitarized zone is a buffered zone between a private network and Internet
  64. DMZ allows access to services while segmenting access to the Internal network
  65. What does a company do if they want to allow access for other services to get to the Internet without getting to the internal network?
    Apply a demilitarized zone for DMZ
  66. NAT
    • Network address translation
    • A protocol that translates public IP addresses to private IP addresses and back
    • A common form of this is port address translation
  67. What is the difference between dynamic NAT and static NAT?
    Dynamic uses multiple public IP addresses while static uses a single public IP address
  68. What is a VLAN?
    • The virtual local area network
    • Uses a switch to the group several different computers into a virtual network
  69. What is a VLAN good for?
    • Good for separating traffic on physical networks
    • You can create multiple VLANs with the single layer three switch
    • Used to separate traffic types
    • VLAN can logically group several different computers together regardless of the location
  70. Media gateway
    • A device that converts data from the format using one network to the format used on another
    • This is like a translator
Card Set