Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
67 Cards in this Set
- Front
- Back
Layers of the OSI model |
Application Presentation Session Transport Network Data link Physical |
|
Application layer device/protocols |
User applications HTTP FTP Telnet DHCP SMTP etc. |
|
Presentation layer device/protocols |
JPG AFCII TIFF SSL |
|
Session layer device/protocol |
Logical ports / inter host communication AppleTalk WinSock RPC |
|
Transport layer device/protocols |
TCP UDP SPX SCTP |
|
Network layer device/protocols |
Routers IP IPSec ICMP IGMP |
|
Data link layer device/protocols |
Switch BridgeWAP PPP SLIP CSLIP L2TP |
|
Physical layer device / protocols |
Physical characteristics of the hardware - Volts Pins Bit-rate Transmission etc. |
|
Layer 1 |
The physical layer describes the networking hardware, such as electrical signals and network interfaces and cabling. |
|
Layer 2 |
The data link layer describes data transfer between machines, for instance by an Ethernet. |
|
Layer 3 |
The network layer describes data transfer between networks, for instance by the Internet Protocol IP. |
|
Layer 4 |
The transport layer describes data transfer between applications, flow control, and error detection and correction, for instance by TCP. |
|
Layer 5 |
The session layer describes the handshake between applications, for instance, authentication processes. |
|
Layer 6 |
The presentation layer describes the presentation of information, such as ASCII syntax |
|
Layer 7 |
The application layer describes the structure, interpretation, and handling of information. Insecurity terms, it is relevant because it relies on all underlying layers. |
|
The layer in which Ethernet is described in the OSI reference model |
Layer 2 data-link layer |
|
Port address translation PAT |
An extension to network address translation (NAT) that permits multiple devices on a local area network (LAN) to be map to a single public IP address. |
|
Tracert |
A utility that will attempt to trace the route to the target address over a maximum of 30 hops. As a result, it will tell the user which routes are valid, and where the packets are being dropped, allowing them to quickly diagnose connectivity problems. |
|
Ping scanning |
A basic network mapping technique that helps narrow the scope of an attack. An attacker can use one of many tools such as a Very Simple Network Scanner for Windows based platforms NMAP for Linux and Windows based platforms to ping all of the addresses in a range. If the host replies to a ping, than the attacker knows the host exist at the address. |
|
Power over Ethernet PoE |
Allows a single cable to provide both data connection and electrical power to devices such as wireless access points or IP cameras. |
|
Virtual Private Network VPN |
Extends a private network across a public network such as the Internet. It enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network and thus are benefiting from the functionality, security and management policies of the private network. |
|
Virtual local area network VLAN |
Any broadcast domain that is partitioned and isolated in a computer network at the data link layer. |
|
Optimal location for network based intrusion detection system |
On the network perimeter, to alert the network administrator of all suspicious traffic. |
|
Intrusion detection system IDS |
Monitor activity and send alerts when they detect suspicious traffic. |
|
Two types of intrusion detection systems |
Host based IDS - which monitor activity on servers and workstations Network based IDS - monitor network activity |
|
Two parts of a subnet mask |
Network ID and host ID |
|
Network ID |
Represents the network the device is connected to |
|
Subnet Mask |
Only devices in the same subnet mask are able to communicate with other devices on the same subnet |
|
Convert ip-based networks can contain the following devices |
Physical security, industrial monitoring, CCTV, voice services, data, television |
|
TCP/IP port filtering |
The practice of selectively enabling or disabling the Transmission Control Protocol (TCP) ports and user Datagram Protocol (UDP) ports on computers or network devices. |
|
Content filtering |
HTTP proxy is used as a means to implement. Logging or blocking traffic that has been defined as or is assumed to be non business related for some reason. |
|
Devices that should be part of a network's perimeter defense |
A firewall A proxy server A host-based intrusion detection system(HIDS) |
|
Security perimeter |
The first line of protection between trusted and untrusted networks. |
|
Principal security risks of wireless LANs |
Lack of physical access control - wireless networks allow users to be mobile while remaining connected to a LAN. |
|
IPv4 routing protocols |
RIPvl: (legacy) IGP, distance vector, classful protocol
IGRP: (legacy) IGP, distance vector, classful protocol developed by Cisco
RIPv2: IGP, distance vector, classless protocol EIGRP: IGP, distance vector, classless protocol developed by Cisco OSPF: IGP, link-state , classless protocol
IS-IS: IGP, link-state , classless protocol
BGP: EGP, path-vector, classless protocol
|
|
IPSec |
Provides mechanisms for authentication and encryption |
|
IP security IPSec |
A suite of protocols for communicating securely with IP by providing mechanisms for authenticating an encryption. Authenticates only to hosts with each other |
|
SEM/SEIM |
Have to understand a wide variety of different applications and network element (routers/switches) logs and formats; consolidate these logs into a single database and then correlate events looking for clues to unauthorized behaviors that would be otherwise inconclusive isf observed in a single log file. |
|
What is Security Event Management (SEM) service performs |
Aggregates logs from security devices and applications servers looking for suspicious activity. |
|
Principal weakness of DNS (Domain Name System) |
Lack of authentication of servers and thereby authenticity of records. Authentication services have been delegated upward to higher protocol layers. |
|
Open email relay |
A server that forwards email from domains other than the one it serves. Also widely considered a sign of bad system administration. |
|
Principal tool for the distribution of spam |
Open email relays |
|
Botnet |
A group of dispersed, compromised machines controlled remotely from illicit reasons. |
|
Bots and botnets |
Zombies controlled by ethereal entities from the dark places on the internet |
|
WPA2 ( Wi-Fi Protected Access 2) |
Security technology commonly used on Wi-Fi wireless networks. Replace the original WPA technology on all certified Wi-Fi hardware since 2006 and is based on the IEEE 802.11i technology standard for data encryption. |
|
Disabling the SSID will |
Further enhances the security of the solution, as it requires a user that wants to connect to the WAP to have the exact _______ as opposed to selecting it from a list. |
|
HDSL |
Requires two twisted pair so it is deployed primarily for PBX network connections, digital loop carrier systems, interchange POPs, Internet servers, and private data networks. |
|
Operating range of HDSL |
Limited to 12,000 feet so signal repeaters are installed to extend the service |
|
DSL (digital subscriber line) methods |
ADSL- Asymmetric digital subscriber line - downstream transmission rates are much greater than upstream one typically 256 or 512 kbps downstream and 64 kbps upstream RADSL- Rate adaptive DSL - the upstream transmission rate is automatically tuned based on the quality of the line SDSL - Symmetric digital subscriber line - uses the same rates for upstream and downstream transmissions what are you doing VDSL - Very high bitrate DSL- supports much higher transmission rates than other DSL technologies, such as 13 mbps downstream and 2 megabytes per second upstream |
|
Fiber cable |
Relies on light. Electromagnetic and source power based distortions do not affect it. |
|
Media types that rely on electromagnetic principles to operate and are therefore susceptible to electromagnetic interference |
Coax cable Wireless Shielded twisted pair |
|
Media types that rely on electromagnetic principles to operate and are therefore susceptible to electromagnetic interference |
Coax cable Wireless Shielded twisted pair |
|
Coaxial cable (or simply coax) |
Uses one thick conductor that is surrounded by a grounding braid of wire. A non-conducting layer is placed between the two layers to insulate them. The entire cable is placed within a protective sheath. |
|
Disadvantages of coaxial cable |
Is expensive, and is difficult to bend during installation. |
|
Thicker than the twisted pair and therefore can support greater bandwidth and longer cable length |
Coax cable |
|
Shielding |
On coax cable ____ makes it harder for an intruder to monitor the signal with antenna or install a tap. |
|
Protects coax cable from electrical interference such as EMI and RFI |
Superior insulation |
|
UTP unshielded twisted pair |
The most common cable type. Is inexpensive and can be easily bent during installation. Risks of drawbacks does not justify more expensive cables. |
|
STP - Shielded twisted pair |
Pairs of insulated twisted copper are in close in a protective jacket. Uses an electronically grounded shield to protect signal. The shield surrounds each of the twisted pairs in the cable, surround the bundle of twisted pairs, or both. Disadvantages over UTP = more expensive and is bulkier and hard to bend during installation |
|
Multi layer protocols such as Modbus |
Are often insecure by their very nature as they are not designed to natively operate over today is IP networks. Often used in industrial control systems. |
|
Packet switched technologies include |
X. 25 Link access / procedure balanced LAPB Frame Relay Switched multi megabyte data services SMDS Asynchronous transfer mode ATM Voice over IP VoIP |
|
Generation 1 firewalls |
Static packet filter Stateful Packet Inspection |
|
Second-generation firewalls |
Proxy services |
|
Firewall |
A system designed to prevent unauthorized access to or from a private network. |
|
Third-generation firewalls, firewalls evolved, next generation firewalls |
Stateful multilevel inspection, screen see entire packet, OSI layers 2 through 7, rapidly compares each packet to known bit patterns of friendly packets before deciding whether to pass the traffic. Coupled with or integrated into intrusion detection system IDS, SMLI offers the first glimpse of this new definition of firewall. |
|
If the communication mode is gateway-gateway or host-gateway |
Encapsulating security payload (ESP) authentication must be used |
|
Polling |
A LAN transmission protocol |