Video Content Lesson 8 Flashcards Preview

CISSP Exam > Video Content Lesson 8 > Flashcards

Flashcards in Video Content Lesson 8 Deck (42)
Loading flashcards...
2
Q

Network Devices

A
Hubs
Bridges
Switches
Routers
Gateways
Firewalls
3
Q

Hubs

A

Operates at physical layer
often also called (concentrator, repeater, multistation access unit MAU)
works by (all inbound traffic is echoed to all connected devices) (produces lots of excess traffic on network)
Used to connect multiple LAN devices (an in Star typologies)

4
Q

Bridges

A

Operates at Data-link layer
Forwards messages from one network segment to another network segment
Can filter traffic based on the data-link layer address
used to bridge two networks (can be using different protocols)

5
Q

Switches

A

Operates at Data-link layer (some at network layer)
Only forward packets to the specific port where the destination machine is located
can be used to increase performance of network by decreasing network bandwidth utilization
Only sends message to one destination machine by looking at data-link layer address
parallel transmission is possible (machine A transmits to B while C to D)

6
Q

Routers

A

Operates at network layer (generally)
Read network address (IP) of the destination and forward the packet to that network
work at higher level don’t need to bridge networks of different types

7
Q

Gateways

A

generally software products
often used to translate between dissimilar network protocols (high level)
copy packets from one network protocol to another protocol
all the way to application layer filtering

8
Q

Firewalls

A

several types of firewalls
generally operate at network layer (can at application)
can perform sophisticated or simplistic filtering
look at packets desiring to enter/exit network (does it make sense to let it through)
Most common first point of contact for attackers
Attackers look for ways through or around firewall
look for open ports

9
Q

Firewalls

A
1st Generation
2nd and 3rd Generation
4th and 5th Generaion
Packet Filtering Router
Screened Host
Dual-Homed Host
Screened Subnet
10
Q

1st Generation

A

Packet filtering
operates at network or transport layer
Examines source and target addresses and target port
uses ACLs to accept or deny packet (drop packet-don’t tell that it’s denied)
Easily fooled by spoofing

11
Q

2nd and 3rd Generation

A

Application Layer Gateway filter (proxy) (2nd Gen)
Operates at Application layer
Copies packets from one network to another
Changes the source and destination address from original packet (protects the identity of the true source machine)
Can filter content of message
Stateful Inspection (3rd Gen)
Similar to 1st Gen but also looks at state of connection
if packet is part of previous connection will allow packet through as it is expected

12
Q

4th and 5th Generaion

A

Dynamic Filtering (4th Gen)
Combination of Application Layer and stateful inspection firewalls
Rules can be determined dynamically
Works well with UDP traffic
UDP is a connectionless protocol
Every packet is a separate datagram and not part of a connection
Once you receive original UDP packet from source machine can make filtering and firewall rules
Kernel Proxy (5th Gen)
Multilevel firewall integrated into the OS kernel
Being an internal firewall it increases Performance and Security as it operates dynamically

13
Q

Firewall Architecture (4 types)

A

1-Packet filtering router
2-Screened Host
3-Dual Homed Host
4-Screened Subnet (DMZ)

14
Q

Packet Filtering Router

A

Oldest and most common
Firewall placed between untrusted and trusted networks
uses ACLs to determine whether or not to allow packets to pass through it (filter packets)
look at source, destination, port
filters incoming and outgoing packets

15
Q

Screened Host

A

Packet filtering router plus application gateway (placed between untrusted and trusted networks)
Bastion Host is placed between firewall (router) and trusted network
Provides packet filtering and proxey services (filters higher level packets that make it through the firewall)

16
Q

Dual-Homed Host

A

Similar to screen host, except bastion hast has two NICs
One NIC is connected to the trusted network
The other NIC is connected to the untrusted network
Also has 2 routers–Untrusted Network, Router, Bastion Host, Router, Trust Network
Allows Bastion Host to filter packets and copy to other network

17
Q

Screened Subnet (DMZ)

A

Almost identical to Dual-Homed Host with addition of subnet attached to Bastion Host
This is where Web Server is placed
Port 80 and 443 (HTTPS) (HTTP)
Can make a secure connection between web server and trusted network

18
Q

Security Protocols and Services

A
TCP-IP
Network Layer Security Protocols
Transport Layer Security Protocols
Application Layer Security Protocols
Multiple layers in OSI reference Model (each layer has different protocols)
19
Q

TCP/IP

A

Transmission Control Protocol/Internet Protocol
Operates at Transport and Network Layers
This is the most common protocol
It is actually a suite-combination of two different layers and protocols
TCP (splits outbound messages into packets and passes packets down to the next layer, IP; Assembles inbound messages in the correct order into a message and passes it up to the next layer)
IP (Manages addressing the packets and getting them to their destination)

20
Q

Network Layer

A

IPSec - ensures IP confidentiality and integrity; Uses either ESP (Encapsulation Security Payload) (for confidentiality) or AH (Authentication Header) (for authentication) to secure packets
Standard protocol used to implement VPNs
Operates in 2 modes- 1 Transport Mode (clear text header with encrypted payload) and 2 Tunnel mode (encrypted payload and header) primarily used to connect two different networks (use VPN connection to the gateways of networks)

21
Q

Transport Layer

A

SWIPE (Network layer security protocol for IP (provides confidentiality, integrity, and availability))
SKIP (Simple Key Management for Internet Protocols) (provides high availability using encryption at transport level)
SSL (Secure Sockets Layer) (most commonly used for secure Web application communication) (communication for web browser to web server for secure communication)
TLS (Transport Layer Security) (replaced SSL) (implements secure communication through the use of encryption) (NOTE: Encryption ONLY takes place between the browser and web server)

22
Q

Application Layer

A

S/MIME (Secure MIME)
Protocol that secures e-mail using the Rivest-Shamir-Adleman encryption system
SET (Developed by Visa and MasterCard to authenticate both sender and receiver; uses digital certificates and signatures to provide data confidentiality and integrity) (dual action, two-way protocol)
PEM (developed by IETF for secure e-mail)

23
Q

SDLC-HDLC

A

Synchronous Data Link Control (SDLC) (Developed by IBM to ease connections to mainframe computers)(Submitted to ISO who took and expanded it to form HDLC)
High-level Data Link Control (HDLC)(Derived from SDLC, HDLC provides both point-to-point and multipoint configurations) USED for WAN and Mainframe connections

24
Q

Frame Relay

A
High performance WAN protocol
Cost efficient data transfer
uses NO error correction
if receive defective packet discard it and have it retransmitted
cheaper to resend packet
25
Q

ISDN

A

Integrated Services Digital Network (ISDN)
Service that allows voice and digital to b e combined on same channel
Combination of digital telephony and data trasport services
Target of this was small businesses
Allows voice and digital communication over existing wires
2 basic variations-1-Basic Rate Interface (BRI) and 2-Primary Rate Interface (PRI)
for Small business and large businesses
BRI got two 64-KB channels and one 16-KB channel or 128-KB Channel
PRI got twenty-three 64-KB channel and one 16-KB Channel (or mix as desired)

26
Q

X.25

A

The first packet-switching network
Each packet can take a different route through a network (use smaller packets) (determine best route to take with least conjestion)
Point-to-point communication between DTE and DCE
DTE (Data Terminal Equipment) (your computer)
DCE (Data Circuit-terminating Equipment) (entry point to packet switch network)
Idea was that the X.25 would support a virtual connection between two Data Terminal Equipment Nodes

27
Q

Security Techniques

A
Tunneling
Network Monitors
Transparency
Hash Totals
E-mail Security
Facsimile Security
Voice Communication
28
Q

Tunneling

A

Use the Internet to create a virtual private line
PPTP and L2TP are common protocols
Tunneling almost always uses VPN
Encrypted connections over a public network creates creates a secure VPN

29
Q

Network Monitors

A

Tunneling and VPNs are techniques used to set up a network environment to provide security
1-Network Monitors and 2-Packet Sniffer (Ensure security and monitor activity on the network) (Tools to capture and analyze network packets) (1-Analyze network traffic, 2-search for unauthorized packets, 3-detect anomalous activities
NAT (Network Address Translation) (on routers) (Translates nonroutable IP behind a firewall to routable addresses; hides true machine IP addresses) (192.168.. or 10.0.0.*)

30
Q

Transparency

A

An OS feature that allows users to access resources without knowing whether the resource is local or remote
Mapped Drive
Printer (often configured as remote printers)
Makes it very easy to secure and centrally administer many data repositories, printers, modems, or other devices that multiple users need to access

31
Q

Hash Totals

A
A mathematically generated unique value from a string of text (Used in cryptography and when file integrity must be ensured)
Hash totals are used not only in end-to-end communication, but also in lower-level protocols to guarantee the integrity
A hash total is a one-way type of algorithm
Error Correction (adds more to each message; recipient can re-create original block of text; small or medium networks and large packets)
Retransmission (small or large networks and small packets)
32
Q

E-mail Security

A

e-mail protocols (SMTP-Simple Mail Transfer Protocol (forwards mail from one mail server to another mail server NOT to a client))
To download messages from a mail server to a client
POP (POP3) Post Office Protocol (automatically downloads all messages) (Therefore not able to access e-mail from another machine if already downloaded)
IMAP (Internet Message Access Protocol (allows you to view headers from e-mails to select which ones to download and remove from the server)
Mail Servers are the entry point into the e-mail system
Mail Client is the software for writing e-mail
Send mail to the mail server using SMTP protocol
Mail Server looks at the To: address and figures out where to send it next
When it reaches the destination it is head in queue until accessed or downloaded
Relay agents will relay messages from one mail server to another
Messages are very easily spoofed (e-mail, by default, is all text-based; be comfortable with how e-mail headers work and how to detect spoofed e-mails)
By default, e-mails sends in-the-clear payloads (clear, plain text)

33
Q

Facsimile Security

A

Faxing can be insecure
The standards in place assume that every end-to-end fax will start off at an insecure fax macnine and end up at an insecure fax machine
Very few fax machines are capable of supporting secure encryptions mechanisms
Any images scanned may be stored
Physical access to receiving device
Without encryption, fax data can be intercepted and interpreted by any other machine

34
Q

Voice Communication

A

Standard voice communication can be easy to intercept
When transmitting voice over digital media, it allows for the same security as sending regular messages (Ensure Confidentiality and Integrity
Voice over IP (VOIP)

35
Q

Common Network Attacks

A
Network Abuses
ARP
DoS-DDoS
Flooding
Spoofing
Spamming
Eavesdropping
Sniffers
36
Q

Network Abuses

A

Class A - Unauthorized access of restricted network resources
Class B - Unauthorized use of network resources for nonbusiness purposes
Class C - Eavesdropping
Class D - Denial of Service and other distruptions
Class E - Network Intrusion
Class F - Probing (not illegal but like casing neighborhood)

37
Q

ARP

A

Address Resolution Protocol (takes a MAC (Media Access Control) address (physical address) and relates that to an IP address
Every NIC has a hard-coded address (MAC)
ARP resolves MAC and IP addresses “Who is MAC address XXX? I am IP XXX.
Reverse ARP ask for IP “Tell me your MAC”
ARP table built
ARP table poisoning (having a MAC address sent to the wrong IP address)

38
Q

DoS-DDoS

A

Denial of Service (Many variations; Basic goal is to render a machine/network unavailable)
Distributed Denial of Service
Similar to DoS attack, but the attacker uses multiple machines to launch the attack
This is reason to have firewall to limit packets coming in and being sent out

39
Q

Flooding

A
Sending large numbers of packets to the victim machine
SYN flood (Send multiple SYN packets without responding to the victim's ACKs)
40
Q

Spoofing

A

Using counterfeit information to forge the sender’s identification (IP/MAC address or TCP sequence number (used to hijack sessions and launch DoS or DDoS attacks))

41
Q

Spamming

A

Floods mail servers with useless messages

42
Q

Eavesdropping

A

Reading messages not intended for you (Voice messages, e-mail messages, reassembled packets)

43
Q

Sniffers

A

Easest way is to put a NIC in Promiscuous Mode
capturing packets that pass by
Defense is to make all packets encrypted