Small Sys Final
Card Set Information
Small Sys Final
common network protocols ICMP DNS
common network protocols ICMP DNS
What are Protocols?
Rules of conduct and communication.
Essential for proper communication between network devices.
What are the 2 most common types of protocol?
Transmission Control Protocol/Internet Protocol (TCP/IP).
Used for local area networks and the Internet.
What layer does IP function at?
Network Layer - layer 3 on OSI model
What layer does TCP function at and what does it do?
Transport Layer protocol - layer 4.
Establishes connections and reliable data transfer between devices.
What type of architecuture does the TCP/IP model use? Name the parts.
Four layer architecture.
Network Interface, Internet, Transport, Application
What type of architecture does the OSI (open systems interconnection) model use?
Name the parts
2. Data Link
What does ICMP stand for? What is it, what is it used for?
Internet Control Message Protocol.
One of the core protocols of TCP/IP.
Used by devices to communicate updates or error information to other devices.
Used to relay query messages.
What do the ICMP message fields consist of?
Type (8-bit), identifies general message category.
Code (8-bit), gives additional information about the Type field.
Checksum (16-bit), verifies message intergrity.
What are some attacks that use ICMP?
Smurf DoS attack.
ICMP redirect attack.
Ping of death.
What does SNMP stand for? What does it do?
Simple Network Management Protocol.
Introduced in 1988 and supported by most network equipment manufacturers.
Allows administrators to remotely monitor, manage and configure network devices.
Each SNMP-managed device has an agent or service that listens for and executes commands.
True/False - Each SNMP managed device has an agent or service.
It listens for and executes commands.
SNMP agents are password protected. What is the Password known as?
Security vulnerablities were present in SMNP versions 1 and 2. When was Version 3 introduced and what changes were made?
Introduced in 1998.
It uses usernames and passwords along with encryption to address vulnerabilities.
What does DNS stand for? What does it do?
Domain Name System.
Its a TCP/IP protocol that maps IP addresses to their symbolic name.
Database with name of each site and corresponding IP number.
Database is distributed to many different servers on the Internet.
DNS can be the focus of attacks. What does DNS poisoning do?
DNS poisoning substitutes fraudulent IP addresses.
Can be done in local host table or external DNS server.
Latest edition of DNS software prevents DNS poisoning.
What does Zone Transfer do in terms of DNS?
Zone Transfer allows attacker access to network, hardware, and operating system information.
What are the TCP/IP protocols used for transferring files?
File Transfer Protocol (FTP)
Secure Transfer Protocol (SCP)
Methods for using FTP on a local host computer are:
What are the FTP vulnerabilities?
Does not use encryption.
Files transferred using FTP vulnerable to man-in-the-middle attacks.
What are the secure transmission options over FTP?
Secure sockets layer (FTPS) encrypts commands.
Secure FTP (SFTP).
What is SCP? stand for? where found?
Secure Copy Protocol.
A type of FTP.
Its a enhanced version of Remote Copy Protocol.
Encrypts files and commands.
File transfer cannot be interupted and resumed.
Found mainly on Linux and UNIX platforms.
What is current version of IP protocol? When developed? How many IP addresses?
Developed in 1981.
4.3 billion IP addresses.
It has security weaknesses.
What is the newer version of IP protocol?
IP version 6 (IPv6).
Addresses weaknesses of IPv4.
Next gen of IP protocol.
What are the security features of IPv6?
New authentication headers prevent IP packets from being altered.
What are the Securing Router Configuation tasks?
Create a design.
Use a meaningful router name.
Secure all ports.
Set a strong administrator password.
Make changes from the console.
What does a Flood Guard do? Where are they found?
Protects against DoS attacks.
Controls device's tolerance for unanswered service requests.
Commonly found on firewalls, IDSs and IPSs.
True/False - Router operates at Network Layer, layer 3.
What does a Log Analysis do? Why is it useful?
Log records events that occur.
Monitoring logs can be useful in determining how attack occured.
What are the types of security hardware logs?
What is Network Separation? How is it accomplished?
Provides separation between different parts of the network.
Physically separate users by connecting them to different switches and routers.
Air gap switch.
What does Loop Protection do and how?
Prevents broadcast storms.
Uses IEEE 802.1d spanning tree algorithm.
Determines which switch has multiple ways to communicate with host.
Determines best path and blocks other paths.
State General Principles for managing VLANs.
A VLAN should not communicate with another VLAN unless they are both connected to a router.
Configure empty swithc ports to connect to an unused VLAN.
Different VLANs should be connected to different switches.
Change any default VLAN names.
Configure switch ports that pass tagged VLAN packets to explicitly forward specific tags.
Configure VLANs so that public devices are not on a private VLAN.
State Disabling Unused Ports princinples.
Turn off port not required on a network.
Often overlooked security technique.
Switch without prot security allows attackers to connect to unused ports and attack network.
All ports should be secured before switch is deployed.
Network administrator should issue shutdown command to each unused port.
What does MAC limiting and filtering do?
Filers and limits number of media access control (MAC) addresses allowed on a port.
Port can be set to limit of 1.
Specific MAC address can be assigned to a port, enable only single authorized host to connect.
What are the MAC limiting and filtering configuration options?
Static - MAC addresses are manually entered adn then stored on the device.
Dynamic - MAC addresses are automatically learned and stored, when switch restarts the settings are erased.
Sticky - MAC addresses are automatically learned and stored along with any addresses that were learned prior to using the Sticky configuration
What are the two types of Bluetooth (uses Personal Area Network) network topologies?
Describe Piconet attack.
Established when two Bluetooth devices come within range of each other.
One device (master) controls all wireless traffic.
Other device (slave) takes commands. Active slaves can send transmissions. Parked slaves are connected but not actively participating.
Describe Scatternet attack.
Group of piconets with connections between different piconets.
What are some Wireless attacks?
What is Bluejacking?
Attack that sends unsolicited messages to Bluetooth enable devices. (text, image, sound messages)
Considered more annoying than harmful since no data is stolen.
What is Bluesnarfing?
Unauthorized access to wireless information through a Bluetooth connection; often between cell phones and laptops.
Attacker copies emails, contacts, or other data by connecting to the Bluetooth device without owner's knowledge.
What is IEEE?
Institute of Electrical and Electronics Engineers.
Organization for computer networking and wireless communications. Dates back to 1884.
What are the types of WLAN (wireless local area network) attacks?
Discovering the network.
Attacks through the RF spectrum.
Attacks involving access points.
What is Discovering the Network attacks? What are examples of some?
One of the first steps in attack is to discover presence of a network.
: beaconing, war driving, war chalking
What is Beaconing?
Part of WLAN attack.
Access Point (AP) sends signal at regular intervals to announce its presence and provide connection information.
Wireless device scans for beacon frames.
What is War Driving? What are some War Driving tools?
Part of WLAN attack.
Process of passive discovery of wireless network locations.
: mobile computing device, wireless NIC adapter, antenna, software, GPS receiver.
What is War Chalking?
Part of WLAN attacks.
It is documenting and then advertising locatoin of wireless LANs for others to use.
Previously done by drawing on sidewalks or walls around the network area.
Today, locations are posted on Websites.
What are 2 attacks through the RF spectrum?
Wireless protocol analyzer.
Describe Wireless Protocol Analyzer.
Wireless traffic captured to decode and analyze packet contents.
Network interface card (NIC) adapter must be in correct mode.
Signals from other devices can cause interference with a WLAN. What are some of those devices?
Theft protection devices
What are 2 attacks using access points?
Rogue access points.
Describe Rogue Access Point.
Unauthorized access point that allows attacker to bypass network security configurations.
Maybe set up behind a firewall, opening the network to attacks.
Describe Evil Twin attack.
AP set up by an attacker.
Attempts to mimc an authorized AP.
Attackers capture transmissions from users to evil twin AP.
What is a method of controlling WLAN access?
Limit a device's access to AP.
MAC address filtering is used by nearly all wireless AP vendors. What some of vulnerabilities of it?
Addresses exchanged in unencrypted format.
Attacker can see address of approved device and substitute it on his own device.
Managing large number of addresses is challeging.
True/False - Each device must be authenticated prior to connecting to the WLAN.
Describe Open System Authentication.
Device discovers wireless network and sends association request frame to AP.
Frame carries Service Set Identifier (SSID).
AP compares SSID with actual SSID of network, if the two match, wireless device is authenticated.
What is SSID?
Service Set Identifier.
User-supplied network name.
Can be any alphanumeric string 2-32 characters long.
How strong is Open System Authentication?
It is WEAK.
Basesd only on match of SSIDs.
Attacker can wait for the SSIDs to be broadcast by the AP.
True/False - Users can configure APs to prevent beacon frame from including the SSID.
but provides only a weak degree of security.
Can be discovered when transmitted in other frames.
Older versions of Windows XP have an added vulnerability if this approach is used.
What is WEP?
Wired Equivalent Privacy
IEEE 802.11 security protocol.
It encrypts plaintext into ciphertext.
Secret key is shared between wireless client device and AP, key used to encrypt and decrypt packets.
What are WEP vulnerabilities?
WEP can only use 64-bit or 128-bit number to encrypt, initialization vector (IV) is only 24 of those bits and short length makes it easier to break.
Violates cardinal rule of cryptography
: avoid a detectable pattern.
Attackers can see duplication of IVs start repeating.
Describe a Keystream attack or IV attack.
Attacker identifies two packets derived from same IV.
Uses XOR to discover plaintext.
IEEE and Wi-Fi Alliance began developing wireless security solutions. What are the standards used today?
WPA and WPA2
What is WPA? When introduced? Goal?
Wi-Fi Protected Access.
Introduced in 2003 by WiFi Alliance.
: protect present and future wireless devices.
Uses Temporal Key Integrity Protocol (TKIP) Encryption.
What is TKIP?
Temporal Key Integrity Protocol Encryption.
Uses longer 128 bit key than WEP.
Dynamically generated for each new packet.
In relation to WPA, what is PSK? How's it work?
Preshared Key Authentication.
After AP configured, client device must have same key value entered.
Key is shared prior to communication taking place.
Uses a passphrase to generate encryption key, must be entered on each AP and wireless device in advance.
Not used for encryption, serves as starting point for mathematically generating the encryption keys.
What are WPA vulnerabilities?
: key sharing is done manually without security protection.
keys must be changed on a regular basis
key must be disclosed to guest users.
: PSK passphrases of fewer than 20 characters subject to cracking.
What is WPA2? Introduction?
Second generation of WPA known as WPA2.
Introduced in 2004.
Uses Advanced Encryption Standard (AES).
Supports both PSK and IEEE 802.11x authentication.
(WPA2) What is AES-CCMP Encryption?
Advanced Encryption Standard.
Encryption protocol standard for WPA2.
CCM is algorithm providing data privacy.
CBC-MAC component of CCMP provides data integrity and authentication.
(WPA2) AES encryption and decryption should be performed where? why?
In hardware because of its computationally intensive nature.
(WPA2) Describe IEEE 802.1x authentication.
Originally developed for wired networks.
Provides greater degree of security by implementing port security.
Blocks all traffic on a port by port basis until client is authenticated.
(WPA2) Describe EAP.
Extensible Authentication Protocol.
Framework for transporting authentication protocols.
Defines message format and uses 4 types of packets; Request, Response, Success, Failure
(WPA2) Describe LEAP.
Proprietary method developed by Cisco Systems.
Requires mutual authentication used for WLAN encryption using Cisco client software.
Can be vulnerable to specific types of software and is no longer recommended by Cisco.
(WPA2) Describe PEAP.
Simplifies deployment of 802.1x by Microsoft Windows logins and passwords.
Creates encrypted channel between client and authentication server.
What are some rogue AP discovery tools?
Security personnel can manually audit airwaves using wireless protocol analyzer.
Continuously monitoring the RF airspace using a wireless probe.
Types of wireless probes- Wireless deviec probe, Desktop probe, AP probe, Dedicated probe
In terms of other wireless security steps, describe Antenna Placement.
Locate near center of coverage area.
Place high on a wall to reduce signal obstructions and deter theft.
In terms of other wireless security steps, describe Power Level controls.
Some APs allow adjustment of the power level at which the LAN transmits.
Reducing power allows less signal to reach outsiders.
Ture/False - Organizations are becoming increasingly concerned of rogue APs.
Bluetooth is a....
wireless technology using short-range RF transmissions.
IEEE had developed ___ wireless LAN standards to date, ___ of which are popular today.
4 - IEEE 802.11 a/b/g/n
___ and ___ have become the foundations of wireless security today.
Other steps to protect a wireless network include:
AP power level adjustment
Detecting rogue APs