Security+ Chapter 3

Card Set Information

Security+ Chapter 3
2013-12-21 17:48:16
Security Chapter
Security+ Chapter 3
Show Answers:

  1. TCP.
    Transmission Control Protocol provides connection-oriented traffic (guaranteed delivery). To start a TCP session, the client sends a SYN (synchronize)packet. The server responds with a SYN/ACK (synchronize/acknowledge) packet, and the client completes the third part of thehandshake with an ACK packet. At this point, the connection is established.
  2. UDP. User Datagram Protocol
    provides connectionless sessions (without a three-way handshake). ICMP traffic andaudio and video streaming use UDP. Many network-based denial-of-service (DoS) attacks use UDP. All TCP/IP traffic is eitherconnection-oriented TCP traffic or connectionless UDP.
  3. IP. The Internet Protocol
    identifies hosts in a TCP/IP network and delivers traffic from one host to another using IPaddresses. IPv4 uses 32-bit addresses represented in dotted decimal format, such as IPv6 uses 128-bitaddresses using hexadecimal code such as: FE80:0000:0000:0000:20D4:3FF7:003F:DE62
  4. ARP. Address Resolution Protocol
    resolves IP addresses to media access control (MAC) addresses. MACs are also calledphysical addresses, or hardware addresses. TCP/IP uses the IP address to get a packet to a destination network, but once itarrives on the destination network, it uses the MAC address to get it to the correct host. In other words, ARP is required oncethe packet reaches the destination subnet. ARP poisoning uses ARP packets to give clients false hardware address updates andcan be used to redirect or interrupt network traffic.
  5. ICMP. Internet Control Message Protocol
    is used for testing basic connectivity and includes tools such as ping,pathping, and tracert. As an example, ping can check for basic connectivity between two systems. Many DoS attacks use ICMP.Because of how often ICMP is used in attacks, it has become common to block ICMP at firewalls and routers, which disables a pingresponse. Blocking ICMP prevents attackers from discovering devices in a network with a host enumeration sweep.
  6. Many DoS attacks use ICMP
    Many DoS attacks use ICMP, so it is common to block ICMP at firewalls and routers. If ping fails, but otherconnectivity to a server succeeds, it indicates that ICMP is blocked.
  7. SSH. Secure Shell
    can be used to encrypt a wide variety of traffic, such as Telnet, Secure Copy (SCP), and Secure FileTransfer Protocol (SFTP). UNIX and Linux administrators often use SSH to remotely administer these systems. When traffic isencrypted with SSH, it uses port of 22.
  8. SCP. Secure Copy
    is based on SSH. Users can use SCP to copy encrypted files over a network. SCP uses port 22.
  9. SSH encrypts a wide variety of traffic and uses port 22 in each implementation. It
    SSH encrypts a wide variety of traffic and uses port 22 in each implementation. It encrypts FTP traffic (asSFTP) using port 22 instead of the FTP ports of 20 and 21.
  10. SSL. The Secure Sockets Layer
    protocol secures HTTP traffic as HTTPS. SSL can also encrypt other types of traffic suchas LDAP. SSL uses port 443 when encrypting HTTP, and port 636 when encrypting LDAP/SSL (LDAPS).
  11. TLS. Transport Layer Security
    protocol is the designated replacement for SSL. At this point, you can use TLS instead ofSSL in just about any application. For example, TLS can encrypt HTTP traffic as HTTPS (on port 443), and LDAP traffic asLDAP/TLS (LDAPS) on port 636. Notice that LDAPS can use either SSL or TLS and both use port 636.
  12. IPsec. Internet Protocol security
    security is used to encrypt IP traffic. It is native to IPv6 but also works with IPv4. IPsecencapsulates and encrypts IP packet payloads and uses tunnel mode to protect virtual private network (VPN) traffic. IPsecincludes two components: Authentication Header (AH), identified by protocol ID number 51, and Encapsulating Security Payload(ESP), identified by protocol ID number 50.
  13. SSL and TLS encrypt traffic, including traffic over the Internet.
    IPsec includes ESP to provide payloadencryption and AH to provide authentication and integrity. IPsec is built into IPv6 but can also work with IPv4.
  14. HTTP. Hypertext Transfer Protocol
    is used for web traffic on the Internet and in intranets. Web servers use HTTP totransmit web pages to client’s web browsers. Hypertext Markup Language (HTML) is the common language used to display theweb pages. HTTP uses port 80.
  15. HTTPS. HTTP Secure
    secures web traffic by transmitting it in an encrypted format. Web browsers commonly indicatethat a secure session is using HTTPS by displaying a lock icon and with HTTPS in the URL. HTTPS is encrypted with either SSL orTLS and it uses port 443.
  16. FTP. File Transfer Protocol
    uploads and downloads files to and from an FTP server. By default, FTP transmits data inclear text, making it easy for an attacker to capture and read FTP data with a sniffer or protocol analyzer. FTP active mode usesport 20 for data and port 21 for control signals. FTP passive mode uses port 21 for control signals and a random port for data.FTP uses TCP.
  17. SFTP. Secure FTP
    is a secure implementation of FTP. It is an extension of Secure Shell (SSH) using SSH to transmit thefiles in an encrypted format. SFTP transmits data using port 22.
  18. FTPS. FTP Secure
    is an extension of FTP and uses SSL or TLS to encrypt FTP traffic. Some implementations of FTPS useports 989 and 990.
  19. TFTP. Trivial File Transfer Protocol
    uses UDP and is used to transfer smaller amounts of data, such as whencommunicating with network devices. Many attacks have used TFTP, but it is not an essential protocol and can often be disabled.TFTP uses UDP port 69. In contrast, FTP uses TCP ports 20 and 21.
  20. HTTP and HTTPS use ports 80 and 443 and transmit data over the Internet in unencrypted and encryptedformats, respectively.
    FTP supports uploading and downloading files to and from an FTP server using ports 20 and21. FTP uses TCP (ports 20 and 21) and TFTP uses UDP (ports 69). SFTP uses SSH to encrypt FTP traffic anduses port 22. FTPS uses SSL to encrypt FTP traffic.
  21. Telnet.
    Telnet is frequently used to connect to remote systems or network devices over a network. Telnet has acommand line interface, and many administrators use Telnet to connect to routers and make configuration changes. Telnettransmits data in clear text, making it vulnerable to sniffing attacks, but you can use SSH to encrypt Telnet. Telnet uses port 23,or port 22 when encrypted with SSH.
  22. SNMP. Simple Network Management Protocol
    is used to monitor and manage network devices such as routers orswitches. This includes using SNMP to modify the configuration of the devices or have network devices report status back to acentral network management system. SNMP agents installed on devices send information to an SNMP manager via notificationsknown as traps (sometimes called device traps). The first version of SNMP had vulnerabilities, such as passing passwords acrossthe network in clear text. SNMP v2 and SNMP v3 are much more secure. SNMP uses port 161.
  23. DNS. Domain Name System
    is a service that resolves host names to IP addresses on the Internet and internalnetworks. DNS servers host the DNS service and respond to DNS queries. DNS uses port 53.
  24. NetBIOS. Network Basic Input/Output System
    is a name resolution service for NetBIOS names on internal networks. Incontrast, DNS resolves host names on the Internet and internal networks. NetBIOS also includes session services for both TCPand UDP communication. NetBIOS uses ports 137 through 139.
  25. LDAP. Lightweight Directory Access Protocol
    is the language used to communicate with directories such as Microsoft’sActive Directory or Novell’s Netware Directory Services (NDS). LDAP provides a single location for object management and it usesport 389. LDAP can be encrypted with either TLS or SSL and uses port 636 when encrypted.
  26. Kerberos.
    is the authentication protocol used in Windows domains and some UNIXenvironments. It uses a KDC to issue time-stamped tickets. Kerberos uses port 88.
  27. Microsoft’s SQL Server.
    SQL server is a server application that hosts databases accessible from web servers and awide array of applications. SQL server uses port 1433 by default.
  28. Remote Administration, Terminal Services, or Remote Desktop Services.
    Remote administration allows aclient to remotely access another system. Microsoft previously called this Terminal Services and then renamed it in Server 2008 R2to Remote Desktop Services. Microsoft’s Remote Assistance allows one user to assist another user remotely. Microsoft’s RemoteDesktop Protocol (RDP) allows an administrator to remotely administer servers from desktop computers. Terminal Services (andRemote Desktop Services) uses port 3389. Additionally, remote assistance uses the same protocol and port.
  29. SMTP. Simple Mail Transport Protocol
    transfers e-mail between clients and SMTP servers, and between SMTP servers.SMTP uses port 25.
  30. POP3. Post Office Protocol v3
    transfers e-mails from servers down to clients. POP3 uses port 110.
  31. IMAP4. Internet Message Access Protocol
    is used to store e-mail on an e-mail server. IMAP4 allows a user to organizeand manage e-mail in folders on the server. IMAP4 uses port 143.
  32. VPN)
    virtual private network
  33. PPP. Point-to-Point Protocol
    is used to create dial-up connections between a dial-up client and a remote access server,or between a dial-up client and an Internet Service Provider (ISP).
  34. IPsec. IPsec
    can be used as a remote access tunneling protocol to encrypt traffic going over the Internet. It uses theInternet Key Exchange (IKE) over port 500 to create a security association for the VPN.
  35. PPTP. Point-to-Point Tunneling Protocol
    is a tunneling protocol used with VPNs that has some known vulnerabilities.PPTP uses TCP port 1723.
  36. L2TP. Layer 2 Tunneling Protocol
    combines the strengths of Layer 2 Forwarding (L2F) and PPTP. L2TP is commonly usedwith IPsec for VPNs. Since NAT is not compatible with IPsec, L2TP/IPsec can’t go through a device running NAT. L2TP uses UDPport 1701.
  37. RADIUS. Remote Authentication Dial-In User Service
    provides central authentication to remote access clients. Whenan organization uses more than one remote access server, each remote access server can forward authentication requests to thecentral RADIUS server. RADIUS only encrypts passwords.
  38. TACACS/XTACACS. Terminal Access Controller Access-Control System
    Terminal Access Controller Access-Control System and Extended TACACS are older networkauthentication protocols. TACACS is generic, and XTACACS is proprietary to Cisco. TACACS uses UDP port 49.
  39. TACACS+
    TACACS+ is used as an alternative over RADIUS. Cisco VPN concentrators use TACACS+ and it encryptsthe entire authentication process. It uses multiple challenge responses for authentication, authorization, and audit (AAA).TACACS+ has wider uses including as an authentication service for network devices. TACACS+ uses TCP port 49.
  40. Subnetting
    • divides a single range of IP addresses into several smaller ranges of IP addresses. This is often
    • done to isolate traffic and increase efficiency. You don�t need to know how to subnet for the CompTIA
    • Security+ exam, but you should be familiar with the concept and how it can be used to isolate users onto
    • different subnets. Additionally, you should be able to identify valid IP addresses for computers within a subnet.
  41. Calculating Subnet IP A ddresses with a Calculator
    • Imagine that you have the same four IP addresses (,,,
    • with a subnet mask of The challenge is identifying which two are on the
    • same subnet. You need to convert the subnet mask and IP addresses to binary, and this section shows how to
    • do that with a calculator.
    • The first three decimals (192.168.1) are the same in each IP address. However, the fourth decimal is
    • different in each one, so you can focus on this last decimal for each (50, 100, 165, 189). Also, you only need to
    • focus on the last decimal in the subnet mask (192). You start by converting each to binary.
  42. Hub
    A hub has multiple physical ports used to provide basic connectivity to multiple computers. Hubs commonlyhave between four and thirty-two physical ports. In an Ethernet network, the hub would have multiple RJ-45ports used to connect to NICs on the host computers using twisted pair cable. Most hubs are active, meaningthey have power and will amplify the output to a set level.Hubs have zero intelligence.
  43. Switch
    A switch has the ability to learn which computers are attached to each of its physical ports. It then uses thisknowledge to create internal switched connections when two computers communicate with each other.
  44. VLAN
    A virtual LAN (VLAN) uses a switch to group several different computers into a virtual network. You cangroup the computers together based on departments, job function, or any other administrative need.
  45. Router
    Routers connect multiple network segments together into a single network and route traffic between the segments. As an example, the Internet is effectively a single network hosting billions of computers. Routers route the traffic from segment to segment.
  46. Access control lists (ACLs)
    are rules implemented on a router (and on firewalls) to identify what traffic is allowed and what traffic is denied. Rules within the ACLs provide rule-based management for the router and control inbound and outbound traffic.
  47. Network Address Translation (NAT)
    is a protocol that translates public IP addresses to private IP addressesand private addresses back to public. You’ll often see NAT enabled on an Internet-facing firewall.
  48. A proxy server
    forwards requests for services from a client. It can filter requests based on URLs, cache content, andrecord user’s Internet activity.
  49. DMZ
    A DMZ provides a layer of protection for servers that are accessible from the Internet.