lesson 3

Card Set Information

lesson 3
2015-02-22 15:37:04
ST lesson
Savannah Tech lesson three
Show Answers:

  1. is a set of rules that define and control the interactions between two communicating entities, like two computers, modems, routers, or other types of hardware or software.
    Network Protocol

    When one device communicates with another, the transmissions between them must conform to the specific format, length, and structure of a common protocol, regardless of whether the devices are directly connected or remote to one another across a network. In very simple terms, a protocol is a common language between the devices.
  2. Is a suite of protocols that includes a variety of communications and networking protocols. These protocols provide the capabilities to initiate, facilitate, manage, maintain, and troubleshoot network communications.
    TCP/IP (Transmission Control Protocol/Internet Protocol)

    The best way to understand the purpose and application of the TCP/IP protocols is by their function.
  3. What are the protocols associated with the Network Layer of the OSI (Open Systems Interconnection) Layer?
    • Internet Protocol version 4 (IPv4)
    • Internet Control Message Protocol (ICMP)
    • Internet Protocol version 6 (IPv6)
  4. What are the protocols associated with the Transport Layer of the OSI layer model?
    • Transmission Control Protocol (TCP)
    • User Datagram Protocol (UDP)
  5. What are the protocols associated with the Application Layer of the OSI layer model?
    • Domain Name System (DNS)
    • Simple Network Management Protocol (SNMP)
  6. is a connection-oriented protocol that manages the transmission of data between two communicating stations. It provides reliable, guaranteed transmission and receipt of data between a source and a destination.  It requires an acknowledgement for each packet before transmitting any additional messages.
    TCP (Transmission Control Protocol)
  7. The workhorse protocol of the internet. It defines logical addressing (IP addresses) and the use of logical addressing for identifying networks and hosts across a network.  There are two active versions 4 and 6...no 5.
    Internet Protocol (IP)
  8. is still the predominant logical addressing scheme in use on LANs and WANs. However, its 32-bit structure (four 8-bit groupings, or octets) provides for only about 4.29 billion unique addresses.  At the time of its introduction, 4 billion addresses seemed like enough to handle Internet growth forever.
    IPv4 (Internet Protocol version 4)
  9. Defines a 128-bit address that allows for 2 to the 128th power unique logical addresses, which is more than 340 undecillion addresses.
    IPv6 (Internet Protocol version 6)
  10. NOTE: IPv4 and IPv6 are largely compatible at the host-level of a network. For this reason, local networks and hosts can continue to use IPv4 public or private addresses. However, at the router or gateway level, networks have already begun the conversion to IPb6, and eventually all border and edge network equipment will require IPv6.
  11. Ensures that data remains secure from the originating workstation or host through any routers and other network devices it passes through to the destination workstation or host.
    IPSec (PP Security)
  12. Other than the number of logical addresses, what is the difference between IPv4 and IPv6?
    IPv6 comes with a non-optional IPSec

    Because of the strong need for security in IPv4, IPSec was adapted for use with IPv4, bit its use is optional. The IPv4 implementation of IPSec provides security only between the edge routers of separate networks.
  13. NOTE: An edge router (also called an access router or a border router) is the first or last router in a single provider or organization's network. It's the first router inbound traffic encounters, as well as the router from which traffic departs for another network. Edge routers typically run a version of the Border Gateway routing protocol.
  14. What are the other differences between IPv4 and IPv6?
    • IPv4                            
    • -IPSec is optional  
    • IPv6
    • -IPSec support is required
    • IPv4
    • -Routers and the sending host fragment packets
    • IPv6
    • -Routers do not support packet fragmentation. The sending host fragments packets.
    • IPv4
    • -Header includes a checksum
    • IPv6
    • -Header does not include a checksum
    • IPv4
    • -Uses broadcast addresses to send traffic to all nodes on a subnet.
    • IPv6
    • -Uses a link-local scope all-nodes to multicast address.
    • IPv4
    • -Configured through DHCP
    • IPv6
    • Does not require DHCP
  15. Is the TCP/IP service that converts human-friendly domain names (such as ed2go.com) into their IP address equivalents (such as
    DNS (Domain Name System)
  16. DNS comes up in the context of security as a means of attack. What are the three primary types of DNS attacks, which are all variations of a man-in-the-middle attack?
    • -DNS Spoofing
    • -DNS ID hacking
    • -DNS cache poising
  17. In this type of attack, a DNS server accepts and uses incorrect information from a host that has no authority to provide that information.  A non-DNS server spoofs itself to be one and uses cache poisoning to direct DNS to request traffic to itself.
    DNS Spoofing
  18. NOTE: When a browser sends a request to a DNS server for a website's IP address, DNS assigns an ID number to the request. When the DNS server responds to the request, it includes this ID number so that the requesting workstation can verify the response by comparing the numbers. If the ID numbers match, the DNS response is valid.
  19. Where a hacker uses a packet analyzer (packet sniffer) to capture and examine DNS request originating from a particular computer or network to extract the ID number assigned to the request. The hacker is then able to redirect the requesting computer to a different website by responding to the DNS request with a matching ID number but an alternate IP address.
    DNS ID Hacking
  20. An attacker falsifies the information in a DNS server, typically mapping a domain name to an IP address other than its actual one. This causes the DNS server to direct request for a particular domain name to an incorrect IP address.
    DNS cache poisoning
  21. is a core TCP/IP protocol that carries error and informational messages between network devices.
    Internet Control Message Protocol (ICMP)
  22. Since ICMP packets, which transmit through IP, don't guarantee delivery, some ICMP packets may not arrive at their destinations. What are 7 examples of ICMP message types?
    • -Destination unreachable
    • -Echo
    • -Parameter problem
    • -Redirect
    • -Source quench
    • -Synchronize (SYN)
    • -Time exceeded
  23. Transmitted to the network when a packet or datagram fails to reach its destination address.
    Destination Unreachable
  24. Requests that a receiving network send back an acknowledgment to confirm that the transmitted ICMP message actually reached its destination. This ICMP message type is what the ping command uses.
  25. Any situation not specifically covered by another ICMP message type uses this generic catchall message type.
    Parameter Problem
  26. A router is able to provide feedback to the network about better routes to a host.
  27. Alerts a transmitting device to slow down its transmission rate for the datagrams it sends.
    Source Quench
  28. A request to open a new connection to a server from the source IP address. In a DoS attack, a router or server is flooded with SYN messages that contain a spoofed address, which doesn't reply to acknowledgement requests, thereby tying up the server.
    Synchronize (SYN)
  29. Sent when a datagram has been on the network too long or takes too long during reassembly of received fragments. Time exceeded packets relate to the TTL counter in a packet.
    Time exceeded.
  30. Is the standard protocol for managing network devices on TCP/IP networks. Virtually all network devices, including routers, switches, servers, workstations, printers, and modem racks, support this. Its most common use is for monitoring the condition and operational status of network devices.
    Simple Network Management Protocol (SNMP)
  31. NOTE: Three versions of SNMP exist: SNMP version 1 (SNMPv1), SNMP version 2c (SNMPv2c) and SNMP version 3 (SNMPv3). Both SNMP versions 1 and 2c are vulnerable to packet sniffing because they transmit their "community" data strings in clear text. SNMPv3 implements encryption to prevent this. All of SNMP version are vulnerable to brute force and dictionary attacks for guessing community strings, authentication strings, authentication keys (passwords), and encryption keys.
  32. allows SCSI commands to be transmitted across IP networks, which can be used for data transfers over internal networks and the management of remote data storage functions. It provides a mechanism to move data across local networks and across the Internet as well as enabling site-independent data storage and retrieval. Is a storage area network (SAN) protocol that can provide the illusion of locally stored data that is retrieved from remote storage devices.
    Internet Small Computer System Interface (iSCSI)
  33. is a network technology that can run at speeds ranging from 2 to 16 gigabits per second and is commonly used to interconnect network storage devices in SANs. Although its name implies that it's a fiber-optic technology, it can also run on copper cabling.
    Fiber Channel (FC)
  34. is a Transport Layer protocol, similar to TCP on an IP network, that transports SCSI commands on an FC network.
    Fibre Channel Protocol (FCP)
  35. allows FC-constructed network segments to be transmitted over an Ethernet network. This protocol is commonly used for SANs on local networks. Because it runs directly above the Ethernet in the protocol stack, it is not routable across IP networks.
    Fibre Channel over Ethernet (FCoE)
  36. provides authentication and encryption of all IP packets in a communication session, establishes mutual authentication between transmitting agents, and negotiates the cryptographic keys for use in a communication session. It protects data streams between hosts, network gateways, or a combination of the two, making it an end-to-end security scheme.
    IPSec (Internet Protocol Security)
  37. In addition to IPSec, what are three of the other security systems in general use?
    • -Secure Sockets Layer (SSL)
    • -Transport Layer Security (TLS)
    • -Secure Shell (SSH)
  38. is an Application-Layer security protocol that cryptographically protects documents transmitted on a network. Its supported by virtually all major web browsers. It uses three layers of encryption for a packet: asymmetric cryptography for the encryption key exchange, symmetric cryptography for packet segments from any layer above the Transport layer, and message authentication codes to ensure message reliability.
    Secure Sockets Layer (SSL)
  39. Is an enhancement of SSL. It uses the same three layers of packet encryption as SSL.
    Transport Layer Security (TLS)
  40. is a network protocol that provides for secure data communications, remote command execution, and shell services on remote computers by creating a secure communication channel between one computer running an SSH server and another running an SSH client. SSH, which replaces Telnet and other insecure remote computing access methods, encrypts the data transmitted between the client and server.
    Secure Shell (SSH)
  41. NOTE: IPSec operates on the Network layer and protects application-oriented message traffic on an IP network.  Applications operating on a network employing IPSec need no adjustments to be under the protection of IPSec. However, applications that use either TLS or SSL require coding to support its inclusion.
  42. This command uses SSH to transfer data, so it requires a password or passphrase for authentication. It is similar to the UNIX/Linux remote copy (RCP). It copies files between hosts on a network using SSH to authenticate and protect the file.
    Secure Copy (SCP)
  43. is a secure file transfer protocol under SSH. It's often mistaken for FTP over SSH or FTP secure (it is neither). Using SSH for authentication and encryption of the data, file, or directory, it assures private data transfers between hosts.
    SSH File Transfer Protocol (SFTP)
  44. Another file transfer protocol, which is also not FTP Secure, but is perhaps the closest protocol to what that implies. It provides for server-to-server file transfers using SSL/TLS security.
    FTP over SSL/TLS (FTPS)
  45. Combines the functions of HTTP and SSL/TLS to provide data encryption and reliable authentication on the Web, frequently for the transfer of private information and financial transactions.
    Hypertext Transfer Protocol Secure (HTTPS)

    HTTPS is a different protocol than S-HTTP is an internet standard that is rarely used.
  46. What are the 8 types of Wireless Network Security Protocol?
    • -IEEE 802.11i
    • -AES
    • -WEP
    • -TKIP
    • -CCMP
    • -WRAP
    • -WPA and WPA2
    • -EAP
  47. defines the security measures for 802.11x wireless networks. It incorporates the 802.1x security standards, which include Advanced Encryption Standard (AES), Temporal Key Integrity Protocol (TKIP), Cipher-Block Chaining Messages Authentication Code Protocol (CCMP), and Wireless Robust Authenticated Protocol (WRAP). IEEE 802.11i protects the entire process of association, authentication, and message transmission
    IEEE 802.11i
  48. satisfies the high-level requirements of the Federal Information Processing Standard (FIPS) that U.S. government agencies follow. The AES encryption algorithm is a symmetric block cipher that's capable of processing 128-, 192-, and 256-bit keys to encrypt data blocks up to 128 bits in length.
    Advanced Encryption Standard (AES)
  49. This security protocol provides a security and privacy equivalent to that of a wired network. It secures the data in transmission by encrypting the data between the network adapters and access points.
    Wired Equivalent Privacy (WEP)
  50. What is a major limitation of WEP?
    A major limitation of WEP is its use of symmetric key encryption. This means that both ends of a wireless transmission must use the same key to encrypt and decrypt the message. This is a problem because both network adapters and access points use and store the same key. When encryption keys change, all network nodes receive the new key. Unless network administration updates the keys on a frequent but irregular basis, the same keys stay in use for extended periods, giving attackers the opportunity to intercept and defeat the encryption method.
  51. Provides dynamic encryption keys for each data packet; a message integrity check value (ICV), which is a form of checksum; and a mechanism for periodically assigning new keys to network stations. These features correct problems of WEP. It uses 128-bit temporal keys that combine with a wireless station's MAC address and a 16-octet IV to produce a key to encrypt the data payload of a frame using the RC4 algorithm. A temporal key is valid for just a certain time or a set number of packets. This type of temporal key is valid for 10,000 packets before it expires.
    Temporal Key Integrity Protocol (TKIP)
  52. Is a block-cipher protocol that performs both encryption and authentication. The encryption process uses any block cipher, such as AES or DES, in combination with a secret key for that cipher.
    Cipher-Block Chaining Message Authentication Code Protocol (CCMP)
  53. which is an encryption protocol. was the original AES-based authentication protocol for 802.11i but CCMP has made its use optional.
    WRAP  Wireless Robust Authentication Protocol
  54. is an interim standard before the release of the 802.11i standards. It includes most of the IEEE 802.11i standards and specifically incorporates TKIP.
    Wireless Fidelity (Wi-Fi) Protected Access Protocol (WAP)
  55. enhances WAP by replacing TKIP with AES and releasing both personal and enterprise versions, along with Wi-Fi for multimedia (WMM). AES requires firmware updates on many older wireless devices or those without the WPA2 certification.
  56. Provides security to point-to-point (PTP) communications. It is one of the authentication methods that implement the 802.1x security standards.
    Extensible Authentication Protocol (EAP)
  57. What are the 5 EAPoL available on WPA/WPA2 wireless devices?
    • -Message-Digest Algorithm (MD5)
    • -Protected Extensible Authentication Protocol (PEAP)
    • -Transport Layer Security (EAP-TLS)
    • -Tunneled Transport Layer Security (EAP-TTLS)
    • -Lightweight Extensible Authentication Protocol (LEAP)
  58. Provides only basic EAP support. In fact, because it provides only one-way authentication, it is not a good choice for a WLAN. It doesn't include mutual authentication between wireless stations and the WLAN, nor does it generate dynamic keys.
    Message-Digest Algorithm (MD5)
  59. Transports authentication data between wireless devices securely. It supports a variety of authentication protocols and creates a virtual tunnel between this type of node and the authentication server. It authenticates WLAN stations using server-side certificates, which can simplify the implementation and administration of a WLAN.
    Protected Extensible Authentication Protocol (PEAP)
  60. supports both certificate-based authentication and mutual authentication using client-side and server-side certificates. It can also dynamically generate user-based and session-based keys.
    Transport Layer Security (EAP-TLS)

    Other names for EAP-TLS authentication are Smart Card or Certificate authentication.
  61. is an extension of EAP-TLS that supports certificate-based, mutal authentication of a WLAN station and a WLAN employing an encrypted tunnel. It uses only server-side certificates.
    Tunneled Transport Layer Security (EAP-TTLS)
  62. is a Cisco systems WLAN authentication method that provides mutual authentication and dynamic keys. Each time a client authenticates, it acquires a new dynamic key. It can use dynamic WEP or TKP keys.
    Lightweight Extensible Authentication Protocol (LEAP).
  63. verify that data from a website or a WLAN station is from the actual source and not an impostor. The certificate verifies that the requested source is in fact the responding source.
    Server-side digital certificate
  64. is essentially the same as a server-side certificate. The difference lies in its use. This certificate requires that each node or user have a unique certificate, which verifies that the source's identity is not an impostor and is exactly who it claims to be.
    Client-side certificate
  65. Most wireless access points or routers routinely transmit the network identity in the form of the network's ______________ every few seconds.  This is actually a protocol-based activity rather than a protocol itself. While this practice is great for roaming wireless devices, in most cases, WLANs don't have roaming nodes, the broadcasting this makes it easier for hackers to break into the WLAN. If broadcasting this isn't necessary, disable the function.
    Service Set Identifier (SSID)
  66. Note: In the context of TCP/IP networks, a port is a logical connection endpoint that points to a specific server program on a network.
  67. is unique in that it uses two separate ports, one for the transfer of data (port 20) and one for the transfer of command and control messages (port 21).
    File Transfer Protocol (FTP)
  68. contains a suite of security functions, including FTPS (FTP on SSH), SFTP (Secure FTP), and SCP (Secure Copy), all of which operate on port 22.
    Secure Shell (SSH)
  69. uses port 80
    Hypertext Transfer Protocol (HTTP)
  70. uses port 443
    HTTPS (HTTP Secure)
  71. This service provides applications with the capability to communicate host-to-host on a LAN. It uses two ports, one for the NetBIOS name service (port 137), which is like DNS for LANs, and one for the NetBIOS datagram service (port 139).
    Network Basic Input Output System (NetBIOS)
  72. Which is a very insecure method to transfer data, uses port 23.
  73. is a simple and insecure version of FTP. uses port 69
    Trivial FTP (TFTP)
  74. Which of the active versions of IP requires the use of IPSec?
    A. IPv5
    B. IPv2
    C. IPv4
    D. IPv6
    (this multiple choice question has been scrambled)
  75. Which version of SNMP implements encryption to prevent packet sniffing?
    A. All SNMP version include encryptions
    B. SNMPv3
    C. SNMPv1
    D. SNMPv2c
    D. SNMPv3
    (this multiple choice question has been scrambled)
  76. Which two well-known ports support FTP?
    A. Ports 20 and 21
    B. Ports 21 and 22
    C. Ports 22 and 23
    D. Ports 80 and 443
    A. Ports 20 and 21
    (this multiple choice question has been scrambled)
  77. What secure wireless networking protocol replaced WEP?
    A. WEP2
    B. WPA
    C. WPA2
    D. WAP
    B. WPA
    (this multiple choice question has been scrambled)
  78. What authentication protocol does the IEEE 802.1x security standard define?
    A. EAP
    B. SNMP
    C. AES
    D. TKP
    A. EAP
    (this multiple choice question has been scrambled)