CISSP (Domain 2 - Telecommunications and Network Security) Flashcards Preview

CISSP > CISSP (Domain 2 - Telecommunications and Network Security) > Flashcards

Flashcards in CISSP (Domain 2 - Telecommunications and Network Security) Deck (78)
Loading flashcards...
1
Q

Physical Layer (OSI)

A
  • Bits converted to electrical signal
2
Q

Data Link Layer (OSI)

A
  • Switching
  • MAC Address
  • Breaks data into frames for correct technology
  • Error detection
  • ARP, RARP
3
Q

802.5

A

Token Ring, FDDI

4
Q

802.11

A

Wireless CSMA/CD

5
Q

802.3

A

Ethernet

6
Q

Carrier Sense Multiple Access with Collision Detection (CSMA/CD)

A

Sends message, if collision detected, wait random time and resubmit (Ethernet)

7
Q

Carrier Sense Multiple Access with Collision Avoidance (CSMA/CA)

A

Sends message out to wire to see if its open, if open, send message (Wireless)

8
Q

Network Layer (OSI)

A
  • Routing
  • IP, ICMP, RIP, OSPF, BGP, IGMP
  • Inserts information into the packet header for routing
  • Only layer to provide confidentiality, authentication, and integrity with IPsec
9
Q

Transport Layer (OSI)

A
  • End to End transfer
  • Error control and recovery
  • Assembled into a stream
  • SSL, TCP, UDP, and SPX
10
Q

Session Layer (OSI)

A
  • E2E communication between applications
  • Session setup and tear down
  • DNS, NFS, SQL, and RPC
11
Q

Presentation Layer (OSI)

A
  • Translate message into a standard format
  • GIF, TIFF, JPG
  • Encoding: ASCII and EBCDIC
  • E2E encryption
12
Q

Application Layer (OSI)

A
  • Closest to users
  • Provides message exchange, terminal sessions, …
  • Only layer to provide non-repudiation (if encryption is enabled)
  • HTTP, FTP, SMTP, POP, IMAP, Telnet, SNMP, TFTP
13
Q

OSI to DoD TCP/IP

A
  • Application, Presentation, Session: Application
  • Transport: Host to Host
  • Network: Internet
  • Data Link, Physical: Network Interface
14
Q

TCP Encapsulation

D/SD/PSD/FPSD-FCS

A
  • Data
  • Segment, Data
  • Packet, Segment, Data
  • Frame, Packet, Segment, Data, FCS
15
Q

How to attack TCP/IP

A
  • SYN flood (fill up buffer) during 3 way handshake

- Guessing TCP sequence number

16
Q

How to attack UDP

A

DoS with floods

17
Q

IPv6 IP Format Rules (3)

A
  • First half is network address, second part is host address
  • Can be shortend by eliminating leading zero’s
  • Adjacent blocks of zero’s can be replace with ::; but only once
18
Q

Synchronous Transmission

A
  • Stream of data, no start and stop bits

- Used to transfer large amounts of data

19
Q

Asynchronous Transmission

A
  • Bits are sent sequentially
  • Used to transfer small amounts of data
  • Start and stop bits used
  • Modems and dial-up connections
20
Q

Baseband Signal

A

Cable only uses one channel

- Ethernet

21
Q

Broadband Signal

A

Cable uses several channels at once

- T1, T3, DSL, ISDN

22
Q

Bus Topology

A
  • Single cable where computers are connected to drops
  • Each computer sees each packet
  • Line is the single point of failure
  • If one pc has problem, all other computers impacted
23
Q

Ring Topology

A
  • Series of computers and devices connected by unidirectional transmission links
  • Each computer is dependent on the preceding computer
  • If one goes down, it can take down all systems
24
Q

Star Topology

A
  • All computers connected to a central hub or switch

- Hub is the single point of failure

25
Q

Mesh Topology (2 types)

A
  • Full Mesh: Every device is connected to every other device, expensive
  • Partial Mesh: Enough interconnections to eliminate single points of failure
26
Q

3 Transmission Methods

UMB

A
  • Unicast: One to one relationship
  • Multicast: One to many relationship
  • Broadcast: One to all relationship
27
Q

Address Resolution Protocol (ARP)

A
  • Maps IP address to MAC address

- MAC is only used to forward frames on same network segment

28
Q

Reverse Address Resolution Protocol (RARP)

A
  • Maps MAC address to IP Address
29
Q

Hub

A
  • Used to connect multiple LAN devices

- Layer 1

30
Q

Switch

A
  • Similar to a Bridge but when it receives a frame, it forwards to the correct segment instead of all.
  • Layer 2
  • 10 ports = 10 CDs and 1 BD
31
Q

Router

A
  • Routes packets based on IP Address

- Layer 3

32
Q

3 Routing Protocol types

DV/LS/B

A
  • Algorithms based on distance vector protocols
  • Algorithms based on link state protocols
  • Border Protocols
33
Q

Distance Vector Protocols

A
  • RIP/RIP v2
  • Small Networks
  • List of destination networks with direction and distance in hops
34
Q

Link State Protocols

A
  • OSPF
  • Based on Cost
  • Each router keeps a topology map of network and identifies all routers
35
Q

Gateway

A
  • Software that links two different networks
  • IPX/SPX talking to TCP/IP
  • Layer 7
36
Q

3 Types of Firewalls

SSP

A
  • Static Packet Filtering
  • Stateful Packet Filtering
  • Application Proxy
37
Q

Proxy Firewall

A
  • Layer 7
  • Middleman between communicating computers
  • Looks at payload of packet
  • Low performance
38
Q

Static Packet Filter Firewall

A
  • Uses ACL to make access decisions
  • Access based on source and destination IP/Port/Protocol
  • Layer 3 only
  • Screen routers with rules for rejecting or accepting data
  • Based on IP Header
  • Cant keep track of state
39
Q

Stateful Firewall

layers/track/syn

A
  • Packets captured by inspection engine and each OSI layer inspected
  • All Layer
  • Keeps track of state
  • Builds state table
  • Syn flood detector
40
Q

Bastion Host

A
  • Most secure state
  • AKA Hardened System or Locked Down System
  • Limited amount of ports/services/users/software allowed
41
Q
Screened Host (Firewall)
(RouterFW#/FWLoc/DMZLoc/fil)
A
  • Separates trusted and non-trusted networks
  • Proxy directly behind a packet-filtering router
  • One router and one firewall
  • Router filters traffic before it is passed to firewall
42
Q

Dual-homed Firewall

A
  • Two interfaces, one for each network
  • Forwarding and routing turned off so each packet can be inspected
  • One firewall
43
Q

Screened Subnet (Firewall)

A
  • Two routers, one firewall
  • Firewall in-between router
  • DMZ setup between the two routers
  • External router filters traffic before it enters DMZ
44
Q

Demilitarized Zone (DMZ)

A
  • Network segment between protected internal network and non-trusted external network
  • Contains Bastion hosts
45
Q

5 Things Firewalls Should Do

Deny/BlockB/BlockNon/BlockInt/Reass

A
  • Deny all traffic unless expressly permitted (white list)
  • Block directed broadcasts (defense against smurf and fraggle attacks)
  • Block traffic leaving network from a non-internal address (possible zombie system)
  • Block traffic entering the network from an internal address (possible spoofing attack)
  • Packets should be reassembled before forwarding
46
Q

3 Ways to Secure DNS

Cert/Zone/Queries

A
  • Certificate Validation
  • Mutual Zone Transfer
  • Prevent Unauthorized Queries
47
Q

Network Address Translation (NAT)

A
  • Pool of public addresses that get mapped to internal computers
  • Limits understanding of internal network to external entities
  • Provides address conversion and hides the identity
48
Q

Static NAT

A
  • Each internal system has a corresponding external routeable IP Address
49
Q

Hiding NAT - All Systems Share

A
  • All systems share same external routeable IP address
50
Q

Private IP Addresses (RFC 1918)

A
  • 10.0.0.0/8
  • 172.16-31.255.255/12
  • 192.168.0.0/16
51
Q

Socket

A

IP and port number

52
Q

4 Wide Area Network (WAN) Technologies

FR/X/A/V

A
  • Frame Relay
  • X.25
  • ATM
  • VOIP
53
Q

4 Bluetooth Attacks

BJ/BS/BB/BB

A
  • *Bluejack: sends spam anonymously to victims
  • *Bluesnarfing: Stealing info up to a mile away
  • Bluebof exploit: Overflow of service
  • Bluebug: Uses AT commands on victims cell
54
Q

X.25

A
  • First packet switching technology that uses switched and permanent virtual circuits
  • *Protocol used: LAPB for error detection and corrective procedures
  • Used in older WAN technologies
55
Q

Frame relay

A
  • *Faster WAN packet-switching protocol with no error correction
  • Data link layer
  • Fee Based
56
Q

Permanent Virtual Circuit (PVC)

A

Private line for a customer with an agreed upon bandwidth availability

57
Q

Switched Virtual Circuit (SVC) - Frame Relay

A

Dynamically built when required

58
Q

Committed Information Rate (CIR) - Frame Relay

A

Customer pays for a certain monthly payment to ensure a specific bandwidth availability

59
Q

Asynchronous Transfer Mode (ATM)

A
  • High bandwidth technology that uses switching and multiplexing
  • *53-byte fixed cells instead of various frame lengths over PVC and SVC
60
Q

Voice Over IP (VOIP)

A

Technology that can combine different types of data (data, voice, video) into one packet

61
Q

3 Challenges with VOIP

jitter/seq/latency

A
  • When voice and data are combined, jittering can result
  • Connectionless, packets can arrive out of sequence
  • Each hop has potential in latency
62
Q

4 Components Required for VOIP

D/CP/VM/VG

A
  • IP telephony device
  • Call-processing manager
  • Voicemail system
  • Voice gateway
63
Q

Session Initiation Protocol (SIP) - VOIP

loc/negot/mgmt/change/only

A
  • Allows for establishment of user location (name to network address)
  • Negotiation occurs so that features are agreed on and supported
  • Call management mechanism (adding, dropping, transferring participants)
  • Change features during session
  • *Only a signaling protocol (ring, dial, busy)
64
Q

5 Security Threats for VOIP

TF/DD/S/P/V

A
  • Toll Fraud
  • DDos
  • SPIT (Spam over Internet Telephony)
  • Phishing
  • VOMIT (Replacing words in call before received)
65
Q

Point-To-Point Protocol (PPP)

A
  • Layer 2 service
  • Encapsulate data over a serial line for dial-up
  • Can encapsulate data that cant route through the internet
66
Q

3 PPP Authentication Mechanisms

A
  • PAP
  • CHAP
  • EAP
67
Q

IPsec

A
  • Works at network layer and provides security on top of IP
68
Q

2 IPsec Encryption Modes

A
  • Tunnel Mode: Payload and headers

- Transport Mode: Payload protected

69
Q

Extensible Authentication Protocol (EAP)

A
  • Protocol for authentication that supports multiple authentication methods
  • Credentials not protected
70
Q

Protected Extensible Authentication Protocol (PEAP)

A
  • Makes a secure channel before credentials

- Only server uses digital certificate

71
Q

6 PEAP Steps to Protect Credentials

A
  • Client makes connection to EAP Server
  • Public Key given from EAP Server to client
  • Client Authorizes cert
  • Session key encrypted with public key
  • Private key used to decrypt session key on EAP Server
  • AuthN data encrypted with session key
72
Q

802.11b

A
  • Speed: 11 mb/s
  • Freq: 2.4 GHz
  • Enc: WEP
73
Q

802.11a

A
  • Speed: 54 mb/s
  • Freq: 5 GHz
  • Enc: WEP
74
Q

802.11g

A
  • Speed: 54 mb/s
  • Freq: 2.4 GHz
  • Enc: WEP
75
Q

802.11i

A
  • Speed: N/A
  • Freq: N/A
  • Enc: WPA/WPA2
76
Q

802.11n

A
  • Speed: 450 mb/s
  • Freq: 2.4 & 5 GHz
  • Enc: WPA
  • Multiple in multiple out (MiMO) makes connections quick
77
Q

Why is WPA more secure

A
  • Uses Temporal Key Integrity Protocol (TKIP)

- Uses different session key for each packet

78
Q

3 AES Encryption Lengths

A

128, 192, 256 bit