the above should be memorized.
I use A per Saar tutto non dificcile.
You can create your own.
All planes spend time near detroit.
Basically take the first letter and create a word then join those to a sentence that is easy to memorize.
t
The way I memorize it is
SPFB the last letter then down to the lowest letter.
The datagram is the odd one out,
I just use the gram as an analogy to weight, ie UDP just sends things in bulk and doesn't care about reliability.
At layer 1 we get - hubs, nics and repeaters
at Layer 2 - switches, bridges
At layer 3 - routers
At layer 4 - firewalls {ports}
At layer 5-7 load balancers - applications.
Ports - IANA recommends
0-1023 well known ports
1024-49151 registered
49152-65535 dynamic
R1 SYN hello, I am R1 ----->
<------------- ACK nice to meet R1-{SYN Hello I am R2} R2
R1 ACK nice to meet R2 ---->
Transmission window - this window states how many packets you can send before needing an ACK.
The bigger the window, the less the overhead of waiting for ACKs becomes.
Sliding Window - this refers to the change in the transmission windows, less reliable =smaller
more reliable = bigger windows.
FLAGs - you can mark flags in a TCP packet Layer 4.
ACK - acknowledge
SYN - synchronize - respond with ack
FIN - final packet - respond with ack
RST - reset the connection noew
TCP label of protocol in Layer 3 is 6
ICMP
The following are the ICMP type fields.
0 reply
3 unreachable
5 redirect
8 echo request
9 router advertise
10 router solicitation
11 time exceeded
IGMP - used for multicasting.
ARP IP to MAC
RARP MAC to IP
Internet public - this is the public internet.
Intranet - internal internet for the company. - this is like the internal site for company users
Extranet - an internet for a partner company - this is like the volvo portal for dealers
According to the book, you need to memorize.
FTP port 21
Telnet port 23
SMTP 25
DHCP 67 68
TFTP 69
HTTP 80
POP3 110
IMAP 143
SNMP 161
NAC - network access control.
Instead of looking at someone trying to guess the password on the server as 192.168.0.252 IP
The NAC will be able to associate that to a user, this allows for excellent correlation and improves response time.
Enforcement point to enforce policy on end users - for example, you can't log in without an AntiVirus.
Pre-admission - prevents you access to the network
post-admission - allows you access but limits what you can do.
an example of a NAC is the
juniper MAG appliance.
When you plug in to the network, the switch will forward the data to the NAC and the NAC to the AAA{radius}
The AAA can decide if yes no and give you a vlan or similar. The NAC will send it to the switch
and the switch will assign it to you.
e voila you can surf.
Firewall-
Static - layer 3 "access-list 101 deny ip any host 171.16.23.1 "
Static ACLs using Layer 4 aka ports " access-list 101 permit tcp any host 171.16.23.1 eq 80"
Stateful -
the firewall maintains a state of the connection.
For example I contact www.cnn.com. So now when the packet comes back from CNN the firewall
recognizes I asked for it.
This is like going out of a Disco and telling the guard you'll be back, that way he let's you in.
Proxy Firewall-
Copies each item and sends it as if he is the originator.
This is very costly in CPU cycles and some applications don't like it and will break.
Multi-Homed Firewall
Goes to 2 or more WANs
Tiers
Single = 1 firewall
Two-Tier = 2 firewalls or 2 zones
Three-tier = 3 firewalls or 2 firewalls with 3 zones.
Endpoint security
AV, anti spam etc what ever you deploy on the final node.
Other
The rest of the network I know, so it might be beneficial for the user to quickly do network + or CCNA here.
Synchronous is using a timing of sorts.
Baseband = 1 channel
Broadband = many channels.
CSMA/CD
Transmit and listen if there was a collision ,,, if so then try again.
CSMA/CA collision avoid.
Transmit then wait for an ack if none arrives try again
Last thing is a
TCP wrapper, originally for linux/unix this basically creates static ACLs
Also WAP is for phones
WPA is authentication for WiFi.
Network attacks and secure communication
Secure data when it is standing
Secure data when it is in transit.
Chapter 4
Securing the communication itself
SKIP was replaced by IKE - both are ways to exchange the secret.
SWIPE was a layer 3 IP protocol that encapsulates the package. Replaced by IPSEC
S-RPC uses RPC but sets up a security first. RPC is used to send command to a remote place
Remote Procedure CALL {command}
SSL - used to secure FTP, http replaced by TLS.
TLS - in layer3 is open VPN.
can be used to encrypt SIP and UDP.
SET - secure electronic transaction , used by the PCI card industry or at least supported by them.
IPSEC - uses IKE to set up the phase 1 , then encrypts on phase 2.
Authenticating the user
PAP - password authentication uses clear text and no encryption.
CHAP - encrypts the password and username. Uses a Challenge Response, so it can't be replayed.
EAP - extensible authentication protocol.
LEAP - EAP by Cisco , you can crack it using asLEAP
PEAP - protected EAP, this authenticates the connection in a TLS tunnel {the best}
Tunnel
Virtual Private Network is a point-to-point network from A to B.
The VPN can be encrypted ESP or not AH only. C and I of the CIA
A VPN does not guarantee the Availability of CIA.
Layer 2
L2F
L2TP - any protocol
Layer 3
PPTP
IPSEC - does not do dial up but has native encrypt.
VLAN
Virtual lans can be used to segment traffic within a VLAN. broadcast
RAS - remote access Server
This is for road warriors, people who work from home etc.
They can dial up using a modem (so 1990's)
They can use a VPN
They can use a Thin client which will use a VPN probably to secure that communication too.
So,
only people who need the remote access should be granted access.
users must be very well authenticated before being granted access.
protect the network communications by encrypting it
VOIP
caller ID can be faked.
VISHING - phishing for information using calls.
SPIT - spam over the internet telephony.
DDoS on call managers
Multimedia collaboration.
IM
Packet sniffing
no native security
malicious code using the file transfers in them which are not secure.
Restricting remote access.
Callback to a number
Caller ID can be spoofed
PPP using pap and chap
SLIP older used for IP - no compression
Radius - uer pass
TACACS
Xtacacs
tacacs+ two factor
NAT
HIdes IP scheme
NAT is one to one
PAT is port address translation.
NAT maintains a state
it can be static or dynamic
APIPA gives you an IP
169.254.0.1 169.254.255.254 255.255.0.0
This means you have not reached a DHCP
Switching
Circuit gives you the whole circuit - this is similar to a phone line
Packet - does it per packet - this is like VOIP, it routes every packet differently.
Virtual Circuit is a """sub""" circuit - this is similar to each phone getting a channel on a T1
PVC - will set it up for good
SVC - switched Virtual Circuit will set it up for the conversation.
The usual
DS0 = a phone line 64Kbps
DS1 = T1 1.544Mbps
DS3 = T3 44.736
BRI = 2 B +D
PRI = 23B + D
CSU/DSU channel - data service unit.
DTE terminal -client
DCE circuity - ISP
Frame relay sets up many PVC over the same medium.
Also uses CIR to guarantee bandwidth for clients.
ATM uses a cell that is 53 bytes long.
SDLC used for SNA
HDLC higher level
HSSI used for serial layer 1
Dial up is encapsulated in PPP
Hash verification
A website will publish the Hash, that way you can verify you got the correct file.
Record sequence checking
can be used to see all the parts have arrived.
Transmission logging
Helps in order to troubleshoot
Transmission error correction
Helps in order to set up a re-request of the missing packets.
EMAIL security
Non-repudiation = can't say that you did not send this
Access to recipient = confidential - can't open
Integrity = can't change the message en route
Auth and verify the source = helps for repudiation
Verify delivery = message arrived
Classify sensitive content = in the messages.
Use policy
management
backup and retention
Access control of Emails
Privacy of them.
Securing Email
S/MIME uses PKI to verify the source CIA
Moss Mime uses MD2,5 and RSA to give you encryption and authentication.
PEM privacy enhanced RSA DES and PKI
PGP - pretty good privacy. - PKI
Block certain types of attachments.
Scan attachments for viruses
FAX
disable auto print as it sits in the tray
send them to electronic format.
ENCRYPT VOIP
Social engineering
PBX
log everything
set up codes for remote dialing
block remote calling and then dialing out
current updates from the vendors.
Phreaking
Black box steal line
red make coin noise
blue 2600 Hz
White
Network Attacks.
DDoS
Eavesdrop using sniffers - add physical and use encryption
Impersonate users - better authentication
replay the data - one time or sequence
Modification - avoid using hash and digital signatures
ARP spoofing - use DHCP to run DAI dynamic arp inspection
DNS poison - secure DNS or add DNSSEC
hyperlink spoof - looks like a valid link.
