Chapter 3: Understanding Basic Network Security
Firewall
Filters traffic between networks and can filter both incoming and outgoing traffic. In other works, a __________ can ensure only specific types of traffic are allowed into your network. Most ___________ use an implicit deny strategy where all traffic not explicitly allowed is blocked. This can be implemented with a deny all, or deny any any rule at the end of the ACL.
Port 80
HTTP (Hypertext transfer protocol)
User Datagram Protocol (UDP)
provides connectionless sessions (without handshake). ICMP or Internet control message protocol traffic and audio and viedo streaming use this. All TCP/IP traffic is either connection oriented TCP traffic or connectionless UDP. - Basic Connectivity Protocol
Microsoft SQL Server
Is a server application that host database accessible from web servers and a wide array of applications. Port 1433 -Application protocol
Encryption Protocols
Any traffic sent accross the wire in clear text is subject to sniffing attacks with a protocol analyzer. One way to protect against this vulnerability is to encrypt the data. Examples include: SSH, FTPS, SFTP, SCP, IPsec, SSL, and TLS.
Kerberos
Authentication protocol used in windows domain and some UNIX environments. Ports 88 -Application protocol
Transmissions Control Protocol (TCP)
Connections oriented traffic (Guaranteed delivery). _____ uses a three way handshake. To start a _____ session, the client sends SYN (synchronized) packet. The server respons with a SYN/ACK packet, and the client completes the third part of the handshake with an ACK packet. connection is then extablished. - Basic Connectivity Protocol
Application protocols
Different _________ ___________ are used on the internet and within an intranet. A common one used is HTTP to access web pages on the internet.
Subnetting
Divides a single range of IP addresses into several small ranges of IP address.
Port 20 and 21
FTP (file transfer protocol)
Port 443
Hypertext transfer protocol (HTTPS)
IPsec Remote Access
IPsec can be used as a remote access tunneling protocol to encrypt traffic going over the internet.Uses port 500 for IPsec VPN connections. - remote protocol
Ports
Logical numbers used by TCP/IP to identify what service or application should handle data received by a system.
Ports 137-139
NetBIOS (Network Basic Input/output system)`
NetBIOS
Network Basic Input/output system is a name resolution service for NetBIOS system names on an internal network. Ports 137-139 -Application protocol
Protocols
Networking protocols provide the rules needed for computers to communicate with each other on a network. TCP/IP (Transmission Control Protocol) is a full suite of protocols used on the internet and many internal networks.
Remote Access Protocols
PPP, IPsec, PPTP, L2TP, RADIUS, TACACS/XTACACS
Point to point tunneling protocol (PPTP)
Point to point tunneling protocol is a tunneling protocol used with VPNs that has some known vulnerabilities. PPTP uses TCP port 1723- remote protocol
Port 3389
Remote Desktop Services
RADIUS
Remote authentication dial in user service central authentication to remote access clients. Each remote access server can foward authentication request to the cental radius server. - remote protocol
Port 25
SMTP (Simple mail transport protocol)
Email Protocols
SMTP, PoP3, IMAP4
Port 1433
SQL Server
Port 22
SSH(Secure shell), SFTP(secure File transfer protocol) (with SSH), and SCP(Secure copy protocol) all use port ____
Port 161
Simple network management protocol (SNMP)
internet Protocol (IP)
The ____ identifies host in a TCP/IP network and delivers traffic from one host to another using IP addresses. IPv4 uses 32 bit addresses represented in dotted decimal format, such as 192.168.1.100. IPv6 uses 128 bit addresses using hexadeciaml code.- Basic Connectivity Protocol
secure sockets layer (SSL)
The __________ protocol secures HTTP traffic as HTTPS. SSL can also encrypt other types of traffic such as LDAP. SSL uses port 443 when encrypting HTTP, and port 636 when encrypting LDAP/SSL (LDAPS). -Encryption Protocol
Transport layer security (TLS)
protocol is the designated replacement for SSL. At this point you can use _______ instead of SSL in just about any application. For example, ______ can encrypt HTTP traffic as HTTPS (on port 443), and LDAP traffic as LDAPS on port 636. -Encryption Protocol
IPv4
Uses 32 bit IP addresses expressed in dotted decimal format. For example, 192.168.1.5 is four decimals seperated by periods or dots.
Switches
are used for network connectivity and map MAC addresses to ports.
Secure Shell (SSH)
can be used to encrypt a wide variety of traffic, such as telnet, secure copy (SCP) and secure file transfer protocol (SFTP). when traffic is encypted with SSH, it uses port 22. -Encryption Protocol
Virtual local area network (VLANS)
can logically separate computers or logically group computers regardless of their physical location.
Load Balancer
can optimize and distribute data loads across multiple computers.
Layer 2 tunneling protocol (L2TP)
combines the stregnth of layers 2 forwarding - remote protocol
Network-based Firewall
controls traffic going in and out of a network. A ________________ controls traffic between networks using rules within an ACL. The ACL can block traffic based on ports, IP addresses, subnets, and some protocols.
Proxy Server
forwards requests for services from a client. It can filter requests based on URLs, cache content, and record user's Internet activity.
Host-Based Firewalls
helps protect a single system from intrusions.
DMZ
provides a layer of protection for servers that are accessible from the Internet.
Secure File Transfer Protocol (SFTP)
is a secure implementation of FTP. Is an extension of secure shell (SSH) and uses port 22. -Application protocol
Domain Name system (DNS)
is a service that resolves host names to IP addresses on the internet and internal networks. Port 53 -Application protocol
File Transfer Protocol Secure (FTPS)
is an extension of FTP and ueses SSL or TLS to ecrypt FTP traffic. Uses Ports 989 and 990. -Application protocol
Terminal Access Controller Access Control System (TACACS)
is an older network authentication protocols. - remote protocol
Secure copy protocol (SCP)
is based on SSH. Users can use ________ to copy encypted files over a network. _________ uses port 22. -Encryption Protocol
Simple network management protocol (SNMP)
is sued to monitor and manage network devices such as router or switches. Port 161. _________ Agents report information via notification known as _________ traps. -Application protocol
Lightweight Directory Access Protocol (LDAP)
is the language used to comunicate with directories such as microsoft's Active Directory. -Application protocol
Terminal Access Controller Access Control System + (TACACS+)
is used as an alternative over RADIUS. it uses multiple challenge responses for authentication, authorization, and audit. Usea TCP port 49 - remote protocol
Internet control message protocol (ICMP)
is used for testing basic connectivity and inclues tools such as ping, pathping, and tracert. Ping can check for basic connectivity between two systems. - Basic Connectivity Protocol
Hypertext Transfer Protocol (HTTP)
is used for web traffic on the internet and in intranets. HTML is common language used to display web pages. USES port 80 - Application protocol
Point to point protocol (PPP)
is used to create dial-up connections between dial up client and a remote access server, or between a dial up client and an ISP. - remote protocol
Internet protocol security (IPsec)
is used to encrypt IP traffic. Native IPv6 but can work with IPv4. IPsec includes ESP and AH, and can encrypt IP packet payloads. IPsec works in both tunnel and transport modes. -Encryption Protocol
internet message access protocol 4 (IMAP4)
is used to store email on an email server. IMAP4 allows a user to organize and manage email in folders on the server port 143 -email protocol
Port Security
limits access to switch ports. It includes limiting the number of MAC addresses per port and disabling unused ports. You can also manually map each port to a specific MAC address or group of addresses.
Web-Security Gateway
performs content filtering (including filtering for malicious attachments, malicious code, blocked URLs, and more).
Loop Protection
protects against switching loop problems, such as when a user connects two switch ports together with a cable. STP and RSTP are commonly enabled on switches to protect against switching loops.
Address Resoultion Protocol (ARP)
resolves IP addresses to Media Access Control (MAC) addresses. TCP/IP uses the IP address to get a packet to a destination network, but once it arrives on the destination network, it uses the MAC address to get it to the correct host. - Basic Connectivity Protocol
Hypertext Transfer Protocol Secure (HTTPS)
secures web traffic by transmitting it in an encrypted format. Encrypted using SSL or TLS and it uses port 443. -Application protocol
Port Scanner
systems for open ports and attempts to discover what services and protocols are running.
Simple mail transport protocol (SMTP)
transfer e-mail between clients and _______ servers, and between _______ servers. Uses Port 25.
Post office protocol v3 (PoP3)
transfers e-mails from servers down to clients. Pop3 uses port 110.
Network Access Translation (NAT)
translates public IP addresses to private IP addresses, private back to public, and hides IP addresses on the internal network from users on the Internet.
File transfer protocol (FTP)
uploads and downloads files to and from and FTP server. Transmits data in clear text making it easy to attack. Uses port 20 and 21-Application protocol
Telnet
used to connect to remote systems or netwok devices over a network (Such as a router). Port 23 or 22. You can encrypt _________ traffic with SSH, and it uses port 22 when encrypted with SSH. -Application protocol
IPv6
uses 128 bit IP addresses expressed in hexadecimal format. For example, FE80:0000:0000:0000:20D4:3FF7:003F:DE62 includes eight groups of four hexadeicmal characters.
Trvial file transfer protocol (TFTP)
uses UDP and is used to transfer smaller amounts of data, such as when communicating with network devices. Port 69 -Application protocol