CISSP - Secure Network Architecture & Components
What is a switch?
A switch is a device in a computer network that connects other devices together. Multiple data cables are plugged into a switch to enable communication between different networked devices
What is a gateway?
A node that handles communication between its LAN and other networks
What is a router?
A router is a networking device that forwards data packets between computer networks. Routers perform the traffic directing functions on the Internet. ... The most familiar type of IP routers are home and small office routers that simply forward IP packets between the home computers and the Internet.
What is the message called in the physical layer?
none- this is where message is converted into bits for transmission over the physical connection medium.
What is the message called in the Network layer?
packet
What is a bluejacking?
A bluejacking attack is a wireless attack on Bluetooth, and the most common device compromised in a bluejacking attack is a cell phone. -Bluejacking is usually harmless, but because bluejacked people generally don't know what has happened, they may think that their phone is malfunctioning. Usually, a bluejacker will only send a text message, but with modern phones it's possible to send images or sounds as well.
What is a chosen ciphertexy attack?
A chosen-ciphertext attack (CCA) is an attack model for cryptanalysis where the cryptanalyst can gather information by obtaining the decryptions of chosen ciphertexts. From these pieces of information the adversary can attempt to recover the hidden secret key used for decryption.
A Cryptographic Hash FUnction
A cryptographic hash function uses one-way mathematical functions that are easy to calculate to generate a hash value from the input, but very difficult to reproduce the input by performing calculations on the generated hash. One common way of generating cryptographic hashes is to use block ciphers. Some common hash functions are MD5 (which is broken and obsolete), SHA-1, SHA-2, and SHA-3.
What protocol should u be familiar with for layer 2 data link?
ARP - address resolution protocol- resolves IP addresses into a MAC address with unique location - not arp is not fully a layer 2 or 3 protocol
What is heuristic detection?
As opposed to signature-based scanning, which looks to match signatures found in files with that of a database of known malware, heuristic scanning uses rules and/or algorithms to look for commands which may indicate malicious intent.
WHAT IS BLOWFISH?
Blowfish is a symmetric block cipher that can be used as a drop-in replacement for DES or IDEA. It takes a variable-length key, from 32 bits to 448 bits, making it ideal for both domestic and exportable use. Blowfish was designed in 1993 by Bruce Schneier as a fast, free alternative to existing encryption algorithms. - Symmetric block cipher that can use variable length keys
What is the difference between due care and due diligence?
Due care is a way to implement something right away in order to perform mitigation procedures. Due diligence is making sure the right thing was done correctly, and if it is necessary to do it again or if further research is required. Due care is doing the right thing, the prudent man rule.
What is due care?
Due care is the notion of preserving and protecting assets and interests for a given organization as exercised through a formalized security structure comprising baselines, guidelines, policies, procedures, and rules.
What is a frame relay?
Frame Relay is a layer 2 connection mechanism that uses packet-switching technology to establish virtual circuits between the communication endpoints. The Frame Relay network is a shared medium across which virtual circuits are created to provide point-to-point communications. All virtual circuits are independent of and invisible to each othe
What is a frequency analysis attack?
Frequency analysis is one of the known ciphertext attacks. It is based on the study of the frequency of letters or groups of letters in a ciphertext. Frequency analysis is used for breaking substitution ciphers. The general idea is to find the popular letters in the ciphertext and try to replace them by the common letters in the used language.
What is the difference between a router and gateway?
Gateways regulate traffic between two dissimilar networks, while routers regulate traffic between similar networks. ... Because TCP/IP is also the primary protocol of the Internet, you could use a router to connect your network to the Interne
What is the purpose of Hash functions?
Hash functions are used for data integrity and often in combination with digital signatures. With a good hash function, even a 1-bit change in a message will produce a different hash (on average, half of the bits change). With digital signatures, a message is hashed and then the hash itself is signed. -Hash functions are extremely useful and appear in almost all information security applications. A hash function is a mathematical function that converts a numerical input value into another compressed numerical value. The input to the hash function is of arbitrary length but output is always of fixed length.
What are honeypots and honeynets?
Honeypots are individual computers, and honeynets are entire networks created to serve as a trap for intruders. They look like legitimate networks and tempt intruders with unpatched and unprotected security vulnerabilities as well as attractive and tantalizing but false data. An intrusion detection system (IDS) will detect attacks. In some cases, an IDS can divert an attacker to a padded cell, which is a simulated environment with fake data intended to keep the attacker's interest. A pseudo flaw (used by many honeypots and honeynets) is a false vulnerability intentionally implanted in a system to tempt attackers.
What is a hub?
Hubs connect multiple computer networking devices together. A hub also acts as a repeater in that it amplifies signals that deteriorate after traveling long distances over connecting cables. A hub is the simplest in the family of network connecting devices because it connects LAN components with identical protocols. A hub can be used with both digital and analog data, provided its settings have been configured to prepare for the formatting of the incoming data. For example, if the incoming data is in digital format, the hub must pass it on as packets; however, if the incoming data is analog, then the hub passes it on in signal form. Hubs do not perform packet filtering or addressing functions; they just send data packets to all connected devices. Hubs operate at the Physical layer of the Open Systems Interconnection (OSI) model. There are two types of hubs: simple and multiple port.
What is the Network layer responsible for?
IS responsible for adding routing and addressing information to the data. The network layer accepts the segment from the transport layerand adds information to it to create a packet. The packet includes the source and destination ip addresses. -also manages error detection and node data traffic (traffic control) -note the network layer is responsible for providing routing or delivery infomration but it is not responsible for verifying guaranteed deliver (that is responsibility of transport layer)
What is a reference monitor?
In operating systems architecture, a reference monitor is a secure, always-used and fully-testable module that controls all software access to data objects or devices. The reference monitor verifies the nature of the request against a table of allowable access types for each process on the system.
What is encapsulation?
Is the addition of a header and possibly a footer to the data received by each layer fro mthe later abover before handed off to the next. Each info is encapsulated and sent to new layer
What is a proxy server?
It takes requests from a client system and forwards them to the destination server on behalf of the client. They can improve performance by caching, and restricting access by filtering content.
What is an optical drive?
Optical drives use a laser to read or write information to a separate storage media, such as a DVD, CD or Blu-ray disks. These drives are available in internal and external models, but when compared to flash drives, are more bulky and cumbersome to move from one computer to another.
What is PVC And SVC?
PVC and SVC are different types of virtual circuits. "PVC" stands for "Permanent Virtual Circuit" and "SVC" stands for "Switched Virtual Circuit." Both PVC and SVC play the main role in networks like Frame Relay and X. 25. They are also used in ATM machinesThe only difference between a PVC and a switched virtual circuit (SVC) is that an SVC must be reestablished each time data is to be sent. Once the data has been sent, the SVC disappears. PVCs are more efficient for connections between hosts that communicate frequently.
What is Remote Journaling?
Remote Journaling involves sending the database transaction log to a remote location.
What is remote mirroring?
Remote mirroring is the most advanced, complete, and expensive off-site backup solution. With this solution, a live database server is kept off-site at some secure remote location.
What is the network layer hardware devices?
Routers and bridge routers(brouters)
What is the 5 states in 5 state process model?
Running: The currently executing process. Waiting/Blocked: Process waiting for some event such as completion of I/O operation, waiting for other processes, synchronization signal, etc. Ready: A process that is waiting to be executed. New: The process that is just being created. The Program Control Block is already being made but the program is not yet loaded in the main memory. The program remains in the new state until the long term scheduler moves the process to the ready state (main memory). Terminated/Exit: A process that is finished or aborted due to some reason
What is screen scraping?
Screen scraping is the automated, programmatic use of a website, impersonating a web browser, to extract data or perform actions that users would usually perform manually on the websit
What is a security target?
Security targets (STs) specify the claims of security from the vendor that are built into a TOE.
Wat is signature based detection?
Signature-based detection is one of the most common techniques used to address software threats levelled at your computer. ... This type of detection involves your antivirus having a predefined repository of static signatures (fingerprints) that represent known network threats. -It is used for threats that we know oif
What is spoofing? and what is the goal of a spoof attack
Spoofing is the replacement of valid source and destination IP and port addresses with false ones. It is often used in DoS attacks but is not considered a DoS attack itself. Flooding, smurf, and ping of death are all DoS attacks. -A spoofing attack is when a malicious party impersonates another device or user on a network in order to launch attacks against network hosts, steal data, spread malware or bypass access controls. There are several different types of spoofing attacks that malicious parties can use to accomplish this. c-Spoofing grants the attacker the ability to hide their identity through misdirection. It is therefore involved in most attacks.
What are the network hardware devices that function at data link layer 2 ?
Switches and btrdiges - these devieces support mac based traffic routing -Switches receive a frame on one port and send it out another port based on MAC addressess
What is a switch?
Switches generally have a more intelligent role than hubs. A switch is a multiport device that improves network efficiency. The switch maintains limited routing information about nodes in the internal network, and it allows connections to systems like hubs or routers. Strands of LANs are usually connected using switches. Generally, switches can read the hardware addresses of incoming packets to transmit them to the appropriate destination. Using switches improves network efficiency over hubs or routers because of the virtual circuit capability. Switches also improve network security because the virtual circuits are more difficult to examine with network monitors. You can think of a switch as a device that has some of the best capabilities of routers and hubs combined. A switch can work at either the Data Link layer or the Network layer of the OSI model. A multilayer switch is one that can operate at both layers, which means that it can operate as both a switch and a router. A multilayer switch is a high-performance device that supports the same routing protocols as routers. Switches can be subject to distributed denial of service (DDoS) attacks; flood guards are used to prevent malicious traffic from bringing the switch to a halt. Switch port security is important so be sure to secure switches: Disable all unused ports and use DHCP snooping, ARP inspection and MAC address filtering.
What is a smurf attack?
The Smurf attack is a distributed denial-of-service attack in which large numbers of Internet Control Message Protocol (ICMP) packets with the intended victim's spoofed source IP are broadcast to a computer network using an IP broadcast address.
What is Parole evidence?
The parol evidence rule states that a written contract is assumed to contain all the terms of an agreement and cannot be modified by a verbal agreement
What is the waterfall model?
The waterfall model uses a seven-stage approach to software development and includes a feedback loop that allows development to return to the previous phase to correct defects discovered during the subsequent phase.
What is the message called in the transport layer?
a segment (TCP protocols) or datagram (UserDatagramProtocols)
What is the message called in the application layer ?
data or data stream
What is a the Electronic Discovery Reference Model?
eDiscovery is a defensible, multi-step process in which electronic data is sought, located, secured, and/or searched with the intent of using it as evidence in a civil or criminal legal case. The key point to remember is that eDiscovery is a multi-step process -
What is the message called in the data link layer?
frame
