Network+ Section 9 - 13
Ad-Hoc mode vs Infrastructure Mode
Ad-Hoc Mode: Each wireless device communicates directly with the other, without a centralized switch or server to communicate. Probably need something better than ad hoc to get onto the internet Infrastructure Mode: All devices communications go through one centralized point, the router.
What are application logs, security logs, and system logs?
Application logs, security logs, system logs, you can find these in Windows Event Viewer Application log - contains info about software running on a client or server. Informational, Warning, or Error. Microsoft Word crashing could be an example of this Security log - contains info about the security of a client or server System log - contains info about the operating system itself.
What is ATM?
Asynchronous Transfer Mode (ATM) ATM deals with Fiber and Sonet networks. Know this for test day Frames are transferred as a fixed length (cells) as its protocol data unit (PDU). ATM has a fixed header of 5 bytes and a payload of 48 bytes. ATM switches connects to its endpoints using UNI (User Network Interface). ATM switches connected together using NNI (Network Node Interface). Saves a lot of time when the header is small.
What is DHCP? What port does it use and TCP or UDP?
DHCP - assigns devices ip addresses automatically while providing subnet mask, default gateway and DNS server it uses when it connect to the internet. Port 67 and 68 and uses UDP.
What is a DHCP relay?
DHCP Relay - Forwards DHCP packets between clients and servers, when the client device and the DHCP server are not located on the same subnet or network. One device can be a DHCP relay to listen for discovery address and relay it do the DHCP Server on the other network on behalf of your client acting as a middle man
What is a DHCP Reservation?
DHCP Reservation - Excludes some IP addresses from being handed out to devices unless they meet certain conditions. Assigns the exact same IP every time to the same mac address. DHCP server gives static address everytime
What is a good way of helping DHCP function properly? How is everything sent in the DHCP process?
DHCP operates using UDP, it is a fire and forget method. IP Helper may need to be configured for these UDP broadcasts which can be used in conjunction with this DHCP relay. IP Helper forwards several UDP broadcasts to different routers. Everything is in broadcast with DHCP server. Broadcast message that the address is acknowledged.
What is DMVPN?
DMVPN - Dynamic Multipoint virtual private network - allows internet to be used as WAN connection for secure site-to-site communication. Cable modem/DSL instead of having to do a dedicated lease line.
What is a DMZ and a screen subnet
DMZ - A perimeter network that protects an orgs internal local area network from untrusted traffic (we place people in a screened subnet) Screen subnet - subnet in the network architecture that uses a single firewall with three interfaces to connect three dissimilar networks
What is DNS? What port does it use and TCP or UDP?
DNS Domain Name System - phonebook for the internet. You don't have to memorize the ip address of the web server, just the name. Operates over UDP and TCP over the same port 53. Domain Name query uses udp, if dns is using zone transfer to two different servers uses TCP
Internal DNS vs External DNS
DNS can also be used internally. Internal DNS - Allows cloud instances on the same network access each other using internal DNS names. External DNS is what most of us are familiar with, records created around the domain names from a central authority and is used on the public network.
What is a DSL? What are the different types?
DSL - Digital Subscriber Line. Instead of paying for T1 connection for $1000/month, you could do DSL for 50 to 100 a month ADSL maximizes your downloads and minimizes your upload. SDSL makes downstream/upstream the same. VDSL - higher speeds both download and upload, big limitation was the distance which is known as the DSLAM the point of presence of the phone company. Less than a mile away from that point of presence to get this rate. As we start moving towards cable and fiber, we stopped doing DSLs really.
Three different encryption standards
Data Encryption Standard (DES) - a 56-bit encryption key to secure data and is considered weak. We still use it in SNMP but it's insecure Triple DES - Uses three 56-bit keys which give a total of 168 bits. They encrypt, decrypt with a different key, then encrypt it again with a third key. Advanced Encryption Standard - Preferred symmetric encryption standard today and is available in 128-bit, 192-bit, and 256-bit keys.
What is the purpose of a datacenter?
Datacenter - any facility that businesses and other organizations use to organize, process, store, and disseminate large amounts of data. Some small companies could have a "data center" that's just a stack or two in a small building. Utah data center on the other hand 1.5M sq ft.
What is a Dedicated Lease Line?
Dedicated Leased Line - Logical connection that connects two sites through a service provider's facility or a telephone company's central office. More expensive connection than other WAN technologies since you have all the bandwidth to yourself. Dedicated Lease line - point to point connection between two sites (bandwidth is available all the time). T1, E1, T3, E3 are dedicated circuits. Digital circuits are measured in 64 kbps channels called diginal signal 0 (DS0). They use CSU/DSU to connect to the network
What is Defense in Depth?
Defense in Depth: Cybersecurity approach in which a series of defensive mechanisms are layered in order to protect valuable data and info. We need to make sure vulnerabilities don't "line up" in our security layers. We need to use physical, logical, and administrative security controls. Protect the apps, then protect the data, then install the antimalware, network intrustion detection systems after that, next out to the perimeter border routers firewalls vpns, considering each layers givesn o straight line of attack for each vulnerabilitiy. We also need to create network segmentation. VLANs, VPNs, choke points with subnets or VLANs (their data needs to be passed thru a router which can be inspected with the ACL rules.)
For physical security, what is Detection Method?
Detection Method- Security control used during an event to find out whether or not something malicious may have happened. They wont stop it from happening but it will notify you and log an intrusion
What is a Hypervisor? Type 1 vs Type 2?
Hypervisor - Enables virtualization to occur and emulate the physical hardware. They pretend and think they have their own physical hardware. Type 1 Hypervisor You have the OS sitting directly ontop of the hypervisor Bare Metal Hypervisor (bare bones, or Type 1), hypervisor is the OS and then I can run the other operating systems inside the hypervisor. By removing the extra layer, you get better performance. Type 2 Hypervisor You have the hypervisor sitting on top of the OS. This takes up more processing power but works well with a desktop environment. With servers, it's better to go type 1.
What are the four WLAN Service Sets?
Independent Basic Service SET (IBSS) - This is what operates in the adhoc mode. Both devices on second floor are just talking to each other Basic Service Set (BSS) - how we connect all our stuff in our small office small home setting. These device connect to a wireless access point, which that point is directly connected to the switch which is connected to the router. This is our first Infrastructure Mode. Extended Service Set (ESS) (now we have to different wireless access point on both floors. This setup is just a better Infrastructure mode with better coverage. Mesh Topology - Uses a combination of different wireless networks such as Wi-FI, microwave, cellular. Works kinda like ESS but the difference is we arent just using wifi. We're using many different stuff
Describe the Infared System
Infared System - displays images based on the amount of heat in a room 1st - quickly and easily identify where a person is inside the room. 2nd - identify hot spots in the room and detect gear that could overheat before it actually does.
What is Infrastructure as Code?
Infrastructure as Code (IaC) - Enables managing and provisioning of infrastructure through code instead of a manual process. Infrastructure could be referred to as virtual machines or devices. Youll probably use scripted automation and orchestration.
What is EAP? What are some different types?
EAP (Extensible Authentication Protocol) - Authentication that is performed under 802.1x EAP-FAST EAP-MD5 EAP-TLS If you see EAP its part of 802.1x and its part of wireless authentication
What is hashing? What are five ways to do it?
Hashing - The frontrunner of Runs a string of data through the algorithm, creating a hash that servers as a unique fingerprint MD5 hash. They'll run the hash on their own side, if the data matches then there is integrity in the data. MD5 (oldest one) 128-bit hash, still used today. There are collisions, two words could have the same hash value. Secure Hash Algorithm V1 (SHA-1) 160 bit hash SHA-256: 256 bit hash digest. Exponential amount of more combinations. CRAM-MD5: MD5 variant used in email systems.
What is Honeypot/Honeynet
Honeypot/Honeynet - attracts and traps potential attackers to counteract any attempts at unauthorized access to a network. Could be one or more computers that are vulnerable, form of research to learn more about attackers
How does NTP work?
How does NTP work? Stratum, clients, servers Each layer of hierachy is known as a stratum. Stratum 0 is the top, stratum 1 lower etc. If you are directly connected to gps or somethin, you are connected to stratum 0. Stratum 0 will be a reference clock Stratum 1 servers are at a 1ms difference with attached stratum 0 devices. Primary stratum servers Stratum 2 servers configured to query multiple stratum 1 servers to be reliable. Stratum 3, synchronized to stratum 2, continues etc. NTP can handle a maximum of 15 stratum levels. 16 or higher would mean the device is unsynchronized.
7 steps of use SIEM properly
How to properly utilize SIEM 1 Log all relevant events and filter out anything that is considered to be irrelevant data. 2 establish and document the scope of the events. 3 Develop use cases to define a threat. (What do I wanna take action on or postpone for later?) 4 plan incident repsonses for given scenarios or events 5 establish a ticketing process to track all the flagged events. 6 schedule regular threat hunting with cybersecurity analysts. 7 Provide auditors and analysts an evidence trail
What is the Pareto Principle?
Pareto Principle (80-20 rule) 80% traffic stayed in LAN 20% traffic went out to WAN. Cloud based apps outside of your network is google drive. All these require us to leave the LAN.
Persistent vs non-persistent agent
Persistent Agent - a piece of software installed on a device requesting access to the network. Doesn't work well with BYOD environments obviously Non-persistent agent - Requires the user to connect to the network and go to a web based captive portal to download an agent onto their devices.
Examples of personal area networks, wide area networks, and wireless networks
Personal Area Networks: Bluetooth, infared, z wave, etc Wide area networks: cellular, HF radio, satellite, microwave Wireless: probably wifi, ad hoc or infrastructure
Personal Mode vs Enterprise Mode in terms of wireless network security
Personal Mode: uses a pre shared key. Enterprise Mode: with a centralized authentication which uses Native WPA2 or offloading that to a server
Describe POTS
Plain Old Telephone Service (POTS) - runs on public switched telephone network (PSTN) which consists of all telephone carriers from around the world. Phone call from my house to neighbors house or the other side of the world and its still running on PSTN. Theyre analog connections using PSTN called POTS connection This can actually be voice OR data. Data using POTS connection (dial up modems, 53 kbps). Don't really need to know too much of the specifics here cause no one uses it anymore.
What is PPPoE?
Point-to-point over Ethernet (PPPoE) a network protocol for encapsulating point-to-point protocol frames inside Ethernet frames
What is a PSK?
Pre-Shared Key (PSK): Both the access point and the client have the same encryption key. Scalability becomes a problem with this. If 50 people had the pre shared key in a work setting but u fire one of em, youd have to change that key. Not a good idea to use pre shared keys in a large environment. Really easy to configure a network this way though
What is a SONET?
Synchronous Optical Network (SONET) - Layer 1 technology that uses fiber as its media and has high data rates which range from 155 MBps to 10 Gbps or more. Uses transport layer 2 encryption, covers distances between 20 to 250 km or more because of fiber. Physical topology could be either a bus or a ring. Its implemented usually as a FDDI ring. Two counter rotating rings for redundancy. We could use PVCs or SVCs.
What is the purpose of syslog and what are SIM, SEM, and SIEM?
System Logging Protocol (syslog) sends system log or event messages to a central server, called a syslog server. Security Information Management (SIM) Security Event Management (SEM) Security Information and Event Managemenet (SIEM) (most people have moved to this, why not have it all in one place right) - someones conducting a pingsweep on my firewall, then I see from same ip address theyre trying to access some clients, maybe THEN we care.
What are the speeds of T1/T3 and E1/E3
T1 is 1.544 mbps T3 - 44.737 mbps E1 - 2.0 mbps E3 - 34.368 Mbps. (double check vid for this value)
Recursive vs Iterative DNS lookup
Recursive DNS Lookup - DNA server communicates with several other DNS servers to hunt down that IP address. Iterative DNS has the DNS client go to each dns server to dns server.
What is Virtual Machine Escape?
VM Virtual Machine Escape - occurs when an attacker breaks out of one of the isolated VMs and begins to directly interfact with the underlying hypervisor. Good news is that VM escapes are difficult to do. Host virtual servers on the same physical server as other VMs in the same network.
Differences between performance of symmetric and asymmetric encryption
Symmetric encryption is almost 1000X faster than asymmetric encryption. Large problem though is that we need to have the same key. Key management is poor. Asymmetric is much more secure
What is a VPN?
Virtual Private Network (VPN) - establish a secure connection between on premise, remote offics, client devices, and providers global network. Site to site vpn connection between edge router and cloud provider's network.
What is virtualization?
Virtualization - Allows multiple virtual instances to exist on a single physical server. This allows for a lot of cost savings cause you only need one physical machine for many servers. It also allows us to consolidate our servers, and it can use multiple NIC and combine them together utilizing link aggregation. This will give us increase bandwidth.
Collision Detection vs Collision Avoidance
Collision Detection = wired networks Collision Avoidance = wireless networks How do we send data over wireless networks? With ethernet, we use CSMA/CD d would be detection. With wireless we use CSMA/CA Carrier Sense Multiple Access/Collision Avoidance.
What does Wired WAN physically look like? Three different types of wired WAN
Copper wires - utp, stp, coax / all support analog and digital. Coax usually goes with cable modems Broadband over powerlines, they will be retired soon. Wired WAN - copper, fiber, and power lines.
Describe the three tier network architecture
Core layer - most expensive routers youll work with. Two routers in a redundant config. Distribution/Aggregation layer - access control lists and filters, defining policies for the network at large. Ensures packets are being properly routed to different subnets or vlans. Finally we get to Access/Edge layer, which is where we connect everything. We can get better performance, management, scalability, redundancy, and easier troubleshooting if we use 3 tier networks. Core layer is probably gonna be in that data center.
Fiber channel and fiber channel over ethernet
Fiber Channel - speciual purpose hardware providing 1 -16 GB speed Fiber Channel over ethernet - removes the need for specialized hardware and runs FC over ethernet networks (reduces cost)
What is a frame relay?
Frame Relay - creates virtual circuits to connect remote LANs to a WAN. This is a point to multipoint connection considered a layer 2 technology. Because of lower cost of cable/fiber, people stopped using frame relay
What are the speeds for: Frame relay, T1, T3, E1, E3, ATM and SONET
Frame Relay: 56 kbps - 1.544 mbps T1 - 1.544 Mbps T3 - 44.736 Mbps E1 - 2.048 Mbps E3 - 34.4 Mbps ATM 155 Mbps - 622 Mbps SONET 51.84 Mbps (OC-1) - 159.25 Gbps (OC-3072)
What is GSM and CDMA?
GSM - Global System for Mobile Comms - a cellular tech that takes the voice during a call and then converts it to digital data. Each user gets a quarter second to transmit data for example. Code-Division Multiple Access CDMA a cellular technology that uses code division to split up the channel. Uses an algorithim with a key to get there GSM phone you have a card that you can put in phone. A lot of people prefer GSM phones because of the SIM cards.
Geotagging vs Geofencing
Geotagging - off the GPS on your phone/device youre using Geofencing - see if device leaves a certain area, then it sends an alert to let us know.
Traps can be sent in what two different ways?
Granular - sent trap messages get a unique objective identifier (OIDs) to distinguish each message as a unique message being received. These OIDs will be stored in an MIB or Management Information Base - the structure of the management fdata of a device subsysatem using a hierachical namespace containing object identifiers. Verbose traps - SNMP traps may be configured to contain all the info about a given alert or event as a payload.
If you want redundancy for a VPN, what should you do?
If you want redundancy, do the private direct connection to your cloud provider. AWS calls this Direct Connect Gateway. Azure its Azure Private Link. It allows you to extend preexisitng on premise data center into providers network to directly connect to your virtual private cloud network
What are the three ways you can use 3G and what are their relative speeds?
In 3G you could see WCDMA, HSPA, HSPA+ WCDMA Wideband Code Division Multiple Access - used by the utms standard up to 2 mbps (slowest speed) High Speed Packet Access - 14.4 mbps High Speed Packet Acccess Evolution (HSPA+) up to 50 mbps often referred to as 3.75g
What is Kerberos?
Kerberos - focused on authentication and authorization within windows network and works in tandem with AD. It provides secure authentication over an insecure network. Avoids sending passes along the network. Provides two way mutual communication
What is mGRE?
Multipoint Generic Routing Encapsulation (mGRE) - enables one node to communicate with many other nodes, essentially creating a point-to-multipoint link. You could use mGRE on the router at the headquarters and support all your branch offices. This is point to multipoint. mGRE is usually combined with DMVP Dynamic Multipoint VPN Protocol. mGRE creates tunnels from one node to many nodes.
What is MPLS?
Multiprotocol Label Switching (MPLS) - Allows traffic to be dynamically routed based on load conditions and path availability. Wont be something we use for our networks but service providers on their backbone networks. Much more effivcient then standard logical ip addressing, it does all the routing work. ONLY will see this with internet service provider.
What is multitenancy? What about single tenancy?
Multitenancy - allowing customers to share computing resources in a public or private cloud. Provides better storage/acess than a single tenant solution. Better use or resources and overall lower costs. Multitenancy isnt without its drawbacks: Noisy neighbor effect (someone could be sending out spam emails that take up all the load). We also need to be aware of security risks. Single tenancy would be that you and only you get acess to all the computing power, not distributting it out.
What are the two virtual storage solutions?
NAS - network attached storage device - Disk storage delivered as a service over TCP/IP. SAN - Storage Area Network - Specialized LAN that transfers data at block-level with a special protocol (using data farms like azure or AWS). Instead of relying on TCP/IP. This can be much much faster than a NAS. There is a third way... FC - Fiber channel. Could be FCoE Fiber channel over Ethernet or ISCI
Network Access Control (NAC)
Network Access Control (NAC) - Permits or denies access to the network based on the characteristics of the device. Think of this like passport control. When I put device in network, it gets put in quarantine level to make sure everything is up to date with antivirus, OSS, etc. before its added into network
Explain the four Network Access Protocols
Network Access Protocols: RADIUS TACACS+ 802.1x EAP RADIUS: Remote Authentication Dial In User Service (RADIUS) provides centralized administration and dial up, VPN, and wireless network authentication. Supports 802.1x and EAP. Considered a client protocol and works in layer 7 app layer. Uses UDP. Run it usually on a separate server. Used to authneticate, authorize, and accounting, so uses AAA. Port 1812 for authentication message Port 1813. They could use port 1645 and 1646 respectively instead Terminal Acess Controller Access Control System Plus (TACACS+) - used to perform the role of an authenticator in an 802.1x network (for cisco) and it uses TCP (slower to operate so RADIUaS is faster) ensure port 49 is open. Cisco independently authenticates. Excellent if using cisco devices, RADIUS is better for cross platforming Supplicant, authenticatior, and authentication server Supplicant would be the device or user requesting access. Server would normally be RADIUS or TACACS. 802.1x - a standardized framework that uses port based authentication on both wired and wireless networks. Best protections to prevent rogue devices from having access. Extensible Authentication Protocol (EAP) - allows for numerous different mechanisms of authentication (digital certificates, PKI, etc)
What is NTP? What port does it use and TCP or UDP? What is the differential in internal vs external NTP?
Network Time Protocol (NTP): Synchronizes clocks between systems communicating over a pakcet switched variable latency data network. NTP is really old yet we still use it. Sent over UDP over port 123. 1ms internal ntp, 10ms external ntp.
Rogue Access Point
A fake access point set up to lure legitimate users to connect and capture all the packets (data) going through it. (like if you set up a fake starbucks access point)
Ultrasonic Camera, whats it used for?
Ultrasonic Camera - a type of surveillance camera that used sound based detection. Camera would detect it and the guards would come and arrest the attacker.
What are the four key principles for zero trust
1st - reexamine all default access controls (anyone could be a threat) 2nd - employ a variety of prevention controls and measures 3rd- enables real time monitoring and controls to identify and stop malicious activity quickly 4th - ensure the networks zero trust architecture aligns to a border security strategy.
How is 5G connection split up into different types of 5G?
5G - relatively new 2019 - 10 Gbps using high band frequencies. In 5g, we split it into low, mid, and high frewuency bands. You don't need to memorize the speeds. 5G comes in three different bands, up in the band means higher speeds but lower distance.
What is the band and bandwidth used in all of these?: 802.11a, 802.11b, 802.11g, 802.11n, 802.11ac, 802.11ax
802.11a - 5 GHz, 54 Mbps 802.11b - 2.4 GHz, 11 Mbps 802.11g - 2.4 GHz, 54 Mbps 802.11n - 2.4 and 5 GHz, 150 Mbps/600 Mbps (MIMO) 802.11ac - 5 GHz, 3 Gbps (MU-MIMO) 802.11ax - 2.4, 5, and 6 GHz, 9.6 Gbps (MU-MIMO)
Describe BRI and PRI
BRI and PRI BRI - Basic Rate Interface - offers two 64 kbps B channels with a 16 kbps D channel. Gives total of 128 kbps (adding up the two 64 channels) PRI - Primary Rate Interface - Offers a 1.472 Mbps data path over 23 B channels and a 64 kbps d Channel.
What's the default maximum transmission unit size?
By default, a frame over ethernet, theres a maximum transmission unit size which is 1500 MTU for default. Jumbo frames do up to 9000 MTU. You need to config ur network to handle these otherwise they'll drop it
Describe cable modems. What are their upstream/downstream frequencies?
Cable Modems - uses a cable television infrastructure that is made up of a hybrid fiber-coax (HFC) distribution network. Because of this use of fiber and coax, it can go pretty fast. DOCSIS (Data-Over-Cable Service Interface Specification) specifies all this - if you see HFC on the exam, thisll have osmething to do with cable modems. FYI: Upstream frequencies used per DOCSIS: 5 MHz to 42 MHz, downstream: 50 MHz to 860 MHz. Don't have to memorize that for test. Cable modems can transmit and receive over the current cable television infrastructure. So this is just better than DSLs.
What is a captive portal? What is geofencing?
Captive portal - web page that appears before the user is able to access the network resources (like when you connect to hotel wifi and accepting terms/conditions to join the network) Geofencing - Uses GPS and RFID to define real-world boundaries where barriers can be active or passive. This COULD be used for authentication. (verifies that your in the store for Starbucks)
What are some examples of Wireless WAN connections?
Cellular, microwave, satellite, high frequency radio.
What is a channel? How many channels are in 2.4 GHz spectrum? How about in a 5 GHz spectrum?
Channel - A virtual medium through which wireless networks can send and receive data. Think of this as a virtual pipe to send data through For 2.4 GHz, there can be 11 or 14 channels. (This is based on country, in US its only 11 channels 2401-2473 MHz) (Rest of world 13 channels) (Japan 14) Each channel is only 24 MHz wide. They also overlap a lot. If youre dealing with 2.4 ghz, remember channel 1, 6, and 11. They are far enough apart to not have any interference while still being in a Wireless b, n, g within 2.4 GHz spectrum 5 GHz spectrum 5.725-5.875 GHz, there are now 24 non-overlapping channels in the 5 GHz band.
What is a CSU/DSU?
Channel Service Unit/Data Service Unit (CSU/DSU) terminates the digital signals at the customer's location. CSU/DSU is used to connect to the network in dedicated lease lines.
What is a circuit switched connection?
Circuit switched connection - connection is brought up only when needed similar to a phone call. It's not 24/7 access so it's way cheaper, but youre sharing that cost as an on demand
What are the five models of cloud computing in network+ and what do they do?
Cloud Computing Five models of cloud computing: NaaS, IaaS, SaaS, PaaS, DaaS Network, Infrastructure, Software, Platform, Desktop as a service NaaS - allows for the outsourcing of a network to a service provider. Your netowkr capabilities are provided as a common utility. Route 53 or Amazon VPC. These are network as a service. IaaS - outsourcing of infrastucture of the servers and desktops to a service provider. You would use AWS or Azure. SaaS - Users interact with a web based application and the details of how it works are hidden. Office 365, google docs, etc. These always get updated and upgraded to their latest version since youre paying that monthly fee. PaaS - provides a platform for companies that develop applications without the need for infrastructure. I wanna build a VM and give troubleshooting experience in a lab, but I don't need to host the servers and keep those up. Pivotal, openshift, apprenda, etc Desktop as a Service (DaaS) - provides a desktop environment that is accessible through the form of a cloud desktop or virtual desktop environment. These are through the use of VDI or Virtual Desktop Infrastructure.
What are the three types of password attacks?
Dictionary attack - guesees the password by attempting to check every single word. P@ssword Password123, etc. Do not use anything that looks like a regular word. Brute Force Attack - tries every possible combination until they figure out the pasword. If it's a 4-pin password, they can just count from 0 to 9999. Use a longer and more complicated password. Less than a few days to crack an 8 character password. 11 characters becomes 10 years. By next year, cut it in half cause computers get faster. For good security, minimum of 12 characters Hybrid Attack - combination of dictionary and brute force attacks. (look at persons facebook and get peoples info to help your dictionary)
What are the different DNS records? (Nine of them)
Different types of DNS records. 1. A record - Address record - used to link a hostname to an IPv4 address. Example www.diontraining.com -> 45.79.184.180 2. AAAA record - Address record - uses IPv6 (used by most modern networks) diontraining -> 2400:cb00:2049:1::a29f:1804 3. CNAME - Canonical Name - Points a domain to another domain or subdomain like itilexam redirecting to diontraining. 4. MX - Mail Exchange - directs emails to a mail server (how they should be directed using SMTP and stuff, priority set too) Mail1.diontraining.com set at 10, mail2.dion... set at 20. it'll go to mail1 first. If you wanna load balance, have same #'s 5. SOA - Start of Authority - Stores important information about a domain or zone. - DNS Server attempts a zone transfer SOA acts as a serial number for the verisions and ensures all DNS records are updated. 6. PTR - Pointer - Correlates an IP address with a domain name. It's a reverse DNS lookup. Ip adress.in-addr.arpa (ARPA Advanced Research Projects Agency Network - first top-level domain that was defined for what would become the internet, used to manage network infrastructure.) 7. TXT - Text - Adds text into the DNS. Text records to let human notes put into DNSlookups. Proves domain ownership, email spam prevention, etc. text record fdkey.support allows diontraining support systems to send emails. 8. SRV - Service record - Specifies a host and port for a specific service - now we can specify a port along with an ip address. _xmpp_tcp.diontraining.com 86400 IN SRC 10 5 5223 chat.diontraining.com <-- example of a single SRV record. 86400=updated every 24hrs, 10, 5, priority levels, 5223 port number. 9. NS - Nameserver - Type of DNS server that stores all the DNS records for a given domain. Who owns the DNS record and is authorized to make changes to it? Theres often more than one nameserver for a record, primary/backup. The cloud could be an authoritative figure.
Explain DSSS, FHSS, and OFDM
Direct Sequence Spread Spectrum - Modulates data over an entire range of frequencies using a series of signals known as chips (these chips have a lot of interference, large portions of frequency bands are being used so not very good. DSSS wastes a lot of space) FHSS - Allows device to hop between predetermined frequency, it's a security measure. Slows down the available bandwidth but it increases security. OFDM - uses a slow modulation rate with simultaneous transmissions over 52 different data streams You need to know these three terms and they fit in for a wireless networking. This is as in depth you need for the exam
What are the three factors you should consider when decided your choice of antenna?
Distance, Pattern of Coverage, and the Environment are three factors with your decision making in making choice of antenna
Elasticity vs Scalability
Elasticitiy - Attempts to match the resources allocated with the actual amount of resources needed at any given point in time. Our cloud space can grow or shrink based on the amount of work being done or resources being used. Focused on meeting sudden increases/decreases in workload. Scalability - Handles the growing workload required to maintain good performance and efficiency for a given software or application. I can scale up or down based on how many users I expect. I don't pay for what I use, I pay a static amount. Scalability is a long term solution, elasticity approach is more short term.
What are the different kinds of EAP?
Extensible Authentication Protocol (EAP) - allows for numerous different mechanisms of authentication (digital certificates, PKI, etc) EAP-MD5, EAP-TLS, EAP-FAST, PEAP, EAP-TTLS EAP-MD5 utilizes simple passwords and the challenge handshake authentication process to provide remote access auth. EAP-TLS - uses public key infrastructure with a digital certificate installed on both client and server. EAP-TTLS - requires a digital certificate on server and a password on the client for it authentication EAP Flexible Authentication via Secure Tunneling (EAP-FAST): Uses a protected access credential to establish mutual auth between devices Protected EAP (PEAP) - uses server certificates and Microsoft Active Directory databases to auth a client pass. Lightweight EAP (LEAP) - a proprietary protocol that only works on cisco based devces. Does the same thing as eap.
What is a FQDN?
FQDN - Fully Qualified Domain Name - a domain name that is under a top-level provider. Top level domain would be .com, to be fully qualified, we have to put www in front of it. Diontraining would be the domain name. ftp.diontraining.com is the file transfer server, mail.diontraining.com would use the mail server. Www uses the http server
What is an ISDN?
Integrated Services Digital Network - ISDN is more cheaper than the dedicated leased line. Full bandwidth on this link BUT can be given to others if ur not using ISDN or Integrated Services Digital Network - an older technology designed to carry voice, video, or data over B (bearer) channels. This is also a great example of a service switch technology. Binds channels together. They also had D channels or delta channels existed for 64 kbps signaling for controlling.
Explain Least privilege, access controls, and zero trust
Lease privilege - using the lowest level of permissions possible for each worker in order to complete their job. role based access groups should be made, to sustain access controls Zero-Trust: a security framework that requires users to be authenticated and authorized before being granted access to applications and data.
What is LDAP?
Local authentication: username and password or badge LDAP: Simplified version of X.500 which is a directory service which gives a hieracheral Port 389 LDAP is plain text Port 636 LDAP Secure Lightweight Directory Access Protocol (LDAP) - validates a username and pass combination against an LDAP server as a form of authentication. It occurs over the network, not just local. Microsoft deployed their own version of this called Active Directory. (AD) organizes and manages everything on the network, clients, etc
What is log collection, normalization, correlation, aggregation, and reporting all do in SIEM?
Log collection - provides important forensic tools and helps address compliance reporting Normalization - maps log messages into a common data model, enabling the organization to connect and analyze related events Correlation - links the logs and events from diferent systems or applications into a single data feed Aggregation - reduces the volume of event data by consoldiating duplicate event records and merging them into a single record. Reporting - presents the correlated, aggregated event data in real time monitoring dashboards for analysis or long term summaries for management
What are the severity levels in logs
Lowest severity value is the most severe, hightest is the least. level 0 - emergency - the system has become unstable level 1 - alert- a condition that should be corrected immeadietely. level 2 - Critical - A failure in the system's primary application requires immeadiete attention Level 3 - erorr - something is preventing proper systme function Level 4 - warning - an error will occur if action isnt taken sooon Level 5 - notice - the eventsa are unusual Level 6 - Information - normal operational message that requires no action Level 7 - Debugging - useful information for developers.
MAC Address Filtering
MAC Address Filtering - Configures an access point with a listing of permitted MAC addresses (like an ACL). Problem is that its still easy to do MAC spoofing.
What is MIMO and MU-MIMO?
MIMO - Multiple Input Multiple Output - Uses multiple antennas to send and receive data that it could be used with a single antenna. Splits up your data so it can be faster. (acts like a hub) MU-MIMO - Multiple User Multiple Input Multiple Output - allows multiple users to access the wireless network and access point at the same time. (acts like a switch so this helps avoid collision)
What are managed devices?
Managed Devicers - any device that can communicate with an SNMP manager known as the managemenet info base (MIB) - this oculd be oruter, switches, printers, etc. managed back to a centralized management. SNMP manager could be naything on your computer, normally youll set it up on a server. It's a master node, itll go to that agent with set, get, and trap.
What is Metro Ethernet? What is PPP?
Metro Ethernet: Less expensive and more ocmmon than specialized serial ports used in CSU/DSU. Service provider gives oyu etheernet jack in your building and you simply plug that into your router. Dedicated lease lines are an old technology. We have migrated to Metro Ethernet Point-to-Point protocol (PPP) - commonly used as a layer 2 protocol on a dedicated lease lines to transmit multiple layer 3 protocols (IP, IPX) on top of that. Commonly used as a Layer 2 protocol on dedidcated leased lines to transmit multiple Layer 3 protocols (IP, IPX) Each layer 3 control protocol could run its own instance of PPP's on link Control Protocol (LCP) (manages the link and does some error checking for you). I can run different levels of IP or IPX over the same connection. It's a multilink interface, multiple physical connections bounded together to give more speed under one logical interface link. This PPP also allows you to do looped link detection, error detection and authentication Each layer 3 control protocol runs an instance of PPP's Link Control Protocol
Describe a Microwave Link. What is Wimax?
Microwave link - uses beam of radio waves in the microwave frequency range to transmit - UHF, SHF, EHF. It can provide a super fast connection between two points. However, this needs to always be in line of sight. 40 miles or 64 km is the most you can go before Earth curves too much. Worldwide Interoperability for Microwave Access (WiMAX) Wimax is faster than all these HSPA UMTS and GSM. Wimax is beginning to lose popularity since Wi-Fi still outclasses it, and just having regular fiber
Difference between North-South and East-West (for direction of data traffic)
North-South and East-West (direction of data flow through the data center) North-South: Traffic that enters or leaves the data center from a system physically residing outside the datacenter. If its north, it would be leaves. If its south, it would be enter East-West - refers to data flow within a datacenter (going in between leaves) Southbound - entering datacenter Northbound - leaving datacenter East-west - within datacenter.
What is orchestration?
Orchestration - process of arranging and coordinating the installation and configuration of multiple systems. You can lower costs, speed up deployments and increase security.
How should you design your access point placement in a 2.4 GHz network vs a 5 GHz network?
Overlap between coverage zones, but not in frequencies. If I use 2.4 GHz - should have an overlap coverage of 10-15%. Identical channels only need to be one cell apart. 5 GHz - identical channels should be separated by at least two cells
Difference between PAP, CHAP and MS-CHAP?
PAP sent in the clear (huge security risk) CHAP hashed credential MS-CHAP being the most secure (uses multi factor auth) PAP performs one way authentication between client and the server. Password is sent over clear text in this way CHAP does the one way authentication with a three way hand shake (improved version of PAP). Client credentials sent via encryption with hashing and checked on that. MS-CHAP: there's a two way authentication, client authenticates server, server authenticates client. Hashed credential and most secure.
What is a Packet Switched Connection?
Packet Switched Connection - works like an always on dedicated lease line, but most customers share the link. Each user would get a Service Level Agreement that oyu must agree on a particular level of quality or speed.
What is network access control?
Protect from known or unknown devices Network Access Control (NAC) - ensures a device is scanned to determine its current state of security prior to being allowed network access. When a device attempts to connect, it'll be placedi n a holding area. Checked for antivirus defs, status of security patching, other items that could pose security threats. If the device fails the inspection, its placed in a digital quarantine area awaiting its remediation. It's stuck inside the screened subnet. NAC solution could be persistent or non-persistent
What is a PKI?
Public Key Infrastructure (PKI) - gives secure email exchanges and web browsing and solves the problem of having to distribute the keys ahead of time RSA uses PKI and it's the most popular form of asymmetric encryption.
What is purging/sanitizing?
Purging/Sanitizing - Removes data which cannot be reconstructured using any known forensic techniques. This includes using bit by bit erasing software (re-write the drive several times), encrypt the drive and destroy the key, if you wanna reuse it more easily youd use a clearing technique
What are the three diffferent role based accesses that can be assigned?
Role-based access - DAC, MAC, ARBAC DAC: Discretionary Access Control: an access control method where access is determined by the owner of the resource. 1st challenge- every objecti n a system has to have an owner 2nd - each owner must determine the access rights and permissions for each object Could be dangerous having owner have whole control MAC: An access control policy where the computer system gets to decide who gets access to what objects. It does this through data labels. Military - Unclassified, confidential, secret, top secret. MAC is not really used in enterprise, its mostly used for super secret military stuff RBAC: Role Based Access Control: an access model that is controlled by the system but focuses on a set of permissions versuses an individual's permissions. Do sales need access to HR files? No. A bad practice would be adding Jason to have access to a doc. Good practice is putting him in the proper role TO have access.
Explain what a root, top level domain, second level domain, subdomain, and host is in DNS resolution
Root- answers request in the root zone Top level domain - .com (geographic ihierachy used) Second level domain - diontraining.com Subdomain - www.diontraining.com or support.diontraining.com Host - Refers to a specific machine on the network. Taking it a step further, looking at it in a url specific way
What is SIEM?
SIEM Security Information and Event Management (SIEM) - provides real time or near real time analysis of security alerts generated by network hardware and applications. Its able to gather logs and data from all sorts of different systems into one spot. Log reviews should be done regularly, it's a due diligence IT admins should be doing
Difference between SNMPv1/v2 and SNMPv3
SNMPv1 and SNMPv2 use these community strings for their pre shared keys. So it's a huge security risk. SNMPv3 - provides three security enhancements which added integrity, authentication, and confidentiality to the SNMP protocol. Integrity - hashing messages before translated, authentication - source validation, confidentiality - DES 56-bit encryption. NMS SNMP Entity vs Managed Node. SNMPv3 groups things into entities and each group can be given certain permissions within read/write access.
Describe Satellite Modems
Satellite Modems - used in remote, rural, or disconnected locations where other connections are not available. Not nearly the speeds. Very low usage CAPs, streaming video services is not great for this. 5-10 gigs of service per year, 1 gig of data can be streamed by netflix in a day. Satellite has about a quarter second delay because of getting to space and back to ground station. Also weather in your area or the ground station area is bad could screw it up too
What are all the different asssessments in networking for security mitigation? (7 different ones)
Security Risk assesment - used to identify, asses, and implement key security controls within an application Threat assessment - identification of different threats that may wish to attack your network. Mitre attack&ck, a document with a procedure to go through Vulnerability assessment - Focused on identifying, quantifying, and prioritizing the risks and vulnerabilities in a system or network. Usually a network technician would use a vulnerability scanner for this like Nessus, QualysGuard, OpenVAS Posture Assessment - Asses cyber risk posture and exposure to threats caused by misconfigs and patching delays Define Mission critical components Identify strengths/weaknesses, security issues Stay in control Strengthen position Business risk assessment - used to identify, understand, and evaluate potential hazards in your everyday work in the workplace Process Assessment - the displinced examination of processes used by the org against a set of criteria. Like QA, seeing you go through a whole process Vendor Assessment - The assessment of a perspective vendor to determine if they effectively meet the obligations and the need of the business. (making sure malware isnt in third party providers for routers/switches etc)
What is Separation of Duties? Two different ways
Separation of Duties - prevent frauds and abuse by distributing various tasks and approval authorities across a number of different users. Give two different admins two different admin functions. (two physical keys from two different admins to launch a nuke for example, this is called dual control) Dual control: requires two people to be present to do something Split knowledge: two people each have half of the knowledge to do some type of function.
What is SIP and PBX?
Session Initiation Protocol (SIP) - used to setup, maintain, and tear down calls. VoIP is popular because it can save money and gives enhanced service You get caller ID and voicemail because you are using VoIP. SIP starts the call, RTP (real time protocol) begins within the tunnel Virtual Private Branch Exchange (PBX) and VoIP - Outsources a telephone system by utilizing VoIP to send all data to the provider and then connecting it to the telephone system.
What are the three main values in SNMP?
Set will set a value, get will get a value, trap will be a message from the clients device to the manager, it can notify the management of any significant events happening in real time
Explain an SDN network and the four parts it can be broken into
Software Defined Networking (SDN) - enables the network to be intelligently and centrally controlled or programmed using software applications. Automation/orchestration can manage it. Application layer, control layer, infrastructure layer and management plane SDNs are broken down into four parts: (Need to know for the exam) Application Layer - focuses on communication resource requests or info about the network as a whole Control Layer - uses the info from the applications and decides how to route that packet on that network, how it should be prioritizing raffic and securing it etc Infrastructure Layer - contains the network devices that receive information about where to move the data and then perform and then perform those movements SDNs provide a layer of abstraction between the devices and the control and data flow that happens on the network. Management Plane - Used to monitor traffic conditions and the status of the network.
What is an SDN?
Software Defined Networking (SDN) - provides an easy to use front end to configure physical and virtual devices throughout the network. As an administrator, you get access to your whole network. Now with SDNs, I got to software defined controller, make the change once and it pushes the change across all devices.
Describe an SD-WAN
Software Defined Wide Area Network (SD-WAN) - allows for leveraging any combo of transport services to securely connect users to their applications. Software-based WAN architecture MPLS, cellular connection, microwave link, boradband connection, we can run this anytime you want. SD WANs enable cloud first enterprises to deliver amazing quality experiences for their users. SD-WANs improve on not having a single point of failure like . You need to know when we might use this. Lots of branch offices and the company is trying to move into the cloud, reducing bottlenecks and improving users expereicne do this like in traditional WAN architecture
Describe a spine and leaf network architecture
Spine and Leaf Network Architecture is a alternative network architecture that's used specifically for data centers. It focuses on the communication with the data center itself Spine and leaf architecture, datacenter talking to servers Two switching layers known as spine and leaf. Leaf layer will have all the access switches that connect directly to the core. Using a spine and leaf architecture can give faster speeds and lower latency than the traditional three tired hierachy. We can take shortcuts and gain data place to place and this works best when using SDN with the spine and leaf topology. Install two switches into each server rack. This is known as top of rack switching. The switches are gonna be the leaves of this architecture and itll connect to the spine. This architecture can be used in combination with the tsandard three tier model.
What is TTL?
TTL (Time to Level) Tells the DNS resolver how long they can cache a query before requesting a new one. My computer will remember that DNS for 24hrs until they forget and have to reach out to DNS server again. Windows makes a log of every DNS that you request. If you access diontraining 5 times, you'll need to perform DNSLookup only once.
What is the CIA Triad?
The CIA Triad Confidentiality, Integrity, Availability (CIA) need all three of these components for a secure network Confidentiality - keeps data private and safe using encryption and authentication access of resources. Encryption ensures data can only be encoded by its recipient. Integrity - Ensures data was not modified in transit and verifies it came from its original source. (prevents ip spoofing, arp spoofing, man-in-the-middle attacks, etc) Availability - Measures data accessibility and is increased by designing redundant networks. Availability can be compromised (you can make your router with ping of death attack, denial of service attacks)
Threat vs vulnerability
Threat - a person or event that has the potential of impacting a valuable resource in a negative matter Vulnerability - A quality of charecteristic within a given resource in its environment that might allow the threat to be realized (lack of prevenative mechanisms, not running the latest Windows version, no backup generators, etc)
IEEE 802.1x used in port based network access control. What are four ways to based our fix off of?
Time-Based: defines across all times (if you try to login at 2am for work, it wont let you have access) be careful about timezones. Location-based: evaluates the location of the endpoint requesting access using IP or geolocation Role-based: (Adaptive NAC) reevaluates a devices authentication when its being used to for doing something. (trying to connect to a server management subnet) Rule-based: uses a complex admission policy that might enforce a series of rules with the use of logical statements. (If Jason and instructor, let in folder, jason and student, deny access)
What are Traffic Logs? What are Audit Log/Audit Trails?
Traffic Log - contains info about the traffic flows on the network. Traffic logs allow for investigation of any abnormalties Port 443, today I saw 10 gigs being withdrawn, I wanna take a look at that cause its abnormal Audit Log/Audit Trail - contains a sequence of events for a particular activity. You can review an audit log for a device to see what people configured while u were gone
Vertical vs horizontal scaling
Vertical or horizontal scaling is how we scale or elasticize up or down. Elasticity is a short term addition subtraction of resources, scalability is long term planning and adoption Vertical scaling - Increase the power of our existing resources in our work environment. Upgrading from 4 gb ram to 8 gb ram. Scale up using vertical scaling by going to the next plan doubling memory/etc Horizontal scaling (Scaling out) - Increase the amount of resources for handling the extra load being experience. We will add two servers into our blog instead of one and load balance the data equally. Vertical is easy to use and helps with long term scalability. With scalability youll usually go with this option Horizontal - usually used with elasticity, a lot of horses running in the same direction. As your adding more machines to the pool too, you are provided more redundancy and less downtime since you distribute the load across multiple servers
What is a virtual desktop?
Virtual Desktops - A desktop computer that is run on a browser using web, laptop, tablet, or phone. Its bad for video gaming and computing power. Average user surfing internet, powerpoint, excel they are great for lowering cost and giving security. (textbook answer, here in 2020 there are virtual gaming desktops, video editing stuff, etc) 20/30 bucks a month, use of very high end computer.
What are the types of vulnerabilities we can see on a network?
Vulnerabilities in the network: Environmental vulnerabilities: Undersirable conditions or weaknesses surrounding your network, (like hurricanes and storms, so you need redundant power) Physical vulnerabilities - undesirable conditions or weaknesses in a building (cable tripping, fire hazards, etc) Operational vulnerabilities - Focuses on how the network and its systems are run from the perspective of an organization's policies or procedures. Technical vulnerabilities - system specific conditions that create security weaknesses (classifying these as CVE or zero-day threat) Common Vulnerabilities and Exposures (CVE) - A list of publicly disclosed computer security weaknesses. (gives us a long summary of a known threat) Zero-day Vulnerability - any weakness in the system design, implementation, software code, or a lack of preventive mechanisms in place. CVE - known vulnerabilities Zero-day - brand new vulnerability Exploiting the vulnerabilities uses an exploit: a piece of software code that takes advantage of a security flaw or vulnerability. Windows use software patches or cve for the vulnerability. This is why you need the most up to date windows. Keep systems patched and antimalware software updated.
Explain WEP, WPA, and WPA2
WEP Wired Equivalent Privacy - Original 802.11 wireless security standard which claimed it was as secure as wired networks. Truth is, its insecure security protocol. Everyone has the same 40-bit key (easy to brute force). Overtime they upgraded it to 64 bit then 128 bit. WEP uses a 24 bit initialization vector sent in clear text. (you can backwards guess the pre shared key if youre able to intercept this vector) WPA Wi-Fi Protected Access: Replaced WEP and follows the Temporal Key Integrity Protocol (TKIP) uses 48 bit initialization vector ( still weak), rivest cipher 4 (RC4) pretty good but not good with todays standards. Message Integrity Check (MIC) to confirm data was not modified in transit (man in middle attacks). Enterprise Mode is used to overcome the flaw with large businesses and keys. To authenticate users before exchanging keys. WPA is still weak by todays standards WPA2 - Wi-Fi Protected Access 2 our currrent standard wireless g, then n, then ac - created as part of IEEE 802.11i standard and requires stronger encryption and integrity checking through CCMP. If you see CCMP, this is part of WPA2 security. Replaced RC4 with the AES (Advanced Encryption Standard) which is used to provide additional security by using a 128 bit key or higher.
War Driving and War Chalking
War Driving - occurs when users perform reconnaissance looking for unsecured wireless networks so I know where to attack War Chalking - occurs when users write symbols on a wall to notify other characteristics of AP. When someone notates the networks they found.
What does the device do if it cant get positive contact with the DHCP server?
What does the device do if they cant get positive contact with DHCP server? We need an alternate configuration. By default it uses APIA Automatic private IP address. Pool of addresses that can be used as a backup. You can configure your DHCP server to have specific lease times, DNS server, Default gateway, and subnet mask options.
How does DHCP assign its addresses to a device joining the network?
When the device joins network, its gonna reach out to our DHCP server, it's gonna discover I need an IP address DHCP server offers an address. Computer says yea I like that and requests. DHCP server acknowledges that the device's address is what it is. That's a DHCP lease. Home networks, 24 hours lease time. Corporate could be 7-30 days. Configures our device on a netowkr automatically DHCP. DHCP gives it four key pieces: Ip Address where it is on the network, subnet mask, default gateway IP (ip address of the router) and DNS server IP address so it can do a dnslookup. Client can now get online with its ip address.
What are three ways we can store this data?
Where can we store this data? On-premises - you can have all the files on one server or office Co-located, you don't need to build the building you share it with others. Last option cloud-based.
What is a WAP?
Wireless Acces Point (WAP) - expands wired LAN into the wireless domain and connects wired LAN and wireless devices into the same subnet (it's not considered a router). It acts like a hub or media converter, extending your broadcast domain more than wired All clients on an access point are on a single collision domain
What is a zone transfer?
Zone transfer - sharing of information between DNS servers about whicvh domain name they have and their assosciated ip addresses.
What is iSCSI?
iSCSI IP Small Computer System Interface - Lowers cost and relies on configuration that allows jumbo frames over the network. It is slower but it saves a bunch of money because you don't need dedicated hardware like fiber channels.
What is channel bonding?
in the 5 GHz band. We can make wider channels, starting with wireless n networks you can use channel bonding. What is channel bonding? Channel bonding - allows for the creation of a wider channel by merging nerighboring channels into one. We can now do 220 MHz channels, combine 8 chanels get even more bandwidth. This however will increase probability of more interference. The standard channel size for both 2.4 GHz and 5 GHz is 20 MHz, but 5 allows you to channel bond. You can get faster network speeds but more interference when widening channels.