Chapter 3: Understanding Basic Network Security

Firewall

Filters traffic between networks and can filter both incoming and outgoing traffic. In other works, a __________ can ensure only specific types of traffic are allowed into your network. Most ___________ use an implicit deny strategy where all traffic not explicitly allowed is blocked. This can be implemented with a deny all, or deny any any rule at the end of the ACL.

Port 80

HTTP (Hypertext transfer protocol)

User Datagram Protocol (UDP)

provides connectionless sessions (without handshake). ICMP or Internet control message protocol traffic and audio and viedo streaming use this. All TCP/IP traffic is either connection oriented TCP traffic or connectionless UDP. - Basic Connectivity Protocol

Microsoft SQL Server

Is a server application that host database accessible from web servers and a wide array of applications. Port 1433 -Application protocol

Encryption Protocols

Any traffic sent accross the wire in clear text is subject to sniffing attacks with a protocol analyzer. One way to protect against this vulnerability is to encrypt the data. Examples include: SSH, FTPS, SFTP, SCP, IPsec, SSL, and TLS.

Kerberos

Authentication protocol used in windows domain and some UNIX environments. Ports 88 -Application protocol

Transmissions Control Protocol (TCP)

Connections oriented traffic (Guaranteed delivery). _____ uses a three way handshake. To start a _____ session, the client sends SYN (synchronized) packet. The server respons with a SYN/ACK packet, and the client completes the third part of the handshake with an ACK packet. connection is then extablished. - Basic Connectivity Protocol

Application protocols

Different _________ ___________ are used on the internet and within an intranet. A common one used is HTTP to access web pages on the internet.

Subnetting

Divides a single range of IP addresses into several small ranges of IP address.

Port 20 and 21

FTP (file transfer protocol)

Port 443

Hypertext transfer protocol (HTTPS)

IPsec Remote Access

IPsec can be used as a remote access tunneling protocol to encrypt traffic going over the internet.Uses port 500 for IPsec VPN connections. - remote protocol

Ports

Logical numbers used by TCP/IP to identify what service or application should handle data received by a system.

Ports 137-139

NetBIOS (Network Basic Input/output system)`

NetBIOS

Network Basic Input/output system is a name resolution service for NetBIOS system names on an internal network. Ports 137-139 -Application protocol

Protocols

Networking protocols provide the rules needed for computers to communicate with each other on a network. TCP/IP (Transmission Control Protocol) is a full suite of protocols used on the internet and many internal networks.

Remote Access Protocols

PPP, IPsec, PPTP, L2TP, RADIUS, TACACS/XTACACS

Point to point tunneling protocol (PPTP)

Point to point tunneling protocol is a tunneling protocol used with VPNs that has some known vulnerabilities. PPTP uses TCP port 1723- remote protocol

Port 3389

Remote Desktop Services

RADIUS

Remote authentication dial in user service central authentication to remote access clients. Each remote access server can foward authentication request to the cental radius server. - remote protocol

Port 25

SMTP (Simple mail transport protocol)

Email Protocols

SMTP, PoP3, IMAP4

Port 1433

SQL Server

Port 22

SSH(Secure shell), SFTP(secure File transfer protocol) (with SSH), and SCP(Secure copy protocol) all use port ____

Port 161

Simple network management protocol (SNMP)

internet Protocol (IP)

The ____ identifies host in a TCP/IP network and delivers traffic from one host to another using IP addresses. IPv4 uses 32 bit addresses represented in dotted decimal format, such as 192.168.1.100. IPv6 uses 128 bit addresses using hexadeciaml code.- Basic Connectivity Protocol

secure sockets layer (SSL)

The __________ protocol secures HTTP traffic as HTTPS. SSL can also encrypt other types of traffic such as LDAP. SSL uses port 443 when encrypting HTTP, and port 636 when encrypting LDAP/SSL (LDAPS). -Encryption Protocol

Transport layer security (TLS)

protocol is the designated replacement for SSL. At this point you can use _______ instead of SSL in just about any application. For example, ______ can encrypt HTTP traffic as HTTPS (on port 443), and LDAP traffic as LDAPS on port 636. -Encryption Protocol

IPv4

Uses 32 bit IP addresses expressed in dotted decimal format. For example, 192.168.1.5 is four decimals seperated by periods or dots.

Switches

are used for network connectivity and map MAC addresses to ports.

Secure Shell (SSH)

can be used to encrypt a wide variety of traffic, such as telnet, secure copy (SCP) and secure file transfer protocol (SFTP). when traffic is encypted with SSH, it uses port 22. -Encryption Protocol

Virtual local area network (VLANS)

can logically separate computers or logically group computers regardless of their physical location.

Load Balancer

can optimize and distribute data loads across multiple computers.

Layer 2 tunneling protocol (L2TP)

combines the stregnth of layers 2 forwarding - remote protocol

Network-based Firewall

controls traffic going in and out of a network. A ________________ controls traffic between networks using rules within an ACL. The ACL can block traffic based on ports, IP addresses, subnets, and some protocols.

Proxy Server

forwards requests for services from a client. It can filter requests based on URLs, cache content, and record user's Internet activity.

Host-Based Firewalls

helps protect a single system from intrusions.

DMZ

provides a layer of protection for servers that are accessible from the Internet.

Secure File Transfer Protocol (SFTP)

is a secure implementation of FTP. Is an extension of secure shell (SSH) and uses port 22. -Application protocol

Domain Name system (DNS)

is a service that resolves host names to IP addresses on the internet and internal networks. Port 53 -Application protocol

File Transfer Protocol Secure (FTPS)

is an extension of FTP and ueses SSL or TLS to ecrypt FTP traffic. Uses Ports 989 and 990. -Application protocol

Terminal Access Controller Access Control System (TACACS)

is an older network authentication protocols. - remote protocol

Secure copy protocol (SCP)

is based on SSH. Users can use ________ to copy encypted files over a network. _________ uses port 22. -Encryption Protocol

Simple network management protocol (SNMP)

is sued to monitor and manage network devices such as router or switches. Port 161. _________ Agents report information via notification known as _________ traps. -Application protocol

Lightweight Directory Access Protocol (LDAP)

is the language used to comunicate with directories such as microsoft's Active Directory. -Application protocol

Terminal Access Controller Access Control System + (TACACS+)

is used as an alternative over RADIUS. it uses multiple challenge responses for authentication, authorization, and audit. Usea TCP port 49 - remote protocol

Internet control message protocol (ICMP)

is used for testing basic connectivity and inclues tools such as ping, pathping, and tracert. Ping can check for basic connectivity between two systems. - Basic Connectivity Protocol

Hypertext Transfer Protocol (HTTP)

is used for web traffic on the internet and in intranets. HTML is common language used to display web pages. USES port 80 - Application protocol

Point to point protocol (PPP)

is used to create dial-up connections between dial up client and a remote access server, or between a dial up client and an ISP. - remote protocol

Internet protocol security (IPsec)

is used to encrypt IP traffic. Native IPv6 but can work with IPv4. IPsec includes ESP and AH, and can encrypt IP packet payloads. IPsec works in both tunnel and transport modes. -Encryption Protocol

internet message access protocol 4 (IMAP4)

is used to store email on an email server. IMAP4 allows a user to organize and manage email in folders on the server port 143 -email protocol

Port Security

limits access to switch ports. It includes limiting the number of MAC addresses per port and disabling unused ports. You can also manually map each port to a specific MAC address or group of addresses.

Web-Security Gateway

performs content filtering (including filtering for malicious attachments, malicious code, blocked URLs, and more).

Loop Protection

protects against switching loop problems, such as when a user connects two switch ports together with a cable. STP and RSTP are commonly enabled on switches to protect against switching loops.

Address Resoultion Protocol (ARP)

resolves IP addresses to Media Access Control (MAC) addresses. TCP/IP uses the IP address to get a packet to a destination network, but once it arrives on the destination network, it uses the MAC address to get it to the correct host. - Basic Connectivity Protocol

Hypertext Transfer Protocol Secure (HTTPS)

secures web traffic by transmitting it in an encrypted format. Encrypted using SSL or TLS and it uses port 443. -Application protocol

Port Scanner

systems for open ports and attempts to discover what services and protocols are running.

Simple mail transport protocol (SMTP)

transfer e-mail between clients and _______ servers, and between _______ servers. Uses Port 25.

Post office protocol v3 (PoP3)

transfers e-mails from servers down to clients. Pop3 uses port 110.

Network Access Translation (NAT)

translates public IP addresses to private IP addresses, private back to public, and hides IP addresses on the internal network from users on the Internet.

File transfer protocol (FTP)

uploads and downloads files to and from and FTP server. Transmits data in clear text making it easy to attack. Uses port 20 and 21-Application protocol

Telnet

used to connect to remote systems or netwok devices over a network (Such as a router). Port 23 or 22. You can encrypt _________ traffic with SSH, and it uses port 22 when encrypted with SSH. -Application protocol

IPv6

uses 128 bit IP addresses expressed in hexadecimal format. For example, FE80:0000:0000:0000:20D4:3FF7:003F:DE62 includes eight groups of four hexadeicmal characters.

Trvial file transfer protocol (TFTP)

uses UDP and is used to transfer smaller amounts of data, such as when communicating with network devices. Port 69 -Application protocol