CNIT 34220 Final Exam Review
How does DNS aliasing via MX records work?
- Allows mail to be sent to a domain name rather than a FQDN - MTA looks for MX record first, then falls back and looks A record if no MX is found
What are some LDAP operations?
- Bind - Add - Modify - Modify DN - Delete - Search - Compare - Abandon - Extended operations - Unbind
What is the Julian Calendar?
- Created by Julius Caesar in 46 BC - 365 days in year - Error in leap year calculation
What is an authoritative DNS server?
- DNS server that contains the actual DNS entries - server must be available 24/7 - address for the server is listed in the next higher level's configuration
What is the Gregorian Calendar?
- Decreed by Pope Gregory XIII on Feb 24, 1582 - Still had 365 days in a year - Fixed leap year calculation
What are the three ways to define a host in SMTP addressing?
- Fully Qualified DNS Host Names - DNS Aliasing via MX Records - Forwarding
What happened in September of 1752?
- Great Britain and colonies changed from Julian to Gregorian calendar - in order to adjust for leap year calculation, skipped last 11 days of the month (making it a 19 day month)
What is HTTPS?
- HTTP Secure - Port 443 - authenticates the server
What are difficulties with implementing S/MIME?
- Hard to integrate with Webmail - Designed as an end-to-end encrypted solution
What is HTTP?
- Hyper Text Transfer Protocol - Port 80 - begins with HTTP GET of a URL - establishes multiple TCP sessions
Explain IMAP
- Internet Message Access Protocol - Similar to POP3 in functionality
Describe the Proxy Auto Configuration process
- Javascript script returns proxy server to use - placed on internally accessible web server - clients configure themselves upon hitting the script
What are the three possibilities when a mail arrives at a host?
- Mail is delivered - Mail is forwarded - Mail is refused (bounced)
Explain MAPI
- Messaging Application Programming Interface - Allows programs to become email-aware - Primarily used to interact with Exchange Active Sync (EAS)
What are the concerns regarding traditional DNS systems?
- No inherent security - Vulnerable to misinformation
What are the four categories of web services for inbound connections?
- Protocols - Addressing - Redundancy - Load balancing
What are the four general steps to configuring RADIUS?
- Set shared secret on RADIUS client (NAS) and server - Define server IP address and ports on client - Authorize the client on server - Create access profile on server
How many transactions can SNTP complete? What does this mean?
- Single transactions - Sets time once - can be done repeatedly on a schedule - time can be off between syncs
What is the traditional approach to DNS?
- Static Approach - Hard coded list of names and IP addresses - Assumes a station always has same IP address - Works well with manual or BOOTP, not DHCP
Uses of time in computers (name 3)
- Time stamping files - Expiration on tickets - Calendaring - E-mail - Logging - Tracing - Troubleshooting
What is static packet filtering?
- Traditional approach where the filter examines only the content of each packet individually - Go/no go decisions made on a per packet level
What is the CAN-SPAM act?
- US federal legislation - fines and prison terms set for spamming - requires opt out - must be caught to be prosecuted - minimal impact
What are the four possible reasons mail is bounced?
- Unknown host (can't resolve DNS entry) - Host was unreachable (mail must time out first, not an instant bounce) - Unknown user - User's mailbox is full
What are the four spam techniques?
- Use open relays - Fake return addresses - Re-directed return addresses - Move server address around to avoid blacklists
How does NTP work?
- Uses UTC complete with leap seconds - keeps clock constantly correct - requires client to adjust internal clock to match reference time
What are the three key cloud concepts?
- Virtualize everything - Dynamic management - Non-dedicated resources
What are the types of TCP sessions established by HTTP?
- a control session for base HTML data that defines web page - pictures - sound - video
What does a reverse proxy server do?
- answers incoming connection request - makes connection back to actual web server - retrieves page - presents it to requesting node
What are some characteristics of Kerberos?
- authentication only - builds on symmetric-key cryptography - has strict time requirements (less than 5 min) - does not require credential transmission
What are the benefits of an outbound proxy server?
- caching - security - statistics - filtering
Describe how a transparent proxy server works
- client is not aware of proxy server - outbound HTTP traffic is "hijacked" at gateway - routed to proxy server - proxy spoofs address of target server when replying to client - all direct HTTP connections out are blocked
What does SMTP do?
- delivers mail between hosts - hosts must always be available for connection - uses TCP for reliable connection - uses seven bit ASCII encoding
Describe the Web Proxy Auto-Discovery Protocol process
- designed to automatically find a PAC script - methods: DHCP, Service Location Protocol, DNS records (SRV, WKS, TXT)
How does HTTPS work?
- establishes encrypted session over which HTTP data is carried - requires digital certificate from trusted CA to work transparently - if CA is not trusted by browser, alert will still show to user even if session is encrypted
What is a part of cloud enabling infrastructure?
- hardware virtualization - storage area networking - ADC (application delivery controller) - Cloud controllers
How do dynamic load balancers work?
- load balancer has separate control channel with web servers - requesting node makes initial request - load balancer passes connection to least loaded server - load balancer may decline connection if no server with available capacity to service connection
What are the three ways to configure a browser to use a standard proxy server?
- manually - Proxy Auto Configuration (PAC) - Web Proxy Auto-Discovery Protocol
How does DNS flagging work in load balancing?
- multiple host addresses are associated with hostname - DNS server passes out IP addresses in "round robin" fashion - Spits load across multiple servers, but one server can still get bulk of the load
Why is DNSSEC important?
- provides security for zone and everyone who queries zone - compliance (could be required) - new features
What is the four step process of RADIUS?
- remote client attempts to authenticate with a NAS device - NAS sends authentication request to RADIUS server - RADIUS server checks access - Server replies (ex: access reject, access accept, access challenge)
What are the benefits of a transparent proxy server?
- requires no client configuration - captures traffic from all clients (even guests)
Why is it important to centralize authentication?
- simplify management - unify access control - scalability
What are disadvantages to SSL acceleration?
- single point of failure - requires manipulation of HTML tags for content delivery in separate TCP streams - must re-format links from http://site/file to https
When and how is POP3 used?
- used when a user's computer isn't always attached to the network - mail is cached on a mail server that supports SMTP - remote user connects to mail server and retrieves mail via POP3
What are the problems with SMTP session verification?
- uses TXT records in a non-standard way - Significant additional DNS traffic - Leaves DNS system vulnerable to spoofing as it does not provide authentication - limits store and forward capabilities of SMTP
What are best practices when implementing packet filtering?
1. Filter on device ingress, not egress 2. Only filter for a match once 3. Assign IP addresses to follow summarizable addresses to be used in rules
What are the two major differences LDAPS has from regular LDAP?
1. TLS must be established prior to any LDAP messages 2. LDAPS connection must be closed if TLS closes
How to configure HTTPS site configuration?
1. acquire and assign certs for each site 2. if site should only allow secure connections, you should create redirect page from http:// to https:// 3. HTTPS easiest with separate IP address for each site
What are the three rules of DNS name space structure?
1. each level must be unique to the next higher level 2. up to 127 levels of domains 3. up to 63 characters per domain
Describe the process of an end node (located in tech.purdue.edu domain) resolving www.slashdot.org
1. resolver asks local Purdue DNS server for IP address 2. Purdue DNS is not authoritative, so it consults root hints file and asks .org root server 3. .org root server points local name server to authoritative server for slashdot.org 4. slashdot.org server is authoritative so responds with answer for www.slashdot.org
How many NTP pool servers are there?
4147 as of January 2018
Explain NTP timestamps
64 bit time representation 32 bits for seconds 32 bits for fractional seconds
What is the format of an A record?
<host> IN A <IP address> EX: rtfm IN A 192.168.1.11
What is the format of a SOA record?
<name of zone> SOA <email of zone administrator>
What is the format of a CNAME record?
<nickname> IN CNAME <redirect page>
What is the format of a NS record?
<origin> IN NS <hostname of nameserver> EX: net.lcl IN NS ns1.net.lcl
What is the format of a PTR record?
<reversed IP> IN PTR <domain.name>
What is the format of a MX record?
@ IN MX mail.domain.name
What is a root CA?
A CA that issues its own certificate and then issues certs for its subordinate CAs
IP Based vs DNS Name HTTP Site Idenfication
IP Based: multiple IP addresses bound to web server's external NIC, each site has it's own underlying DNS "A" record DNS Name: one IP address for server, each site has it's own DNS "CNAME" record that points to underlying hostname
How can sources and destinations be matched in a filter rule?
IP address, protocol, or protocol detail (port, code, etc.)
What are other uses of PKIs?
IPsec - encrypts all data contained in IP packet Data encryption - used to encrypt data on an encrypted file system Digitally signed content - used to sign Java, plug-ins, drivers
What is the difference between a traditional query and a DNSSEC enabled query?
Identical to query at start, final answer includes verification records we than have to verify
Why use a reverse proxy server?
Increases security by placing machine with no actual data as most exposed server typically placed in a second level DMZ can add HTTPS level security to non-HTTPS enabled web server
Who manages top level (root) domains?
InterNIC
What is the impact of spam on the Internet community? ISPs and Companies? Users?
Internet: loss of bandwidth and routing resources ISPs: wasted internet bandwidth, requires significant disk space to house, significant cost to fight/manage spam Users: irritating, potential lost messages from being over quotas due to spam
What is a KSK?
Key Signing Key - protects keys
What is LDAPS?
LDAP over SSL
What is the "least connections" dynamic load balancing method?
Least connections: send new connection to server with least connections
What is LDAP?
Lightweight Directory Access Protocol: essentially a way to access a database
Benefits of short vs long TTLs?
Longer TTLs reduce load on authoritative server, but also have to run duplicate services longer on DNS name changes. Shorter TTLs are better when making changes to addresses regularly
What are examples of blacklisting?
MAPS Spamhous SBL SPEWS SpamBag.org SpamCop BL
What are stratum 1 time servers?
Machines directly connected to stratum 0 time sources, used only to service other time servers
What is a MX record?
Mail exchange: indicates that mail addressed to a domain name should be forwarded to another host
Describe an example process of using a forwarder
Mail is sent to [email protected] DNS resolves @purdue.edu to mail.purdue.edu mail.purdue.edu forwards mail to [email protected]
What port is LDAP? LDAPS?
Port 389 for LDAP, 636 for LDAPS
What is POP3?
Post Office Protocol 3
What are the differences between Postage and PKI based schemes in message verification?
Postage: make all e-mails contain an electronic postage stamp PKI: uses PKI to authenticate and authorize mail
What is the "predictive" dynamic load balancing technique?
Predictive: more aggressive ratios observed to make faster adjustments to load
What is PGP and who invented it?
Pretty Good Privacy by Zimmerman in 1991
What are the four types of DNS servers?
Primary, Secondary, Caching, Slave
What is stream processing?
Processing data streams flowing through the ADC using RegEx
What do people use RADIUS?
Provides Remote AAA services, can provide AAA to network access servers
What is message verification?
Provides a means of ensuring only valid messages are sent via e-mail
What is the web service for outbound connections?
Proxy server
What are the two types of computer clocks? Differences?
Real Time Clock - keeps time in BIOS System time - kept by process running in OS, depends on constant processor clock speeds
Who uses RRSIG records?
Recursive name servers or validating resolvers
What are stratum 2 servers?
Reference at least two stratum 1 servers, typically only service stratum 3 servers
What is RADIUS?
Remote Authentication and Dial-in User Security
What is a domain?
domains map back to the names used in DNS hierarchy
What is the SOA DNS record?
Start of Authority: states that this is the definitive name server for the domain
What port is POP3?
TCP 110
What port is NNTP?
TCP 119
What port is IMAP?
TCP 143
What port is SMTP?
TCP 25
What port is HTTPS?
TCP 443
What port is HTTP?
TCP 80
What are session keys?
dynamically created encryption keys used to perform actual encryption of data
What happens when a deny rule is applied to a packet?
The packet is dropped with no reply to the sender, causing it to simply time out.
What is a ZSK?
Zone Signing Key - protects zone data
Who sets the TTL?
Zone administrator
What are zones?
Zones represent the method used to manage domains. A zone is authoritative for a domain or sub-domain.
What is a trust anchor?
a defined DNS server that a system trusts responses from, a root CA but in DNS terms
What is a packet filter?
a software solution that limits network connectivity based on packet characteristics
What are the traditional root domains?
edu, com, gov, mil, org, county codes
How is RSA used for encryption?
encrypt with recipient's public key, decrypt with associated private key
What is a Bayesian filter?
filter spam based on what user has previously said was spam, custom to each person
What are the four approaches to dealing with spam?
filtering blacklisting session verification message verification
What is a keyword filter?
filtering spam by flagging specific keywords
What are NTP pools?
group of time servers available for public use
What is a single dedicated server?
highly available web server running in a secure environment usually support server side scripting (PHP, ASP, etc) support both HTTP and HTTPS
What is the form of DNS Name Space Structure?
host.subdomain(s).top_level_domain
What are some of the issues with content filtering?
if filtering is done prior to client, good mail could be filtered out without user's knowledge
Explain Webmail
most familiar protocol, web-based email
What would the perfect solution to spam be?
only get rid of spam be user manageable minimize performance impact of spam
How does SMTP work?
only one mail item is sent to any individual host mail is spooled on hosts
What are the drawback of an outbound proxy server?
only works with HTTP not HTTPS
What is a caching DNS server?
refers to primary and secondary servers for info as needed, can recurse
What are lower level domains?
second level domain that has authority over that domain and all created sub-domains
What is the format of a DNS MX record?
target MX # A record EX: purdue.edu MX 10 mail.purdue.edu
What is NNTP used for?
tcp protocol used to distribute messages across interconnected news servers
What is an SMTP session verification technique?
use DNS to verify server: reverse lookup the sending server's IP to get hostname compare hostname to from: address forward lookup hostname and see if there is a TXT record that says what domains for which it can send mail
What is Marzullo's algorithm?
used by NTP, takes into account transmission duration for time data
What is a DNSKEY record?
used to store public keys in zone data, typicallly used for ZSK, KSK, CSK
What is the format of a fully qualified DNS host name?
What is cooperative filtering?
users form a network and report spam to a central server. once enough reports come in, content of message is labeled spam. updated detection rule is then sent out to all clients
What is SMTP session verification?
verify the following: sending user has an account in the domain sending server is authorized to send mail for the domain essentially just adding some form of authentication to SMTP
When should source IP be specified in a filter rule?
when access should be limited to (a) certain host(s)
What capabilities does a multiple ADC architecture provide?
allows for larger back-end server pools, load balancing across sites, can provide info synchronization
Why use a DMZ?
allows protection in even an Internet host is compromised
What is the Diffie-Hellman Key Exchange?
allows two nodes to exchange a key security using a one-way trap function based on modulo reductions of large prime numbers
What is content filtering?
analyzing all incoming mail to determine if it is likely spam
What is a simple server?
any software that supports HTTP protocol often do not support HTTPS often offer no method of authenticating and authorizing a user
How is authority managed in DNS?
authority is handed down from top level to lower levels
What is dynamic packet filtering?
Filter considers the context as well as content of the packet (is the packet part of a known data flow?)
What is cloud computing?
When applications, services, or data are hosted in a virtual infrastructure that allows for scalability and reliability
Difference between a firewall and a packet filter?
A firewall is a dedicated software/hardware solution while a packet filter is software only
What is blacklisting/blackholing/blocklisting?
A list of e-mail servers (not senders) that are known to send spam, if any mail comes in from a server on list it is rejected
How is a machine's stratum level determined?
A machine is one strata higher than the time server to which it synchronizes
What is a firewall?
A router that contains a packet filter
How to implement S/MIME?
Generate a cert for every user Compose a standard email, digitally sign it and send off with certificate attached Recipient will use your certificate to decode the signature
What are stratum 3 servers?
Get time from multiple stratum 2 servers, typically serve clients within an organization, can serve higher level time servers (up to 16 levels)
What is the definition of basic load balancing?
ADC balances incoming data flows across available app servers - basically 1:Many NAT, app server then responds through the ADC
What is SSL acceleration?
ADC full proxies the web site, connections to ADC use HTTPS, connections to app server from ADC are HTTP
What is full proxy load balancing?
ADC in effect becomes server creating two separate data flows
What is source address persistence?
ADC keeps a table of clients and the servers to which they should be redirected, creates a problem with NATed clients
What are the rules when deploying ADCs?
ADC must be logically in front of application/service - traffic must flow through ADC - either in-line or same DMZ
What are the two types of zone transfers?
AXFR - Complete Zone Transfer IXFR - Incremental Zone Transfer
What is a secondary DNS server?
Acts as a backup to primary server, copies master list periodically (zone transfer)
What is an A record?
Address record
What are the benefits of stream processing?
Addresses any issues with SSL acceleration, updates can be made to all pages on all served sites with one page
What is static content acceleration?
All static content is kept on and served by the ADC - images, backgrounds, sounds, etc.
What are the three actions that can be assigned to a filtering rule?
Allow/permit, Deny/drop, Reject
What is Reverse DNS resolution?
Allows the DNS name of a known IP address to be resolved
What are ADCs?
Application Delivery Controller: sits between clients and services to provide additional capabilities
When was the first incident of spam?
April 12, 1994 Laurence Canter used a PERL script that flooded message boards with ads for Canter & Siegel, an Arizona law firm Despite backlash, it worked and people contacted them for legal services. Canter wrote a book on how to SPAM
How can PKIs be applied to HTTPS/SSL/TLS sites?
Authenticate the web server, works even if client doesn't have private/public key pair because of session keys
What is the AAA triad?
Authentication, Authorization, Accounting
What is a primary DNS server?
Authoritative server for zone, contains master list of name information
What is a HINFO record?
Host Info Record: contains information like machine type, OS, serial number
What are examples of software on single dedicated servers?
IIS/Apache/NGINX
How are Reverse DNS Zones stored?
IN-ADDR.ARPA tables IP address in reverse order broken on octet boundaries
What is a CSK?
Combined Signing Key - protects zone and key data
What does DNS stand for?
Domain Name System
What is DMARC?
Domain-based Message Authentication, Reporting, and Conformance serves as an extension to SPF or DKIM
How accurate are NTP timestamps?
Down to 0.233 nanosecond accuracy
What is a Certificate Authority?
Entity that issues digital certificates, maintains a list of certificates
Where in the OSI model do packet filters lie?
Between layers 2 and 3
What is a slave DNS server?
Caching server that cannot recurse
How can PKIs be applied to email?
Can be used to digitally sign messages to prevent tampering, encrypt messages
How do private CAs work?
Can set up your own CA, trust is usually limited to an organization, can get a certificate from someone's private CA for use in their system
What is a CNAME record?
Canonical Name: nickname for a host
What is the structure of PGP infrastructure?
Certs are created directly by the end user. New cert is untrusted regardless of owner, no inherited trust
What are CDS and CDNSKEY records?
Child Delegation Signer: identical to DS but informs parent to update the DS for the zone
What are benefits of static packet filtering?
Fastest scanning method and available ports are shown as open so easier to port scan
What is the "fastest" dynamic load balancing technique?
Fastest: sends connection to server with fewest outstanding layer 7 requests
What is an NSEC3PARAM record?
Defines parameters for NSEC3 hashing
What is a DS record?
Delegation Signer: critical to DNSSEC operation, forms the chain of trust
What is a DMZ?
Demilitarized Zone: a zone allowing interaction with Internet hosts
What is relative to the interface to which the a packet filtering rule is applied?
Direction: "in" the external interface is from the outside, "in" the internal interface is from the inside
What is relative to the device in traffic flows?
Direction: inbound vs. outbound
What is a TXT record?
Documentation
What is name resolution?
Maps station names back to IP addresses
What is load balancing?
Most basic ADC function, spreads traffic across the application servers assigned to a pool
What is MIME and its uses?
Multipurpose Internet Mail Extensions extends functionality of SMTP that allows anything that is not plaintext
What is an NSEC3 record?
NSEC record that utilizes one-way hashes
What is the NS DNS record?
Name server: defines name server in the domain
What is NNTP?
Network News Transfer Protocol
What is NTP?
Network Time Protocol
What is an NSEC record?
Next Secure Record: state what comes before and after
How is time synchronized in Windows non-domain systems? Domain-based systems?
Non-domain: no built in synchronization, default is to sync to time.windows.com via SNTP Domain: Primary Domain Controller is time server, all domain members synchronize to PDC
What is the "observed" dynamic load balancing technique?
Observed: ratios are adjusted based on number of current connections
What is acceleration in application delivery?
Offload processing from app server to the ADC
How does mail forwarding work?
One gateway host can be set up as focal point for all incoming mail and then forward mail to appropriate host for processing
What is cookie based persistence?
Only works with HTTP/HTTPS web apps, browser cookie is added to ADC that indicates which server to make connection to
What are characteristics of rule sets?
Order of rules is critically important, rule to execute is determined by a first match algorithm (action associated with first match is executed)
How does MAPI interact with programs/clients?
Over HTTP/HTTPS
What is caching in DNS?
Resolved names are cached by name servers. Any subsequent queries get the cached information instead of new information
What is an RRSIG record?
Resource Record Signature: used to verify DNS answers (A, PTR, MX, SOA)
What is a PTR record?
Reverse-lookup Pointer record: used for looking up domain names based on an IP address
Who invented the RSA function?
Ronald Rivest, Adi Shamir, Leonard Adelman in 1978
What are two static techniques of load balancing?
Round Robin - send connection requests to app servers in turn Ratio - adjust round robin based on perceived capability of servers
What are stratum 0 time sources?
Satellites, GPS receivers, Atomic clocks
What is S/MIME and its uses?
Secure MIME a way to encrypt and verify email, relies upon PKI (certs) sender requires recipient's certs in order to send an encrypted message, typically sent as part of a signed email
What is the purpose of deploying DNSSEC?
Seeks to add data origin authentication and integrity
What are nine components of a X.509 certificate?
Serial Number, Cert Authority, Certificate Owner, Issue Date, Expiry Date, Public Key, Type/Use, Server/Client/Personal, Fingerprint
How are ADCs implemented?
Serves as a virtual server with a set/pool of application servers, other features added on
How do commercial CAs work?
Set up as "trusted root" by default in most operating system browsers, cost associated with getting a cert, once you have one server cert for CA you can issue your own trusted certificates
What is SMTP?
Simple Mail Transfer Protocol
What is SNTP?
Simple Network Time Protocol
What are the three parts of a packet filtering rule?
Source match, destination match, action
What are list servers?
Specialized mail servers that take a message sent to a single address and forward it to a list of addresses
What is a WKS record?
Well Known Service Record: contains information like Address, protcol, and service provided by a host
What happens when a reject rule is applied to a packet?
The sender is informed that the packet was blocked, and an ICMP port administratively unreachable message is sent back.
What is Kerberos?
Ticket-based authentication system
What is TTL?
Time to Live or the amount of time information is remained cached
How many authoritative DNS servers must a second level domain have?
Two
What port is SNTP?
UDP 123
What port is NTP?
UDP Port 123
How is time represented in UNIX systems? Windows?
UNIX: system clock is UTC, 13:00 -5 DST, keeps time based on seconds since UNIX Epoch, 00:00:00 January 1, 1970 (overflows January 19, 2038 if not fixed) Windows: system clock is local time zone, 9:00 AM -5 +1
List some common POP3 commands
USER PASS QUIT STAT LIST RETR DELE NOOP LAST RSET
What is SPAM?
Unsolicited e-mail, traditionally advertisements, rapidly moving to phishing attacks
How does the RSA function work?
Uses a trapdoor one-way function in which a plaintext bitstream is converted into a number upon which calculation are done
What is contained within a DS record?
Verifiable information about a child zone published by the parent
What are the newer root domains?
biz, info, name, pro, aero, coop, museum
How does a standard proxy server work?
browser asks proxy to retrieve pages
