Recap

avatar
Created by
Kitridge Seamus

Cards (47)

  • OSI Layers
    • ALG
    • Datagram
    • Firewall
    • Circuit Gateways
    • Packet FIltering
    • MAC Layer Firewalls
    View source
  • OSI vs TCP
    View source
  • DNS Server Classes ex (www.qiup.edu)
    View source
  • 4 Basic TCP/IP Commands Used in Troubleshooting
    • ping: ensure that a computer can communicate with a specified device over the network
    • ipconfig: displays all current TCP/IP network configuration values
    • tracert: provides a way to trace the route of packets between two hosts
    • netstat: displays active TCP connections
    View source
  • CSMA/CD
    Carrier Sense Multiple Access/ Collision Detection
    View source
  • CSMA/CD
    • MAC method used in Ethernet networks
    • Ensures that only one device can transmit data on the network at a time
    • Half-duplex communication
    View source
  • CSMA/CD
    1. Check if the sender is ready for transmitting data packets
    2. Check if the transmission link is idle
    3. Transmit the data & check for collisions
    4. If no collision was detected in propagation, the sender completes its frame transmission and resets the counters
    View source
  • CSMA/CD
    • Carrier sense: Before transmitting data, a device listens to the network to check if the transmission medium is free
    • Multiple Access: multiple devices share the same transmission medium, each having equal access to the medium, and any device can transmit data when the medium is free
    • Collision detection: If two or more devices transmit data simultaneously, a collision occurs. When a device detects a collision, it immediately stops transmitting and sends a jam signal to inform all other devices on the network of the collision
    View source
  • CSMA/CD
    • Backoff algorithm: In CSMA/CD, a backoff algorithm is used to determine when a device can retransmit data after a collision
    • Minimum frame size: CSMA/CD requires a minimum frame size to ensure that all devices have enough time to detect a collision before the transmission ends
    View source
  • CSMA/CD Advantages
    • Simple and widely used
    • Fairness: In a CSMA/CD network, all devices have equal access to the transmission medium, which ensures fairness in data transmission
    • Efficiency: CSMA/CD allows for efficient use of the transmission medium by preventing unnecessary collisions and reducing network congestion
    View source
  • CSMA/CD Disadvantages
    • Limited scalability: CSMA/CD has limitations in terms of scalability, and it may not be suitable for large networks with a high number of devices
    • Vulnerability to collisions: can detect collisions, but cannot prevent them
    • Inefficient use of bandwidth: uses a random backoff algorithm that can result in inefficient use of network bandwidth if a device continually experiences collisions
    • Susceptibility to security attacks: CSMA/CD does not provide any security features, and the protocol is vulnerable to security attacks such as packet sniffing and spoofing
    View source
  • IP Address Class Ranges
    • Class A: 0-126/127
    • Class B: 128-191
    • Class C: 192-223
    • Class D: 224-239
    • Class E: 240-255
    View source
  • Class A
    0.0.0.0 to 1111111.11111111.11111111.11111111 (127 usually reserved for localhost)
    View source
  • Class B
    10000000.0.0.0 to 10111111.11111111.11111111.11111111
    View source
  • Class C
    11000000.0.0.0 to 11011111.11111111.11111111.11111111
    View source
  • Class D
    11100000.0.0.0 to 11101111.11111111.11111111.11111111 (Multicast addresses)
    View source
  • Class E
    11110000.0.0.0 to 11111111.11111111.11111111.11111111 (Reserved for future use except for the broadcast address 255.255.255.255)
    View source
  • 0.0.0.0 is used by a host at startup for temporary communication
    View source
  • Addresses starting with 127 are reserved for loopback test. Packets to these addresses are processed locally as input packets rather than sent to the link
    View source
  • 3 Goals/purposes of a firewall
    • All traffic from outside to inside, and vice versa, passes through the firewall
    • Only authorized traffic, as defined by the local security policy, will be allowed to pass
    • The firewall itself is immune to penetration
    View source
  • Firewall categories
    • Packet-Filtering Firewalls
    • Application Gateways
    • Circuit Gateways
    • Mac Layer Firewalls
    • Hybrids
    View source
  • Packet-Filtering Firewalls
    • Traditional Packet Filters/Stateless Packet Filtering
    • Stateful Packet Filters/ Stateful Firewalls
    View source
  • Traditional Packet Filters/Stateless Packet Filtering
    • Operating at network layer (Layer 3), examines each datagram in isolation, determining whether the datagram should be allowed to pass or should be dropped based on administrator-specific rules
    • Filtering decisions are typically based on IP source/destination address, protocol type, TCP/UDP source/destination port, TCP flag bits, ICMP message type, different rules for datagrams leaving/entering the network, different rules for the different router interfaces
    View source
  • Traditional Packet Filters/Stateless Packet Filtering Benefits
    • Very fast and cheaper because there is not much logic going behind the decisions they make
    • They do not do any internal inspection of the traffic
    • They also do not store any state information
    • You have to manually open ports for all traffic that will flow through the firewall
    View source
  • Traditional Packet Filters/Stateless Packet Filtering Demerits
    • Considered not to be very secure since they will forward any traffic that is flowing on an approved port
    • There could be malicious traffic being sent, but as long as it's on an acceptable port, it will not be blocked
    • Requires skilled and experienced admins to set up, costing extra time and energy to perform
    View source
  • Stateful Packet Filters/ Stateful Firewalls
    • Situated at Layers 3 and 4, track TCP connections, and use this knowledge to make filtering decisions
    • Once a particular kind of traffic has been approved, it is added to a state table
    • The state table entries are created for TCP/UDP traffic allowed to communicate through the firewall in accordance with the configured security policy
    • If no traffic is seen for a specified time, the connection is removed from the state table
    View source
  • Stateful Packet Filters/ Stateful Firewalls Benefits
    • Highly skilled to detect forged messaging or unauthorized access
    • Powerful memory to retain key aspects of network connections
    • Intelligent systems, able to decide future filtering based on the past and present results, can automatically stop a specific cyber-attack in the future once it encountered it, without the need for updates
    • Do not need many ports open for proper communication
    View source
  • Stateful Packet Filters/ Stateful Firewalls Demerits
    • Can be vulnerable to distributed denial-of-service (DDoS) attacks
    • Require periodical updates
    • Can be fooled into allowing a harmful connection to the network and it can happen with a simple action like viewing a webpage
    • Be more sensitive to man-in-the-middle (MITM) attacks, which involve an attacker intercepting communication between two people to either spy on the traffic or make changes to it
    View source
  • Application gateways/ Application Level Gateway (ALG)

    • At Application Layer, Layer 7, through which all application data (inbound and outbound) must pass
    • Uses firewall proxy for network security by filtering incoming traffic
    • The client relies on a proxy server to interact with the destination behind the firewall, hiding and securing individual computers on the network behind the firewall
    View source
  • Application gateways/ Application Level Gateway (ALG)
    • Two connections are in effect: one is between the client and the proxy server, and another is between the proxy server and its destination
    • The proxy makes all packet-forwarding decisions, effectively making it not a direct network connection, whereby remote user do not access the network directly, only an intermediary does that
    View source
  • Application gateways/ Application Level Gateway (ALG) Benefits
    • Increases security by examining the content of the packets that pass through them rather than just headers
    • Allows efficient detail traffic logging: An intermediary server stores all logs of every transaction on the server, allowing IT teams to review granular details of all access attempts, helping to detect employee usage habits and identify potential threats
    • Supports content caching, Network performance improvements
    • More layers for hackers to hack through
    View source
  • Application gateways/ Application Level Gateway (ALG) Demerits
    • Susceptible to IP spoofing
    • Every application to be managed needs its own individual gateway
    View source
  • Circuit gateways
    • In a network's Session Layer/Layer 5
    • Verifies the transmission control protocol (TCP) or user datagram protocol (UDP) packets on a virtual circuit between the two transport layers, instead of using packet filtering
    • Firewall analyzes transmission control protocol handshaking between packets to identify legitimate traffic and block unauthorized access attempts
    • Only the header information is checked to ensure that the traffic meets the circuit level gateway rules, while the content of data packets is skipped
    • Handles connections between trusted servers and clients with untrusted hosts
    View source
  • Circuit gateways
    • Designed to control and monitor traffic flow based on network connections' state
    • When a user initiates a connection to a remote host, the circuit level gateway sets up a circuit or a virtual connection between the user and the remote host
    • The circuit level gateway then monitors the traffic flowing over this circuit, checking whether the traffic belongs to an established connection and allowing only authorized traffic to pass through
    • Validated transmission control protocol or user datagram protocol connections then interact with a destination server on behalf of the client, otherwise the connection is rejected, terminating the session
    View source
  • Circuit gateways Benefits
    • Don't require as much in-depth knowledge of the application level gateways and protocols used on the network to be configured
    • Cost-effective
    View source
  • Circuit gateways Disadvantage
    Due to its inability to inspect packet contents, potentially allowing malicious data to pass if the session appears legitimate
    View source
  • MAC Layer Firewalls
    • At Data Link Layer/Layer 2
    • Control device interaction and data flow
    • Filters packets based on their ACL entries, which are tied to the MAC addresses of the accessing device
    • Allows the firewall to determine whether to block or allow the packets to access the network
    • Configured to only accept traffic from specific MAC addresses, and the allowed devices will get new IP addresses through DHCP
    View source
  • Hybrid firewalls combine multiple firewall technologies
    View source
  • 5 Network Security Services
    • Firewall Protection
    • Network Segmentation
    • Remote Access VPN
    • Email Security
    • Data Loss Prevention (DLP)
    View source
  • Firewall Protection
    • A combination of hardware and software that isolates an organization's internal network from the Internet at large, allowing some packets to pass and blocking others
    • Allows a network administrator to control access between the outside world and resources within the administered network by managing the traffic flow to and from these resources
    View source