Upgrade to remove ads
Ch. 3 Sec+
Terms in this set (45)
TCP (Transmission Control Protocol)
Connection-Oriented or guaranteed delivery. Uses a three way handshake with syn and ack packets.
UDP (User Datagram Protocol)
Connectionless session or not guaranteed. Doesn't use a three way handshake in order to use less traffic to deliver traffic.
IP (Internet Protocol)
Identifies hosts in a TCP/IP networks and delivers traffic from one host to another using IP addresses.
ICMP (Internet Control Message Protocol)
Used for testing basic connectivity and includes tools such as ping, pathping, and tracert.
ARP (Address Resolution Protocol)
Resolves ipv4 addresses to MAC addresses. ARP poisoning attack uses ARP packets to give clients false hardware addresss updates and attacks can use it to redirect or interrupt network traffic.
NDP (Neighbor Discovery Protocol)
Similar to ARP but for ipv6 addresses. Performs autoconfiguration of ipv6 devices.
RTP (Real-time Transport Protocol) / SRTP (Secure Real-time Transport Protocol)
RTP- Delivers audio and voice over IP networks, including VOIP (Voice over IP) and streaming media.
SRTP- Secure version of RTP. Provides encryption, integrity, and message authentication. Protection against replay attacks.
FTP (File Transfer Protocol)
TFTP (Trivial File Transfer Protocol)
SFTP (Secure File Transfer Protocol)
FTPS (File Transfer Protocol Secure)
FTP- Uploads and downloads large files to and from an FTP server. Sends data in cleartext using TCP port 21 for signals and 20 for data.
TFTP- Uses UDP port 69. Used to transfer small amounts of data like when communicating between network devices. Not required usually disabled.
SFTP- Secure version of FTP. Uses SSH to transmit the files in an encrypted format using TCP port 22.
FTPS- Uses TLS to encrypt FTP traffic. Uses TCP ports 989 and 990 or 20 and 21.
SSH (Secure Shell)
Encrypts traffic in transit and can be used to encrypt other protocols such as FTP. Can use SSH to remotely administer computers. TCP port 22.
SSL (Secure Sockets Layer)
Primary method used to secure HTTP traffic as HTTPS. Can be used to encrypt SMTP and LDAP but it has been compromised and should not be used.
TLS (Transport Layer Security)
Designated replacement for SSL. TLS supports STARTLLS which is used to upgrade an unencrypted connection to an encrypted connection on the same port.
IPsec (Internet Protocol Security)
Encrypts IP traffic. Encapsulates and encrypts IP packer payloads and uses Tunnel mode to protect VPN traffic.
SMTP (Simple Mail Transfer Protocol)
Transfer email between clients and SMTP servers. Uses TCP port 25. Should be encrypted with STARTTLS using TLS.
POP3 / Secure POP3 (Post Office Protocol)
Transfers emails from servers down to clients. POP3 uses TCP port 110.
Secure POP3- Encrypts traffic with TLS with TCP port 995 but now can use STARTLLS on port 110.
IMAP4 / Secure IMAP (Internet Message Protocol)
Used to store email on an email server. Allows a user to organize and manage email in folders on the server. Uses TCP port 143.
Secure IMAP- Encrypts traffic with TLS with TCP port 993 but now can use STARTLLS on port 143.
HTTP (Hypertext Transfer Protocol)
HTTPS (Hypertext Transfer Protocol Secure)
HTTP- Transmits web traffic on the internet and in intranets. Uses TCP port 80.
HTTPS- Encrypts web traffic in transit. Encrypts with TLS using TCP port 443.
RDP (Remote Desktop Protocol)
Used sometimes to connect to other systems from remote locations. Uses TCP or UDP port 3389.
NTP (Network Time Protocol)
Protocol for time synchronization. Can use SNTP (Simpler Network Time Protocol) but it isn't as accurate as NTP.
32 bit addresses. Private address are 10.x.x.x 172.16.x.x-172.31.x.x 192.168.x.x
128-bit addresses. Private addresses or Unique local addresses start with the prefix fc00.
DNS (Domain Name System)
DNS Poisoning (DNS Cache Poisoning)
DNSSEC (Domain Name System Security Extensions)
Resolves host names to IP addresses. Uses UDP port 53. Examples resolves google.com to 188.8.131.52.
DNS Poisoning- Attackers modify the DNS cache with a bogus IP address.
DNSSEC- Suite of extensions to DNS that provides validation for DNS responses. Adds a digital signature to each record for integrity.
Used to troubleshoot problems related to DNS.
Replaced nslookup on Linux Systems.
65,536 total ports. Well known ports are 0-1023. Registered ports 1024-49,151. Dynamic and private ports 49,152-65,535.
Unicast .vs. Broadcast
Unicast - One to one traffic. Every host can see the packets sent but only the host it is addressed to can process it.
Broadcast - One to all traffic. Only switches pass broadcast traffic.
STP (Spanning Tree Protocol)
RSTP (Rapid Spanning Tree Protocol)
Provides loop protections for switches.
MAC flood attack
Attempts to overload a switch with different MAC addresses associated with each port. Eventually the ports become overloaded with MAC addresses and then act as a hub. Protocol Analyzer can then be used.
Flood Guard - Protects against MAC flood attacks.
Connects multiple network segments together into a single network or routes traffic into segments.
ACL (Access Control List)
Rules implemented on a router and firewalls to identify what traffic is allowed and what traffic is denied.
Spoofing - When attackers try to impersonate as someone or something else by an IP address.
Antispoofing - Modifying the access list to allow or block specific IP addresses. (IE. blocking incoming private addresses)
Connects multiple networks together and can be used instead of a router in some situations. Directs traffic using destination MAC address.
Connects multiple switches together in a network.
Filters incoming and outgoing traffic for a single host or between networks.
Host Based Firewall
Application Based Firewall
Network Based Firewall
Host Based - Monitors traffic going in and out of a single host. Monitors traffic passing through the NIC and can prevent intrusions into the computer.
Application Based - Typically software running on a system.
Network Based - Dedicated system with software installed to monitor, filter, and log traffic.
Stateless Firewall - Use rules implemented as ACLs to identify allowed and blocked traffic.
Stateful Firewall - Inspects traffic and makes decisions based on the context or state of the traffic.
WAF (Web Application Firewall)
Firewall specifically designed to protect a web application that is usually hosted on a web server. Placed between a server hosting a web application and a client. Acts as an added layer of protection.
Intranet .vs. Extranet
Intranet- private version of Internet
used by organizations to facilitate internal communication but present barriers to external access
Extranet- Part of the network that can be accessed by authorized entities from outside of the network.
DMZ (Demilitarized Zone)
Buffered zone between a private network and the Internet.
NAT (Network Address Translation)
Protocol that translates public IP addresses to private IP addresses and private to public. IPSec and NAT dont go together well.
Layer 2 .vs. Layer 3 Switch
Layer 2 - Uses the destinations MAC address within packets to determine the destination port.
Layer 3 - Mimics behavior of a router. Forwards traffic based on the destination IP address instead of the MAC address.
VLAN (Virtual Local Area Network)
Uses a switch to group several different computers into a virtual network. Logically segments different computer together. Used to separate traffic. Layer 3 switch allows you to make VLAN on addresses rather than physical location.
Device that converts data from the format used on one network to the format used on another network.
Proxy Servers (Forward Proxy)
Forwards requests for services from clients. Improves performance by keeping cache history.
Transparent Proxy - Accepts and forwards requests without modifying them.
NonTransparent Proxy - Modifies and filters requests through URL filters.
Reverse Proxy - Accepts request from the internet for web servers.
Application Proxy - Used for a specific application.
UTM (Unified Threat Management)
Single solution that combines multiple security controls. Includes; URL filters Malware inspection, Content inspection, DDoS mitigator.
Server that examines all incoming and outgoing email and attempts to reduce risks assoicated with email. Include DLP capabilities. Can also encrypt outgoing email.
YOU MIGHT ALSO LIKE...
Chapter 3: Understanding Basic Network Security
SY0-501 Chapter 3: Exploring Network Technologies…
Security+ Chapter 3 Exam Review
OTHER SETS BY THIS CREATOR
Sec+ Study Terms
Ch 8 Sec+
Ch 7 Sec +
Ch 6 Sec +