30 Questions
Which type of network is typically confined to a city, a zip code, a campus, or office park?
MAN
What is the Global Information Grid (GIG)?
The U.S. Department of Defense global network
What range characterizes a PAN (Personal Area Network)?
100 meters or less
What is the primary difference between an Intranet and the Internet?
The Internet is public, while an Intranet is private.
What characteristic defines a GAN (Global Area Network)?
Covers cities, states, or countries
What technology do low-power wireless technologies like Bluetooth commonly use?
PANs
What is one of the security challenges introduced by IPv6 autoconfiguration?
Automatic link-local address configuration
In the context of IPv6, what does it mean when a host can communicate with other link-local addresses on the same LAN?
The host is limited to communicating with local devices on the same LAN.
What can happen when ISPs enable IPv6 service without the customer's knowledge?
Potential for launching attacks or exfiltrating data via IPv6
Why are network intrusion detection systems often not configured to 'see' IPv6 traffic?
Limited experience or understanding of IPv6 by professionals
What is recommended as a fundamental part of system hardening in relation to IPv6?
Disabling unnecessary network services
How can IPv6 be disabled on a Windows host?
Unchecking the “Internet protocol Version 6” box in network adapter properties
What does an unanswered ping (an ICMP Echo Request with no Echo Reply) suggest?
The host is up and the ICMP was filtered.
How does the Time to Live (TTL) field prevent routing loops?
By decreasing with every hop a packet makes.
What message does a router send when it decrements a packet's TTL to zero?
ICMP Time Exceeded
In the traceroute process, what does it mean when a router is identified?
The traceroute has successfully mapped the router on the network path.
Why does the traceroute client send a packet with a TTL of 1 to begin the route tracing process?
To identify the first router immediately.
What technique does traceroute use to uncover intermediate routers between a client and a server?
Using UDP packets
Which protocol provides a simpler way to transfer files, often used for saving router configurations or bootstrapping via a network by diskless workstations?
TFTP
Why is Passive FTP more likely to pass through firewalls cleanly?
Because it flows in classic client-server direction
Which protocol was designed as a secure replacement for Telnet, FTP, and UNIX 'R' commands?
SSH
What port does SSH servers listen on by default?
Port 22
Which protocol is NOT recommended for transferring sensitive data over an insecure channel?
Telnet
What is a characteristic of TFTP regarding directory structure?
It usually writes to the /tftpboot directory
What is the main goal of a DNS cache poisoning attack?
To trick a caching DNS server into caching a forged response
How does DNSSEC enhance DNS responses?
By providing authentication and integrity using public key encryption
Why is building an Internet-scale Public Key Infrastructure challenging?
Because it requires widespread adoption and management of public keys
What event in 2008 led to an increased call for the adoption of DNSSEC?
Publicizing an improved DNS cache poisoning attack by Dan Kaminsky
What is the primary function of SNMP in network management?
To monitor network devices and collect performance data
Which port is commonly used by SNMP agents for communication?
UDP port 161
Study Notes
Network Types
- Metropolitan Area Network (MAN) is typically confined to a city, a zip code, a campus, or office park.
- Global Information Grid (GIG) is a network that provides a secure, high-speed network for the US Department of Defense.
PAN (Personal Area Network)
- Characterized by a range of around 10 meters or less.
Intranet and Internet
- The primary difference between an Intranet and the Internet is that an Intranet is a private network, whereas the Internet is a public network.
GAN (Global Area Network)
- Characterized by its ability to span multiple countries and continents.
Low-Power Wireless Technologies
- Technologies like Bluetooth commonly use frequency hopping spread spectrum technology.
IPv6 Autoconfiguration
- One of the security challenges introduced by IPv6 autoconfiguration is the potential for rogue devices to autoconfigure and connect to the network.
IPv6 Communication
- When a host can communicate with other link-local addresses on the same LAN, it means that the host can communicate with other devices on the same network.
IPv6 and ISPs
- If ISPs enable IPv6 service without the customer's knowledge, it can lead to potential security risks and Configuration issues.
Network Intrusion Detection Systems
- Network intrusion detection systems are often not configured to 'see' IPv6 traffic, which can lead to potential security risks.
System Hardening
- Disabling IPv6 on systems that do not use it is recommended as a fundamental part of system hardening.
Disabling IPv6
- IPv6 can be disabled on a Windows host by going to the Network and Sharing Center and disabling IPv6.
Ping
- An unanswered ping (an ICMP Echo Request with no Echo Reply) suggests that the host is not reachable or is not responding to ping requests.
Time to Live (TTL)
- The TTL field prevents routing loops by decrementing the TTL value each time a packet passes through a router, and discarding the packet when the TTL value reaches zero.
Router Messages
- When a router decrements a packet's TTL to zero, it sends an ICMP Time Exceeded message.
Traceroute
- In the traceroute process, when a router is identified, it means that the router has responded to the packet with a TTL of 1.
- The traceroute client sends a packet with a TTL of 1 to begin the route tracing process to identify the first hop.
- Traceroute uses the ICMP Time Exceeded message to uncover intermediate routers between a client and a server.
File Transfer
- The Trivial File Transfer Protocol (TFTP) provides a simpler way to transfer files, often used for saving router configurations or bootstrapping via a network by diskless workstations.
FTP
- Passive FTP is more likely to pass through firewalls cleanly because it uses a random port for data transfer, making it easier to configure firewalls.
Secure Shell (SSH)
- SSH was designed as a secure replacement for Telnet, FTP, and UNIX 'R' commands.
- SSH servers listen on port 22 by default.
Insecure Channel
- Telnet is not recommended for transferring sensitive data over an insecure channel.
TFTP
- A characteristic of TFTP is that it does not support directory structure.
DNS Cache Poisoning
- The main goal of a DNS cache poisoning attack is to inject fake DNS data into a DNS cache, leading to redirection of users to fake websites.
DNSSEC
- DNSSEC enhances DNS responses by providing digital signatures that verify the authenticity of DNS data.
Public Key Infrastructure
- Building an Internet-scale Public Key Infrastructure is challenging because it requires a global system of trust.
- The 2008 DNS cache poisoning attack led to an increased call for the adoption of DNSSEC.
SNMP
- The primary function of SNMP in network management is to monitor and manage network devices.
- SNMP agents commonly use port 161 for communication.
Learn about the role of ICMP in network security, including how attackers use it to map target networks and the importance of filtering certain types of ICMP messages. Explore how an unanswered ping does not necessarily mean a host is down, and how the traceroute command utilizes ICMP Time Exceeded messages to trace network routes.
Make Your Own Quizzes and Flashcards
Convert your notes into interactive study material.
Get started for free