Networking Basics Quiz - Week 5

Questions and Answers

Which protocol uses port 80?

• FTP
• HTTP (correct)
• HTTPS
• SMTP

A MAC address is a unique hardware identifier crucial for LAN communication.

True (A)

What is the purpose of ARP?

To translate IP addresses into MAC addresses.

____ is a process that checks a host's ports to see which are open.

Port scanning

What is a common risk associated with port scanning?

Identifying specific software vulnerabilities (A)

Match the following components with their definitions:

NIC = Converts data into electrical signals Router = Directs data between networks Hub = Connects multiple devices in a network Switch = Directs data specifically to intended devices

War driving refers to a legitimate method of accessing a wireless network.

False (B)

What is a recommended measure to secure a router?

Enable strong passwords and MAC address filtering.

Which type of denial of service attack sends excessive requests to overwhelm a server's ability to handle them?

Service Request Flood (C)

A replay attack involves capturing communication and sending it again to gain unauthorized access.

True (A)

What is the primary purpose of encryption in a VPN?

To prevent unauthorized data access (D)

What are the three main types of VPNs mentioned?

Trusted VPN, Secure VPN, and another type not specified.

An attacker can monitor and log network traffic using a ______.

packet sniffer

Digital certificates are used to verify the identity of clients connecting to a server.

False (B)

What is the role of a Certificate Authority (CA)?

To verify server identities and issue digital certificates.

Match the denial of service attack with its description.

Service Request Flood = Overloads server with too many requests Bandwidth Flood = Sends requests exceeding bandwidth capacity SYN Flood = Exploits TCP/IP handshake with open connections Replay Attack = Captures communication and replays it later

What is a characteristic of a secure VPN?

Relies on encryption protocols (D)

The main process in TLS involves a __________ between the client and server.

handshake

In a hub-based network, packet sniffing is more difficult compared to a switch-based network.

False (B)

Which of the following encryption standards is commonly used in VPNs?

AES (Advanced Encryption Standard) (B)

What could be the result of an overloaded switch in a network?

It can allow packet sniffing.

Match the TLS version with its key properties:

TLS 1.2 = Weaker cipher suites TLS 1.3 = Forward Secrecy and Improved Security SSL = Older secure connection protocol

TLS 1.3 includes support for weaker protocols from previous versions.

False (B)

What is the significance of Forward Secrecy in TLS 1.3?

It ensures that even if a key is compromised, previous communications remain secure.

Flashcards

Network Port

A virtual address for communication on a network, associated with a specific protocol.

Port Scanning

Checking network ports to identify open ones and services running on them.

HTTP

Protocol used for transferring web pages and data on the internet.

MAC Address

Unique hardware identifier of a device, critical for local network communication.

IP Address

Unique identifier for devices on the internet that can change.

Port Scanning Vulnerability

Open ports on a host expose it to malicious activities.

War Driving

Unauthorized access to a wireless network due to lack of security.

Router Vulnerability

Vulnerabilities in routers can lead to unauthorized access and security issues.

Denial of Service (DoS)

An attack that prevents legitimate users from accessing a service or resource.

Service Request Flood

A DoS attack that overloads the server with too many requests.

Bandwidth Flood DoS

A DoS attack that overwhelms the server's network bandwidth.

SYN Flood

A DoS attack that exploits the TCP handshake to open many connections without completing them.

Packet Sniffing

A passive attack where an attacker monitors and logs network traffic.

ARP Spoofing

A spoofing attack targeting Address Resolution Protocol, redirecting traffic.

DNS Spoofing

A spoofing attack targeting DNS to redirect traffic by modifying the resolution process.

Replay Attack

An attack that captures and replays communication to gain unauthorized access.

Hybrid VPN

A VPN that combines multiple secure VPN connections.

Encryption (VPN)

Using codes to protect data from attackers in VPNs.

Transport Mode Encryption

Encrypting data as it's created in a VPN.

Tunnel Mode Encryption

Encrypting data during transmission in a VPN.

Digital Certificate

Proof of a server's identity, verified by a Certificate Authority (CA).

TLS (Transport Layer Security)

Protocol for secure internet connections, like HTTPS.

TLS Handshake

Process for verifying server identity and establishing a secure connection (TLS).

Forward Secrecy

A TLS feature that keeps old communications secure, even if a key is compromised.

Study Notes

Ports

• Ports are virtual start and end points for network communication.
• Each port has a unique number.
• Specific ports are assigned protocols to differentiate traffic types (e.g., HTTP uses port 80).

Key Hardware Components

• Network Interface Card (NIC): Converts data into electrical signals for communication.
• Media Access Control (MAC) Address: Unique hardware ID for devices crucial for LAN communication.
• Hubs and Switches: Connect devices in a network; switches route data only to intended devices using MAC addresses.

Key Internet Components

• HTTP (Hyper Text Transfer Protocol): Controls data communication over the internet (e.g., retrieving web pages).
• IP Address: Unique device identifier on the internet; can change.
• URL (Uniform Resource Locator): Readable way to access an IP address; translated by Domain Name Servers (DNS).
• ARP (Address Resolution Protocol): Translates IP addresses to MAC addresses for local communication.

Port and Router Vulnerabilities

• Port Scanning: Checks open ports and listens for data. Attackers can exploit open ports to send malicious data or identify vulnerabilities.
• Port scanning tools (e.g., Nmap) can be used to identify vulnerabilities or applications.
• Vanilla scans check all ports sequentially, strobe scans target specific services.
• Stealth scanning (e.g., fragmented packets) makes probes harder to detect.
• Router vulnerabilities: War driving (unauthorized wireless network access), lack of password, malicious network activities.

Server Vulnerabilities

• Denial-of-Service (DoS) Attacks: Can happen unintentionally due to high server traffic (e.g., website crashes, university registration).
• Service Request Flood: Overloads a server with too many requests, causing it to shut down.
• Bandwidth Flood: Sends requests exceeding the server's bandwidth capacity, causing denial of service.
• SYN Flood: Exploits TCP/IP handshake; overwhelms the server with open connections.
• Security Operation Centers (SOCs): Use tools (firewalls, DMZs, etc.) to monitor and prevent attacks.

Packet Sniffing

• Passive attack; monitors and logs network traffic.
• Packet sniffers capture unencrypted data (e.g., passwords, financial information).
• Hub-based networks make sniffing easier than switch-based networks, although switch-based sniffing is possible with overloaded or promiscuous mode switches.

Spoofing

• Address Resolution Protocol (ARP) spoofing: ARP maps IP addresses to MAC addresses. Attackers can change the IP-to-MAC mapping to reroute traffic to them; tools such as Ettercap can do this.
• DNS spoofing: On the internet, an attacker can use DNS protocol spoofing.

Replay Attacks

• Attackers capture communication (e.g., login credentials), and later replay it to gain unauthorized access.
• Even encrypted data can be vulnerable in replay attacks.

VPNs

• Trusted VPN: Older type, relying on private lines.
• Secure VPN: Most common, using encryption protocols.
• Hybrid VPN: Combination of trusted and secure VPNs.
• VPNs encrypt data packets to prevent unauthorized access.

Encryption

• VPNs encrypt data in transit (transport mode) or as created (tunnel mode).
• Different VPNs use various encryption standards (e.g., AES).

Digital Certificates

• Verifies server identities in TLS (Transport Layer Security).
• Links a server's public key to its identity.
• Issued by a Certificate Authority (CA).
• The CA verifies the server's identity and digitally signs the certificate.
• Servers submit Certificate Signing Requests (CSRs) to the CA.

Transport Layer Security (TLS)

• Foundation of secure internet connections (e.g., HTTPS).
• TLS handshake involves:
  • Client sending "Client Hello."
  • Server replying with "Server Hello" and digital certificate.
  • Both agreeing on encryption key.
• TLS 1.3: Faster and more secure version, uses forward secrecy and stronger cipher suites, removing weaker protocols.