CISSP Domain 4 Communication and Network Security Cheat Sheet


DNS

DNS is the domain name system used to translate IP addresses to names and vice versa. It listens on both TCP and UDP port 53, UDP for smaller lookups and TCP for larger answers such as zone transfer. Two core DNS functions are gethostbyname() which returns and IP and gethostbyaddr() which returns the name.

  • Authoritative name server – provides the authoritative resolution for names within a given domain.
  • Recursive name server – will attempt to resolve names that it does not already know
  • Caching name server – will temporarily cache names previously resolved
DNS Weakneses

Uses unreliable UDP protocol and provides no authentication. Relies on 16bit source port and 16bit DNS query ID which can be forged in repsonses. DNS cache poisoning attack attempts to trick a caching DNS server into caching a forged response.

DNSSEC

Domain name serer security extentions provides authentication, and integrity to DNS responses via public key encryption. Note that it doesn’t provide confidentiality: it acts like a digital signature for DNS responses.

SNMP

Simple Network Management Protocl primarily used to monitor network devices. Utilizes UDP/161 to monitor bandwidth utilization, CPU temperature etc. SNMPv1 and v2 use read and write community does not provide authentication, integrity and confidentiality. SNMPv3 addresses all those issues and is encouraged.

HTTP and HTTPS

Hypertext Transfer Protocol (HTTP) uses TCP/80 for unencrypted web based data. HTTPS uses SSL/TLS and uses TCP/443

BOOTP and DHCP

BOOTP is the bootstrap protocol used for bootstrapping via a network by diskless systems. BOOTP is used to determine the IP address and OS image name and then uses TFTP to download the OS.
DHCP – Dynamic Host Configuration Protocol was designed to replaced and improve BOOTP by adding additional features that allows more options such DNS servers, default gateways as well as assigns temporary leases to systems. Both protcols use UDP port 67 for serves and UDP port 68 for clients.

Layer 1 Network Cabling

EMI – Electro Magnetic Interference caused by magnetism created by electricity
Noise – Any unwanted signal on a network cable such as EMI
Crosstalk – Occurs when a signal crosses from one cable to another
Attenuation – Weakening of a signal as it travels further from the source

Twisted Pair Cabling

Unshield twisted pair (UTP) uses pairs of wires twisted together. Using two wires that sends signals in opposite directions (sending and receiving) reduces EMI. Cat 6 has a tighter twisting requirement. STP Shieled twisted pair adds additional shielding allowing it to be less susceptible to EMI.

  • CAT 1 – < 1Mbps – Analog Voice
  • CAT 2 – 4Mbps – ARCNET
  • CAT 3 – 10Mbps – 10baseT Ethernet
  • CAT 4 – 16Mbps – Token Ring
  • CAT 5 – 100Mbps – 100baseT Ethernet
  • CAT 5e – 1000Mbps – 1000BaseT Ethernet
  • CAT 6 – 1000Mbps – 1000BaseT Ethernet

Coaxial Cabling

Contains a inner copper core, an insulator, a metalic braid shield, and a plastic sheath outer layer. It is often used for satellite and cable TV service. It is more resistant to EMI and allows high bandwidths and longer connections compared to twisted pair cabling. Thicknet and Thinnet are old coaxial standards used for ethernet bus networking.

Fiber Optic Network Cable

Fiber users light to carry information and has advantages such as, speed, distance and immunity to EMI. Disadvantages include cost and complexity.

  • Multimode fiber – uses multiple paths of light – used for shorter distances.
  • Single mode finer – uses single strand of fiber and light uses one path down the centre – longer distance high speed

Multiple signals made be carried via the same fiber using Wavelength Division Multiplexing (WDM) where multiple light colours are used to transmit different channels of information to achieve terabit/second.

LAN Technologies and Protocols

Ethernet

Ethernet LAN technology that transmit network via frames. It is baseband and needs to address issues such as collisions where two nodes needs to transmit data simultaneously. It originally started with a physical bus topology (thinNet, Thicknet) but later added support for physical star (10,100,1000BaseT)

CSMA

Carrier sense Multiple Access (CSMA) was designed to address baseband media by only permitting one party to transmit at once. CSMA/CD is used to detect collisions within a network. It:

  1. Monitor if the network to see if it’s idle
  2. If the network is not idle, wait a random amount of time
  3. If the network is idle, transmit
  4. While transmitting, monitor the network
  5. If more electricity is received than sent another station must also be sending
    1. Send a jam signal to tell all notes to stop transmitting
    2. Wait a random amount of time before retransmitting

CSMA/CD is used used on a wired ethernet (note: switches running in half duplex i.e. connected to a hub run CSMA/CD, but CSMA/CD has no effect on full duplex mode due to the fact no collision can occur). CSMA/CA (Collision avoidance) is used in wireless 802.11 that cannot send and receive simultaneously. CSMA/CA relies on receiving an acknowledgement from the receiving station. If no acknowledgement is received, a collision must have occurred.

ARCNET & Token Ring

Pass traffic via tokens. Possession of a token allows the node to read or write. Therefore solves collision.

  • ARCNET (Attached Resource Computer Network) – 2.5Mbit, physical star
  • Token Ring – 16Mbit, physical start, logical ring

FDDI

Fiber Distributed Data network – 100mbit, Token-bus, Logical ring via primary and secondary counter-rotating fiber optic ring. Secondary ring used for fault tolerance

Related Posts with Thumbnails