CISSP Cheat Sheet Series OSI Reference Model TCP 3-Way
Total Page:16
File Type:pdf, Size:1020Kb
Common TCP Protocols CISSP Cheat Sheet Series OSI Reference Model Port Protocol IP Addresses Port Ranges 20,21 FTP 7 layers, Allow changes between layers, Standard hardware/software interoperability. • Class A: 0.0.0.0 – 127.255.255.255 Authentication methods: 22 SSH Public IPv4 • Class B: 128.0.0.0 – 191.255.255.255 • PAP=Clear text, unencrypted Tip, OSI Mnemonics 23 TELNET address space Point to Point Tunneling Protocol (PPTP) All People Seem To Need Data Processing • Class C: 192.0.0.0 – 223.255.255.255 • CHAP=unencrypted, encrypted 25 SMTP • Class A: 10.0.0.0 – 10.255.255.255 • MS-CHAP=encrypted, encrypted Please Do Not Throw Sausage Pizza Away Private IPv4 53 DNS • Class B: 172.16.0.0 – 172.31.255.255 Layer Data Security address space Challenge-Handshake Authentication Encrypt username/password and 110 POP3 • Class C: 192.168.0.0 – 192.168.255.255 Protocol (CHAP) re-authenticate periodically. Use in PPP. Application Data C, I, AU, N 80 HTTP • Class A: 255.0.0.0 Presentation Data C, AU, Encryption 143 IMAP Subnet Masks • Class B: 255.255.0.0 Layer 2 Tunneling Protocol (L2TP) Use with IPsec for encryption. Session Data N • Class C: 255.255.255.0 389 LDAP Provide authentication and integrity, no Transport Segment C, AU, I IPv4 32 bit octets Authentication Header (AH) 443 HTTPS confidentiality. Network Packets C, AU, I IPv6 128 bit hexadecimal 636 Secure LDAP Data link Frames C Encapsulating Security Payload (ESP) Encrypted IP packets and preserve integrity. 445 ACTIVE DIRECTORY Physical Bits C Network Types Shared security attributes between two 1433 Microsoft SQL Security Associations (SA) C=Confidentiality, AU=Authentication, I=Integrity, N=Non repudiation Geographic Distance and are is limited to one network entities. Local Area 3389 RDP building. Usually connect using copper wire or Hardware / Network (LAN) Transport Mode Payload is protected. Layer (No) Functions Protocols 137-139 NETBIOS fiber optics Formats Tunnel Mode IP payload and IP header are protected. Campus Area Multiple buildings connected over fiber or Cables, HUB, Internet Key Exchange (IKE) Exchange the encryption keys in AH or ESP. Attacks in OSI layers Network (CAN) wireless Electrical signal USB, DSL Remote Authentication Dial-In User Service Password is encrypted but user Physical (1) Layer Attack Metropolitan Bits to voltage Repeaters, (RADIUS) authentication with cleartext. ATM Area Network Metropolitan network span within cities Phishing - Worms - SNMP v3 Encrypts the passwords. (MAN) Frames setup Application Trojans PPP - PPTP - L2TP - - ARP - Dynamic Ports 49152 - 65535 Error detection and control Wide Area Interconnect LANs over large geographic area RARP - SNAP - CHAP - LCP - Layer 2 Phishing - Worms - Data Link Check integrity of packets network (WAN) such as between countries or regions. MLP - Frame Relay - HDLC - Switch - Presentation Trojans Layer (2) Destination address, Frames Intranet A private internal network Remote Access Services ISL - MAC - Ethernet - Token bridges Session Session hijack use in MAC to IP address Ring - FDDI connects external authorized persons access to Telnet Username /Password authentication. No encryption. conversion. Transport SYN flood - fraggle Extranet intranet Remote login (rlogin) No password protection. Routing, Layer 3 switching, Layer 3 smurfing flooding - Network ICMP - BGP - OSPF - RIP - IP - Internet Public network SSH (Secure Shell) Secure telnet segmentation, logical Switch - Network ICMP spoofing - DOS layer BOOTP - DHCP - ICMP addressing. ATM. Packets. Router Collision - DOS /DDOS Networking Methods & Standards Terminal Access Controller User credentials are stored in a server known as a Access-Control System TACACS server. User authentication requests are TCP - UDP datagrams. Data link - Eavesdropping Routers - Software Decoupling the network control and the (TACACS) handled by this server. Reliable end to end data Segment - Connection VPN Signal Jamming - defined forwarding functions. Transport transfer - More advanced version of TACACS. Use two factor oriented concentrato Physical Wiretapping networking Features -Agility, Central management, TACACS+ Segmentation - sequencing - authentication. rs - Gateway (SDN) Programmatic configuration, Vendor neutrality. and error checking Hardware Devices Remote Authentication Dial-In Client/server protocol use to enable AAA services for Converged TCP - UDP - NSF - SQL - Transfer voice, data, video, images, over single User Service (RADIUS) remote access servers. Session Data, simplex, half duplex, full Layer 1 device forward protocols for RADIUS - and RPC - PPTP - Gateways HUB network. Secure and encrypted communication channel Layer dupl Eg. peer connections. frames via all ports media transfer PPP between two networks or between a user and a digital to analog Fibre Channel Virtual private network (VPN) Modem network. Use NAT for IP address conversion. Secured Data Gateways conversion Presentation over Ethernet Running fiber over Ethernet network. with strong encryptions such as L2TP or IPSEC. compression/decompression TCP - UDP messages JPEG - TIFF - (FCoE) layer Routers Interconnect networks and encryption/decryption MID - HTML Interconnect networks in Multiprotocol Bridge Transfer data based on the short path labels TCP - UDP - FTP - TELNET - Ethernet Label VPN encryption options instead of the network IP addresses. No need of Application TFTP - SMTP - HTTP CDP - Inbound/outbound data Switching • PPP for authentication Data Gateways Gateways route table lookups. layer SMB - SNMP - NNTP - SSL - entry points for networks (MPLS) • No support for EAP Point-to-Point Tunneling Protocol • Dial in HTTP/HTTPS. Frame forward in local Internet Small Standard for connecting data storage sites such Switch (PPTP) • Connection setup uses plaintext network. Computer as storage area networks or storage arrays. TCP/IP Model Interface (ISCI) Location independent. • Data link layer Share network traffic • Single connection per session Layers Action Example Protocols Encryption and different protocols at different load by distributing Multilayer Load balancers levels. Disadvantages are hiding coveted channels • Same as PPTP except more secure Token ring • Frame Relay • FDDI traffic between two Protocols Layer 2 Tunneling Protocol (L2TP) Network access Data transfer done at this layer • Commonly uses IPsec to secure L2TP packets • Ethernet • X.25 devices and weak encryptions. Voice over • Network layer Create small data chunks called Hide internal public IP Allows voice signals to be transferred over the Internet • Multiple connection per session Internet datagrams to be transferred via IP • RARP • ARP • IGMP • ICMP address from external public Internet connection. Internet Protocol Security (IPsec) • Encryption and authentication network access layer Proxies public internet Protocol (VoIP) • Confidentiality and integrity /Connection caching and Packet switching technology with higher Transport Flow control and integrity TCP • UDP Asynchronous filtering. bandwidth. Uses 53-byte fixed size cells. On Convert data into readable Telnet • SSH • DNS • HTTP • FTP transfer mode Application demand bandwidth allocation. Use fiber optics. Communication Hardware Devices format • SNMP • DHCP Use to create VPN or (ATM) aggregate VPN Popular among ISPs Divides connected devices into one input signal for transmission over VPNs and VPN Concentrator connections provide PTP connection between Data terminal equipment one output via network. TCP 3-way Handshake concentrators using different internet X25 (DTE) and data circuit-terminating equipment Multiplexer Combines multiple signals into one signal for transmission. SYN - SYN/ACK - ACK links (DCE) Hubs Retransmit signal received from one port to all ports. LAN Topologies Capture or monitor Use with ISDN interfaces. Faster and use multiple Repeater Amplifies signal strength. Protocol analyzers network traffic in PVCs, provides CIR. Higher performance. Need to Frame Relay Topology Pros Cons real-time ad offline have DTE/DCE at each connection point. Perform WAN Transmission Types • No redundancy New generation error correction. Unified threat • Dedicated permanent circuits or communication paths required. BUS • Simple to setup • Single point of failure vulnerability scanning Synchronous Circuit-switched management IBM proprietary protocol use with permanent • Stable speed. Delay sensitive. application Data Link networks • Difficult to troubleshoot dedicated leased lines. • Mostly used by ISPs for telephony. Create collision Control (SDLC) RING • Fault tolerance • No middle point • Fixed size packets are sending between nodes and share domains. Routers High-level Data Start • Fault tolerance • Single point of failure VLANs Use DTE/DCE communications. Extended Packet-switched bandwidth. separate broadcast Link Control • Redundant protocol for SDLC. networks • Delay sensitive. Mesh • Fault tolerance domains (HDLC) • Expensive to setup • Use virtual circuits therefore less expensive. Intrusion detection and Domain name Map domain names /host names to IP Address IDS/IPS Types of Digital Subscriber Lines (DSL) prevention. system (DNS) and vice versa. Wireless Networking Asymmetric Digital • Download speed higher than upload Leased Lines Wireless personal area network (WPAN) standards Subscriber Line • Maximum 5500 meters distance via telephone lines. Firewall and Perimeter T1 1.544Mbps via telephone line IEEE 802.15 Bluetooth (ADSL) • Maximum download 8Mbps, upload 800Kbps. Security T3 45Mbps via telephone line IEEE 802.3 Ethernet Rate Adaptive DSL • Upload speed adjust