protocols

Domain 4.1 - OSI, IP, protocols Saved Comment 0 Export as PNG Share

Topic Subtopic Connection Icon Note Link 10% Theme Tips

password authentication protocol (PAP) - credential in clear text

challenge handshake authentication protocol (CHAP) - used by

HTTP, FRP, SMTP, Telnet, DNS
responsible for interfacing user app
Encryption, IMAP, ASCII, image
transform data into OSI understandable format
TLS, RPC, P2P, Tunneling, SIP
establish, maintain, terminate communication session
TCP (segment), UDP (datagram), TLS
manage integrity of connection, 3 way handshake
(SYN, SYN ACK, ACK), segmentation, sequencing,
error checking, controlling flow
Router, IPxx, ARP, ICMP
distance vector (hop count) - RIPv1,
IGRP, EIGRP (link+distance) interior
Gateway
Protocol Logical
link state - OSPF
addressing,
routing
exterior
path vector (BGP) - best route Gateway
based on entire path Protocol
PPP server to authenticate remote client. Periodic
reauthentication to prevent replay attack. MS-CHAPv2
Network authentication extensible authentication protocol (EAP) - extensible for PPP connection
7 - Application (PDU)
authentication protocol - PPP is encapsulation protocol for point to point link
port security - check MAC address ~authenticate port first (switch, router, wireless)
6 - Presentation (PDU)
quality of service (QoS) - efficiency network communication
encrypt at various layers, support range of protocl in higher layers, flexibility and resiliency
5 - Session (PDU)
Multilayer protocol
security issues: covert channel, bypass filter, network segment boundaries
Fibre Channel over Ethernet (FCoE) - high speed
file transfer (network storage protocol)
4 - Transport (Segment)
Internet Small Computer System Interface (iSCSI) - low cost vs
fibre channel; network storage based on IP
Converged protocol
Multiprotocol Label Switching (MPLS) - high-throughput, high-performance
network tech based on best path. Support ATM, frame relay, SONET, DSL
OSI 7 layers
Voice over internet protocol (VoIP)
3 - Network (Packet)
Session Initiation Protocol (SIP) - manage real time communication, caller identification
divide internal network into numerous subzones, single device and
firewall at every connection point (zero-trust networks)

Switches, ARP, PPP, MAC, Ethernet, benefits: performance. reduce congestion, isolating traffic, granular
Frames, ATM, PPP, L2F, L2TP, PPtP control, simplify fw policies

format packet from transmission application plane - use programs to

2 - Data link (Frame) Software Defined communicate needs for resources via API
Logical link control layer (LLC) Networks (SDN)
Microsegmentation
2 layers control plane - receives instructions and sends them to the network
CSMA/CD MAC
Software Defined Wide Area Network (SD WAN) - manage multiple ISP to ensure
cables, repeater, NIC, hub, repeater, bluetooth, wifi, ethernet speed, reliability, bandwidth. can use with MPLS, LTE, broadband.
1- Physical (bit)
convert frame to bit mark 2 different location appear to be same segment,
Domain encapsulate an ethernet frame (layer 2) in UDP packet
4.1 - VXLAN
Application, Transport, Internet, Network (3112) TCP/IP 4 models OSI, IP,
protocols virtual extensible LAN (16 million network)
FTP 20,21, SSH 22, Telnet 23, TFTP 69, SMTP 25, DHCP
67,68, NTO 123, SNMP 161, 162, NetBIOS 137-139 Frequency Hopping Spread Spectrum (FHSS) -
multiple frequencies. [bluetooth]
0 - 1023 = well known, system
Ports (2*16 = 65536) Direct Sequence Spread Spectrum (DSSS)
1024 - 46151 = registered, user - data in series one a time. [802.11b]

49152 - 65535 = random, dynamic, ephemeral, private Orthogonal Frequency-Division Multiplexing (OFDM) -
frequencies simultaneously in parallel. [802.11a,g,n]
IPv4 - 32 bit, 4 octets ., NAT
site survey - investigate presence,
wireless speed strength, reach of wireless access point
migration concern - 128 address space
more source address to attack, upgrade IPv6 - 128 bit, 8 hex :, NOT
issue, reduce privacy bcz NAT missing ad-hoc mode - connect 2 devices
using NAT, IPSec auto
integrate, no checksum, no
benefits - greater address, simpler autoconfiguration, add packet fragmentation, no standalone mode - wireless access point + no wired resource
scope to multicast, drop IPv4 header, packet labeling, option field mode
extension support to authenticaiton, integrity infrastructure mode - connect endpoint to central network, not directly each other

IPv6, IPv6 coexists in dual stack, tunneling, NAT-PT (mutual convert) wired extension mode - wireless access point + wired network

class A: 0 - 127, 25.0.0.0 WEP (RC4) - IV 24 bit too short

class B: 128-191, 255.255.0.0 Wireless (802.11x) WPA (TKIP)

Internet protocol
class C: 192-223, 255.255.255.0 classes personal (PSK) - home user
WPA2 (AES-CCMP) -
class D: multicast Use on PEAP, EAP-TLS enterprise - requires user account and
encryption authenticated in RADIUS
class E: experimental
simultaneous
10.0.0.0–10.255.255.255 (class A) authentication of
WPA3 (GCMP-256) - replace preshared key equals (SAE) - without
with SAE, zero knowledge proof enterprise user account
172.16.0.0–172.31.255.255 (class B)
captive portal - open guest network without key in network
192.168.0.0–192.168.255.255 (class C) private IP password (hotel, cafe)

APIPA assign DHCP client with IP in range 169.254.0.1 LEAP (CISCO) - reauthenticaiton for WEP

Loopback address - 127.0.0.1 (127.0.0.0/8) PEAP (Protected)- encapsulated EAP within TLS
802.11X - authentication protocol

EAP (extensible) - authentication framework

compatible with point to point connection

SSID - broadcast SSID (beacon frame)

Domain 4.2 Secure Network Component
Component Saved
Intranet - private network (LAN)
Extranet - btw internet and intranet
(other org access own org)
Screened subnet (DMZ) - btw internet and intranet
for low trust user to access specific system
benefits: same segment (performance), reduce
congestion, isolating traffic (security)
hub (L1) - connect multiple system
modem (L1) - analog --> digital signal
bridge (L2) - connect 2 networks together
switch (L2) - connect system, create
separate collision domain
router (L3) - routing operation, logical IP addressing
bridge/switch (connect system) - forwarding tables, filter traffic
based on MAC, no network address,forward broadcast traffic
router (connect network)- routing table, filter traffic based on IP, assign
different network address per port, does not forward broadcast traffic
gateway (L7) - connect different types of network
LAN extender - remote access, multilayer
switch connect distant network over WAN
critical - redundant power. edge device - single power supply
Operation of hardware
product training, warranty, vendor support
prevent non-zero attack, traffic encryption, AAA
service, enforce security policy, access control
asynchronous - simpler, less cost, parity for error
control,use for irregular transmission pattern
synchronous - complex, costly, robust error checking through cyclic redundancy
checking (CRC), high speed, high volume transmission, minimal protocol overhead
center core of copper wire, fairly resist for EMI
Baseband (single signal), Broadband
coaxial (TV)
(multiple signal simultaneously)
10Base5 (low EMI) - speed, base/broad, distance
transmission media
shielded twisted-pair (STP) – metal foil
cabling
unshielded twisted-pair (UTP) – without foil twisted-pair (telephone)
UTP categories 100m - Cat 5 100
Mbps, Cat 5e 1 Gbps, Cat 6 1 Gbps
copper, best, least expensive, resist of metal (temperature) conductor
transmit light instead of electricity, fast, costly,
good security (electromagnetic) interface fiber optic (data)
single point of failure
Ring (token along circle)
token ring
all systems transmit simultaneously (collision),
central trunk single point of failure
Bus (trunk or backbone cable)
ethernet
Hub, switch Star (centralized connection)
redundant connection (best) Mesh (numerous path)
Comment 0 Export as PNG Share
Topic Subtopic Connection Icon Note Link 10% Theme Tips
analog - continuous signal varies in frequency (wave shape).
analog vs digital
digital - electric signal, more reliable, voltage of 0,1
synchronous - communication rely on time/clock
[networking use for high rate transfer]
syn vs asyn
Network segment synchronous - stop and start delimiter bit [PSTN]
baseband - single communication channel [ethernet]
base vs broad
broadband - multiple simultaneous signal, high
throughput, analog [TV, modem, ISDN, DSL, T1, T3]
broadcast LAN tech, star or bus topology, twisted pair cabling
broadcast: 1 to all, multicast: 1 to many, Unicast 1 to 1
Ethernet (IEEE 802.3) CSMA/CD - listen for collision in amount of time, if
detected, send jam signal. After collision, wired, 802.3
CSMA/CA - request permmission. Before
LAN media access collision, wireless, 802.11
Network device
Token ring (IEEE 802.5) - ring topology to release token to next system
Polling - primary pool secondary system if they need to
transmit then grant permission to transmit
FDDI (IEEE 802.4) - dual counter rotating rings for fault tolerance, long
distance at high speeds (rarely seen in enterprise)
IEEE 802.1AE: MAC Security Standard (MACSec),
encryption, integrity, origin authentication
Layer 2 security standard
IEEE 802.1AR: unique Secure Device Identity
IEEE 802.1AF: Authenticated Key Agreement for MACSec
Network Access inbound packet which have internal source address
Domain 4.2 Secure
Control (NAC)
Network Component outbound packet which have external source address
blocking rules
packet that have source/destination address from LAN but yet
to assign to as host
examine msg header, source/destination IP add, port (ACL)
static packet-filtering (network++)
weakness: limited logging, no authentication, can't detect
fragmentation attack
stateful/dynamic (network3) evaluate state, sesstion, context of packet
decision based on protocol header & session info
circuit level (session5) (SOCKS), protect wide range of protocls
types deep packet inspection, WAF, filter based on protocol, app, content
Firewall
each protocol require a unique proxy
application level proxy (app7) pros: extensive logging, authenticate
user, address spoofing attack
cons: not for high bandwidth or real time app, limited
support for new network app, performance issue
next generation firewall (multiple layers) VPN, Antivirus, IDPS, UTM
dual-homed - a single pc with separate
NICs connected to each network
screened host (bastion host)- router filter
architecture
raffic before it pass to firewall
Network topology
screened subnet - external router filter traffic before it
enters subject (2 firewalls)
forward - from internal client to outside service, build for
content filtering, email security
Proxy
reverse - from external system to internal service, build for
app delivery, load balancing, authentication and app firewall
 Domain 4.3: Communiation Channel
Channel Saved Comment 0 Export as PNG Share

Topic Subtopic Connection Icon Note Link 50% Theme Tips

Public Switched Telephone Network (PSTN)

Digital Subscriber Line (xDSL)
Voice over Internet Protocol (VoIP)
Integrated Services Digital Network (ISDN)
real time transport protocol (RTP) - carries data in
media stream format. SRTP is secure version of RTP Layer 2 Forwarding Protocol (L2F) - encapsulation
Voice but no encryption (confidentiality)
Session Initialization Protocol (SIP) - SIPS is secure Protocol circuit (physical)- dedicated
version of SIP (TLS encryption) pathway. fix delay, connection
Layer 2 Tunneling Protocol (L2TP) - IPSec
oriented, sensitive to connection
loss, for voice Point to Point
RTP control protocol (RTCP) - provides statistic on QoS Point-to-Point Protocol (PPP) - most robust
links

secure - use SRTP, SIPS, a dedicated VLAN for VoIP phones Point-to-Point Tunneling Protocol (PPTP) -
Microsoft, no encryption, rely on PAP, CHAP, EAP
remote meeting - authentication, encrypted tunnel,
end-to-end encryption, activies logged Serial Line IP (SLIP) - TCP/IP low speed dial up
Multimedia collaboration
WAN Switching
instant messaging - malicious code, file transfer, social engineering X.25 - oldest packet switched WAN tech, error correction

Load balancing Frame relay - packet switched WAN tech, focus on speed
rather than reliablity , data link layer (TCP)
dial up modem, VPN RADIUS packet (logical) - msg broken into
small segments. variable delay,
ATM - cell switched WAN tech, fixed length cell
Centralized Remote connectionless, sensitive for data
2FA TATACS+
Authentication Services loss, for any traffic
Synchronous Data Link Control (SDLC) - IBM full-duplex serial
successor of TATACS+ with added reliability Diameter protocol. Use in mainframe <--> remote

unsecure protocol (no authentication): SMTP (25), POP3 High-level Data Link Control (HDLC) - synchronous protocol
(110), IMAP (143) X.400 standard Data communication
(email) Permanent virtual circuits (PVCs) - dedicated 2 way walkie talkie
security goal: integrity, authenticity, classify sensitive content virtual (logical)
Switched virtual circuits (SVCs) - create each time
Domain 4.3:
obsolete encapsulation protocol, data link Communiation Channel 4G - IP based (WiMax), 1 Gbps
layer, transmit over IP, use for dial up
Cellular Network
Point-to-Point Tunneling Protocol (PPTP) 5G - ICS, IoT, 10 Gbps but reduced network, mutual
authentication protocol: PAP, CHAP, authentication, enhanced subscriber identity protection
EAP, MS-CHAPv2
Content Distribution geographically distributed network close to user. low
Layer 2 Forwarding (L2F) - Cisco Network (CDN) latency, high performance, and high availability

PPTP + L2F. Use with IPSec zigbee (802.15.4) - PAN, lower power, personal area
Layer 2 Tunneling Protocol (L2TP) network, IoT. Support both centralized & distributed
VPN over WAN (IP, X.25, frame relay) security models, mesh topology

VPN LiFi - use light to transmit data at high speed (cant penetrate
AH - authentication, integrity, and nonrepudiation
opaque wall), not susceptible to EM interference, speed 100 Gbit/s
ESP - confidentiality
satellite - LEO, MEO, GEO orbits support tel, tv, internet, military
transport mode - encrypt only payload, host to
host VPN (end at individual host) NFC - very short range
IPSec
mode other communication
tunnel mode - encrypt IP header+payload, site to site infrared - requires line of sight
VPN (end at boundaries)
bluetooth (802.15)
IKE - OAKLEY (key generation), SKEME (exchange
keys), ISAKMP (manage encryption keys) MAN (802.16)

port mirror - duplicate traffic from one port on specific port WPA2 (802.11i)

port tap - eavesdrop Management frame protection (MEP) - 802.11w prevent

replay, DoS, wi-fi DE authentication attack
VLAN (802.1q)
trunk port - dedicated port with higher bandwidth
ISP, cloud, vendor, partner, customer
security issues: VLAN hopping (header with multiple tag) ~ access Third-party connectivity
other subnet by encapsulating packet MOU, MOA - agreement btw 2 entities
 human friendly domain name-->IP

DNS cache poisoning - place incorrect war driving - detect wireless network signal [WPA2 prevent]
info in zone file or cache

rogue access point - false WAP,

rogue DNS server - send client a DNS duplicate SSID/MAC address
response with false IP

evil twin - false access point

DNS pharming - modify local host file
to redirect to fake website
Disassociation - disconnect client
attack
DNS wireless
typosuqatting - look alike genuine url
[existing website] jamming - interference attack

cybersquatting - buy a look alike genuine url replay attack - defense: firmware updated, WIDS, OTP,
then resell to business [no establish website] timestamp, challenge response authentication

domain hijacking - change registration defense: update firmware, change default admin pass, enabling
of domain name without authorization WPA2/WPA3, disabling SSID broadcast, MAC filtering, IDS, WIDS,
VPN, captive portal, tracking wireless activities

DNSSEC (digital signature+PKI to verify the DNS

resposne to queries) , DoH, ODoH, limit zone transfer defense SMTP - open relay send spam

fraggle - UDP spoof source virus, worm, trojan, spoofing source address, DoS, mail storm reply all

smurf- ICMP spoof source S/MIME - authentication, confidentiality through public key ,
digital envelop, digital signature
network
teardrop - fragment data packet
PGP - encrypt file and email msg

ping of death - oversized ping packet

Domain Keys Identified Mail (DKIM) - domain validation

LAND attack - IP with same source

and destination address and port Sender Policy Framework (SPF) - against spam and spoofing
transport OSI layer
SYN flood (network) - never email Domain Message Authentication Reporting
complete TCP handshake and Conformance (DMARC) - DNS based
email authentication system
defense
DHCP attack configure securely mail relay server,
filtering on email gateway
MAC flood Domain 4.4
data link Network Attack black list (block), white list (allow), gray list (reject any
ARP spoofing unknown sender and put on hold then resent)

VLAN hopping PEM -authentication, integrity, confidentiality, and

nonrepudiation using RSA, DES, and X.509 certificates
managing and monitoring network devices
MIME Object Security Services (MOSS) - MD2,
SNMPv1, v2 - credential in clear text SNMP MD5, RSA, DES

defense: use SNMPv3 vishing (falsify caller ID)

privacy violating RFID phreaking (attack telephone system to make free call)

on-path attack, eavesdropping, data VoIP toll fraud (spam), identity fraud (caller ID),
manipulation, and replay Attack NFC eavesdropping, DoS

sniffing - network packet capturing defense: patches, encrypt, disabled unnecessary port, real time
monitoring (IDS,IPS), record call logs, block international calling,
smacking - DoS garbage traffic/signal jamming outsource, VoIP-to-PSTN gateway must present

jacking - send unsolicited message eavesdropping, physical security

snarfing - data theft replace remote access with credit card

bluetooth (802.15) authorized individual

bugging - remote control PBX
defense
best practice: use for non-confidential activities, change protect administrative interface
default PIN, turn off discovery mode when no use
deploy direct inward system access
(DISA) to reduce PBX fraud
bluetoot 2.1 - weak encryption cipher

bluetooth 4.1 - use AES-CCM strong cipher intercept, provider susceptible for
Mitm/on-path attack, cell phone access
cellular to office
security issue: volume of data
VXLAN - MAC spoofing, DoS
least privilege, back up, SIEM, app whitelisting, file
network architecture
encryption, automated patch, restrict use of removable media endpoint
SDN - MiTm, DoS. Secure with TLS!
defense
Endpoint detection and response (EDR) - evolution of
antimalware, IDS, firewall solution