Nettailor - Tailored Networks
Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Back to homepage

Domain 4

Domain 4 - Communication and Network Security

OSI Model

  • Application (PDU)
  • Presentation (PDU)
  • Session (PDU)
  • Transport (TCP / UDP)
  • Network (Packet)
  • Data Link (Frame)
  • Physical (Bits)

  • Carrier-Sense Multiple Access (CSMA)
  • Carrier-Sense Multiple Access (CSMA/CA)
  • Carrier-Sense Multiple Access (CSMA/CD)

TCP/IP

  • 3-Way-Handshake (SYN / SYN-ACK / ACK)
  • Header is 20 - 60 bytes long
    • 16 bit Source Port
    • 16 bit Destination Port
    • 32 bit Sequence Number
    • 4 bit Data Offset
    • 4 bit Reserved
    • 8 bit Flags
    • 16 bit Window Size
    • 16 bit Checksum
    • 16 bit Urgent pointer
    • Variable (multiple of 32bit)

IP Classes

IPv4
  • Class A / B / D (multicast) / E (reserved)

DNS

  • FQDN consists of:
    • top-level-domain
    • registered domain name
    • subdomain or hostname
  • Attacks
    • DNS Poisoning
    • Alter the HOSTS file
    • Corrupt the IP configuration
    • USe proxy falsification
    • Domain hijacking

Wireless Networks

  • SSID , BSSID, ESSID
  • Attacks
    • War Driving
    • War Chalking
    • Replay
    • IV
    • Rogue Access Points
    • Evil Twin
Frequencies
  • Frequency Hopping Spread Spectrum
  • Direct Sequence Spread Spectrum
  • Orthogonal Frequency-Division Multiplexing

Network Authentication Protocols

PAP

  • Client sends packet with cred (username and password) at the beginning of connection
  • Plain Text

CHAP

  • protected against replay-attacks by incrementally changing identifier and variable challenge-value
  • requires both sides know plain-text shared secret
  • Used by PPP
  • Stores plain-text passwords

802.1X (EAP)

  • supplicant, authenticator, and authentication server
  • AS is RADIUS or AD

PEAP

  • EAP with TLS Tunnel

EAP-MD5

  • weak form of EAP.

LEAP

EAP-TLS

  • Uses PKI, requires client and server certificates
  • Establishes a tunnel for authentication very secure, complex and expensive

EAP-TTLS

  • Simpler by dropping the client certificate requirement, allowing other methods for client authentication

PANA

  • devices authenticates itself by using EAP as protocol for key distribution, key agreement and key derivation.

Secure Network Components

Firewalls

  • Application-Layer Gateway Firewall
    • also proxy firewall
    • affect network performance
  • Circuit-Level Gateway Firewall
    • operate at Session layer (Layer 5)
    • SOCKS is a common implementation
  • Stateful Inspection Firewalls
    • evaluate the state or context of the traffic
    • operate on layer-3 and layer-4
  • Deep Packet Inspection Firewalls *
  • Next-Gen Firewalls
    • Multifunction Device
    • Integrates Firewall, IDS, IPS, TLS Proxy, web filtering, QoS, NATing, VPN and antivirus.