Network Security Protocols and Vulnerabilities: A Concise Overview, Exams of Computer Security

A concise overview of various network security concepts, protocols, and vulnerabilities. It covers topics such as ipsec, common tcp/udp ports, rfc1918 address blocks, cve, cvss, dread, cwe, and nvd. Additionally, it includes information on authentication protocols like lm, net-ntlm, and ntlm, as well as network scanning tools and various network protocols like peap, leap, and more. The document also touches on sql injection, llmnr spoofing, ftp bounce attacks, and common malware exploits, offering a broad overview of network security essentials. It is useful for students and professionals in cybersecurity.

Typology: Exams

2024/2025

Available from 08/05/2025

Lectmark
Lectmark šŸ‡ŗšŸ‡ø

3.9

(7)

5.1K documents

1 / 35

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
CREST CPSA 4, CPSA 5
100 *** Continue
101 *** Switching Protocols
102 *** Processing
Internet Protocol Security (IPsec) *** a secure network protocol suite that authenticates and encrypts
the packets of data sent over an Internet Protocol network
Internet Protocol Security (IPsec) *** used in virtual private networks (VPNs)
number of possible TCP ports *** 65535
number of possible UDP ports *** 65535
RFC1918 24-bit block *** 10.0.0.0/8
RFC1918 20-bit block *** 172.16.0.0/12
RFC1918 16-bit block *** 192.168.0.0/16
Common Vulnerabilities and Exposures (CVE) *** provides a reference-method for publicly known
information-security vulnerabilities and exposures
Common Vulnerability Scoring System (CVSS) *** an open industry standard for assessing the severity of
computer system security vulnerabilities
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a
pf1b
pf1c
pf1d
pf1e
pf1f
pf20
pf21
pf22
pf23

Partial preview of the text

Download Network Security Protocols and Vulnerabilities: A Concise Overview and more Exams Computer Security in PDF only on Docsity!

CREST CPSA 4, CPSA 5

100 *** Continue

101 *** Switching Protocols

102 *** Processing

Internet Protocol Security (IPsec) *** a secure network protocol suite that authenticates and encrypts the packets of data sent over an Internet Protocol network

Internet Protocol Security (IPsec) *** used in virtual private networks (VPNs)

number of possible TCP ports *** 65535

number of possible UDP ports *** 65535

RFC1918 24-bit block *** 10.0.0.0/

RFC1918 20-bit block *** 172.16.0.0/

RFC1918 16-bit block *** 192.168.0.0/

Common Vulnerabilities and Exposures (CVE) *** provides a reference-method for publicly known information-security vulnerabilities and exposures

Common Vulnerability Scoring System (CVSS) *** an open industry standard for assessing the severity of computer system security vulnerabilities

DREAD *** part of a system for risk-assessing computer security threats

Common Weakness Enumeration (CWE) *** a category system for software weaknesses and vulnerabilities

National Vulnerability Database (NVD) *** the U.S. government repository of standards-based vulnerability management data represented using the Security Content Automation Protocol (SCAP)

500 *** Internal Server Error

501 *** Not Implemented

502 *** Bad Gateway

503 *** Service Unavailable

504 *** Gateway Timeout

505 *** HTTP Version Not Supported

511 *** Network Authentication Required

CHANGE_ON_INSTALL *** SYS

MANAGER *** SYSTEM

404 *** Not Found

405 *** Method Not Allowed

406 *** Not Acceptable

407 *** Proxy Authentication Required

408 *** Request Timeout

409 *** Conflict

410 *** Gone

411 *** Length Required

413 *** Payload Too Large

426 *** Upgrade Required

429 *** Too Many Requests

threat *** a source of potential disruption, which has the potential to cause a risk

risk *** the combination of consequences of a threat occurring and the likelihood of it doing so

inherent risk *** the risk that an event will occur which may negatively affect the achievement of organisation's objectives, assuming there are no controls in place

residual risk *** the risk which remains after taking controls in to account

Session Initiation Protocol (SIP) *** a signaling protocol used for initiating, maintaining, and terminating real-time sessions that include voice, video and messaging applications

SIP requests *** REGISTER; INVITE; ACK; BYE; CANCEL; UPDATE; REFER; PRACK; SUBSCRIBE; NOTIFY; PUBLISH; MESSAGE; INFO; OPTIONS

IPsec security architecture *** Authentication Headers (AH)

Encapsulating Security Payloads (ESP)

Security Associations (SA) - Internet Security Association and Key Management Protocol (ISAKMP); Internet Key Exchange (IKE and IKEv2)

LM *** all passwords are converted into uppercase before generating the hash value

LM *** password length is limited to maximum of 14 characters

LM *** a 14-character password is broken into 7+7 characters and the hash is calculated for the two halves separately

LM *** if the password is 7 characters or less, then the second half of hash will always produce same constant value (AAD3B435B51404EE)

LM *** the hash value is sent to network servers without salting

nbtstat; nbtscan *** NetBIOS scanning tools:

nbtstat *** a command line utility that is integrated in windows systems and it can unveil information about the NetBIOS names and the remote machine name table or local but only for one host

nbtscan *** a NetBIOS nameserver scanner which has the same functions as nbtstat but it operates on a range of addresses instead of one

PEAP *** a protocol that encapsulates the Extensible Authentication Protocol (EAP) within an encrypted and authenticated Transport Layer Security (TLS) tunnel

LEAP *** a proprietary wireless LAN authentication method developed by Cisco Systems

LEAP *** uses WEP

stream cipher (symmetric) *** Rivest Cipher 4 (RC4)

symmetric-key block cipher *** Rivest Cipher 5 (RC5)

symmetric-key block cipher *** Data Encryption Standard (DES)

symmetric-key block cipher *** Advanced Encryption Standard (AES)

Media Access Control (MAC) address *** of a device is a unique identifier assigned to a network interface controller (NIC)

48 bits *** Media Access Control (MAC) address size:

Oracle System ID (SID) *** used to uniquely identify a particular database on a system

rlogin; rcp; rsh *** Berkeley r-commands that share the hosts.equiv and .rhosts access-control scheme

permissions required for copying a file into / out of a directory *** source directory: execute and read permission

source file: read permission

target directory: execute and write permission

target file: you don't need any permission since it doesn't exit before you copy it. or write permission if the file exists

blind SQL injection *** a type of SQL Injection attack that asks the database true or false questions and determines the answer based on the applications response - this attack is often used when the web application is configured to show generic error messages, but has not mitigated the code that is vulnerable to SQL injection

Link-Local Multicast Name Resolution (LLMNR) *** a Microsoft Windows protocol based on the Domain Name System (DNS) packet format that allows both IPv4 and IPv6 hosts to perform name resolution for hosts on the same local link

Network Basic Input/Output System (NetBIOS) name service *** identifies systems on a local network by their NetBIOS name

LLMNR spoofing *** Adversaries can spoof an authoritative source for name resolution on a victim network by responding to LLMNR (UDP 5355)/NBT-NS (UDP 137) traffic as if they know the identity of the requested host, effectively poisoning the service so that the victims will communicate with the adversary controlled system. If the requested host belongs to a resource that requires identification/authentication, the username and NTLMv2 hash will then be sent to the adversary controlled system.

Internet Explorer *** MS10-002 basis

Aurora *** MS10-002 name

KiTrap0D *** MS10-015 name

Print Spooler Service *** MS10-061 basis

OK *** 200

Created *** 201

Accepted *** 202

Non-Authoritative Information *** 203

No Content *** 204

Reset Content *** 205

300 *** Multiple Choices

301 *** Moved Permanently

302 *** Found

307 *** Temporary Redirect

308 *** Permanent Redirect

0 *** Echo Reply

3 *** Destination Unreachable

4 *** Source Quench

5 *** Redirect Message

8 *** Echo Request

9 *** Router Advertisement

10 *** Router Solicitation

11 *** Time Exceeded

30 *** Traceroute

42 *** Extended Echo Request

IEEE 802.11 *** part of the IEEE 802 set of LAN protocols, and specifies the set of media access control (MAC) and physical layer protocols for implementing wireless local area network (WLAN) Wi-Fi computer communication in various frequencies, including but not limited to 2, 4, 5, and 60 GHz frequency bands

Kismet *** passive scanner on Linux

Wired Equivalent Privacy (WEP) *** both XXX-40 and XXX-104 were deprecated in 2004

Temporal Key Integrity Protocol (TKIP) *** deprecated in 2012

Wi-Fi Protected Access / Wi-Fi Protected Access II (WPA/WPA2) *** defined in response to serious weaknesses researchers had found in the previous system, Wired Equivalent Privacy (WEP)

Extensible Authentication Protocol (EAP) *** an authentication framework frequently used in wireless networks and point-to-point connections

Lightweight Extensible Authentication Protocol (LEAP) *** a proprietary wireless LAN authentication method developed by Cisco

Protected Extensible Authentication Protocol (PEAP) *** a protocol that encapsulates the Extensible Authentication Protocol (EAP) within an encrypted and authenticated Transport Layer Security (TLS) tunnel

Teletype Network (Telnet) *** a protocol used on the Internet or local area network to provide a bidirectional interactive text-oriented communication facility using a virtual terminal connection

Teletype Network (Telnet) *** does not encrypt any traffic sent over the connection by default

Hypertext Transfer Protocol (HTTP) *** an application protocol for distributed, collaborative, hypermedia information systems

Hypertext Transfer Protocol (HTTP) *** does not encrypt any traffic sent over the connection

Hypertext Transfer Protocol Secure (HTTPS) *** used for secure communication over a computer network, and widely used on the Internet

File Transfer Protocol (FTP) *** a standard network protocol used for the transfer of computer files between a client and server on a computer network

File Transfer Protocol (FTP) *** does not encrypt any traffic sent over the connection

Secure Shell (SSH) *** a cryptographic network protocol for operating network services securely over an unsecured network

Simple Network Management Protocol (SNMP) *** an Internet Standard protocol for collecting and organising information about managed devices on IP networks and for modifying that information to change device behaviour

using SNMP to attack a network *** the SNMP implementation of Cisco 11.0 and 12.0 is vulnerable to certain denial of service attacks

SNMP authentication *** SNMP v1 sends passwords in clear-text over the network

SNMP autodiscovery *** in SNMP v1 and v2c the community string is broadcast in clear-text to other devices

C:\windows\system32\config\SAM *** password hashes (Windows):

/etc/shadow *** password hashes (Unix):

domain information, registrant contact, administrative contact, technical contact *** information contained within IP and domain registries (WHOIS)

DNS zone transfer *** one of many mechanisms available for administrators to replicate DNS databases across a set of DNS servers

zone *** the portion of the database that is replicated

Start Of [a zone of] Authority (SOA) *** specifies authoritative information about a DNS zone

Mail eXchange (MX) *** domain to mail server

Text (TXT) *** more often carries machine-readable data, opportunistic encryption, etc.

Address (A) *** domain to IP

Name Server (NS) *** domain to a set of name servers

Pointer (PTR) *** IP to a domain

HINFO *** intended to provide information about host CPU type and operating system

Canonical Name (CNAME) *** subdomain to a domain's A record

Usenet newsgroup *** a repository usually within the Usenet system, for messages posted from many users in different locations using Internet

-rwxr-xr-x *** a regular file whose user class has full permissions and whose group and others classes have only the read and execute permissions

0740 *** -rwxr-----

archive, hidden, system, read-only *** traditionally, in Microsoft Windows, files and folders accepted four attributes:

filesystem Access Control List (ACL) *** a data structure (usually a table) containing entries that specify individual user or group rights to specific system objects such as programmes, processes, or files

encryption *** transforms data into another format in such a way that only specific individual(s) can reverse the transformation

encoding *** transforms data into another format using a scheme that is publicly available so that it can easily be reversed

symmetric encryption *** uses the same cryptographic keys for both encryption of plaintext and decryption of ciphertext

asymmetric encryption *** uses pairs of keys: public keys which may be disseminated widely, and private keys which are known only to the owner

symmetric-key block cipher *** DES - Data Encryption Standard

Message-Digest algorithm (MD5) *** hash function producing a 128-bit hash value

512 bits *** MD5 block sizes:

message integrity codes *** a short piece of information used to authenticate a message - in other words, to confirm that the message came from the stated sender (its authenticity) and has not been changed

Hash-based Message Authentication Code (HMAC) *** a specific type of Message Authentication Code (MAC) involving a cryptographic hash function and a secret cryptographic key

firewall *** a network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules

firewall *** often categorised as either network firewalls or host-based firewalls

network access control list *** a network filter utilised by routers and some switches to permit and restrict data flows into and out of network interfaces

router *** a networking device that forwards data packets between computer networks

switch *** a computer networking device that connects devices on a computer network by using packet switching to receive, process, and forward data to the destination device

Secure Sockets Layer (SSL) *** a set of cryptographic protocols designed to provide communications security over a computer network

Internet Protocol Security (IPsec) *** a secure network protocol suite that authenticates and encrypts the packets of data sent over an Internet protocol network which is used in Virtual Private Networks (VPNs)

Secure Shell (SSH) *** a cryptographic network protocol for operating network services securely over an unsecured network

Secure Shell (SSH) *** typical applications include remote command-line login and remote command execution, but any network service can be secured with SSH

Pretty Good Privacy (PGP) *** an encryption programme that provides cryptographic privacy and authentication for data communication

Pretty Good Privacy (PGP) *** used or signing, encrypting, and decrypting texts, emails, files, directories, and whole disk partitions and to increase the security of email communications

Wired Equivalent Privacy (WEP) *** standard 64-bit WEP uses a 40 bit key (also known as WEP-40), which is concatenated with a 24-bit initialisation vector (IV) to form the RC4 key

Temporal Key Integrity Protocol (TKIP) *** designed as an interim solution to replace WEP without requiring the replacement of legacy hardware

Wi-Fi Protected Access (WPA) *** defined in response to serious weaknesses researchers had found in the previous system, Wired Equivalent Privacy (WEP)

egress filtering *** the practice of monitoring and potentially restricting the flow of information outbound from one network to another

egress filtering *** TCP/IP packets that are being sent out of the internal network are examined via a router, firewall, or similar edge device