




















Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
An overview of various wireless network protocols, including wi-fi, and their associated security vulnerabilities. It covers topics such as wi-fi frequency bands, wireless security protocols like wep, tkip, and wpa/wpa2, as well as other network protocols like telnet, http, ftp, and snmp. The document also discusses security issues related to these protocols, such as clear-text transmission, denial of service attacks, and vulnerabilities in specific protocol implementations. Additionally, it covers network scanning techniques, including nmap options, and legal considerations around penetration testing. This comprehensive information could be useful for network administrators, security professionals, and students studying computer networking and cybersecurity.
Typology: Exams
1 / 28
This page cannot be seen from the preview
Don't miss anything!





















✔️ Continue
101 - ✔️ Switching Protocols
102 - ✔️ Processing
Internet Protocol Security (IPsec) - ✔️ a secure network protocol suite that authenticates and encrypts the packets of data sent over an Internet Protocol network
Internet Protocol Security (IPsec) - ✔️ used in virtual private networks (VPNs)
number of possible TCP ports - ✔️ 65535
number of possible UDP ports - ✔️ 65535
RFC1918 24-bit block - ✔️ 10.0.0.0/
RFC1918 20-bit block - ✔️ 172.16.0.0/
RFC1918 16-bit block - ✔️ 192.168.0.0/
Common Vulnerabilities and Exposures (CVE) - ✔️ provides a reference-method for publicly known information-security vulnerabilities and exposures
Common Vulnerability Scoring System (CVSS) - ✔️ an open industry standard for assessing the severity of computer system security vulnerabilities
DREAD - ✔️ part of a system for risk-assessing computer security threats
Common Weakness Enumeration (CWE) - ✔️ a category system for software weaknesses and vulnerabilities
National Vulnerability Database (NVD) - ✔️ the U.S. government repository of standards-based vulnerability management data represented using the Security Content Automation Protocol (SCAP)
500 - ✔️ Internal Server Error
501 - ✔️ Not Implemented
502 - ✔️ Bad Gateway
503 - ✔️ Service Unavailable
504 - ✔️ Gateway Timeout
505 - ✔️ HTTP Version Not Supported
511 - ✔️ Network Authentication Required
CHANGE_ON_INSTALL - ✔️ SYS
MANAGER - ✔️ SYSTEM
TIGER - ✔️ SCOTT
WOOD - ✔️ ADAMS
STEEL - ✔️ JONES
CLOTH - ✔️ CLARK
PAPER - ✔️ BLAKE
✔️ Upgrade Required
429 - ✔️ Too Many Requests
threat - ✔️ a source of potential disruption, which has the potential to cause a risk
risk - ✔️ the combination of consequences of a threat occurring and the likelihood of it doing so
inherent risk - ✔️ the risk that an event will occur which may negatively affect the achievement of organisation's objectives, assuming there are no controls in place
residual risk - ✔️ the risk which remains after taking controls in to account
Session Initiation Protocol (SIP) - ✔️ a signaling protocol used for initiating, maintaining, and terminating real-time sessions that include voice, video and messaging applications
SIP requests - ✔️ REGISTER; INVITE; ACK; BYE; CANCEL; UPDATE; REFER; PRACK; SUBSCRIBE; NOTIFY; PUBLISH; MESSAGE; INFO; OPTIONS
IPsec security architecture - ✔️ Authentication Headers (AH) Encapsulating Security Payloads (ESP) Security Associations (SA) - Internet Security Association and Key Management Protocol (ISAKMP); Internet Key Exchange (IKE and IKEv2)
LM - ✔️ all passwords are converted into uppercase before generating the hash value
LM - ✔️ password length is limited to maximum of 14 characters
LM - ✔️ a 14-character password is broken into 7+7 characters and the hash is calculated for the two halves separately
LM - ✔️ if the password is 7 characters or less, then the second half of hash will always produce same constant value (AAD3B435B51404EE)
✔️ the hash value is sent to network servers without salting
LM - ✔️ uses DES
128 bits - ✔️ LAN Manager (LM) hash size:
Net-NTLM - ✔️ used for network authentication
Net-NTLM - ✔️ get these hashes when using tools like Responder or Inveigh
Net-NTLMv1 - ✔️ uses DES
Net-NTLMv2 - ✔️ uses HMAC-MD 5
128 bits - ✔️ Network New Technology LAN Manager (Net-NTLM) hashes size:
NTLM - ✔️ get these hashes when dumping the SAM database of any Windows OS, a Domain Controller's Ntds.dit database or from Mimikatz
NTLM - ✔️ uses MD 4
128 bits - ✔️ New Technology LAN Manager (NTLM) hash size:
NTLM - ✔️ You CAN perform Pass-The-Hash attacks with these hashes
Net-NTLM - ✔️ You CANNOT perform Pass-The-Hash attacks with these hashes
nbtstat; nbtscan - ✔️ NetBIOS scanning tools:
nbtstat - ✔️ a command line utility that is integrated in windows systems and it can unveil information about the NetBIOS names and the remote machine name table or local but only for one host
✔️ a type of SQL Injection attack that asks the database true or false questions and determines the answer based on the applications response - this attack is often used when the web application is configured to show generic error messages, but has not mitigated the code that is vulnerable to SQL injection
Link-Local Multicast Name Resolution (LLMNR) - ✔️ a Microsoft Windows protocol based on the Domain Name System (DNS) packet format that allows both IPv4 and IPv6 hosts to perform name resolution for hosts on the same local link
Network Basic Input/Output System (NetBIOS) name service - ✔️ identifies systems on a local network by their NetBIOS name
LLMNR spoofing - ✔️ Adversaries can spoof an authoritative source for name resolution on a victim network by responding to LLMNR (UDP 5355)/NBT-NS (UDP 137) traffic as if they know the identity of the requested host, effectively poisoning the service so that the victims will communicate with the adversary controlled system. If the requested host belongs to a resource that requires identification/authentication, the username and NTLMv2 hash will then be sent to the adversary controlled system.
FTP bounce attack - ✔️ an exploit of the FTP protocol whereby an attacker is able to use the PORT command to request access to ports indirectly through the use of the victim machine as a middle man for the request
Ntds.dit file - ✔️ a database that stores Active Directory data, including information about user objects, groups, and group membership - it includes the password hashes for all users in the domain
computer worm - ✔️ What is Code Red?
Internet Information Services (IIS) 5.0 - ✔️ MS 01 - 033 basis
Code Red - ✔️ The MS 01 - 033 vulnerability was used by which malware?
computer worm - ✔️ What is Conficker?
Conficker - ✔️ The MS 08 - 067 vulnerability was used by which malware?
computer worm - ✔️ What is Blaster?
Distributed Component Object Model (DCOM) - ✔️ MS 03 - 026 basis
Blaster - ✔️ The MS 03 - 026 vulnerability was used by which malware?
computer worm - ✔️ What is Nimda?
Local Security Authority Subsystem Service (LSASS) - ✔️ MS 04 - 011 basis
Internet Explorer - ✔️ MS 10 - 002 basis
Aurora - ✔️ MS 10 - 002 name
KiTrap0D - ✔️ MS 10 - 015 name
Print Spooler Service - ✔️ MS 10 - 061 basis
OK - ✔️ 200
Created - ✔️ 201
Accepted - ✔️ 202
Non-Authoritative Information - ✔️ 203
No Content - ✔️ 204
Reset Content - ✔️ 205
300 - ✔️ Multiple Choices
301 - ✔️ Moved Permanently
Dynamic Host Configuration Protocol (DHCP) - ✔️ a network management protocol used on UDP/IP networks whereby a DHCP server dynamically assigns an IP address and other network configuration parameters to each device on a network so they can communicate with other IP networks
Hot Standby Router Protocol (HSRP) - ✔️ a Cisco proprietary redundancy protocol for establishing a fault-tolerant default gateway
Virtual Router Redundancy Protocol (VRRP) - ✔️ a computer networking protocol that provides for automatic assignment of available Internet Protocol (IP) routers to participating hosts
VLAN Trunking Protocol (VTP) - ✔️ a Cisco proprietary protocol that propagates the definition of Virtual Local Area Networks (VLAN) on the whole local area network
Spanning Tree Protocol (STP) - ✔️ a network protocol that builds a loop-free logical topology for Ethernet networks
Terminal Access Controller Access-Control System Plus (TACACS+) - ✔️ a protocol developed by Cisco that handles authentication, authorisation, and accounting (AAA) services
Voice over Internet Protocol (VoIP) - ✔️ a methodology and group of technologies for the delivery of voice communications and multimedia sessions over Internet Protocol (IP) networks, such as the Internet
Session Initiation Protocol (SIP) - ✔️ a signaling protocol used for initiating, maintaining, and terminating real-time sessions that include voice, video and messaging applications
IEEE 802.11 - ✔️ part of the IEEE 802 set of LAN protocols, and specifies the set of media access control (MAC) and physical layer protocols for implementing wireless local area network (WLAN) Wi-Fi computer communication in various frequencies, including but not limited to 2, 4, 5, and 60 GHz frequency bands
Kismet - ✔️ passive scanner on Linux
Wired Equivalent Privacy (WEP) - ✔️ both XXX- 40 and XXX- 104 were deprecated in 2004
Temporal Key Integrity Protocol (TKIP) - ✔️ deprecated in 2012
Wi-Fi Protected Access / Wi-Fi Protected Access II (WPA/WPA2) - ✔️ defined in response to serious weaknesses researchers had found in the previous system, Wired Equivalent Privacy (WEP)
Extensible Authentication Protocol (EAP) - ✔️ an authentication framework frequently used in wireless networks and point-to- point connections
Lightweight Extensible Authentication Protocol (LEAP) - ✔️ a proprietary wireless LAN authentication method developed by Cisco
Protected Extensible Authentication Protocol (PEAP) - ✔️ a protocol that encapsulates the Extensible Authentication Protocol (EAP) within an encrypted and authenticated Transport Layer Security (TLS) tunnel
Teletype Network (Telnet) - ✔️ a protocol used on the Internet or local area network to provide a bidirectional interactive text-oriented communication facility using a virtual terminal connection
Teletype Network (Telnet) - ✔️ does not encrypt any traffic sent over the connection by default
Hypertext Transfer Protocol (HTTP) - ✔️ an application protocol for distributed, collaborative, hypermedia information systems
Hypertext Transfer Protocol (HTTP) - ✔️ does not encrypt any traffic sent over the connection
Hypertext Transfer Protocol Secure (HTTPS) - ✔️ used for secure communication over a computer network, and widely used on the Internet
File Transfer Protocol (FTP) - ✔️ a standard network protocol used for the transfer of computer files between a client and server on a computer network
File Transfer Protocol (FTP) - ✔️ does not encrypt any traffic sent over the connection
Secure Shell (SSH) - ✔️ a cryptographic network protocol for operating network services securely over an unsecured network
Simple Network Management Protocol (SNMP) -
netstat, ss - ✔️ command line tools are used to list established sockets and related information
C:\windows\system32\config\SAM - ✔️ password hashes (Windows):
/etc/shadow - ✔️ password hashes (Unix):
domain information, registrant contact, administrative contact, technical contact - ✔️ information contained within IP and domain registries (WHOIS)
DNS zone transfer - ✔️ one of many mechanisms available for administrators to replicate DNS databases across a set of DNS servers
zone - ✔️ the portion of the database that is replicated
Start Of [a zone of] Authority (SOA) - ✔️ specifies authoritative information about a DNS zone
Mail eXchange (MX) - ✔️ domain to mail server
Text (TXT) - ✔️ more often carries machine-readable data, opportunistic encryption, etc.
Address (A) - ✔️ domain to IP
Name Server (NS) - ✔️ domain to a set of name servers
Pointer (PTR) - ✔️ IP to a domain
HINFO - ✔️ intended to provide information about host CPU type and operating system
Canonical Name (CNAME) - ✔️ subdomain to a domain's A record
Usenet newsgroup - ✔️ a repository usually within the Usenet system, for messages posted from many users in different locations using Internet
0740 - ✔️ - rwxr-----
archive, hidden, system, read-only - ✔️ traditionally, in Microsoft Windows, files and folders accepted four attributes:
filesystem Access Control List (ACL) - ✔️ a data structure (usually a table) containing entries that specify individual user or group rights to specific system objects such as programmes, processes, or files
encryption - ✔️ transforms data into another format in such a way that only specific individual(s) can reverse the transformation
encoding - ✔️ transforms data into another format using a scheme that is publicly available so that it can easily be reversed
symmetric encryption - ✔️ uses the same cryptographic keys for both encryption of plaintext and decryption of ciphertext
asymmetric encryption - ✔️ uses pairs of keys: public keys which may be disseminated widely, and private keys which are known only to the owner
symmetric-key block cipher - ✔️ DES - Data Encryption Standard
64 bits - ✔️ DES block sizes:
56 bits - ✔️ DES key sizes:
symmetric-key block cipher - ✔️ 3 DES - Triple Data Encryption Standard
64 bits - ✔️ 3 DES block sizes:
168, 112, or 56 bits - ✔️ 3 DES key sizes:
router - ✔️ a networking device that forwards data packets between computer networks
switch - ✔️ a computer networking device that connects devices on a computer network by using packet switching to receive, process, and forward data to the destination device
Secure Sockets Layer (SSL) - ✔️ a set of cryptographic protocols designed to provide communications security over a computer network
Internet Protocol Security (IPsec) - ✔️ a secure network protocol suite that authenticates and encrypts the packets of data sent over an Internet protocol network which is used in Virtual Private Networks (VPNs)
Secure Shell (SSH) - ✔️ a cryptographic network protocol for operating network services securely over an unsecured network
Secure Shell (SSH) - ✔️ typical applications include remote command-line login and remote command execution, but any network service can be secured with SSH
Pretty Good Privacy (PGP) - ✔️ an encryption programme that provides cryptographic privacy and authentication for data communication
Pretty Good Privacy (PGP) - ✔️ used or signing, encrypting, and decrypting texts, emails, files, directories, and whole disk partitions and to increase the security of email communications
Wired Equivalent Privacy (WEP) - ✔️ standard 64-bit WEP uses a 40 bit key (also known as WEP-40), which is concatenated with a 24-bit initialisation vector (IV) to form the RC4 key
Temporal Key Integrity Protocol (TKIP) - ✔️ designed as an interim solution to replace WEP without requiring the replacement of legacy hardware
Wi-Fi Protected Access (WPA) - ✔️ defined in response to serious weaknesses researchers had found in the previous system, Wired Equivalent Privacy (WEP)
egress filtering -
✔️ the practice of monitoring and potentially restricting the flow of information outbound from one network to another
egress filtering - ✔️ TCP/IP packets that are being sent out of the internal network are examined via a router, firewall, or similar edge device
ingress filtering - ✔️ a technique used to ensure that incoming packets are actually from the networks from which they claim to originate
banner grabbing - ✔️ a technique used to gain information about a computer system on a network and the services running on its open ports
examples of ports used for banner grabbing - ✔️ Hyper Text Transfer Protocol (HTTP), File Transfer Protocol (FTP), and Simple Mail Transfer Protocol (SMTP); ports 80, 21, and 25 respectively
active fingerprinting - ✔️ works by sending packets to a target and analysing the packets that are sent back
Nmap - ✔️ almost all active fingerprinting is done with:
passive fingerprinting - ✔️ sniffs TCP/IP ports, rather than generating network traffic by sending packets to them
application layer - ✔️ 7
presentation layer - ✔️ 6
session layer - ✔️ 5
transport layer - ✔️ 4
network layer - ✔️ 3
data link layer - ✔️ 2
✔️ scan the target using the IPv 6 protocol
network sniffer - ✔️ computer programme or piece of computer hardware that can intercept and log traffic that passes over a digital network or part of a network
ping - ✔️ measures the round-trip time for messages sent from the originating host to a destination computer that are echoed back to the source
ping - ✔️ operates by sending Internet Control Message Protocol (ICMP) echo request packets to the target host and waiting for an ICMP echo reply
ping sweep - ✔️ a method that can establish a range of IP addresses which map to live hosts
fping - ✔️ a tool used for ping sweeps
Internet Protocol version 4 (IPv4) - ✔️ uses 32-bit addresses (represented as 4 groups of 4 decimal numbers with the groups being separated by full stop)
Internet Protocol version 6 (IPv6) - ✔️ uses 128-bit addresses (represented as 8 groups of 4 hexadecimal digits with the groups being separated by colons)
Transmission Control Protocol (TCP) - ✔️ provides reliable, ordered, and error-checked delivery of a stream of octets between applications running on hosts communicating via an IP network
User Datagram Protocol (UDP) - ✔️ has no handshaking dialogues, and thus exposes the user's programme to any unreliability of the underlying network; there is no guarantee of delivery, ordering, or duplicate protection
Internet Control Message Protocol (ICMP) - ✔️ used by network devices, including routers, to send error messages and operational information
8 bits - ✔️ 1 byte
8 bits - ✔️ 1 octet
Category 5 cable (CAT 5) - ✔️ a twisted pair cable for computer networks
Category 5 cable (CAT 5) - ✔️ suitable for most varieties of Ethernet over twisted pair
fibre-optic communication - ✔️ a method of transmitting information from one place to another by sending pulses of light through an optical fibre
10/100/1000baseT - ✔️ standards of twisted-pair cables for the physical layer of an Ethernet computer network
Token Ring - ✔️ a communications protocol for local area networks
Token Ring - ✔️ uses a special three-byte frame called a 'token' that travels around a logical 'ring' of workstations or servers
wireless (802.11) - ✔️ part of the IEEE 802 set of LAN protocols, and specifies the set of media access control (MAC) and physical layer protocols for implementing wireless local area network (WLAN) Wi-Fi computer communication in various frequencies, including but not limited to 2.4, 5, and 60 GHz frequency bands
shared media -