5 - Network Configuration Flashcards

Question

Wireshark

Answer 1

Deep, protocol-aware packet exploration and analysis tool Can extract over **140,000** data fields

Answer 2

Log or parse network traffic, similar to wireshark

Answer 3

Creates log files to document observed network traffic

Answer 4

Performs real-time traffic analysis and packet logging on IP networks May work as an IDS or an IPS Can detect variety of attacks/probes using sigantures

Answer 5

Protocol-aware object extraction tool that **writes files to a disk** May trigger host defenses when writing files to disk Network data fields can be exported to CSV

Answer 6

Access (lowest) Distribution (middle) Core (Highest)

Answer 7

- Aggregates distribution switches in large LANs - Provides high forwarding rates

Answer 8

- Aggregation point for access switches - Does not connect directly to end-user devices - Provides **redundancy** and interconnectivity

Answer 9

- Connection point for end user devices - Does not typically connect to other access switches - Controls access to intranet resources

Answer 10

Internetwork Operationg System (IOS)

Answer 11

- Console - physical port - Telnet - IP network - SSH - IP network

Answer 12

- ROM - Flash - NVRAM - RAM

Answer 13

- Advantages -- Segmentation -- Flexibility -- Security - Equals... -- Broadcast Domain -- Subnet -- Logical Network -- LAN - By nature, they inhibit communication between VLANs

Answer 14

- VLAN Trunking protocol - Handles frame tagging (inserts 4 bytes into OG frame, modifies FCS) - Supports 4096 VLANs (4094 in practice) - Mono Spanning Tree - IEEE Open Standard - Uses native VLAN

Answer 15

- Inter-switch link; alternative to 802.1Q - Adds 26 byte header and 4 byte trailer to tag VLANs - Supports 1000 VLANs - Uses Per VLAN Spanning Tree - Cisco Proprietary - Does not use native VLAN

Answer 16

- Dynamic Trunk Protocol - Handles negotiation of trunk links

Answer 17

- Trunk - Permanent trunk mode - Access - Permanent non-trunk mode - Dynamic Desirable - Port actively tries to convert link to trunk link -- Becomes a trunk if neighbor is set to trunk, desirable, or auto - Dynamic Auto - Port is willing to convert to trunk link -- Becomes trunk if neighbor port is set to desirable - NoNegotiate - Permanent trunk mode, prevents port from generating DTP frames

Answer 18

- Allows parallel links (up to 8 ports) to function as one single link - Increases bandwidth - Reduces convergence and provides redundancy

Answer 19

- Features -- Advertises VLAN config info (trunk ports only) -- Maintains VLAN config throughout domain - Modes -- Server - Configure VLANs 1-1005; Originates, forwards, and syncs updates -- Client - Supports but does not configure VLANs 1-1005; forwards and syncs updates -- Transparent - Configures VLANs 1-4094; forwards updates - Matching VTP Domain name and password

Answer 20

- Only v3 can be in "Off" mode - v1 does not support Token Ring or Unrecognized TLVs - v2 and v3 do not check VTP version before forwarding updates in transparent mode - v1 does not support consistency checks - v3 supports extended VLAN range - v3 supports private VLANs - v3 supports database propagation - v3 encrypts password

Answer 21

- General: -- Advertisements sent as multicast frames every 5 min, or if there is a change -- servers/clients sync to latest revision num - Function Requirements: -- Links set up with ISL or 802.1Q -- VTP domain name and password (if set) match - Config Storage -- vlan.dat in flash memory

Answer 22

- Prevents loops and provides path redundancy - Prevents broadcast storms - Stabilizes MAC table - Eliminates multiple frame transmission - Portfast -- Minimizes wait time - BPDU Guard -- Enabled by default -- Prevents switch operation on specified port (access mode or unused/disabled ports) -- Port goes into err-disabled mode when BPDUs detected - Root Guard -- Enables BPDUs on specified port -- Ignores superior BPDU messages (prevents rogue switch taking over as root bridge)

Answer 23

- Bridge Protocol Data Unit - 3 Types -- Config BPDU -- Topology Change Notification (TCN) -- Topology Change Acknowledgement (TCA) - Contains Bridge ID -- Unique ID -- Bridge Priority (2 bytes) and Bridge MAC (6 Bytes) -- Default priority is 32768 -- Root bridge has lowest priority num -- If priority is the same, lowest MAC wins

Answer 24

- Blocking - Listening (15 sec) -- Topology change detected -- Does not forward frames -- Inactive MACs removed from CAM table - Learning (15 sec) -- Does not forward frames -- Switch adds new MACs to CAM table - Forwarding - Disabled (off)

Answer 25

- IEEE 802.1D -- 1 instance for all VLANs -- Slow (up to 50 sec) convergence - Per VLAN ST (PVST) -- 1 instance per VLAN -- Supports ISL; PVST+ supports 802.1Q -- Cisco Proprietary - IEEE 802.1w (Rapid STP) -- Faster (<10 sec) convergence -- 1 instance for all VLANs - Per VLAN RST -- 1 RSTP Instance per VLAN - IEEE 802.1s -- Multiple Spanning Tree Protocol -- Inspired by CISCO's MISTP -- Multiple VLANs mapped to single instance of ST

Answer 26

- Elect root bridge (one per network) -- All interfaces forwarding -- All ports are designated ports - Elect root port (one per device) for non-root bridge -- Lowest cost back to root bridge - Elect designated port for each network segment -- Lowest cost back to root bridge - Cost determined by bandwidth - STP recalculates after MAXAGE timer expires

Answer 27

- Only has Discarding, Learning, and Forwarding states - MaxAge is 6 sec vs 20 in STP - Listening state removed, learning state time reduced - Convergence < 10 sec -- All switches generate/send Hello BPDUs -- States no longer based on timers -- Portfast now referred to as Edge Ports - Designates an Alternate Port -- Primary alternate for a root port - Designates a Backup Port -- Backup for an Alternate Port

Answer 28

- Router equivalent of SVI - Single interface may be divided into multiple sub interfaces to carry traffic for multiple VLANs

Answer 29

- Must define a default gateway

Answer 30

- IP Helper-address - Client server application to forward broadcast requests -- Converts broadcast into unicast to DHCP server - Allows DHCP requests to leave the LAN subnet (VLAN)

Answer 31

- Single router w/ one interface - Performs ISL/802.1Q trunking paired w/ sub interfaces to route VLAN traffic

Answer 32

- Layer 3 presence of a VLAN - Virtual port, only existing in switch software - Allows inter-VLAN routing - Layer 2 VLAN must exist for this to function

Answer 33

- Designed to support failover of IP traffic - Multiple routers (standby/HSRP group) appear as a single virtual router for hosts on the LAN -- One router at a time is selected as the *active* router. Only the active router forwards packets -- Active router is the one with **highest** HSRP priority -- A backup for the active router is selected as the **standby** router - Preempt enables a router to resume the active role - Hold timer should be at least 3 times hello timer

Answer 34

- Limits MAC address on switch ports -- NOT used on dynamic ports - Can either be static (manually specified MACs) or dynamic (limit # of hosts per port) - Static MACs saved to running-config - Dynamic MACs not saved in running-config -- Enabling Sticky allows dynamic MACs to be stored in running-config, essentially making them static

Answer 35

- Protected -- Known MACs may continue sending traffic -- No notification - Restricted -- Known MACs may continue sending traffic -- Notification (SNMP) sent and violation counter incremented - Shutdown -- Default mode -- Notification sent -- Interface switched to err-disabled state

Answer 36

- Uses up to 2048-bit ciphers and RSA encryption

Answer 37

- Authentication, Authorization, and Accounting - Radius -- UDP -- Encrypts only PW -- Open source, less granular authorization control - TACACS+ -- TCP port 49 -- Encrypts full payload of each packet -- Cisco proprietary, very granular authorization control

Answer 38

- Switch port using the *no switchport* command - Acts like a port on a normal router

Answer 39

- Know destination address - ID sources to learn from - Discover possible routes - Select best route - Maintain/verify routing info

Answer 40

- Static -- Static route -- Static default route - Dynamic -- OSPF -- EIGRP

Answer 41

- Manually configured - Simplest form on small networks but complicated and not feasible in large - Classful and Classless - Hub and Spoke design - Must configure routes for both directions - Static Default route uses gateway of last resort -- Any traffic that doesn't match another defined route gets sent to gateway of last resort

Answer 42

- Routing information exchanged between routers - Can load balance between multiple paths with equal/unequal costs - Advantages -- Suitable for any topology using multiple routers -- Independent of network size -- Automatically adapts to reroute traffic (if possible) - Disadvantages -- Can be complex to set up -- Less secure due to broadcast and multicast updates -- Route depends on current topology -- Requires additional resources (CPU, memory, bandwidth)

Answer 43

- Purpose -- Interior Gateway Protocol (IGP) - Routing within an autonomous system (AS) (intra-AS routing) -- Exterior Gateway Protocol (EGP) - Routing between Autonomous systems (AS) (inter-AS routing) - Operations -- Distance Vector - Routes advertised by providing *distance* and *vector* -- Link-state - Each node in network constructs a connectivity map, then independently calculates the best paths. Good for large hierarchical networks needing fast convergence -- Path-vector - Essentially distance vector protocol that analyzes the path itself to guarantee loop-free path - Behaviour -- Classful (legacy) - Do not send subnet mask info in routing updates. Create problems in *discontiguous networks* -- Classless - Include subnet mask info in routing updates. Support VLSM and CIDR

Answer 44

- RIPv1: IGP, Distance Vector, Classful - IGRP: IGP, Distance Vector, Classful, Cisco-developed - RIPv2: IGP, Distance Vector, Classless - EIGRP: IGP, Distance Vector, Classless, Cisco-developed (can also be classful) - OSPF: IGP, Link-state, Classless - IS-IS: IGP, Link-state, Classless - BGP: EGP, Path-vector, Classless

Answer 45

Collection of routers under a common administration such as company or organization

Answer 46

Network in which subnets from the same classful major network address are separated by a different classful network address

Answer 47

- Used by routers to select the best path when multiple routes exist from *different routing protocols* - Defines reliability of a protocol - *Some* default values: -- Connected interface - 0 -- Static route - 1 -- EIGRP summary route - 5 -- BGP - 20 -- Internal EIGRP - 90 -- OSPF - 110 -- Unknown - 255

Answer 48

- Routing updates shared between neighbors - Router is aware of networks on its own interfaces and those that can be reached through neighbors - Some protocols send periodic updates -- RIP sends updates to 255.255.255.255 (v1) or multicast 224.0.0.9 (v2) every 30 seconds

Answer 49

- Distance Metric: Hop Count -- Max allowed is 15 -- 16 is infinity metric (host unreachable) - Susceptible to loops and the "count to infinity" problem - Timers, since last update -- 240 sec Flush -- 180 Sec Invalid -- 180 sec Hold down (starts after invalid timer ends)

Answer 50

- Method of preventing routing loops - Routing info for a given packet is never sent back in the direction from which it was received

Answer 51

- Utilizes shortest path first (SPF) algorithm - States: -- Down -- Init -- 2-way -- DR Election -- ExStart -- Exchange -- Loading -- Full - Propagates LSAs rather than routing table updates - LSAs flooded to all OSPF routers in the area

Answer 52

- Rapid convergence - Reduced bandwidth - Uses "5 Ks" to calculate Metric (distance) -- K1: Bandwidth -- K2: Load -- K3: Delay -- K4/K5: Reliability - Feasibility condition (feasible/calculated distance > reported/advertised distance) is used to detect paths with loops - Successor is route with lowest metric that meets feasibility condition - Feasible successor is a secondary route that also meets feasibility condition - Use auto-summary to summarize subnets into classful addresses

Answer 53

**Types** - Standard -- Checks source address -- Permits/denies all protocols -- Number range 1-99, 1300-1999 - Extended -- Checks both source and destination -- Permits/denies specific protocols -- Can also specify conditions for specific ports -- Number Range 100-199, 2000-2699 - Named -- Can be standard or extended, just uses name instead of number to identify - Uses wildcard mask for filtering subnets - Most restrictive statements should go at top of ACL

Answer 54

- If a network layer is compromised, all network layers above it are also compromised -- Ex: if data link layer is compromised, the network, transport, and application layers are also compromised

Answer 55

- Attacker floods CAM table with thousands of MAC addresses, causing it to fill up. When this happens, the switch starts to flood any traffic from new hosts out all ports - Essentially turns a switch into a hub - May be mitigated with port security or MAC address monitoring

Answer 56

- Attacker pretends to be default gateway and sends out a gratuitous ARP, so all users send traffic through the attacker instead of the real default gateway - Only works within one VLAN - May be mitigated with: -- Static ARP table on critical stations -- ARP ACL -- Private VLANs

Answer 57

Can occur in two ways: - Switch Spoofing - Attacker configures device to work as trunk port. Switch will then trunk all available VLANs to that device -- Mitigated by switching port to access mode, or setting nonegotiate - Double tagging - Second 802.1q tag is added in front of the first -- Only works with native VLANs

Answer 58

- Security protocol used with VPNs - Operates at layer 3 - Provides: -- Confidentiality -- Integrity -- Authentication -- Anti-replay

Answer 59

- Interesting Traffic initiates IPSEC process - IKE Phase 1 -- IKE Authenticates Peers -- Negotiates security association (SA) policy -- Perform authenticated Diffie-Hellman exchange -- Establishes secure channel -- Two modes, Main and Aggressive - IKE Phase 2 -- Negotiates IPSEC SA parameters -- SAs periodically renegotiated for security -- Performs DH exchange if perfect forward secrecy is desired -- Security protocol is selected (Authentication Header or Encapsulation Security Payload) - Data Transfer - Data transferred between IPSEC peers - IPSEC Tunnel Termination - IPSEC SAs terminate through deletion or timeout

Answer 60

Reduces amount of data sent in IPSEC

Answer 61

- Determined as part of security policy - Access lists used to determine interesting traffic in Cisco routers and PIX firewalls

Answer 62

- Encryption algorithms (DES, 3DES, AES) - Authentication Algorithms (MD5, SHA) - Diffie-Hellman Group - Preshared key or RSA/DSA certs

Answer 63

- Allows verification of authenticity and integrity of content as well as origin of packet -- Only does source authentication and content integrity

Answer 64

- Encrypts entire IP packet allows for authenticating its content - Ensures privacy (encryption), source authentication, and content integrity (authentication)

Answer 65

- Tunnel - Encrypts both payload and header and appends new header - Transport - Encrypts only payload and leaves header unencrypted

Answer 66

- Inside Local - Local network, private IP - Inside Global - Local Network, public IP - Outside Global - Other network, public IP - Outside Local - Other network, private IP

Answer 67

- Static NAT -- One to One mapping of private IP to public IP -- Useful when device needs to be accessible from the internet - Dynamic NAT -- Mapping of private IP address to a public IP from a group of public IPs (NAT pool) - PAT (overloaded NAT) -- Map multiple private IP addresses to single public IP (most common today)

Answer 68

- WPAN (personal area network) -- 802.15.1 (bluetooth) -- 20-30 ft - WLAN -- 802.11 (wifi) -- up to 300 ft - WMAN (metropolitan area network) -- 802.16 (wi-max) -- up to 30 miles - WWAN (wide area network) -- Mobile networks (CDMA/LET) -- Worldwide coverage

Answer 69

- Access Point -- RF Transceiver -- Processor/software -- Antennas - User device w/ NIC - Router - Repeater (optional)

Answer 70

- Infrastructure Mode -- Clients communicate through access point - Ad hoc mode -- Clients communicate directly with one another (peer to peer)

Answer 71

- Root -- Default mode -- Each AP wired into LAN - Bridge -- AP connects two or more physically separate network segments -- Multi-point or point to point -- Only one root bridge, all non-root bridges must pass traffic through root - Repeater -- Re-broadcasts data to extend range of network - Scanner -- Scans nearby wireless signals -- Used for wireless IDS, Troubleshooting, and wi-fi setup

Answer 72

- Basic Service Set (BSS) -- One AP, one or more clients -- Most common -- Uses BSSID -- 48 bits, MAC of BSS AP -- Network advertised with SSID - Extended Service Set (ESS) -- Connects two or more BSS together -- Uses common SSID to allow roaming between APs (ESSID) - Independent Basic Service Set (IBSS) -- Ad hoc or peer-to-peer mode -- No AP, only clients -- Not an infrastructure mode -- Only one client may transmit at a time, and all must be on same frequency

Answer 73

- AP and router (one device) - Cable modem/DSL (may be included in AP) - Easy to configure - Commonly referred to as SOHO devices

Answer 74

Information sent by WAPs containing SSID, data rates, etc)

Answer 75

- Client looking for SSID - Directed probe requests will always trigger a response including properly configured SSID, making disabling SSID broadcast very weak security

Answer 76

If two nodes A and B are physically blocked from one another's radiation patterns, and both start transmitting to node C simultaneously, their signals will collide and they will be unable to detect the collision and the transmitted signals will become corrupted

Answer 77

Can easily be bypassed with MAC spoofing

Answer 78

- Wired Equivalent Privacy - Encrypts all data in the frame including headers - Very weak - Uses RC4 encryption - Does not protect against forgery or replay attacks

Answer 79

- Replaced WEP - Utilizes TKIP (Temporal Key Integrity Protocol) -- Based on RC4 -- Each packet has unique encryption key -- Includes Message Integrity Check and Rekeying mEchanism -- Considered obsolete

Answer 80

- Replaced WPA1 - Uses Cipher Block Chaining Message Authentication Code Mode Protocol (CCMP) -- Uses AES encryption - Supports TKIP for backwards compatibility - 802.11i - Two types -- Personal - Pre shared key, SOHO use -- Enterprise - Authentication server, for enterprise use; 802.1X standard

Answer 81

- Released Jan 2018 - Individual devices will not share encryption key w/ other devices - Up to 192 bit encryption if needed - Setup mode for IOT and no screen devices - Must be connected to de-authenticate

Answer 82

- Does not require installation and config of client software (unlike IPSEC VPN) - User connects to SSL VPN via web browser - SSL VPN server is encrypted with SSL or TLS

Answer 83

First two layers of Cisco Hierarchy (Access and distribution) Used for smaller networks not requiring the core to be a separate level

5 - Network Configuration Flashcards

(109 cards)