Module 7: Networking Devices

Question 1

What is a proxy server?

Answer 1

acts as a middle person between users and the internet. handles requests on users’ behalves. user requests go to proxy first, then proxy forwards it to site.

useful for:
content filtering (block sites)
caching (store copies of pages to load faster)
anonymity (hide your internal IP)
access control (only allow certain users/traffic out)

The reason it’s called a Proxy Firewall is that it completely breaks the connection between your computer and the target.

Connection A: Your computer connects to the Proxy.

The Inspection: The Proxy looks at your request at Layer 7.

Connection B: If the request is safe, the Proxy starts a brand new connection to the website.

Direct communication between your PC and the outside world never actually happens.

The Trade-off
Since the firewall has to “unwrap” and “re-wrap” every single request at the highest level of the OSI model, it is slower than a Layer 3 or 4 firewall. This is likely why your Nmap scans or Hashcat downloads might feel sluggish if a proxy is involved—every packet is being scrutinized.

Question 2

Load Balancing algorithms: what is the advantage of sticky sessions and how are they managed?

Answer 2

advantage: keeps user data on one server (eg cart items, login info) on one server to avoid losing context

managed by caching IP addresses, using cookies, or tracking a session ID

Question 3

Load Balancing algorithms: load balancing with sticky sessions

Answer 3

all requests from a user are sent to the same server (not randomly distributed).

Question 4

Load Balancing algorithms: fastest response time

Answer 4

chooses the server that replies to the quickest to requests

Question 5

Load Balancing algorithms: weighted round robin

Answer 5

stronger servers get more requests, based on assigned ‘weight’

Question 6

Load Balancing algorithms: least connections

Answer 6

sends new requests to the server with the fewest active connections

Question 7

Load Balancing algorithms: round robin

Answer 7

assigns traffic to servers in order, one by one, in a loop; doesn’t account for server load

Question 8

Load Balancing: clustering

Answer 8

running redundant systems together to provie continuous service in case one fails (i.e. high availability)

Question 9

What’s the difference between IDS & IPS?

Answer 9

IDS monitors and alerts (passive), IPS actively blocks (inline [in the path of network traffic]/active)

Question 10

Wireless Security: Cryptographic Protocols: WEP

Answer 10

Wired Equivalent Privacy
- cryptographically insecure
- NOTE: name gives the impression of wired network-level safety, but this is NOT true. Wired networks are very hard to listen in on

Question 11

Wireless Security: Cryptographic Protocols: WPA3 (5)

Answer 11

Wifi Protocol Access 3
- patches weaknesses in WPA 2
- easy connection: join network w. QR code
- AES + GCMP (Galois/Counter Mode Protocol)
- SAE replaces pre-shared key exchange protocol from WPA2
- encrypts traffic between endpoints without a password

Question 12

Wireless Security: Cryptographic Protocols: WPA2

Answer 12

Wifi Protocol Access 2
- used now instead of WPA
- uses AES and CCMP

Question 13

Wireless Security: Cryptographic Protocols: WPA (2)

Answer 13

Wifi Protocol Access
- crated to replace WEP when it was found insecure
- uses RC4 with TKIP which uses an encrypted has w. a sequence counter and a 48-bit IV to avoid problems WEP had

Question 14

Email Security: Mail Gateway

Answer 14

a server that allows a network to send/receive email communications from other networks. generally used to receive mail from OUTSIDE the org

checkpoint for inspection of emails/attachments (malicious links, content, and ensureing confidential info isn’t being mailed out) — ALL email is passed thru this point

Question 15

Email Security: Steps (in my notes but idk what the steps are for)

Answer 15

1. SPF, DKIM, & DMARC records get put on DNS entry. DNS query for DNS rcord gets created for an org’s DNS record
2. spammer SPOOFS domain name of a sender using their own server
3. legit senders MTA forwards msg with SPF/DKIM header
4. recipient’s server requests the public key from sender’s server, then use it to decrypt the email that’s een signed using sender’s private key…SO the only way to decrypt a message sent from the legit host is if it’s been ENCRYPTED using legit sender’s private key
5. legit msg ends up in inbo
6. spammer msg rejected for failing DMARC
7. failure report is sent to sender’s MTA

Question 16

Email Security: SPF

Answer 16

Sender Policy Framework
- 3 responses: instructions on how server will handle messages NOT specified in DNS SPF record
+ all = accept
- all = reject
~ all = flag

Question 17

Email Security: DKIM

Answer 17

Domain Keys Identified Mail
- digital signature added to outgoing mail, allowing recipient to confirm msg origin

Question 18

Email Security: DMARC Framework

Answer 18

Domain-Based MessageAuthentication, Reporting & Conformance Framework
- used to identify suspicioius mail that originates from unauthorized mail servers
- uses DKIM + SPF

Question 19

VPNs: tunneling (TLS & IPSEC)

Answer 19

• encrypts data as it flows between sites
• lets us connect over an untrusted and secure data ther

Question 20

VPNs: tunneling: TLS

Answer 20

-Transpoet layer security
- cryptographic protocol that gives privacy + integrity over VPN
- designed to encapsulate other protocols like HTTP
- replaced SSL

Question 21

VPNs: tunneling: IPSEC (4)

Answer 21

• Internet Protocol Security (IPsec)
• network protocol suite that enables secure communications between two devices over IP networks
• encrypts entire packet + appends a new IP header (AH or ESP)
• authentication header =AH = integrity. ppl can see your communications but cannot change
• ESP = encapsulating security payload = provides confidentiality

Question 22

VPNs: site-to-site

Answer 22

VPN gateways that tunnel traffic for entire networks. Hardware installed on network, transparent to users. many computers

Question 23

VPNs: remote access

Answer 23

clients use their local network to connect to the VPN, usually by authenticating at a VPN gateway, software installed on end user’s comp. user authenticates when connecting (work from home model)

Question 24

Wireless Security: Authentication Protocols

Answer 24

Personal: WPa@

Question 25

Wireless Security: Cryptographic Protocols: chronology & history

Answer 25

WEP WPA WPA2 WPA3

Question 26

Intrusion Prevention System (network + host-based)

Answer 26

intrusion Protection System HIPS: host-based IPS: watches & prevents attacks on a single system NIPS: network IPS: sits inline in the data flow & can block malicious traffic

Question 27

IDS (network + host-based)

Answer 27

intrusion Detection System HIDS: host-based IDS: watches a single system’s bhavior but takes no action NIDS: network IDS: monitors network traffic from outside; logs but doesn’t block

Question 28

Load Balancing: Active-Active vs. Active-Passive

Answer 28

active active: all servers are client-facing and share the load. most common, cheapest active-passive: backup server is idle until active one fails. more costly but used when instant switching is harder. WAS useful when flipping a computer switch was so much work that keeping it on was easier

Question 29

Load Balancing: scheduling algorithms (5)

Answer 29

1 round robin: incoming requests passed by order of list, no alt servers involved if 1 is overloaded 2 weighted round robin: still list-based but assigns more requests to stronger servers 3 least connections algorithm: assigns requests to server with fewest active connections 4 fastest response time: selects server that responds fastest 5 affinity/sticky sessions: user requests always go to same server instead of random distribution for session duration. also useful for keeping sensitive data on one server instead of many. can be done via cookies, caching client IP addresses, or session identifiers.

Question 30

Load Balancing: load balancer

Answer 30

device that helps distribute traffic evenly among a server cluster. main job is to distribute client requests across multiple servers to avoid overload/ensure availability

Question 31

Load Balancing: how do we maintain high availability?

Answer 31

1. clustering: operating redundant systems to provide service in case one system fails 2. load balancing: shceduling algo to distribute client requests among pool of available servers

Question 32

Firewalls: Rules

Answer 32

evaluated top to bottom, so order matters - last rule is generally an implicit deny rule—”if i haven’t explicitly allowed the packet via any of the above rules, then DENY IT - conditions include: 1. source IP 2. destination IP 3. source/destination port 4. protocol

Question 33

Firewalls: NGFW

Answer 33

- can make filter decisions based on current network activity - combines traditional firewall technology w network device filtering fxns eg an app firewall w. deep packet inspection - can also use TLS/SSL encrypted traffic inspexn web filtering, bandwidth mgmt, etc

Question 34

Firewalls: WAF

Answer 34

uses signatures & pattern-matching — only accepts traffic from WAF - looks for injection & Dos attacks, XSS, malicious requests - can help protect backend database associated w. web server & server itself

Question 35

Firewalls: basic and host-based

Answer 35

firewall = device or software that filters internet/local network traffic from other devices based on a set of rules host-based = installed on a single system (host) to monitor/control incoming/outgoing traffic ifmalware infects one machine, it’ll have a harder time infecting other machines

Question 36

What is the HTTP - web server port?

Answer 36

80 transmits hypertext (web traffic) between client & server

Question 37

What is the HTTPS network port?

Answer 37

443 same as HTTP but utilizes transport layer security (TLS) to encrypt the data

Question 38

what is the FTP port?

Answer 38

21 sends files between servers, but OLD - not used much anymore bc unencrypted

Question 39

What is the Telnet port?

Answer 39

23 sends everything plaintext, unencrypted. lets you remotely access a system (via command line?)

Question 40

What is the Secure Shell (SSH) port?

Answer 40

22 ENCRYPTED command line access to the remote system

Question 41

what is the SMTP port?

Answer 41

25 Simple Mail Transfer Protocol transports mail from sender to rcipient’s mail servers. old

Question 42

What is the DNS port?

Answer 42

53 resolves an IP address from a given host name additional info: hostnames _ services when querying a domain name for info about host

Question 43

What is the RDP port?

Answer 43

3389 encrypted Graphical User Interface (GUI) access to remote system

Question 44

What is the POP3 port?

Answer 44

110 Post office Protocol.3 port - used by email clients to receive/download emails from mail server. once downloade, mail is often removed from server

Question 45

iDS

Answer 45

intrusion detection system - monitors network traffic for malicious activity. logs.+ reports activity - monitors traffic but traffic does NOT flow THROUGH it

Question 46

IPS

Answer 46

intrusion prevention system - rather than alerting someone it engages directly with the threat. - connected INLINE so traffic flows THRU it - MAIN DRAWBACK: can be trigger-happy and act prematurely

Question 47

TKIP

Answer 47

Temporal Key Integrity Protocol

Question 48

RC4 Cipher

Answer 48

old encryption method. Rivest-4 Cipher. deprecated, found insecure

Question 49

hash with sequence counter

Answer 49

hash = integrity. sequence counter = checks if data is new. must be new. together they ensure that the message is authentic, untampered, and current

Question 50

48-bit IV

Answer 50

48-bit initialization vector = salt for encryption, added to the beginning not the end

Question 51

AES

Answer 51

Advanced Encryption Standard: replaced RC4. encryption algo

Question 52

CCMP

Answer 52

Counter Mode Cipher Block Chaining Message Authentication Code Protocol - protocol that works with AES to protect wifi data

Question 53

GCMP

Answer 53

Galois/Counter Mode Protocol - faster and stronger than CCMP

Question 54

site survey

Answer 54

push a laptop around to measure location vs signal strength

Question 55

heat map

Answer 55

color visualization of measured signal strength to easily interpret site survey

Question 56

CDN

Answer 56

content delivery network

Question 57

reverse proxy server

Answer 57

sits in front of one or more web servers, intercepting client requests to improve performance, security, and reliability by performing functions like load balancing, caching, and SSL termination

Question 58

forward proxy server

Answer 58

forwards requests without editing

Question 59

Ngix

Question 61

What is an IP header?

Answer 61

crucial metadata attached to each IP packet, acting like an envelope for internet data. Routers and network devices use this information to correctly send the packet to its destination, ensuring the smooth and ordered delivery of data across networks

Question 62

stateless firewall

Answer 62

operates on layer 3 and layer 4 of the OSI model and works solely by filtering the data based on predetermined rules without taking note of the state of the previous connections. This means it will match every packet with the rules regardless of whether it is part of a legitimate connection. It maintains no information on the state of the previous connections to make decisions for future packets

Question 63

stateful firewall

Answer 63

Stateful firewalls operate at layer 3 and layer 4 of the OSI model. Suppose the firewall accepts a few packets from a source address based on its rules. In that case, it will take note of this connection in its stated table and allow all the future packets for this connection to automatically get allowed without inspecting each of them. Similarly, the stateful firewalls take note of the connections for which they deny a few packets, and based upon this information, they deny all the subsequent packets coming from the same source.