Download IP Addresses - Paladin Group LLC

Security+
All-In-One Edition
Chapter 8 – Infrastructure
Security
Brian E. Brzezicki
WARNING!
ALOT of the material in these slides and in this
lecture is NOT in the book. This book does a
good job of presenting most of the material
needed for the security+ exam. However the
info in chapter 8 is a little thin… so play close
note to the slides. Perhaps I provide a little
too much depth for the security+ exam… but
it’s well worth doing the extra learning…
especially if you want to take the CISSP or
really understand networks and network
security concepts to be USEFUL in real life!
Infrastructure Security
Infrastructure security is concerned with
providing security for the entire network
infrastructure. Infrastructure security is
concerned with providing availability to
authorized users, ensuring no one is allowed
to access resources in an unauthorized
manner, and ensuring that the network
integrity is maintained. That is Infrastructure
security is concerned with the entire CIA triad.
Devices on the Network
Workstations
Workstations (202)
Often overlooked in security, workstations are a
very attractive target for hackers. Often IT
staff spend time securing servers and don’t
realize the dangers their unprotected
workstations are.
(more)
Workstations (202)
Workstations are often “low hanging fruit”
manned by end users who are themselves
are a security risk. Once a workstation is
infiltrated an attacker may have access to
data directly, via the authorized users on the
system, and that workstation can be used as
an attack point into the network.
Workstation security is CRITICAL to the
“holistic” network health and security.
Workstation Security Best
Practices (basic hardening) (203)
Physical
• Physically restrict access to workstation
• Use locking devices to ensure computer cannot be
opened, or be stolen (whether in whole or in part)
• Set a BIOS password
• Do not allow booting from removable media / or
allow altering of the boot order
• Remove removable media attachments if possible
• Use an encrypted file system (efs) or disk
encryption technology (Bit Locker) if possible
(more)
Workstation Security Best
Practices (basic hardening) (203)
Basic Account hardening
• Rename the administrator account, set a
strong password
• Disable un-needed accounts
• Set strong password policies
(more)
Workstation Security Best
Practices (basic hardening) (203)
Basic software hardening and maintenance
• Shutdown services that are not needed
• Remove software that is not needed
• Use a standard workstation image for consistent
installs and configuration
• Keep the OS and applications patched!
• Install anti-virus and anti-spyware on the
workstation, keep it auto-updated *
• Install host based firewall tools and tcp-wrappers.
(more)
Workstation Security Best
Practices (basic hardening) (203)
Basic System Network Hardening
• Remove un-necessary protocols such as
NetBIOS or IPX/SPX
• Remove any file/printer shares (generally
workstations should not share files)
• Use a host based firewall
• Use host based IDS if possible
• Remove workstation remote access (ex.
Modems… remote desktop etc)
Workstation Hardening
Please note the last few slides showed only the
BASIC/minimum levels of workstation
hardening. These are much more specific
details you should be concerned with in real
life. However the last few slides provide the
info the security+ exam is conserned with and
also provide a solid base from which you can
expand to protect your workstations.
Servers
Servers (204)
Ok everyone understand that you need to protect servers right?
With servers
• Follow best practices of securing workstations
• Identify which servers need to run which services (web,
email, file sharing)
• Try to ensure only one server runs one specific service and
that service and OS is configured for maximum security
• Set network service daemons to run as non-privileged users
• Set strict permissions on network resources
• Disable or completely remove if possible all NON essential
services
(more)
Servers (204)
• If you cannot have a dedicated machine for each
specific service, consider using virtualization. (use
virtualization even if you have multiple servers)
• As an Administrator UNDERSTAND which
processes are required for the OS and service. Try
to ensure only those processes are running and be
weary if you see other processes running
• Once installed run tripwire or other checksum
software to indentify and verify that critical files don’t
“change” (why is this important, what could it
mean?)
(more)
Servers (204)
• On Internet access servers (mail servers,
web proxies etc) ensure that you have antivirus and malware protection on the incoming
data streams, even if your workstations have
anti-virus. If possible use a different anti-virus
product/engine then you use on your
workstations.
– Layered security / defense in depth
– Diversity of defense
(more)
Servers (204)
• Run a host based IDS on your servers
• Periodically do vulnerability assessments on
your servers
• Periodically verify software and configuration
files have not changed and no new services
have been run. Use version control if possible
on configuration files.
Virtualization (n/b)
Virtualization is KEY to network security, availability
and maintenance/ease of operation.
(see next slide)
Can anyone describe to me what virtualization is?
What does it allow you to accomplish
How does it make your life as an admin easier
How does it increase availability
How does it allow you to make servers more modular?
How does it increase security and integrity?
Virtualization
Virtualization migration
OSI Model
Oh no…
OSI (n/b)
OSI (n/b)
Before we talk about network equipment we need to
discuss the OSI framework briefly.
The OSI is a model of how network communications
should be broken down into functional “tasks”. Each
layer performs one task. It provides “services” to the
layer above it, and uses services from the layer
below it.
The OSI model is broken down into 7 levels (layers)
which we will discuss.
OSI model – layer 1 physical (n/b)
• Layer 1 Physical – simply put is concerned
with physically sending electric signals over a
medium. Is concerned with
– specific cabling,
– voltages and
– Timings
• This level actually sends data as electrical
signals that other equipment using the same
“physical” medium understand – ex. Ethernet
OSI model – layer 2 data link (n/b)
• Layer 2 Data Link – data link goes hand in hand with
physical layer. The data link level actually defines
the format of how data “Frames”* will be sent over
the physical medium, so that two network cards of
the same network type will actually be able to
communicate. These frames are sent to the
“physical” level to actually be turned into the
electronic signals that are sent over a specific
network. (layer 2 uses the services of layer 1)
• Two network cards on the same LAN communicate
at the data link layer.
OSI model – layer 3 network (n/b)
Layer 3 Network – Layer 3 is concerned with
network addressing and specifically moving
packets between networks in an optimal
manner (routing). Some Layer 3 network
protocols are
– IP
– IPX/SPX
– Apple Talk
OSI model Layer 4 Transport (n/b)
• OSI Layer 4 Transport – Provides “end-toend” data transport services and establishes
a logical connection between 2 computers
systems”
• Virtual connection between “COMPUTERS”
OSI Model Layer 5 Session (n/b)
• OSI Layer 5 Session – responsible for
establishing a connection between two
APPLICATIONS! (either on the same
computer or two different computers)
• Create connection
• Transfer data
• Release connection
OSI model Layer 6 – Presentation
(n/b)
• OSI Layer 6 – present the data in a format that all
computers can understand
– Concerned with encryption, compression and formatting
Example: big endian vs. little endian
Decimal 10 is written in binary as 1010
However some computers read binary left to right and
some read it right to left
1010 != 0101
1010 = 10, 0101 = 5
So all computers on a network must agree what
format to represent binary data in (left to right, or
right to left) (note this is not “truly” what big endian
means… but it’s easier to explain it this way ;)
OSI model Layer 7 – Application
(n/b)
• This defines a protocol (way of sending data)
that two different programs or protocols
understand.
– HTTP
– SMTP
– DNS
• This is the layer that most software uses to
talk with other software.
OSI vs. TCP/IP model
TCP/IP model
• Network Access = OSI layers 1 & 2, defines LAN
communication, what do I mean by that?
• Network = OSI layer 3 – defines addressing and
routing
• Transport/Host to Host = OSI layer 4, 5 –
defines a communication session between two
applications on one or two hosts
• Application = OSI layers 6,7 the application data
that is being sent across a network
Network Access
• Maps to Layer 1 and 2 of the OSI model
• The Level that a Network Interface Card
Works on
• Source and Destination MAC addresses are
used defining communications endpoints
• Protocols include
– Ethernet
– Token Ring
– FDDI
Network Layer
• Maps to layer 3 of the OSI model
• Concerned with moving data from one LAN
(network) to another.
• Breaks data into packets
• Source and Destination endpoints are defined
by IP Addresses
• Protocols is IP
(IP addresses next slide)
IP addresses
IP addresses which in IPv4 have the form
0-255 . 0-255 . 0-255 . 0-255
Example: 130.85.1.4
There are a few ranges of IPs that are
considered “private”
10.x.x.x
192.168.x.x
172.16.x.x – 172.31.x.x
What does it mean to be a private address?
Transport / (Host to Host)
• Maps to layer 4 and 5 of the OSI model
• Concerned with establishing sessions
between two applications
• Source and destination endpoints are defined
by port numbers
• The two transport protocols in TCP/IP are
TCP and UDP
(TCP and UDP next)
TCP (n/b)
Connection oriented “guaranteed” delivery.
Advantages
– Easier to program with
– Truly implements a “session”
– Adds security
Disadvantages
– More overhead / slower
UDP (n/b)
Connectionless, non-guaranteed delivery (best
effort)
Advantages
– Fast / low overhead
Disadvantages
– Harder to program with
– No true sessions
– Less security
– A pain to firewall (due to no connections)
Application Layer
• Maps to layer 7 of the OSI model
• The actual protocol/language that the
application uses
Examples
– HTTP
– SMTP
– DNS
Network Equipment
The network is the backbone of a company, as
such it’s pretty important you understand
some of the critical network equipment and
concepts.
Network Interface Cards
Network Interface Cards (205)
Network Interface Cards are used to connect a
computer to a LAN. NICS work on the
physical and data link layer of the OSI model.
• A NIC is the physical connection to the
network.
• NICS only understand how to package and
move data between two computers on the
same LAN.
• NICS use MAC addresses… they don’t
understand IP addresses.
MAC addresses (206)
A layer 2 (Data link) address. It's how NICs
communicate
• Consists of 6 “2 hex digit” characters
– Example:
00:1A:4D:56:02:5E
• A portion of the MAC address space is assigned to
NIC vendors
• NICS communicate directly with MAC addresses,
the OS maps IP addresses to MAC addresses with
ARP.
(more)
A quick discussion on IPs (n/b)
• Every computer on an IP network has at
least 1 IP address
• Every NIC port has 1 MAC address
• Any IP address can be spread across
multiple NICs (for performance)
So every computer has at least 1 IP address
and every IP address corresponds to at least
one MAC address.
ALL network traffic will designate both an IP
address and a MAC address!
IPs and MACs
MAC address security (n/b)
• ARP - Operating systems and applications
use IP addresses, but the network cards use
MAC addresses. ARP is a protocol to
translate IP addresses into MAC addresses.
• ARP poisoning is an attack against a network,
where one computer send fake ARP replies,
in the attempt to trick another computer on the
same network to communicate with it instead
of the real machine. This can be used as a
man in the middle attack, or a straight
“hijacking” attack.
Next a bit about Network Traffic
Types (n/b)
• Unicast – network traffic sent from one
specific computer to another specific
computer.
• Broadcast – network traffic sent to ALL
computers on a network
• Multicast – network traffic sent to a specific
group of computers on a network
(see visualization next slide)
Unicast, Broadcast and Multicast
Hub (206)
Hub (206)
An OSI layer 1 (physical layer) device. Simply sends
and electrical signal received down all ports.
• Hubs are unintelligent
• All computers connected to the hub receive the
signal (so it’s easy to see other peoples network
traffic)
• Everyone shares the network for speaking, only one
at a time. If two nodes try to speak at the same time
that is called a collision.
• All computers connected to a hub are in the same
collision domain.
Bridge (206)
A bridge connects two segments of the SAME
LAN together. However a bridge has some
interesting features
• It is intelligent, it learns which MAC addresses
are on each side of the bridge and uses that
to determine how to send traffic
• A bridge isolates traffic to each side of the
bridge and only forwards it across the bridge if
necessary (good for security and
performance) See next 3 slides
Bridge (206)
A bridge learns which computers (MAC
addresses) are on each side of the bridge) It
will forward traffic across the bridge if
necessary.
Bridge (206)
A bridge will only forward traffic across the
bridge IF and ONLY IF, a computer on one
side of the bridge is trying to communicate
with a computer on the other side of the
bridge.
Bridge (206)
A bridge can optimize performance, by allowing two
conversations to occur (one on each side of the
bridge).
A and B can communicate at the SAME time C and D
communicate
Bridge (206)
Bridges will forward all broadcasts. Bridges will also
forward traffic if doesn’t know which side the
destination address is.
Bridge Overview (n/b)
A bridge separates segments into two or more
collision domains. However it still remains one
broadcast domain.
A bridge builds a table of MAC addresses
known for each port
A bridge increases performance and security
A bridge is a layer 2 (data link device)
A bridge can be used to mix different LAN
technologies (ex. a wireless AP is a bridge)
Switches
Switch (206)
A network Switch is just a multi-port bridge. Switches
will often have 24 or more ports, and learns which
MAC addresses are on which ports.
• Works at layer 2 (data link)
• On a switch a computer can send data AND receive
data at the same time (full duplex… increasing
performance by up to 2x)
• On a switch each port is it’s own collision domain,
and will not have a collision, therefore allowing line
speed communication on each port
(more)
Switch (206)
• A switch only sends traffic from the sending
computer to the receiving computer,
therefore stops sniffing (watch for MAC
flooding attacks though)
• Since switches inspect the MAC address on
all traffic, a switch can be programmed to
only allow certain MAC addresses to
communicate, and ignore other MAC
addresses.
Switch (206)
Multiple conversations can occur on a switch at
the same time!
Switch Specific Attacks (n/b)
Mac Flooding – Putting out tons of packets with
different MAC addresses in the attempts to
overfill the switches MAC tables. If this
happens a switch might simply drop into “hub
mode” and start simply sending traffic down
each port.
(see visualization next slide)
MAC flooding (n/b)
Switch Security (207)
Switches are intelligent devices with memory, CPU
and an firmware/Operating System. As such
switches can be attacked/hacked.
Best Practices
• Switches should have their firmware/OS updated to
proper levels at all times
• Switches should be managed from a serial console
whenever possible
• If using a network management interface, ensure
encryption and proper authentication practices.
• If possible restrict network management to
“management network IP addresses”
Hubs Bridges and Switches (n/b)
An important concept… all computers
connected via Hubs, Bridges and switches
are in the same broadcast domain and these
computers form a LAN. They SHOULD be on
the same IP network. (see slide)
192.168.1.4 / 255.255.255.0
192.168.1.100 / 255.255.255.0
192.168.1. 14 / 255.255.255.0
LAN (n/b)
All these computers are on the same LAN, and logical
IP network. All are in the same broadcast domain.
VLANs (207)
A VLAN is the concept of creating multiple broadcast
domains (LANs) on a single switch
•
•
•
•
Why would it be used?
Do you still have to route between VLANS?*
Two different VLAN protocols
802.1Q*, or Cisco ISL* for trunking between
switches
• Use VLANS for convenience and for creating
network security zones. One use is to create “dead”
or “restricted” networks unless authentication is
done via 802.1x
VLAN
Routers (208)
Can anyone define what a router does (in
layman's terms) without using the word route?
(answers next slide)
Routers (208)
Routers connect different networks (LANS) and allow
these LANs to communicate with each other. They
allow traffic to leave a local network and help direct
the best path to get to the destination network.
• Layer 3 (network) devices
• Look at IP addresses NOT MAC addresses
• Routers do NOT forward broadcasts, as such they
create different broadcasts domains!
• Can statically determine routes, or dynamically
• Can apply access control lists to allow or deny
certain types of traffic (firewall)
see visualization next page
Router (208)
192.168.1.0 / 255.255.255.0
10.1.2.0 / 255.255.255.0
Routers create separate LAN networks. These
networks will have different IP ranges
Router Security (209)
Routers like switches are intelligent devices with
memory, CPU and an firmware/Operating System.
As such switches can be attacked/hacked.
Best Practices (same as switches)
• Routers should have their firmware/OS updated to
proper levels at all times
• Routers should be managed from a serial console
whenever possible
• If using a network management interface, ensure
encryption and proper authentication practices.
• If possible restrict network management to
“management network IP addresses”
Firewall (209)
Firewall (209(
An advanced network device. It’s purpose is to enforce
an organizations network security policy.
A firewall is often a “router” on steroids. Firewalls
generally connect 2 or more networks, however
firewall generally are not concerned heavily with
finding best routes. Instead they are concerned with
analyzing packets to see if the packets should be
allowed or dropped base on the network security
policy.
(more)
Firewalls (209)
• Firewalls have advanced functionality and can
operate on layer 3 (network), 4 (transport) all the
way to layer 7 (application).
• Firewalls generally consult Access Control Lists
(ACLs) which are simply rules of what types of traffic
to allow or deny
• Firewalls should always follow the principals of least
access and implicit deny
There are many types of firewalls which we will
discuss on the upcoming slides.
Firewall Types (211)
There are a few types of firewalls we will talk
about in the next couple slides
• Packet Filters
• State full Filters
• Circuit Level Proxies
– SOCKS
– NAT
• Application Proxies
Packet Filters (211)
A packet filter is the most basic and first type of
firewall. IT is effectively a router that inspects
layer 3 (network) and layer 4 (transport)
headers for each packet. It compares these
headers with a list of allowed or denied
actions (ACL) to determine how to handle a
packet.
Ex.
permit tcp any any host www.myserver.com eq 80
Packet Filter (211)
Advantages:
• Cheap
• Does not keep state (can be rebooted)
Disadvantages
• Does not keep state 
• Only look at layer 3 and 4 addresses
• Can be broken via fragmentation
• Cannot inspect actual packet data
• Can be complex to setup
State full Packet Filter (211)
Like a Packet filter, but actually builds a table of
ongoing communication and understands
whom is communicating to whom. What type
of communication is happening and when
communication is over.
Can allow return traffic without a specific return
traffic rule (which is convenient)
State full Packet Filters (211)
Advantages:
• Cheap
• Does keep state (makes return rules easier, and
adds some security)
Disadvantages
• Does not keep state (rebooting breaks stuff)
• Only look at layer 3 and 4 addresses
• Might be broken via fragmentation
• Cannot inspect actual packet data
• Can be complex to setup (less though than regular
packet filters)
Proxies (212)
A Proxy is simply a middleman. When you want
to communicate with the internet, you contact
a proxy, who communicates on your behalf to
the destination server. Then the Proxy will
return the data to you from the destination…
You NEVER directly communicate with the
destination when using a proxy
Two Types
• Circuit Level Proxy – Example: SOCKS, NAT
• Application Proxy – Example: Squid
Circuit Level Proxy (212)
Simply put a middleman.
You talk to a proxy which takes your information
and sends it to a remote server, it also
receives a response and sends it back to you.
Circuit Level Proxies (212)
Advantages
• Fairly simple
• Hides internal network addresses
• When used with a firewall, stops people from directly
starting conversations with internal hosts, while still
allowing internal hosts to communicate with the
Internet
Disadvantages
• A single point of failure and performance issues
• Does not actually “analyze data” doesn’t protect
from “dangerous data”
NAT/PAT (211)
A proxy that works without special software and
is transparent to the end users.
Remaps IP addresses, allowing you to use
“private addresses” (later) internally and
mapping them to “public IP addresses”
NAT maps one “public” IP directly to a “private”
IP
PNAT allows multiple “private IPs” to share one
“public” IP
(see slides)
NAT
NAT
1.
2.
3.
4.
5.
6.
Computer 10.0.0.1 sends a packet to 175.56.28.3
Router grabs packet, notices it is NOT address to him..
Modifies the src address to one from it’s pool
(215.37.32.202), then sends the packet on it’s way to the
destination*
The end machine accepts the packet as it’s addressed to
him.
End machine creates response, src = itself (172.56.28.3)
dest = 215.37.32.202
Router grabs packet, notices the dest address, and looks
up in it’s NAT table, rewrites the dest to 10.0.0.1 and
sends it on its way*
Originating machine grabs response since it’s addressed
to him, he processes it.
PAT
PAT
1. Client computer creates packet


SRC: 10.0.0.1:TCP:10000
DEST: 130.85.1.3:TCP:80
2. Router rewrites the SRC portion to be


SRC: 208.254.31.1:1026
Makes an entry in the PNAT table
3. End server accepts packet
4. End server creates return packet


SRC: 130.85.1.3:TCP:80
DEST: 208.254.31.1:1026
5. Router receives packet, rewrites destination to be
–
DEST: 10.0.0.1:TCP:10000
6. Client receives the return packet
NAT/PAT difference (n/b)
• NAT ONLY looks and rewrite the IP addresses.
• NAT requires 1 public IP for each computer that
wants to access the Internet simultaneously. If you
have 100 computer and you expect 20 of them to
access the Internet at any time… you need 20 public
IP addresses
• PAT looks at the IP and TCP/UDP headers and
rewrites both
• PAT only requires 1 public IP address and can
support about 64,000 simultaneous connections for
each IP public IP address.
NAT / PAT (n/b)
Advantages
– Allows you to use private addresses Internally,
you don’t need to get real public IP addresses for
each computer
– Protects the network by stopping external entities
from starting conversations to internal machines
– Hides internal network structure
– Transparent, doesn’t require special software
Disadvantages
– Single Point of Failure / Performance Bottleneck
– Doesn’t protect from “bad data”
Application Proxies (212)
Like circuit layer proxies, but actually understand the
application/protocol they are proxing!
This allows for additional security as they can inspect
the data for protocol violations or malware!
Application Proxies (212)
Examples:
Squid web proxy server
Internet Security and Acceleration Server (MS web
proxy)
SMTP proxies
FTP proxies
Application Proxies (212)
Advantages
Application proxies understand the protocol, so they can
add extra security
– Ex. Restrict users to only allowed websites
– Ex. Inspect data for protocol violations
– Ex. Inspect data for malware (viri etc)
Disadvantages
– Extra processing requires extra CPU (slower)
– Proxies ONLY understand the protocols they were written
to understand. So you generally have a separate
application proxy for EACH protocol you want to proxy
PBX systems (215)
Some (almost all) medium to large organizations run
their own PBX (Private Branch Exchange).
Beware of attacks against PBX systems. Hackers
may use your PBX to get free long distance calls
etc. (using 2600Hz whistles was famous.. Captain
Crunch storey
Be aware that the original phone system hacking was
called phreaking.
Be aware the concept of phishing using phones is
called vishing.
Network Access Control (216)
Did we talk about NAC and NAP yet, if not
explain NAC and NAP.
Security Zones
Bastion Host (230)
• Bastion Host – a server that is highly locked
down (hardened). Usually put in a DMZ
(later). These machines can be directly
accessed by the internet (though usually
though one layer of firewall) so they are
“hardened” (what do I mean by that?)
Security Zones (229)
It is common practice in network and physical
security to group different security levels into
different areas or zones. Each zone is either
more or less trusted then the other zones.
Interfaces between zones have some type of
access control to restrict movement between
zones (like biometric and guard stations) or
firewalls.) In Network security there is often a
median zone between the Internet and
internal network called a DMZ.
DMZ (230)
• A buffer zone between an unprotected
network and a protected network that allows
for the monitoring and regulation of traffic
between the two.
– You generally put your “Internet” accessible
servers (bastion hosts) in a DMZ between your
organizations internet network and the Internet.
DMZ
Multi Homed Firewall (n/b)
• Pretty much any firewall, dual homed
means there are two network interfaces,
one on the “Internet” one on the “Internal
network”
• Multi-homed just means 2 or more
interfaces. Multi-homed firewalls may be
used to setup a DMZ with a single firewall.
(see next slide)
• On any dual/multi-homed machine, “IP
forwarding” should be disabled.*
Multi-homed firewall
Screened Subnet (n/b)
• A type of DMZ, where there is a “middle”
network where internet services reside
before the “Internal” network (see next
slide). In a screen subnet, there is usually
a router performing packet filtering before
the “first firewall”
Screened Subnet
Internal firewalls (n/b)
• You may have a firewall that protects
internal networks from each other!
Networking Media / Cabling
Coax (219)
Coax (219)
• Coaxial – copper core surrounded by a
shielding layer and a grounding wire.
– 200 and 500 meter maximum lengths
– More resistant to EMI than UTP
• Note used much anymore
– Can be baseband (one channel Ethernet) or
broadband (multiple channels, cable TV)
Twisted Pair
Twisted Pair (219)
•
•
•
•
•
•
Like phone wire, but more wires.
100 meter maximum lengths
RJ-45 connector
Two main “types” UTP, and STP
STP is shielded and better if you have EMI issues
UTP is unshielded and susceptible to EMI and
crosstalk
• UTP also gives off signals which could be picked up
if you have sufficient technology. (tempest stuff)
• “least secure vs. coax and fiber”
Fiber
Fiber (221)
• Glass tubes
• High speed, long haul
• NOT effected by EMI, doesn’t “lose” signal
either (attenuation)
• Does NOT radiate energy, better security
• Expensive
• Difficult to work with
• Used in backbones
Random Terms
Terms (231)
Intranet - A network that has the same
functionality of the Internet, but lies within an
organizations internal network.
Extranet – An extension of a companies
“intranet” made available to external partners.
Allowing businesses to share information and
resources. Should be protected by some type
of security mechanism such as a VPN, or an
SSL based website.
(more)
Chapter 8 - Review
Q. What layer of the OSI model does a switch
operate at, what addresses does it “switch”
Q. What layer of the OSI model does a router look
at, what addresses does it “route”
Q. The purpose of twisting the wires in a twisted pair
cable is what?
Q. Fiber Optic cabling is / is not susceptible to
electromagnetic interference?
Chapter 8 Review
Q. What is a Bastion Host
Q. What is the purpose of a DMZ
Q. What is NAC/NAP?
Q. What is the main purpose of a circuit layer proxy.
Q. How is an application layer proxy different than a
circuit layer proxy?
Chapter 8 - Review
Q. What are the Private IP ranges
Q. How is STP different than UTP?
Q. What is ARP poisoning?
Q. What is MAC flooding?