Domain_04: Communications and Network Security
-
New Topics
-
Network Architectures
-
VxLAN
- VxLAN stands for Virtual Extensible Local Area Network.
-
Software Defined Network (SDN)
-
Software Defined Network (SDN) is a network architecture that allows for centralized control and management of network resources. It separates the control plane from the data plane, enabling programmability and flexibility in network configuration.
-
SDN Architecture
-
Control Plane
-
Data Plane
-
Management Plane
-
-
SD-WAN
- Software-Defined Wide Area Networking (SD-WAN) is a technology that simplifies the management and operation of a wide area network (WAN) by decoupling the network hardware from its control mechanism. It allows organizations to build higher-performing WANs using lower-cost Internet access, while ensuring optimal application performance and security.
-
SD-LAN
- SD-LAN stands for Software Defined Local Area Network. It is a technology that allows for the centralized management and control of the local area network. With SD-LAN, network administrators can easily configure and manage network devices, such as switches and access points, through a centralized controller. This simplifies network management and allows for greater flexibility and scalability.
-
-
Li-Fi
- Li-Fi, or Light Fidelity, is a wireless communication technology that uses light signals to transmit data. It is a promising alternative to traditional Wi-Fi as it offers faster speeds and higher security. Li-Fi uses LED bulbs to emit light signals that can be received and decoded by devices equipped with a Li-Fi receiver.
-
ZigBee (PAN)
-
ZigBee is a wireless communication technology commonly used in home automation systems.
-
It operates on low-power, low-data-rate, and low-cost wireless mesh networks.
-
ZigBee is designed to be energy efficient and suitable for battery-powered devices.
-
It is commonly used for applications such as smart homes, industrial automation, and healthcare monitoring.
-
-
-
CELLULAR NETWORKING
-
5G
-
5G is the fifth generation of cellular network technology.
-
It offers faster data transfer speeds and lower latency compared to previous generations.
-
5G networks are designed to support a wide range of applications including autonomous vehicles, virtual reality, and IoT devices.
-
However, the deployment of 5G requires a significant infrastructure upgrade and may face challenges related to spectrum availability and security.
-
-
Content Delivery Networks (CDN)
-
Content Delivery Networks (CDNs) are a distributed network of servers that help deliver web content to users efficiently.
-
CDNs store copies of web content in multiple locations, called edge servers, and deliver it to users from the server that is geographically closest to them.
-
By using CDNs, websites can improve their performance, reduce latency, and handle high traffic loads more effectively.
-
-
-
Open Systems Interconnection (OSI) Reference Model
-
The OSI and TCP/IP networking models
-
OSI model
-
Data at Each Stage of OSI Layer
- Don't Don't Don't Stop Pouring Free Beer (Data-Application. Data-Presentation, Data-Session, Segment-Transport, Packet-Network, Frame-Data Link, Bits- Physical) OR Some People Forget Birthday (Segments-Transport , Packets-Network, Frames-Data Link, Bits-Physical)
-
-
OSI Layers (7 Layers)
-
Application
-
Application Layer
-
protocols
-
• File Transfer Protocol(FTP)
-
• Trivial File Transfer Protocol(TFTP)
-
• Simple Network Management Protocol(SNMP)
-
• Simple Mail Transfer Protocol (SMTP)
-
• Telnet
-
• Hypertext Transfer Protocol (HTTP)
-
-
-
-
Presentation
-
Presentation Layer
-
standards
-
• American Standard Code for Information Interchange (ASCII)
-
• Extended Binary-Coded Decimal Interchange Mode (EBCDIC)
-
• Tagged Image File Format (TIFF)
-
• Joint Photographic Experts Group (JPEG)
-
• Motion Picture Experts Group (MPEG)
-
• Musical Instrument Digital Interface (MIDI)
-
-
-
-
Session
-
Session Layer
-
different modes
-
• Simplex
-
• Half-duplex
-
• Full-duplex
-
-
Secure RPC (SRPC)
-
protocols
-
• Network Basic Input Output System (NetBIOS)
-
• Password Authentication Protocol (PAP)
-
• Point-to-Point Tunneling Protocol(PPTP)
-
• Remote Procedure Call (RPC)
-
-
-
-
Transport
-
Transport Layer
-
protocols
-
• Transmission Control Protocol(TCP)
-
• User Datagram Protocol(UDP)
-
• Sequenced Packet Exchange(SPX)
-
-
-
-
Network
-
Network Layer
-
protocols
-
• Internet Protocol (IP)
-
• Internet Control Message Protocol (ICMP)
-
• Internet Group Management Protocol (IGMP)
-
• Routing Information Protocol (RIP)
-
• Open Shortest Path First (OSPF)
-
• Internetwork Packet Exchange (IPX)
-
-
-
-
Data Link
-
Data Link Layer
-
The Logical Link Control (LLC)
-
Media Access Control (MAC)
-
Framing
-
protocols
-
• Address Resolution Protocol (ARP)
-
• Reverse Address Resolution Protocol (RARP)
-
• Point-to-Point Protocol (PPP)
-
• Serial Line Internet Protocol (SLIP)
-
• Ethernet (IEEE 802.3)
-
• Token Ring (IEEE 802.5)
-
• Wireless Ethernet (IEEE 802.11)
-
-
-
-
Physical
-
Physical Layer
-
Converts bits into voltage for transmission
-
standard interfaces
-
• RS/EIA/TIA-422, RS/EIA/TIA-423,RS/EIA/TIA-449, RS/EIA/TIA-485
-
• 10Base-T, 10Base2, 10Base5, 100Base-TX, 100Base-FX, 100Base-T,000Base-T, 1000Base-SX
-
• Integrated Services Digital Network (ISDN)
-
• Digital subscriber line (DSL)
-
• Synchronous Optical Networking (SONET)
-
-
-
-
MNEMONICS: All People Seems To Need Data Processing
-
-
-
Networking Foundations
-
Network Topologies
-
Ring Topology
-
Bus Topology
-
Star Topology
-
Mesh Topology
-
-
Media Access Technologies
-
Token Passing
-
A token is a 24-bit control frame used to control which computers communicate at what intervals.
-
used by Token Ring and FDDI technologies
-
-
CSMA
-
CSMA/CD
- carrier sense multiple access with collision detection (CSMA/CD)
-
CSMA/CA
- Carrier sense multiple access with collision avoidance (CSMA/CA)
-
-
Collision Domains
-
Polling
- is a method of monitoring multiple devices and controlling network access transmission
-
Ethernet
-
IEEE 802.3
-
Characteristics
-
• Contention-based technology
-
• Uses broadcast and collision domains
-
• Uses the carrier sense multiple access with collision detection (CSMA/CD) access method
-
• Supports full-duplex communication
-
• Can use coaxial, twisted-pair, or fiber-optic cabling types
-
• Is defined by standard IEEE 802.3
-
-
types
-
10Base-T
-
100Base-TX
- Fast Ethernet
-
1000Base-T
- maximum distance of 100 meters
-
10GBase-T
-
Image not available
-
-
-
Token Ring
-
is a LAN media access technology that enables the communication and sharing of networking resources.
-
Multistation Access Unit (MAU).
-
IEEE 802.5 standard
-
star-configured topology
-
16 Mbps
-
-
FDDI
-
Fiber Distributed Data Interface (FDDI)
-
ANSI standard based on IEEE 802.4
-
100 Mbps
-
Copper Distributed Data Interface (CDDI)
-
categories
-
• Single-attachment station (SAS)
-
• Dual-attachment station (DAS)
-
• Single-attached concentrator (SAC)
-
• Dual-attached concentrator (DAC)
-
-
-
-
Transmission Methods
-
unicast
-
Unicast is a type of transmission method in computer networking.
-
In unicast, data is sent from one sender to one receiver.
-
It is like a one-on-one communication where the sender and receiver have a direct connection.
-
Unicast is commonly used for tasks like sending emails, browsing websites, or making video calls.
-
-
broadcast
- Broadcast is a method of transmitting data to multiple recipients simultaneously.
-
multicast
- Multicast is a transmission method in which a single packet of data is sent to multiple recipients at the same time.
-
-
-
TCP/IP
-
TCP
-
Port Types
-
• Telnet port 23
-
• SMTP port 25
-
• HTTP port 80
-
• SNMP ports 161 and 162
-
• FTP ports 21 and 20
-
-
TCP Handshake
- Image not available
-
Attack
-
SYN flood
-
TCP session hijacking
-
-
Data Structures
- Notes & Image
-
Major Differences Between TCP and UDP
-
TCP (Transmission Control Protocol) is a connection-oriented protocol that provides reliable and ordered delivery of data packets. UDP (User Datagram Protocol) is a connectionless protocol that does not guarantee reliable delivery or ordered delivery of data packets.
-
TCP uses a three-way handshake process to establish a connection between sender and receiver, while UDP does not require a connection establishment process.
-
TCP provides error checking and retransmission of lost packets, ensuring data integrity, while UDP does not provide error checking or retransmission.
-
TCP is suitable for applications that require reliable and ordered delivery of data, such as web browsing and file transfer. UDP is suitable for applications that prioritize speed and efficiency over reliability, such as real-time streaming and online gaming.
-
-
-
IP Addressing
-
Subnetting
-
Subnetting is the process of dividing a network into smaller subnetworks.
-
It allows for better network management and improved security by creating separate smaller networks within a larger network.
-
Subnetting involves assigning a unique network address to each subnetwork, enabling efficient routing of data packets.
-
It helps optimize network performance and address limitations of IP addressing by reducing network congestion and improving scalability.
-
-
Supernetting
-
classless interdomain routing (CIDR)
-
Supernetting is a method used in IP addressing to combine multiple smaller network blocks into a larger one. This allows for more efficient use of IP addresses and reduces the number of routing table entries.
-
-
IPv4 Addressing
- Address Range
-
Time to Live (TTL)
-
Time to Live (TTL) is a field in the IP header that specifies the maximum amount of time that a packet can exist in a network.
-
When a packet reaches a router or network device, the TTL value is decreased by one.
-
If the TTL value reaches zero, the packet is discarded and an error message is sent back to the source.
-
The purpose of TTL is to prevent packets from circulating indefinitely in a network.
-
-
Type of Service (ToS)
-
Type of Service (ToS) is a field in the IP header that indicates the priority level of a packet.
-
It is used to specify the quality of service required for a particular packet.
-
ToS values range from 0 to 255, with higher values indicating higher priority.
-
The ToS field helps in managing network traffic and ensuring efficient delivery of packets.
-
-
-
IPv6
-
IP next generation (IPng),
-
Network Address Translation
-
Automatic tunneling
- Automatic tunneling is a feature in the IPv6 protocol that allows for the creation of IPv6 tunnels over an IPv4 network.
-
-
Converged Protocols
-
• Fibre Channel over Ethernet (FCoE)
- storage area networks (SANs)
-
• Multiprotocol Label Switching (MPLS)
-
layer 2.5 protocol
-
MPLS is considered a converged protocol because it can encapsulate any higher-layer protocol and tunnel it over a variety of links.
-
-
• Internet Small Computer System Interface (iSCSI)
- iSCSI encapsulates SCSI data in TCP segments.
-
IP convergence
- VoIP
-
-
-
Network Protocols and Services
-
Address Resolution Protocol (ARP)
-
The Address Resolution Protocol (ARP) is a network protocol used to map an IP address to a physical or MAC address.
-
• SMTP port 25
-
• HTTP port 80
-
• SNMP ports 161 and 162
-
• FTP ports 21 and 20
-
-
TCP Handshake
- Image not available
-
Attack
-
SYN flood
-
TCP session hijacking
-
-
Data Structures
- Notes & Image
-
Major Differences Between TCP and UDP
-
TCP (Transmission Control Protocol) is a connection-oriented protocol that provides reliable and ordered delivery of data packets. UDP (User Datagram Protocol) is a connectionless protocol that does not guarantee reliable delivery or ordered delivery of data packets.
-
TCP uses a three-way handshake process to establish a connection between sender and receiver, while UDP does not require a connection establishment process.
-
TCP provides error checking and retransmission of lost packets, ensuring data integrity, while UDP does not provide error checking or retransmission.
-
TCP is suitable for applications that require reliable and ordered delivery of data, such as web browsing and file transfer. UDP is suitable for applications that prioritize speed and efficiency over reliability, such as real-time streaming and online gaming.
-
-
-
Dynamic Host Configuration Protocol (DHCP)
-
DHCP is a network protocol that allows devices to automatically obtain IP addresses and other network configuration settings.
-
It simplifies the process of network configuration by providing a centralized system for managing IP addresses and network parameters.
-
classless interdomain routing (CIDR)
-
Supernetting is a method used in IP addressing to combine multiple smaller network blocks into a larger one. This allows for more efficient use of IP addresses and reduces the number of routing table entries.
-
-
DHCP servers assign IP addresses to devices on the network, ensuring that each device has a unique identifier.
-
It also allows for the allocation of other important network information such as subnet masks, default gateways, and DNS server addresses.
-
Time to Live (TTL) is a field in the IP header that specifies the maximum amount of time that a packet can exist in a network.
-
When a packet reaches a router or network device, the TTL value is decreased by one.
-
If the TTL value reaches zero, the packet is discarded and an error message is sent back to the source.
-
The purpose of TTL is to prevent packets from circulating indefinitely in a network.
-
-
Type of Service (ToS)
-
Type of Service (ToS) is a field in the IP header that indicates the priority level of a packet.
-
It is used to specify the quality of service required for a particular packet.
-
ToS values range from 0 to 255, with higher values indicating higher priority.
-
The ToS field helps in managing network traffic and ensuring efficient delivery of packets.
-
-
-
Reverse Address Resolution Protocol (RARP)
-
Reverse Address Resolution Protocol (RARP) is a network protocol used to obtain an IP address from a physical address (MAC address) in a local area network (LAN).
-
RARP works in the opposite direction of Address Resolution Protocol (ARP), which is used to obtain a physical address from an IP address.
-
When a device does not have an IP address assigned, it can send a RARP request to a RARP server to obtain an IP address.
- Automatic tunneling is a feature in the IPv6 protocol that allows for the creation of IPv6 tunnels over an IPv4 network.
-
RARP is mainly used in legacy systems and is being replaced by Dynamic Host Configuration Protocol (DHCP) in modern networks.
-
-
Bootstrap Protocol (BOOTP)
-
was created after RARP to enhance the functionality that RARP provides for diskless workstations
- storage area networks (SANs)
-
-
Internet Control Message Protocol(ICMP)
-
ICMP is a network protocol used by network devices to send error messages and operational information about the network.
-
It is commonly used for troubleshooting network issues, such as identifying unreachable hosts or network congestion.
-
ICMP messages are encapsulated within IP packets and are sent between devices to ensure proper communication and network health.
-
Some common ICMP message types include echo request/reply (ping), destination unreachable, time exceeded, and parameter problem.
-
Attacks Using ICMP
-
-
Simple Network Management Protocol (SNMP)
-
Management Information Base (MIB).
-
The Management Information Base (MIB) is a database that stores information about the devices and entities in a network.
- The Open Networking Foundation (ONF) advocates for the use of open standards and open source software in software defined networking (SDN). This approach aims to promote interoperability, flexibility, and innovation in network infrastructure.
-
An MIB is a logical grouping of managed objects that contain data used for specific management tasks and status checks.
- API stands for Application Programming Interface. It is a set of rules and protocols that allow different software applications to communicate with each other. In the context of Software Defined Networking (SDN), APIs are used to control and manage network resources and services.
-
• Overlays
- Overlays are an approach to Software Defined Networking (SDN) where virtual networks are created on top of the physical network infrastructure. These virtual networks provide additional security and flexibility by allowing the use of different protocols and configurations.
-
-
SNMP v3
-
SNMP v3 is the third version of the Simple Network Management Protocol (SNMP), which is a protocol used for managing and monitoring network devices. It provides increased security features compared to previous versions, including authentication and encryption.
-
implemented for more granular protection
-
SDN allows for more flexible and programmable network management, as network administrators can control the network's behavior through software instead of manually configuring individual devices.
-
By separating the control plane from the forwarding plane, SDN enables easier network virtualization, improves network scalability, and enhances network security.
-
-
ports (161 and 162)
-
-
Domain Name Service
-
Internet DNS and Domains
- Internet DNS (Domain Name System) is a service that translates domain names into IP addresses, allowing users to access websites using easy-to-remember names instead of numeric IP addresses. Domains are the unique names that identify websites on the internet.
-
DNS Threats
-
DNS threats refer to various vulnerabilities and attacks that can compromise the security and integrity of the Domain Name System (DNS). These threats include DNS spoofing, DNS cache poisoning, DNS hijacking, and DDoS attacks targeting DNS servers. It is important to implement proper security measures to protect against these threats and ensure the reliable functioning of DNS.
-
DNS Splitting
- DNS Splitting is a type of DNS threat where an attacker manipulates the DNS responses to direct users to malicious websites or servers.
-
-
Security
-
DNSSEC
-
DNSSEC (Domain Name System Security Extensions) is a technology that adds an additional layer of security to the DNS protocol.
-
It provides authentication and data integrity for DNS responses, preventing DNS spoofing and DNS cache poisoning attacks.
-
DNSSEC uses digital signatures to verify the authenticity of DNS data, ensuring that users are connecting to the intended website.
-
• They cannot prevent attacks that employ application-specific vulnerabilities or functions.• They have limited logging functionality.
-
• Most packet-filtering firewalls do not support advanced user authentication schemes.
-
• Many packet-filtering firewalls cannot detect spoofed addresses.
-
• They may not be able to detect packet fragmentation attacks.
-
-
By validating DNS responses, DNSSEC helps to protect against DNS-based attacks and enhances the overall security of the communication and network infrastructure.
-
-
• Stateful
-
keeping state of a connection
-
Stateful-Inspection Firewall Characteristics
-
• Maintains a state table that tracks each and every communication session
-
• Provides a high degree of security and does not introduce the performance hit that application proxy firewalls introduce
-
• Is scalable and transparent to users
-
• Provides data for tracking connectionless protocols such as UDP and ICMP
-
• Stores and updates the state and context of the data within the packets
-
-
-
• Proxy
-
circuit-level proxy
-
SOCKS
-
Characteristics
-
• They do not require a proxy for each and every protocol.
-
• They do not provide the deep-inspection capabilities of an application-level proxy firewall.
-
• They provide security for a wider range of protocols.
-
-
-
Application-level proxies
-
Characteristics
-
• Each protocol that is to be monitored must have a unique proxy.
-
• They provide more protection than circuit-level proxy firewalls.
-
• They require more processing per packet and thus are slower than circuit-level proxy firewalls.
-
-
-
-
• Dynamic packet filtering
-
ACLs
-
it gives you the option of allowing any type of traffic outbound and permitting only response traffic inbound.
-
-
• Kernel proxy
-
a fifth-generation firewall
-
.faster than application-level proxy firewalls because all of the inspection and processing takes place in the kernel and does not need to be passed up to a higher software layer in the operating system.
-
-
Next-Generation Firewalls(NGFW)
-
Compare
- Image not available
-
-
-
E-mail Services
-
Simple Mail Transfer Protocol(SMTP)
-
SMTP is a protocol used for sending email messages between servers.
-
It is responsible for the transmission of email from the sender's mail server to the recipient's mail server.
-
SMTP operates on the application layer of the TCP/IP protocol stack.
-
It uses a set of commands and responses to facilitate the transfer of email.
-
-
Post Office Protocol (POP)
-
Post Office Protocol (POP) is a protocol used by email clients to retrieve emails from a mail server.
-
It allows users to download their emails to their local devices and manage them offline.
-
POP works by connecting to the mail server and authenticating the user's credentials.
-
Once authenticated, POP retrieves the emails from the server and stores them locally.
-
Simple Authentication and Security Layer (SASL)
-
-
Internet Message Access Protocol (IMAP)
- IMAP is an email protocol that allows users to access their email on a remote mail server. It enables users to view and manage their email messages without downloading them to their local device.
-
E-mail Relaying
- E-mail relaying is the process of transferring an email message from one mail server to another. It allows email to be sent across different networks and domains.
-
E-mail Threats
-
E-mail spoofing
-
E-mail spoofing refers to the practice of sending emails with a forged sender address, making it appear as if the email came from a different source. This is done to deceive the recipient and gain their trust for malicious purposes.
-
Protection
-
In 2012, SPF and DKIM were brought together to define the Domain-based Message Authentication, Reporting and Conformance (DMARC) system.
-
Sender Policy Framework (SPF),
-
DomainKeys Identified Mail (DKIM)
-
-
-
Spamming
- Spamming refers to the act of sending unsolicited and unwanted messages, often in bulk, to a large number of recipients. These messages are typically commercial in nature and can be annoying and disruptive to the recipients.
-
Phishing
-
whaling attack
-
spear phishing
-
-
-
-
Network Address Translation
-
private IP address ranges
-
• 10.0.0.0–10.255.255.255 Class A networks
-
• 172.16.0.0–172.31.255.255 Class B networks
-
• 192.168.0.0–192.168.255.255 Class C networks
-
-
Three basic types of NAT
-
• Static mapping
- Static mapping is a type of Network Address Translation (NAT) where a specific private IP address is permanently assigned to a specific public IP address. This allows for consistent communication between the private and public network.
-
• Dynamic mapping
- Dynamic mapping is a type of Network Address Translation (NAT) that allows multiple devices on a private network to share a single public IP address. This type of NAT assigns a unique port number to each device, allowing them to communicate with external networks.
-
• Port address translation (PAT)
- Port address translation (PAT) is a type of Network Address Translation (NAT) where multiple private IP addresses are mapped to a single public IP address by using different port numbers.
-
-
-
Routing Protocols
-
autonomous systems (ASs).
-
Interior Gateway Protocol (IGP)
-
Interior Gateway Protocol (IGP) is a type of routing protocol used within an autonomous system (AS) to exchange routing information between routers.
-
• Single point of compromise
-
• Performance issues
-
-
Dynamic vs. Static
-
A dynamic routing protocol can discover routes and build a routing table
-
A static routing protocol requires the administrator to manually configure the router’s routing table.
-
-
Route flapping
-
refers to the constant changes in the availability of routes.
-
Route flapping refers to the rapid and frequent changes in the availability of a network route.
-
It can occur due to various factors such as network congestion, hardware failures, or misconfigurations.
-
Route flapping can lead to instability and poor performance in a network, as it causes excessive updates and recalculations of routing tables.
-
To mitigate route flapping, network administrators can implement route dampening techniques or use more stable routing protocols.
-
-
Distance-Vector vs. Link-State
- Distance-Vector routing protocols determine the best path to a destination based on the number of hops (or distance) between routers. Link-State routing protocols, on the other hand, take into account the entire network topology to determine the best path based on factors such as bandwidth, delay, and reliability.
-
Interior Routing Protocols/Interior Gateway Protocols
-
• Routing Information Protocol(RIP)
-
• Open Shortest Path First(OSPF)
-
• Interior Gateway Routing Protocol(IGRP)
-
• Enhanced Interior Gateway Routing Protocol(EIGRP)
-
• Virtual Router Redundancy Protocol(VRRP)
-
• Virtual Router Redundancy Protocol(IS-IS)
-
-
Exterior Routing Protocols
-
Exterior routing protocols are used to exchange routing information between different autonomous systems (AS) in a network.
-
exterior gateway protocols (EGPs)
-
Border Gateway Protocol (BGP)
-
-
Routing Protocol Attacks
-
DoS
-
Wormhole Attack
-
-
-
-
Communications Channels
-
Multiservice Access Technologies
-
combine several types of communication categories (data,voice, and video) over one transmission line.
-
• TLS encryption takes place at the session layer.
-
• PPTP encryption takes place at the data link layer.
-
• Link encryption takes place at the data link and physical layers.
-
-
H.323 Gateways
-
a standard that deals with video, real-time audio, and data packet–based transmissions where multiple users can be involved with the data exchange.
- is considered a cryptosystem
-
-
Digging Deeper into SIP
-
two major components
-
User Agent Client(UAC)
-
The User Agent Client (UAC) is one of the major components of the Session Initiation Protocol (SIP).
-
It is responsible for initiating communication sessions and sending requests to the User Agent Server (UAS) for establishing connections.
-
-
User Agent Server(UAS)
- User Agent Server (UAS) is a component of the Session Initiation Protocol (SIP) that receives requests from User Agent Clients (UACs) and processes them.
-
-
Cookies
-
Secure Shell (SSH)
-
-
IP Telephony Issues
-
IP telephony refers to the transmission of voice and multimedia sessions over the internet.
- Internet DNS (Domain Name System) is a service that translates domain names into IP addresses, allowing users to access websites using easy-to-remember names instead of numeric IP addresses. Domains are the unique names that identify websites on the internet.
-
One of the main issues with IP telephony is security vulnerabilities, such as eavesdropping and call interception.
-
DNS threats refer to various vulnerabilities and attacks that can compromise the security and integrity of the Domain Name System (DNS). These threats include DNS spoofing, DNS cache poisoning, DNS hijacking, and DDoS attacks targeting DNS servers. It is important to implement proper security measures to protect against these threats and ensure the reliable functioning of DNS.
-
DNS Splitting
- DNS Splitting is a type of DNS threat where an attacker manipulates the DNS responses to direct users to malicious websites or servers.
-
-
Another issue is the risk of denial-of-service (DoS) attacks that can disrupt the availability of IP telephony services.
-
DNSSEC
-
DNSSEC (Domain Name System Security Extensions) is a technology that adds an additional layer of security to the DNS protocol.
-
It provides authentication and data integrity for DNS responses, preventing DNS spoofing and DNS cache poisoning attacks.
-
DNSSEC uses digital signatures to verify the authenticity of DNS data, ensuring that users are connecting to the intended website.
-
By validating DNS responses, DNSSEC helps to protect against DNS-based attacks and enhances the overall security of the communication and network infrastructure.
-
-
-
Additionally, IP telephony can be susceptible to identity theft and unauthorized access to call records and voicemails.
-
-
SPIT (Spam over Internet Telephony).
-
SPIT refers to the unwanted, unsolicited messages and calls that are sent over internet telephony systems.
-
SMTP is a protocol used for sending email messages between servers.
-
It is responsible for the transmission of email from the sender's mail server to the recipient's mail server.
-
SMTP operates on the application layer of the TCP/IP protocol stack.
-
It uses a set of commands and responses to facilitate the transfer of email.
-
-
SPIT is similar to email spam, but instead of targeting email accounts, it targets internet telephony systems.
-
Post Office Protocol (POP) is a protocol used by email clients to retrieve emails from a mail server.
-
It allows users to download their emails to their local devices and manage them offline.
-
POP works by connecting to the mail server and authenticating the user's credentials.
-
Once authenticated, POP retrieves the emails from the server and stores them locally.
-
Simple Authentication and Security Layer (SASL)
-
-
SPIT can be annoying and disruptive, as it can flood communication channels with unwanted messages and calls.
- IMAP is an email protocol that allows users to access their email on a remote mail server. It enables users to view and manage their email messages without downloading them to their local device.
-
To protect against SPIT, it is important to use security measures such as authentication and filtering techniques.
- E-mail relaying is the process of transferring an email message from one mail server to another. It allows email to be sent across different networks and domains.
-
-
countermeasures
-
• Keep patches updated on each network device involved with VoIP transmissions
-
• The call manager server
-
• The voicemail server
-
• The gateway server
-
-
• Identify unidentified or rogue telephony devices:
-
• Implement authentication so only authorized telephony devices are working on the network
- Static mapping is a type of Network Address Translation (NAT) where a specific private IP address is permanently assigned to a specific public IP address. This allows for consistent communication between the private and public network.
-
• Port address translation (PAT)
- Port address translation (PAT) is a type of Network Address Translation (NAT) where multiple private IP addresses are mapped to a single public IP address by using different port numbers.
-
-
• Install and maintain
-
• Stateful firewalls
-
• VPN for sensitive voice data
-
• Intrusion detection
-
-
• Disable unnecessary ports and services on routers, switches,PCs, and IP telephones
-
• Employ real-time monitoring that looks for attacks, tunneling,and abusive call patterns through IDS/IPS
-
• Employ content monitoring
-
• Use encryption when data (voice, fax, video) cross an untrusted network
-
• Use a two-factor authentication technology
-
• Limit the number of calls via media gateways
-
• Close the media sessions after completion
-
-
-
-
Network Components
-
• Repeaters
-
hub
-
concentrator
- Frequency refers to the number of times a wireless signal oscillates per second.
-
amplitude
- Amplitude refers to the maximum extent of a signal's variation from its average value. In wireless communications, amplitude modulation (AM) is a technique that varies the amplitude of the carrier signal to transmit information.
-
-
-
• Bridges
-
functions
-
• Segments a large network into smaller, more controllable pieces.
-
• Uses filtering based on MAC addresses.
-
• Joins different types of network links while retaining the same broadcast domain.
-
• Isolates collision domains within the same broadcast domain.
-
• Bridging functionality can take place locally within a LAN or remotely to connect two distant LANs.
-
• Can translate between protocol types.
-
-
work at the data link layer
- The Basic Service Set (BSS) is the simplest form of a wireless network. It consists of a single access point and one or more wireless devices connected to it.
-
Forwarding Tables
-
Spanning Tree Algorithm (STA),
-
source routing
-
APs are commonly used in WLANs (Wireless Local Area Networks) to extend network coverage and provide wireless access to users within a specific area.
-
They are often connected to a wired network through an Ethernet cable and can support multiple wireless devices simultaneously.
-
-
-
• Routers
-
network layer
-
Wired Equivalent Privacy (WEP)
- WEP is considered insecure and should not be used.
-
open system authentication (OSA) and shared key authentication (SKA)
-
-
Main Differences Between Bridges and Routers
-
Image not available
-
is also called Robust Security Network.
-
use of the AES algorithm in counter mode with CBC-MAC (CCM)
-
-
WPA also integrates 802.1X port authentication and EAP authentication methods.
- Temporal Key Integrity Protocol (TKIP),
-
-
-
• Switches
-
Multilayered switches
-
802.11 is a set of wireless standards that define the protocols for wireless local area networks (WLANs).
-
These standards specify how data is transmitted over the airwaves, enabling wireless communication between devices.
-
802.11 standards are commonly used for Wi-Fi networks, allowing devices to connect to the internet or other devices wirelessly.
-
-
Layer 3 and 4 Switches
-
802.11b is a wireless standard that operates on the 2.4 GHz frequency band.
-
It is one of the earliest and most widely used wireless standards for Wi-Fi networks.
-
802.11b supports a maximum data transfer rate of 11 Mbps.
-
It uses direct-sequence spread spectrum (DSSS) modulation for data transmission.
-
-
Layer 2 switches
-
5 GHz
-
54 Mbps
-
-
Multiprotocol Label Switching (MPLS)
-
802.11e is a wireless standard that focuses on enhancing the quality of service (QoS) in wireless networks.
-
It is an amendment to the 802.11 WLAN standards and provides mechanisms to prioritize different types of traffic, such as voice, video, and data.
-
By implementing 802.11e, wireless networks can better manage and allocate resources, ensuring a more reliable and efficient communication experience.
-
-
Virtual LANs (VLANs)
-
IEEE 802.1Q
-
tagging
-
attacks
-
VLAN hopping attacks
-
switch spoofing attack
-
double tagging attack
-
-
tagging
-
attacks
-
VLAN hopping attacks
-
switch spoofing attack
-
double tagging attack
-
-
-
-
Gateways
-
Network Device Differences
-
reference
-
reference
-
-
• Implement WPA2 and 802.1X to provide centralized user authentication (e.g., RADIUS, Kerberos). Before users can access the network, require them to authenticate.
-
• Use separate VLANs for each class of users, just as you would on a wired LAN.
-
• If you must support unauthenticated users (e.g., visitors), ensure they are connected to an untrusted VLAN that remains outside your network’s perimeter.
-
• Deploy a wireless intrusion detection system (WIDS).
-
• Physically put the AP at the center of the building. The AP has a specific zone of coverage it can provide.
-
• Logically put the AP in a DMZ with a firewall between the DMZ and internal network
-
.Allow the firewall to investigate the traffic before it gets to the wired network.
-
• Implement VPN for wireless devices to use. This adds another layer of protection for data being transmitted.
-
• Configure the AP to allow only known MAC addresses into the network. Allow only known devices to authenticate. But remember that these MAC addresses are sent in cleartext, so an attacker could capture them and masquerade himself as an authenticated device.
-
• Carry out penetration tests on the WLAN. Use the tools described in this section to identify APs and attempt to break the current encryption scheme being used.
-
-
PBXs
-
A Private Branch Exchange (PBX) is a private telephone switch that is located on a company’s property
- ground to orbiter to ground
-
Network Diagramming
- (ground to ground
-
-
Bluetooth Wireless
-
1- to 3-Mbps
-
2.4 GHz
-
Bluetooth Wireless is a wireless technology that allows devices to communicate and transfer data over short distances.
-
-
Firewalls
-
demilitarized zone (DMZ)
-
• Frequency division multiple access (FDMA)
-
• Time division multiple access (TDMA)
-
• Code division multiple access (CDMA)
-
• Orthogonal frequency division multiple access (OFDMA)
-
-
use
-
Firewalls are used to restrict access to one network from another network
-
Second generation(2G):
-
Generation 2½ (2.5G):
-
Third generation(3G):
-
Generation 3.5 G (3GPP)
-
Fourth generation (4G)
- Fourth generation (4G) refers to the fourth iteration of mobile technology that provides faster and more reliable wireless communication compared to previous generations.
-
5G
-
5G is the fifth generation of mobile technology.
-
It offers faster speeds, lower latency, and supports more devices compared to previous generations.
-
5G utilizes advanced technologies like millimeter waves and massive MIMO to deliver high-speed wireless communication.
-
It enables new applications such as autonomous vehicles, virtual reality, and smart cities.
-
-
-
types
-
• Packet filtering
-
egress filtering
-
ingress filtering
-
weaknesses of packet-filtering firewalls
-
• They cannot prevent attacks that employ application-specific vulnerabilities or functions.• They have limited logging functionality.
-
• Most packet-filtering firewalls do not support advanced user authentication schemes.
-
• Many packet-filtering firewalls cannot detect spoofed addresses.
-
• They may not be able to detect packet fragmentation attacks.
-
-
-
• Stateful
-
keeping state of a connection
-
Stateful-Inspection Firewall Characteristics
-
• Maintains a state table that tracks each and every communication session
-
• Provides a high degree of security and does not introduce the performance hit that application proxy firewalls introduce
-
• Is scalable and transparent to users
-
• Provides data for tracking connectionless protocols such as UDP and ICMP
-
• Stores and updates the state and context of the data within the packets
-
-
-
• Proxy
-
circuit-level proxy
-
SOCKS
-
Characteristics
-
• They do not require a proxy for each and every protocol.
-
• They do not provide the deep-inspection capabilities of an application-level proxy firewall.
-
• They provide security for a wider range of protocols.
-
-
-
Application-level proxies
-
Characteristics
-
• Each protocol that is to be monitored must have a unique proxy.
-
• They provide more protection than circuit-level proxy firewalls.
-
• They require more processing per packet and thus are slower than circuit-level proxy firewalls.
-
-
-
-
• Dynamic packet filtering
-
ACLs
-
it gives you the option of allowing any type of traffic outbound and permitting only response traffic inbound.
-
-
• Kernel proxy
-
a fifth-generation firewall
-
.faster than application-level proxy firewalls because all of the inspection and processing takes place in the kernel and does not need to be passed up to a higher software layer in the operating system.
-
-
Next-Generation Firewalls(NGFW)
-
Compare
- Image not available
-
-
three main firewall architectures
-
• Screened host
- • An external router filters (screens) traffic before it enters the subnet. Traffic headed toward the internal network then goes through two firewalls.
-
• Multihome/Dual-Homed
-
• A single computer with separate NICs connected to each network.
-
• Used to divide an internal trusted network from an external untrusted network.
-
• Must disable a computer’s forwarding and routing functionality so the two networks are truly segregated.
-
-
• Screened subnet
- • A router filters (screens) traffic before it is passed to the firewall.
-
-
Fragmentation Attacks
-
• IP fragmentation
-
• Teardrop attack
-
• Overlapping fragment attack
-
-
common firewall rules
-
• Silent rule
-
• Stealth rule
-
• Cleanup rule
-
• Negate rule
-
-
types
-
• Packet filtering
-
egress filtering
-
ingress filtering
-
weaknesses of packet-filtering firewalls
-
• They cannot prevent attacks that employ application-specific vulnerabilities or functions.• They have limited logging functionality.
-
• Most packet-filtering firewalls do not support advanced user authentication schemes.
-
• Many packet-filtering firewalls cannot detect spoofed addresses.
-
• They may not be able to detect packet fragmentation attacks.
-
-
-
• Stateful
-
keeping state of a connection
-
Stateful-Inspection Firewall Characteristics
-
• Maintains a state table that tracks each and every communication session
-
• Provides a high degree of security and does not introduce the performance hit that application proxy firewalls introduce
-
• Is scalable and transparent to users
-
• Provides data for tracking connectionless protocols such as UDP and ICMP
-
• Stores and updates the state and context of the data within the packets
-
-
-
• Proxy
-
circuit-level proxy
-
SOCKS
-
Characteristics
-
• They do not require a proxy for each and every protocol.
-
• They do not provide the deep-inspection capabilities of an application-level proxy firewall.
-
• They provide security for a wider range of protocols.
-
-
-
Application-level proxies
-
Characteristics
-
• Each protocol that is to be monitored must have a unique proxy.
-
• They provide more protection than circuit-level proxy firewalls.
-
• They require more processing per packet and thus are slower than circuit-level proxy firewalls.
-
-
-
-
• Dynamic packet filtering
-
ACLs
-
it gives you the option of allowing any type of traffic outbound and permitting only response traffic inbound.
-
-
• Kernel proxy
-
a fifth-generation firewall
-
.faster than application-level proxy firewalls because all of the inspection and processing takes place in the kernel and does not need to be passed up to a higher software layer in the operating system.
-
-
Next-Generation Firewalls(NGFW)
-
Compare
- Image not available
-
-
three main firewall architectures
-
• Screened host
- • An external router filters (screens) traffic before it enters the subnet. Traffic headed toward the internal network then goes through two firewalls.
-
• Multihome/Dual-Homed
-
• A single computer with separate NICs connected to each network.
-
• Used to divide an internal trusted network from an external untrusted network.
-
• Must disable a computer’s forwarding and routing functionality so the two networks are truly segregated.
-
-
• Screened subnet
- • A router filters (screens) traffic before it is passed to the firewall.
-
-
Fragmentation Attacks
-
• IP fragmentation
-
• Teardrop attack
-
• Overlapping fragment attack
-
-
common firewall rules
-
• Silent rule
-
• Stealth rule
-
• Cleanup rule
-
• Negate rule
-
-
-
Proxy Servers
-
forwarding proxy
-
A forwarding proxy is a server that acts as an intermediary between a client and a server. It receives requests from clients and forwards them to the appropriate server.
-
They can identify the presence of Wi-Fi networks, their signal strength, and the channels they are operating on.
-
Wi-Fi scanners can also provide information about the security settings of the networks, such as whether they are encrypted or open.
-
These tools are often used by network administrators and security professionals to assess the security of wireless networks and identify potential vulnerabilities.
-
-
open proxy
- An open proxy is a type of proxy server that allows anyone to connect and use it without any authentication.
-
reverse proxy
- A reverse proxy is a server that sits between client devices and a web server. It receives client requests and forwards them to the appropriate server. It can help improve security by protecting the web server from direct contact with clients.
-
Disassociation
- Disassociation is a type of wireless attack where an attacker forces a wireless device to disconnect from its network.
-
Jamming
-
Jamming refers to the intentional interference or disruption of wireless signals, such as Wi-Fi or cellular signals.
-
Attackers may use jamming techniques to prevent communication between wireless devices and networks, causing service disruptions and potential security vulnerabilities.
-
Jamming attacks can be performed using specialized equipment that emits radio frequency signals on the same frequency as the target wireless network, overpowering and blocking legitimate signals.
-
Countermeasures against jamming attacks include implementing frequency hopping techniques, using encryption to protect wireless communications, and monitoring for unusual signal disruptions.
-
-
Initialization Vector (IV) Abuse
- Initialization Vector (IV) is a random value used in encryption algorithms to ensure the uniqueness of the encrypted data. However, if the IV is predictable or reused, it can be abused by attackers to compromise the security of the wireless network.
-
Replay
- Replay attack is a type of wireless attack where an attacker intercepts and retransmits data packets, tricking the network into accepting old, previously captured packets as new and valid.
-
-
IDS
and IPS-
types of ids systems
-
Intrusion Detection Systems (IDS) are designed to detect and monitor malicious activities within a network.
-
Network-based IDS (NIDS) analyzes network traffic, looking for patterns and signatures of known attacks.
-
Host-based IDS (HIDS) monitors activities on individual hosts, detecting any suspicious behavior or unauthorized access attempts.
-
Intrusion Prevention Systems (IPS) not only detect intrusions, but also actively block or prevent them from occurring.
- CCMP (Counter Mode with Cipher Block Chaining Message Authentication Code Protocol) is the encryption protocol used in Wi-Fi Protected Access 2 (WPA2) to secure wireless networks.
-
Wireless Intrusion Detection Systems (WIDS) specifically focus on monitoring and securing wireless networks.
-
Wireless Intrusion Detection Systems (WIDS) specifically focus on monitoring and securing wireless networks.
-
-
Hostbased IDS and IPS
- Hostbased IDS and IPS, or Intrusion Detection Systems and Intrusion Prevention Systems, are security measures that are implemented on individual devices, such as computers or servers, to monitor and protect against unauthorized access or malicious activities. They analyze the behavior and traffic of the host device to detect and prevent potential threats.
-
Networkbased IDS and IPS
-
Network-based IDS (Intrusion Detection System) and IPS (Intrusion Prevention System) are security tools that monitor network traffic to detect and prevent unauthorized access and malicious activities.
-
LEAP (Lightweight Extensible Authentication Protocol) is a wireless security protocol used for authenticating clients on a Wi-Fi network.
-
It provides a secure method of authentication by using a username and password to verify the identity of a client device.
-
LEAP is considered to be a weak security protocol due to vulnerabilities that have been discovered over time.
-
It is recommended to use more secure authentication methods, such as WPA2 or WPA3, instead of LEAP.
-
-
PEAP
-
PEAP (Protected Extensible Authentication Protocol) is a wireless security protocol that provides secure authentication for wireless networks.
-
PEAP is based on the EAP (Extensible Authentication Protocol) framework and provides encryption of authentication credentials during the authentication process.
-
-
-
Modes of Operation
-
Modes of Operation refers to the different ways in which an Intrusion Detection System (IDS) or Intrusion Prevention System (IPS) can operate.
-
The three main modes of operation for IDS and IPS are: inline mode, promiscuous mode, and passive mode.
-
In inline mode, the IDS/IPS is placed directly in the network traffic path and actively blocks any suspicious or malicious activity.
-
In promiscuous mode, the IDS/IPS monitors network traffic but does not actively block or interfere with it.
-
The three main modes of operation for IDS and IPS are: inline mode, promiscuous mode, and passive mode.
-
In inline mode, the IDS/IPS is placed directly in the network traffic path and actively blocks any suspicious or malicious activity.
-
In promiscuous mode, the IDS/IPS monitors network traffic but does not actively block or interfere with it.
-
-
Network appliances
- Network appliances are devices used to manage and control network traffic.
-
Wireless Antenna Management
-
ANTENNA TYPES
-
-
CAPTIVE PORTALS
- Captive portals are web pages that require users to authenticate or agree to terms before accessing a network.
-
General Wi-Fi Security Procedure
-
Change the default Wi-Fi network name (SSID)
-
Set a strong Wi-Fi password
-
Enable network encryption (WPA2 or higher)
-
Disable Wi-Fi Protected Setup (WPS)
-
Turn off remote management
-
Keep Wi-Fi firmware up to date
-
Regularly check connected devices and remove unauthorized ones
-
-
-
Unified Threat Management
-
Unified Threat Management (UTM) is a network security solution that combines multiple security features into a single device or software.
-
issues
-
• Single point of failure for traffic
-
• Single point of compromise
-
• Performance issues
-
-
-
Content Distribution Networks (CDN)
-
Content Distribution Networks (CDN) are a type of network infrastructure that help deliver content, such as websites and videos, to users more efficiently.
-
CDNs work by caching content in multiple servers located in different geographic locations, allowing users to access the content from a server closer to their location.
-
By distributing content across multiple servers, CDNs reduce the load on individual servers and improve the overall performance and availability of the content.
-
CDNs also provide additional security features, such as DDoS protection and SSL encryption, to protect the content and ensure secure communication between the servers and users.
-
-
Software Defined Networking
-
Approaches to SDN
-
• Open The SDN approach championed by the Open Networking Foundation (ONF)
- The Open Networking Foundation (ONF) advocates for the use of open standards and open source software in software defined networking (SDN). This approach aims to promote interoperability, flexibility, and innovation in network infrastructure.
-
• API
- API stands for Application Programming Interface. It is a set of rules and protocols that allow different software applications to communicate with each other. In the context of Software Defined Networking (SDN), APIs are used to control and manage network resources and services.
-
• Overlays
- Overlays are an approach to Software Defined Networking (SDN) where virtual networks are created on top of the physical network infrastructure. These virtual networks provide additional security and flexibility by allowing the use of different protocols and configurations.
-
-
Software Defined Network (SDN)
-
Software Defined Networking (SDN) is an approach to network management and control that separates the network's control plane from the forwarding plane.
-
In SDN, the control plane is centralized and managed by a software application called the SDN controller, while the forwarding plane consists of network devices such as switches and routers.
-
SDN allows for more flexible and programmable network management, as network administrators can control the network's behavior through software instead of manually configuring individual devices.
-
By separating the control plane from the forwarding plane, SDN enables easier network virtualization, improves network scalability, and enhances network security.
-
-
-
Endpoints
- Endpoints are devices or applications that connect to a network, such as computers, smartphones, or servers.
-
Honeypot
-
A honeypot is a decoy system that is intentionally vulnerable to attract hackers.
-
It is designed to gather information about attackers' tactics and techniques.
-
Honeypots can help organizations identify and mitigate security threats.
-
They provide valuable insights into attackers' behavior and can be used for research purposes.
-
-
Network Access Control (NAC)
-
Network Access Control (NAC) is a security measure that regulates and manages the access of devices to a network.
-
It ensures that only authorized devices and users are allowed to connect to the network, while preventing unauthorized access.
-
NAC typically involves the use of authentication, authorization, and accounting (AAA) protocols to verify the identity and credentials of devices and users.
-
By implementing NAC, organizations can enforce security policies, control network access, and protect against potential threats and attacks.
-
-
Virtualized Networks
- Virtualized networks are networks that are created, managed, and operated using virtualization technology.
-
-
Network Encryption
-
Encryption at Different Layers
-
• End-to-end encryption happens within the applications.
-
• TLS encryption takes place at the session layer.
-
Be cautious of suspicious emails
-
Do not click on unknown links
-
Verify the sender's identity
-
Use strong and unique passwords
-
Enable two-factor authentication
-
Regularly update software and applications
-
Educate employees about phishing techniques
-
-
• PPTP encryption takes place at the data link layer.
-
• Link encryption takes place at the data link and physical layers.
-
-
E-mail Encryption Standards
-
Pretty Good Privacy PGP)
-
is considered a cryptosystem
-
It is a type of ISDN connection that provides two B-channels for voice and data transmission and one D-channel for signaling.
-
BRI ISDN is commonly used for small businesses and residential users as it offers relatively lower bandwidth compared to other ISDN implementations.
-
It is an affordable and reliable option for remote access and communication over the network.
-
-
-
Multipurpose Internet Mail Extensions (MIME)
-
Install antivirus software
-
Keep antivirus software up to date
-
Regularly scan for malware
-
Use a firewall
-
Avoid downloading files from untrusted sources
-
Be cautious of email attachments
-
-
Secure MIME (S/MIME)
-
is a standard for encrypting and digitally signing e-mail and for providing secure data transmissions.
-
provides confidentiality through encryption algorithms, integrity through hashing algorithms, authentication through the use f X.509 public key certificates, and nonrepudiation through cryptographically signed message digests
-
-
-
Internet Security
-
HTTP
-
HTTP Secure (HTTPS)
-
Transport Layer Security
-
Transport Layer Security (TLS) is a cryptographic protocol that ensures secure communication over a network. It provides encryption, authentication, and data integrity for internet communications.
-
TLS is commonly used to secure web browsing, email, instant messaging, and other internet applications. It encrypts data to prevent unauthorized access and protects against eavesdropping and tampering.
-
TLS operates at the transport layer of the internet protocol suite, providing a secure channel between a client and a server. It uses public-key cryptography to establish a secure connection and ensure the confidentiality and integrity of data transmitted over the network.
-
TLS has evolved from its predecessor, Secure Sockets Layer (SSL), and is widely adopted as the standard for secure communication on the internet. It is supported by most web browsers, servers, and other network applications.
-
Transport Layer Security (TLS) is a cryptographic protocol that ensures secure communication over a network. It provides encryption, authentication, and data integrity for internet communications.
-
TLS is commonly used to secure web browsing, email, instant messaging, and other internet applications. It encrypts data to prevent unauthorized access and protects against eavesdropping and tampering.
-
TLS operates at the transport layer of the internet protocol suite, providing a secure channel between a client and a server. It uses public-key cryptography to establish a secure connection and ensure the confidentiality and integrity of data transmitted over the network.
-
TLS has evolved from its predecessor, Secure Sockets Layer (SSL), and is widely adopted as the standard for secure communication on the internet. It is supported by most web browsers, servers, and other network applications.
-
-
Secure Sockets Layer (SSL)
-
Padding Oracle On Downgraded Legacy Encryption (POODLE)
-
Padding Oracle On Downgraded Legacy Encryption (POODLE)
-
-
Cookies
-
Secure Shell (SSH)
-
-
-
Wirelesss Network
-
Wireless Network
-
802.11g
-
802.11g is a wireless standard that operates on the 2.4 GHz frequency band.
-
It provides a maximum data transfer rate of 54 Mbps.
-
802.11g is backward compatible with the older 802.11b standard.
-
It uses OFDM modulation to improve the transmission reliability.
-
-
802.11h
- 802.11h is a wireless networking standard that operates in the 5 GHz frequency band.
-
802.11j
- 802.11j is a wireless standard that is designed to provide wireless connectivity in Japan.
-
802.11n
-
802.11n is a wireless standard that provides faster and more reliable wireless network connections compared to previous standards like 802.11a, 802.11b, and 802.11g.
-
It operates on both the 2.4 GHz and 5 GHz frequency bands, allowing for better signal coverage and reduced interference from other devices.
-
With technologies like Multiple Input Multiple Output (MIMO), 802.11n enables higher data transfer rates and improved overall network performance.
-
It is backward compatible with older wireless standards, so devices that support 802.11n can still connect to networks using older standards if needed.
-
-
802.11ac
-
802.11ac is backward compatible with 802.11a, 802.11b, 802.11g and 802.11n
-
802.11ac is a wireless networking standard that operates on the 5GHz frequency band and offers faster speeds and improved performance compared to previous standards like 802.11n.
-
1.3 Gbps
-
-
802.16
-
802.16 is a wireless standard that defines the technical specifications for broadband wireless access networks.
-
It is commonly known as WiMAX and provides high-speed internet access over long distances.
-
WiMAX operates on a wide range of frequencies and supports both point-to-point and point-to-multipoint communication.
-
It is widely used in areas where wired internet infrastructure is not available or feasible to install.
-
-
802.15.4
-
802.15.4 is a wireless standard that specifies the physical layer and media access control for low-rate wireless personal area networks (LR-WPANs).
-
The 802.15.4 standard is commonly used in applications such as home automation, industrial control, and wireless sensor networks.
-
It operates in the 2.4 GHz ISM band and provides low-power, low-data-rate communication over short distances.
-
802.15.4 supports multiple network topologies, including star, mesh, and cluster tree, making it flexible for various deployment scenarios.
-
-
-
Wireless Security
-
Wireless Antenna Management
-
Wireless Communications
-
Frequency Hopping Spread Spectrum (FHSS)
-
Direct Sequence Spread Spectrum (DSSS)
-
Orthogonal Frequency-Division Multiplexing (OFDM)
-
-
-
Network Components
-
• Repeaters
-
hub
- concentrator
-
-
• Bridges
-
functions
-
• Segments a large network into smaller, more controllable pieces.
-
• Uses filtering based on MAC addresses.
-
• Joins different types of network links while retaining the same broadcast domain.
-
• Isolates collision domains within the same broadcast domain.
-
• Bridging functionality can take place locally within a LAN or remotely to connect two distant LANs.
-
• Can translate between protocol types.
-
-
work at the data link layer
-
Forwarding Tables
-
Spanning Tree Algorithm (STA),
-
source routing
-
-
-
• Routers
-
network layer
-
Main Differences Between Bridges and Routers
- Image not available
-
-
• Switches
-
Multilayered switches
-
Layer 3 and 4 Switches
-
Layer 2 switches
-
Multiprotocol Label Switching (MPLS)
-
Virtual LANs (VLANs)
-
IEEE 802.1Q
-
tagging
-
attacks
-
VLAN hopping attacks
-
switch spoofing attack
-
double tagging attack
-
-
-
-
Gateways
-
Network Device Differences
- reference
-
-
PBXs
-
A Private Branch Exchange (PBX) is a private telephone switch that is located on a company’s property
-
Network Diagramming
-
-
Firewalls
-
demilitarized zone (DMZ)
-
use
- Firewalls are used to restrict access to one network from another network
-
types
-
• Packet filtering
-
egress filtering
-
ingress filtering
-
weaknesses of packet-filtering firewalls
-
• They cannot prevent attacks that employ application-specific vulnerabilities or functions.• They have limited logging functionality.
-
• Most packet-filtering firewalls do not support advanced user authentication schemes.
-
• Many packet-filtering firewalls cannot detect spoofed addresses.
-
• They may not be able to detect packet fragmentation attacks.
-
-
-
• Stateful
-
keeping state of a connection
-
Stateful-Inspection Firewall Characteristics
-
• Maintains a state table that tracks each and every communication session
-
• Provides a high degree of security and does not introduce the performance hit that application proxy firewalls introduce
-
• Is scalable and transparent to users
-
• Provides data for tracking connectionless protocols such as UDP and ICMP
-
• Stores and updates the state and context of the data within the packets
-
-
-
• Proxy
-
circuit-level proxy
-
SOCKS
-
Characteristics
-
• They do not require a proxy for each and every protocol.
-
• They do not provide the deep-inspection capabilities of an application-level proxy firewall.
-
• They provide security for a wider range of protocols.
-
-
-
Application-level proxies
-
Characteristics
-
• Each protocol that is to be monitored must have a unique proxy.
-
• They provide more protection than circuit-level proxy firewalls.
-
• They require more processing per packet and thus are slower than circuit-level proxy firewalls.
-
-
-
-
• Dynamic packet filtering
-
ACLs
-
it gives you the option of allowing any type of traffic outbound and permitting only response traffic inbound.
-
-
• Kernel proxy
-
a fifth-generation firewall
-
.faster than application-level proxy firewalls because all of the inspection and processing takes place in the kernel and does not need to be passed up to a higher software layer in the operating system.
-
-
Next-Generation Firewalls(NGFW)
-
Compare
- Reference
-
-
three main firewall architectures
-
• Screened host
- • An external router filters (screens) traffic before it enters the subnet. Traffic headed toward the internal network then goes through two firewalls.
-
• Multihome/Dual-Homed
-
• A single computer with separate NICs connected to each network.
-
• Used to divide an internal trusted network from an external untrusted network.
-
• Must disable a computer’s forwarding and routing functionality so the two networks are truly segregated.
-
-
• Screened subnet
- • A router filters (screens) traffic before it is passed to the firewall.
-
-
Fragmentation Attacks
-
• IP fragmentation
-
• Teardrop attack
-
• Overlapping fragment attack
-
-
common firewall rules
-
• Silent rule
-
• Stealth rule
-
• Cleanup rule
-
• Negate rule
-
-
-
Proxy Servers
-
forwarding proxy
- A forwarding proxy is a server that acts as an intermediary between a client and a server. It receives requests from clients and forwards them to the appropriate server.
-
open proxy
- An open proxy is a type of proxy server that allows anyone to connect and use it without any authentication.
-
reverse proxy
- A reverse proxy is a server that sits between client devices and a web server. It receives client requests and forwards them to the appropriate server. It can help improve security by protecting the web server from direct contact with clients.
-
-
IDS
and IPS-
types of ids systems
-
Intrusion Detection Systems (IDS) are designed to detect and monitor malicious activities within a network.
-
Network-based IDS (NIDS) analyzes network traffic, looking for patterns and signatures of known attacks.
-
Host-based IDS (HIDS) monitors activities on individual hosts, detecting any suspicious behavior or unauthorized access attempts.
-
Intrusion Prevention Systems (IPS) not only detect intrusions, but also actively block or prevent them from occurring.
-
Wireless Intrusion Detection Systems (WIDS) specifically focus on monitoring and securing wireless networks.
-
-
Hostbased IDS and IPS
- Hostbased IDS and IPS, or Intrusion Detection Systems and Intrusion Prevention Systems, are security measures that are implemented on individual devices, such as computers or servers, to monitor and protect against unauthorized access or malicious activities. They analyze the behavior and traffic of the host device to detect and prevent potential threats.
-
Networkbased IDS and IPS
- Network-based IDS (Intrusion Detection System) and IPS (Intrusion Prevention System) are security tools that monitor network traffic to detect and prevent unauthorized access and malicious activities.
-
Modes of Operation
-
Modes of Operation refers to the different ways in which an Intrusion Detection System (IDS) or Intrusion Prevention System (IPS) can operate.
-
The three main modes of operation for IDS and IPS are: inline mode, promiscuous mode, and passive mode.
-
In inline mode, the IDS/IPS is placed directly in the network traffic path and actively blocks any suspicious or malicious activity.
-
In promiscuous mode, the IDS/IPS monitors network traffic but does not actively block or interfere with it.
-
-
Network appliances
- Network appliances are devices used to manage and control network traffic.
-
-
Unified Threat Management
-
Unified Threat Management (UTM) is a network security solution that combines multiple security features into a single device or software.
-
issues
-
• Single point of failure for traffic
-
• Single point of compromise
-
• Performance issues
-
-
-
Content Distribution Networks (CDN)
-
Content Distribution Networks (CDN) are a type of network infrastructure that help deliver content, such as websites and videos, to users more efficiently.
-
CDNs work by caching content in multiple servers located in different geographic locations, allowing users to access the content from a server closer to their location.
-
By distributing content across multiple servers, CDNs reduce the load on individual servers and improve the overall performance and availability of the content.
-
CDNs also provide additional security features, such as DDoS protection and SSL encryption, to protect the content and ensure secure communication between the servers and users.
-
-
Software Defined Networking (SDN)
-
Approaches to SDN
-
• Open The SDN approach championed by the Open Networking Foundation (ONF)
- The Open Networking Foundation (ONF) advocates for the use of open standards and open source software in software defined networking (SDN). This approach aims to promote interoperability, flexibility, and innovation in network infrastructure.
-
• API
- API stands for Application Programming Interface. It is a set of rules and protocols that allow different software applications to communicate with each other. In the context of Software Defined Networking (SDN), APIs are used to control and manage network resources and services.
-
• Overlays
- Overlays are an approach to Software Defined Networking (SDN) where virtual networks are created on top of the physical network infrastructure. These virtual networks provide additional security and flexibility by allowing the use of different protocols and configurations.
-
-
Software Defined Network (SDN)
-
Software Defined Networking (SDN) is an approach to network management and control that separates the network's control plane from the forwarding plane.
-
In SDN, the control plane is centralized and managed by a software application called the SDN controller, while the forwarding plane consists of network devices such as switches and routers.
-
SDN allows for more flexible and programmable network management, as network administrators can control the network's behavior through software instead of manually configuring individual devices.
-
By separating the control plane from the forwarding plane, SDN enables easier network virtualization, improves network scalability, and enhances network security.
-
-
-
Endpoints
- Endpoints are devices or applications that connect to a network, such as computers, smartphones, or servers.
-
Honeypot
-
A honeypot is a decoy system that is intentionally vulnerable to attract hackers.
-
It is designed to gather information about attackers' tactics and techniques.
-
Honeypots can help organizations identify and mitigate security threats.
-
They provide valuable insights into attackers' behavior and can be used for research purposes.
-
-
Network Access Control (NAC)
-
Network Access Control (NAC) is a security measure that regulates and manages the access of devices to a network.
-
It ensures that only authorized devices and users are allowed to connect to the network, while preventing unauthorized access.
-
NAC typically involves the use of authentication, authorization, and accounting (AAA) protocols to verify the identity and credentials of devices and users.
-
By implementing NAC, organizations can enforce security policies, control network access, and protect against potential threats and attacks.
-
-
Virtualized Networks
- Virtualized networks are networks that are created, managed, and operated using virtualization technology.
-
-
Network Attacks
-
Phishing Attacks
-
Types
-
Email Phishing
- Email phishing is a type of phishing attack that involves sending fraudulent emails to deceive recipients into revealing sensitive information such as passwords, credit card numbers, or social security numbers.
-
Spear Phishing
- Spear phishing is a targeted form of phishing attack that focuses on specific individuals or organizations.
-
Whaling
- Whaling is a type of phishing attack that specifically targets high-level executives or important individuals within an organization.
-
Vishing
- Vishing is a type of phishing attack that involves voice communication.
-
Smishing
- Smishing is a type of phishing attack that involves using SMS messages to trick victims into revealing sensitive information or downloading malicious software.
-
Social Media Phishing
- Social media phishing is a type of network attack where attackers trick users into revealing sensitive information or performing malicious actions on social media platforms.
-
Watering Hole Attacks
- Watering hole attacks are a type of network attack where the attacker compromises a website that the target frequently visits, with the goal of infecting their computer with malware. The attacker then waits for the target to visit the compromised website, unknowingly downloading the malware onto their system.
-
-
Countermeasure
-
Be cautious of suspicious emails
-
Do not click on unknown links
-
Verify the sender's identity
-
Use strong and unique passwords
-
Enable two-factor authentication
-
Regularly update software and applications
-
Educate employees about phishing techniques
-
-
-
Malware Attacks
-
Types
-
Viruses
- Viruses are a type of malware that can infect computers and other devices. They are designed to replicate and spread, often causing damage to files and system functionality.
-
Worms
- Worms are a type of malware that can replicate itself and spread across a network without any user interaction.
-
Trojans
- Trojans are a type of malware that disguises itself as legitimate software or files, tricking users into downloading or executing them. Once activated, Trojans can perform various malicious activities such as stealing sensitive information, installing backdoors, or causing system damage.
-
Ransomware
- Ransomware is a type of malware that encrypts the victim's files and demands a ransom to decrypt them.
-
Spyware
- Spyware is a type of malware that is designed to secretly gather information from a computer or device.
-
Adware
- Adware is a type of malware that is designed to display unwanted advertisements on a user's device. It can be installed without the user's knowledge and can affect the performance of the device.
-
Rootkits
- Rootkits are a type of malicious software that allows unauthorized access to a computer system or network. They are often used to hide other malware or provide persistent control over the infected system.
-
-
Countermeasure
-
Install antivirus software
-
Keep antivirus software up to date
-
Regularly scan for malware
-
Use a firewall
-
Avoid downloading files from untrusted sources
-
Be cautious of email attachments
-
-
-
Denial of Service (DoS) Attacks
-
Types
-
Teardrop Attack
- is a denial of service (DoS) attack that involves flooding a network with fragmented packets sent to a target device. Since the machine receiving such packets cannot
reassemble them due to a bug in TCP/IP fragmentation reassembly, the packets overlap, crashing the target network device.
- is a denial of service (DoS) attack that involves flooding a network with fragmented packets sent to a target device. Since the machine receiving such packets cannot
-
Fraggle Attack
- is a denial of service (DoS) attack that involves sending a large amount of spoofed UDP traffic to a router's broadcast address within a network. It is very similar to a Smurf Attack , which uses spoofed ICMP traffic using a 3rd party network rather than UDP traffic to achieve the same goal.
-
Land Attack
- is a Layer 4 Denial of Service (DoS) attack in which, the attacker sets the source and destination information of a TCP segment to be the same. A vulnerable machine will crash or freeze due to the packet being repeatedly processed by the TCP stack
-
Flooding Attacks
- Flooding attacks are a type of denial of service (DoS) attack where the attacker overwhelms a system or network with excessive traffic or requests.
-
TCP/IP Attacks
- TCP/IP Attacks involve exploiting vulnerabilities in the TCP/IP protocol suite, which is used for communication over the internet.
-
Distributed Denial of Service (DDoS) Attacks
- DDoS attacks are a type of network attack where multiple compromised computers are used to flood a target system or network with a massive amount of traffic, rendering it inaccessible to legitimate users.
-
Application Layer Attacks
- Application layer attacks target vulnerabilities in the application layer of the network stack. They exploit weaknesses in the protocols and services used by applications to communicate.
-
Volume-Based Attacks
- Volume-based attacks are a type of denial of service (DoS) attack that flood a network or system with a high volume of traffic, overwhelming its capacity to function properly.
-
Protocol Attacks
- Protocol attacks are a type of denial of service (DoS) attack that target vulnerabilities within network protocols.
-
Resource Exhaustion Attacks
- Resource Exhaustion Attacks refer to a type of Denial of Service (DoS) attack where the attacker overwhelms a target system with a high volume of requests or consumes all its resources, causing it to become unresponsive or crash.
-
-
Countermeasure
-
Increase Network Bandwidth
-
Implement Traffic Shaping
-
Filter Traffic
-
Implement Intrusion Detection/Prevention Systems (IDS/IPS)
-
Configure Firewalls
-
Distribute Network Resources
-
Implement Rate Limiting
-
-
-
Man-in-the-Middle (MitM) Attacks
-
Types
-
IP Spoofing
- IP spoofing is a type of network attack where an attacker disguises their IP address to make it appear as if it is coming from a trusted source.
-
ARP Poisoning
- ARP Poisoning is a type of Man-in-the-Middle attack where an attacker sends falsified Address Resolution Protocol (ARP) messages over a local area network.
-
DNS Spoofing
- DNS spoofing is a type of man-in-the-middle attack that manipulates the DNS resolution process to redirect users to malicious websites.
-
HTTPS Spoofing
-
HTTPS Spoofing is a type of Man-in-the-Middle (MitM) attack.
-
In HTTPS Spoofing, an attacker intercepts the communication between a user and a website.
-
The attacker then poses as the legitimate website to the user, making them believe they are interacting with the real website.
-
This can lead to the user unknowingly sharing sensitive information with the attacker.
-
-
Session Hijacking
- Session hijacking is a type of man-in-the-middle attack where an attacker intercepts and steals a user's session ID to gain unauthorized access to a system or network.
-
SSL Stripping
- SSL Stripping is a type of Man-in-the-Middle (MitM) attack where the attacker intercepts the communication between a user and a website, and downgrades the secure HTTPS connection to an unsecured HTTP connection.
-
Wi-Fi Eavesdropping
-
Wi-Fi Eavesdropping refers to the unauthorized interception of wireless network traffic.
-
Attackers can use specialized tools to capture and analyze data transmitted over Wi-Fi networks.
-
By eavesdropping on Wi-Fi communications, attackers can gain access to sensitive information such as login credentials, financial data, and personal information.
-
To counter Wi-Fi eavesdropping, it is important to use strong encryption protocols, such as WPA2, and avoid connecting to unsecured or public Wi-Fi networks.
-
-
-
Man-in-the-Middle (MitM) Countermeasure
-
Implementing strong encryption protocols
-
Using digital certificates and certificate authorities
-
Implementing secure authentication mechanisms
-
Monitoring network traffic for suspicious activities
-
Educating users about phishing and social engineering techniques
-
Regularly updating software and security patches
-
Implementing network segmentation to isolate critical systems
-
-
-
Password Attacks
-
Types
-
Brute Force Attacks
- Brute force attacks are a type of password attack where an attacker attempts to guess a password by systematically trying all possible combinations until the correct one is found.
-
Dictionary Attacks
- Dictionary attacks are a type of password attack where an attacker uses a pre-generated list of commonly used passwords to try and gain unauthorized access to a system or account.
-
Rainbow Table Attacks
-
Rainbow table attacks are a type of password attack.
-
In rainbow table attacks, precomputed tables are used to crack hashed passwords.
-
These precomputed tables contain a list of possible plaintext-password pairs.
-
By comparing the hash of a password with the entries in the rainbow table, the attacker can quickly find the original password.
-
-
Keylogging
- Keylogging is a type of password attack where a malicious program records every keystroke made by a user.
-
Shoulder Surfing
- Shoulder surfing is a type of password attack where an attacker looks over the victim's shoulder to gain access to their password.
-
Password Spraying
- Password spraying is a type of password attack where an attacker tries a small number of commonly used passwords against multiple user accounts.
-
-
Countermeasure
- implementing multi-factor authentication, using strong and unique passwords, and regularly updating passwords.
-
-
Wireless Attacks
-
Types
-
WEP Cracking
-
WPA/WPA2 Cracking
-
Evil Twin Attacks
-
Rogue Access Points
-
Packet Sniffing
-
Deauthentication Attacks
-
Bluejacking
-
-
Countermeasure
- security measures implemented to prevent or mitigate the risks associated with attacks on wireless networks.
-
-
Eavesdropping
-
simply listening to communication traffic
for the purpose of duplicating it and/or
extracting confidential information.- difficult
to detect because it’s a passive attack
- difficult
-
COUNTERMEASURES:
maintain physical access security, encryption in
transit ( Ipsec , SSH, TLS), one time authentication methods (pads, tokens)
-
-
Impersonation / Masquerading
-
usually implies that authentication
credentials have been stolen or falsified in
order to bypass authentication mechanisms. -
COUNTERMEASURES:
one time pads, token authentication systems
e.g. Kerberos), encrypt traffic, employee awareness training.
-
-
DNS attacks
-
Types
-
DNS poisoning
- attacker alters the domain name to IP address mappings in a DNS system may redirect traffic to a rogue system OR
perform denial of service against system.
- attacker alters the domain name to IP address mappings in a DNS system may redirect traffic to a rogue system OR
-
DNS spoofing
- attacker sends false replies to a
requesting system, beating the real
reply from the valid DNS server.
- attacker sends false replies to a
-
Typo squat
-
Homograph Attack
- leverages similarities in character
sets to register phony international
domain names (IDNs) that appear
legitimate to the naked eye.
- leverages similarities in character
-
DNS Pharming:
-
-
Countermeasure client-side: modern browsers that use punycode
server-side: policies implemented by ICANN
-
-
Drive-by Download
- A drive-by download occurs when a user visits a website that is hosting malicious code and automatically gets infected.
-
-
Transmission Media
-
Types of Transmission
-
signal
-
Analog
- Analog signal is a continuous wave that represents information by varying its amplitude or frequency.
-
Digital
-
A digital signal is a representation of information using binary numbers (0s and 1s). It is a discrete signal that can be easily transmitted and processed by computers and other digital devices.
-
Bandwidth
-
-
-
types
-
Asynchronous
-
In communication systems, asynchronous transmission refers to a method of data transfer where each data unit is sent separately and is not synchronized with a clock signal. This allows for more flexibility in timing and is commonly used in applications like email and file transfer.
-
• No timing component
-
• Surrounds each byte with processing bits
-
• Parity bit used for error control
-
• Each byte requires three bits of instruction (start, stop,parity)
-
-
Synchronous
-
Synchronous transmission is a method of communication where data is sent in a continuous stream.
-
• Timing component for data transmission synchronization
-
• Robust error checking, commonly through cyclic redundancy checking (CRC)
-
• Used for high-speed, high-volume transmissions
-
• Minimal overhead compared to asynchronous communication
-
-
synchronousvs asynchronous
- Synchronous transmission is a mode of communication where data is sent in a continuous stream, synchronized with a clock signal. Asynchronous transmission, on the other hand, is a mode of communication where data is sent in individual packets, with each packet containing a start and stop bit.
-
-
transmission
-
Baseband
- Baseband is a type of transmission where the entire bandwidth of the medium is used to transmit a single signal.
-
Broadband
-
divides the communication channel into individual and independent subchannels so that different types of data can be transmitted simultaneously.
-
Broadband refers to high-speed internet access that is capable of transmitting large amounts of data at high speeds.
-
-
basebandvs broadband
- Baseband transmission refers to the transmission of digital signals over a single channel, while broadband transmission refers to the transmission of multiple signals over multiple channels simultaneously.
-
-
Cabling
-
Coaxial Cable
- Coaxial cable is a type of transmission media used in networking and telecommunications.
-
Twisted-Pair Cable
-
shielded twisted pair (STP)
-
STP is a type of cabling used in network communications.
-
It consists of pairs of twisted copper wires with a shielding layer around them.
-
The shielding provides better protection against electromagnetic interference.
-
-
unshielded twisted pair (UTP)
-
UTP Cable Ratings
-
UTP cable ratings refer to the performance standards for unshielded twisted pair cables. These ratings determine the maximum bandwidth and signal quality that the cable can support.
-
Cable Category
-
-
-
-
Fiber-Optic Cable
-
backbone
- A backbone is a high-capacity communication link that forms the main pathway of a network. It is responsible for carrying large amounts of data across long distances.
-
Fiber Components
-
Light sources
-
• Light-emitting diodes (LEDs)
-
• Diode lasers
-
-
Optical fiber cable
-
• Single mode
-
• Multimode
-
-
Light detector
-
-
-
Cabling Problems
-
Noise
-
Attenuation
-
Crosstalk
-
-
-
-
Internet Control Message Protocol(ICMP)
-
ICMP is a network protocol used by network devices to send error messages and operational information about the network.
-
It is commonly used for troubleshooting network issues, such as identifying unreachable hosts or network congestion.
-
ICMP messages are encapsulated within IP packets and are sent between devices to ensure proper communication and network health.
-
Some common ICMP message types include echo request/reply (ping), destination unreachable, time exceeded, and parameter problem.
-
Attacks Using ICMP
-
-
Simple Network Management Protocol (SNMP)
-
Management Information Base (MIB).
-
The Management Information Base (MIB) is a database that stores information about the devices and entities in a network.
-
An MIB is a logical grouping of managed objects that contain data used for specific management tasks and status checks.
-
-
SNMP v3
-
SNMP v3 is the third version of the Simple Network Management Protocol (SNMP), which is a protocol used for managing and monitoring network devices. It provides increased security features compared to previous versions, including authentication and encryption.
-
implemented for more granular protection
-
-
ports (161 and 162)
-
-
Domain Name Service
-
Internet DNS and Domains
- Internet DNS (Domain Name System) is a service that translates domain names into IP addresses, allowing users to access websites using easy-to-remember names instead of numeric IP addresses. Domains are the unique names that identify websites on the internet.
-
DNS Threats
-
DNS threats refer to various vulnerabilities and attacks that can compromise the security and integrity of the Domain Name System (DNS). These threats include DNS spoofing, DNS cache poisoning, DNS hijacking, and DDoS attacks targeting DNS servers. It is important to implement proper security measures to protect against these threats and ensure the reliable functioning of DNS.
-
DNS Splitting
- DNS Splitting is a type of DNS threat where an attacker manipulates the DNS responses to direct users to malicious websites or servers.
-
-
Security
-
DNSSEC
-
DNSSEC (Domain Name System Security Extensions) is a technology that adds an additional layer of security to the DNS protocol.
-
It provides authentication and data integrity for DNS responses, preventing DNS spoofing and DNS cache poisoning attacks.
-
DNSSEC uses digital signatures to verify the authenticity of DNS data, ensuring that users are connecting to the intended website.
-
By validating DNS responses, DNSSEC helps to protect against DNS-based attacks and enhances the overall security of the communication and network infrastructure.
-
-
-
-
E-mail Services
-
Simple Mail Transfer Protocol(SMTP)
-
SMTP is a protocol used for sending email messages between servers.
-
It is responsible for the transmission of email from the sender's mail server to the recipient's mail server.
-
SMTP operates on the application layer of the TCP/IP protocol stack.
-
It uses a set of commands and responses to facilitate the transfer of email.
-
-
Post Office Protocol (POP)
-
Post Office Protocol (POP) is a protocol used by email clients to retrieve emails from a mail server.
-
It allows users to download their emails to their local devices and manage them offline.
-
POP works by connecting to the mail server and authenticating the user's credentials.
-
Once authenticated, POP retrieves the emails from the server and stores them locally.
-
Simple Authentication and Security Layer (SASL)
-
-
Internet Message Access Protocol (IMAP)
- IMAP is an email protocol that allows users to access their email on a remote mail server. It enables users to view and manage their email messages without downloading them to their local device.
-
E-mail Relaying
- E-mail relaying is the process of transferring an email message from one mail server to another. It allows email to be sent across different networks and domains.
-
E-mail Threats
-
E-mail spoofing
-
E-mail spoofing refers to the practice of sending emails with a forged sender address, making it appear as if the email came from a different source. This is done to deceive the recipient and gain their trust for malicious purposes.
-
Protection
-
In 2012, SPF and DKIM were brought together to define the Domain-based Message Authentication, Reporting and Conformance (DMARC) system.
-
Sender Policy Framework (SPF),
-
DomainKeys Identified Mail (DKIM)
-
-
-
Spamming
- Spamming refers to the act of sending unsolicited and unwanted messages, often in bulk, to a large number of recipients. These messages are typically commercial in nature and can be annoying and disruptive to the recipients.
-
Phishing
-
whaling attack
-
spear phishing
-
-
-
-
Network Address Translation
-
private IP address ranges
-
• 10.0.0.0–10.255.255.255 Class A networks
-
• 172.16.0.0–172.31.255.255 Class B networks
-
• 192.168.0.0–192.168.255.255 Class C networks
-
-
Three basic types of NAT
-
• Static mapping
- Static mapping is a type of Network Address Translation (NAT) where a specific private IP address is permanently assigned to a specific public IP address. This allows for consistent communication between the private and public network.
-
• Dynamic mapping
- Dynamic mapping is a type of Network Address Translation (NAT) that allows multiple devices on a private network to share a single public IP address. This type of NAT assigns a unique port number to each device, allowing them to communicate with external networks.
-
• Port address translation (PAT)
- Port address translation (PAT) is a type of Network Address Translation (NAT) where multiple private IP addresses are mapped to a single public IP address by using different port numbers.
-
-
-
Routing Protocols
-
autonomous systems (ASs).
-
Interior Gateway Protocol (IGP)
- Interior Gateway Protocol (IGP) is a type of routing protocol used within an autonomous system (AS) to exchange routing information between routers.
-
Dynamic vs. Static
-
A dynamic routing protocol can discover routes and build a routing table
-
A static routing protocol requires the administrator to manually configure the router’s routing table.
-
-
Route flapping
-
refers to the constant changes in the availability of routes.
-
Route flapping refers to the rapid and frequent changes in the availability of a network route.
-
It can occur due to various factors such as network congestion, hardware failures, or misconfigurations.
-
Route flapping can lead to instability and poor performance in a network, as it causes excessive updates and recalculations of routing tables.
-
To mitigate route flapping, network administrators can implement route dampening techniques or use more stable routing protocols.
-
-
Distance-Vector vs. Link-State
- Distance-Vector routing protocols determine the best path to a destination based on the number of hops (or distance) between routers. Link-State routing protocols, on the other hand, take into account the entire network topology to determine the best path based on factors such as bandwidth, delay, and reliability.
-
Interior Routing Protocols/Interior Gateway Protocols
-
• Routing Information Protocol(RIP)
-
• Open Shortest Path First(OSPF)
-
• Interior Gateway Routing Protocol(IGRP)
-
• Enhanced Interior Gateway Routing Protocol(EIGRP)
-
• Virtual Router Redundancy Protocol(VRRP)
-
• Virtual Router Redundancy Protocol(IS-IS)
-
-
Exterior Routing Protocols
-
Exterior routing protocols are used to exchange routing information between different autonomous systems (AS) in a network.
-
exterior gateway protocols (EGPs)
-
Border Gateway Protocol (BGP)
-
-
Routing Protocol Attacks
-
DoS
-
Wormhole Attack
-
-
-
-
Remote Access
-
Dial-up Connections
-
security measures
-
• Configure the remote access server to call back the initiating phone number to ensure it is a valid and approved number.
- Email phishing is a type of phishing attack that involves sending fraudulent emails to deceive recipients into revealing sensitive information such as passwords, credit card numbers, or social security numbers.
-
• Disable or remove modems if not in use.
- Spear phishing is a targeted form of phishing attack that focuses on specific individuals or organizations.
-
• Consolidate all modems into one location and manage them centrally, if possible.
- Whaling is a type of phishing attack that specifically targets high-level executives or important individuals within an organization.
-
• Implement use of two-factor authentication, VPNs, and personal firewalls for remote access connections.
- Vishing is a type of phishing attack that involves voice communication.
-
Smishing
- Smishing is a type of phishing attack that involves using SMS messages to trick victims into revealing sensitive information or downloading malicious software.
-
Social Media Phishing
- Social media phishing is a type of network attack where attackers trick users into revealing sensitive information or performing malicious actions on social media platforms.
-
Watering Hole Attacks
- Watering hole attacks are a type of network attack where the attacker compromises a website that the target frequently visits, with the goal of infecting their computer with malware. The attacker then waits for the target to visit the compromised website, unknowingly downloading the malware onto their system.
-
-
Countermeasure
-
Be cautious of suspicious emails
-
Do not click on unknown links
-
Verify the sender's identity
-
Use strong and unique passwords
-
Enable two-factor authentication
-
Regularly update software and applications
-
Educate employees about phishing techniques
-
-
-
Integrated Services Digital Network (ISDN)
-
Three ISDN implementations
-
• Basic Rate Interface (BRI)ISDN
-
Basic Rate Interface (BRI)ISDN is one of the three implementations of Integrated Services Digital Network (ISDN).
-
It is a type of ISDN connection that provides two B-channels for voice and data transmission and one D-channel for signaling.
-
BRI ISDN is commonly used for small businesses and residential users as it offers relatively lower bandwidth compared to other ISDN implementations.
-
It is an affordable and reliable option for remote access and communication over the network.
-
It is a type of ISDN connection that provides two B-channels for voice and data transmission and one D-channel for signaling.
-
BRI ISDN is commonly used for small businesses and residential users as it offers relatively lower bandwidth compared to other ISDN implementations.
-
It is an affordable and reliable option for remote access and communication over the network.
-
-
• Primary Rate Interface (PRI) ISDN
- Primary Rate Interface (PRI) ISDN is one of the three implementations of Integrated Services Digital Network (ISDN).
-
• Broadband ISDN (BISDN)
-
Broadband ISDN (BISDN) is one of the three implementations of Integrated Services Digital Network (ISDN).
-
BISDN provides high-speed transmission of voice, data, and video over a single network.
-
It offers faster data transfer rates and greater bandwidth compared to other ISDN implementations.
-
BISDN provides high-speed transmission of voice, data, and video over a single network.
-
It offers faster data transfer rates and greater bandwidth compared to other ISDN implementations.
-
-
Ransomware
- Ransomware is a type of malware that encrypts the victim's files and demands a ransom to decrypt them.
-
Spyware
- Spyware is a type of malware that is designed to secretly gather information from a computer or device.
-
Adware
- Adware is a type of malware that is designed to display unwanted advertisements on a user's device. It can be installed without the user's knowledge and can affect the performance of the device.
-
Rootkits
- Rootkits are a type of malicious software that allows unauthorized access to a computer system or network. They are often used to hide other malware or provide persistent control over the infected system.
-
-
Countermeasure
-
Install antivirus software
-
Keep antivirus software up to date
-
Regularly scan for malware
-
Use a firewall
-
Avoid downloading files from untrusted sources
-
Be cautious of email attachments
-
-
-
DSL
-
• Symmetric DSL (SDSL)
-
Land Attack
- is a Layer 4 Denial of Service (DoS) attack in which, the attacker sets the source and destination information of a TCP segment to be the same. A vulnerable machine will crash or freeze due to the packet being repeatedly processed by the TCP stack
-
Flooding Attacks
- Flooding attacks are a type of denial of service (DoS) attack where the attacker overwhelms a system or network with excessive traffic or requests.
-
TCP/IP Attacks
- TCP/IP Attacks involve exploiting vulnerabilities in the TCP/IP protocol suite, which is used for communication over the internet.
-
Distributed Denial of Service (DDoS) Attacks
- DDoS attacks are a type of network attack where multiple compromised computers are used to flood a target system or network with a massive amount of traffic, rendering it inaccessible to legitimate users.
-
Application Layer Attacks
- Application layer attacks target vulnerabilities in the application layer of the network stack. They exploit weaknesses in the protocols and services used by applications to communicate.
-
Volume-Based Attacks
- Volume-based attacks are a type of denial of service (DoS) attack that flood a network or system with a high volume of traffic, overwhelming its capacity to function properly.
-
Protocol Attacks
- Protocol attacks are a type of denial of service (DoS) attack that target vulnerabilities within network protocols.
-
Resource Exhaustion Attacks
- Resource Exhaustion Attacks refer to a type of Denial of Service (DoS) attack where the attacker overwhelms a target system with a high volume of requests or consumes all its resources, causing it to become unresponsive or crash.
-
-
• Asymmetric DSL (ADSL)
-
Increase Network Bandwidth
-
Implement Traffic Shaping
-
Filter Traffic
-
Implement Intrusion Detection/Prevention Systems (IDS/IPS)
-
Configure Firewalls
-
Distribute Network Resources
-
Implement Rate Limiting
-
-
• High-bit-rate DSL (HDSL)
-
• Very High-Data-Rate Digital Subscriber Line (VDSL)
-
• Rate-Adaptive Digital Subscriber Line (RADSL)
-
-
Cable Modems
-
Data-Over-Cable Service Interface Specifications (DOCSIS)
-
IP Spoofing
- IP spoofing is a type of network attack where an attacker disguises their IP address to make it appear as if it is coming from a trusted source.
-
ARP Poisoning
- ARP Poisoning is a type of Man-in-the-Middle attack where an attacker sends falsified Address Resolution Protocol (ARP) messages over a local area network.
-
DNS Spoofing
- DNS spoofing is a type of man-in-the-middle attack that manipulates the DNS resolution process to redirect users to malicious websites.
-
HTTPS Spoofing
-
HTTPS Spoofing is a type of Man-in-the-Middle (MitM) attack.
-
In HTTPS Spoofing, an attacker intercepts the communication between a user and a website.
-
The attacker then poses as the legitimate website to the user, making them believe they are interacting with the real website.
-
This can lead to the user unknowingly sharing sensitive information with the attacker.
-
-
Session Hijacking
- Session hijacking is a type of man-in-the-middle attack where an attacker intercepts and steals a user's session ID to gain unauthorized access to a system or network.
-
SSL Stripping
- SSL Stripping is a type of Man-in-the-Middle (MitM) attack where the attacker intercepts the communication between a user and a website, and downgrades the secure HTTPS connection to an unsecured HTTP connection.
-
Wi-Fi Eavesdropping
-
Wi-Fi Eavesdropping refers to the unauthorized interception of wireless network traffic.
-
Attackers can use specialized tools to capture and analyze data transmitted over Wi-Fi networks.
-
By eavesdropping on Wi-Fi communications, attackers can gain access to sensitive information such as login credentials, financial data, and personal information.
-
To counter Wi-Fi eavesdropping, it is important to use strong encryption protocols, such as WPA2, and avoid connecting to unsecured or public Wi-Fi networks.
-
-
-
-
VPN
-
Point-To-Point Tunneling Protocol
-
Generic Routing Encapsulation (GRE)
-
Generic Routing Encapsulation (GRE) is a protocol used to encapsulate and transport different network protocols over an IP network.
-
GRE provides a virtual point-to-point connection between two network nodes, allowing them to communicate securely.
-
It adds an additional header to the original packet, which contains routing information and allows the packet to be forwarded across different network segments.
-
GRE is often used in combination with other protocols, such as VPN, to create secure and private communication channels over public networks.
-
GRE provides a virtual point-to-point connection between two network nodes, allowing them to communicate securely.
-
It adds an additional header to the original packet, which contains routing information and allows the packet to be forwarded across different network segments.
-
GRE is often used in combination with other protocols, such as VPN, to create secure and private communication channels over public networks.
-
-
PAP, CHAP, MS-CHAP, or EAP-TLS
-
PAP (Password Authentication Protocol) is a simple authentication protocol that uses a password for authentication.
-
CHAP (Challenge Handshake Authentication Protocol) is a more secure authentication protocol that uses a challenge-response mechanism.
-
MS-CHAP (Microsoft Challenge Handshake Authentication Protocol) is a Microsoft version of CHAP that provides stronger security features.
-
EAP-TLS (Extensible Authentication Protocol-Transport Layer Security) is an authentication protocol that uses digital certificates for secure authentication.
-
CHAP (Challenge Handshake Authentication Protocol) is a more secure authentication protocol that uses a challenge-response mechanism.
-
MS-CHAP (Microsoft Challenge Handshake Authentication Protocol) is a Microsoft version of CHAP that provides stronger security features.
-
EAP-TLS (Extensible Authentication Protocol-Transport Layer Security) is an authentication protocol that uses digital certificates for secure authentication.
-
-
Microsoft Point-to-Point Encryption (MPPE)
-
MPPE is a security protocol used in Virtual Private Networks (VPN) to encrypt data transmitted between two points.
-
It provides a secure communication channel by encrypting the data packets using the encryption keys generated by the VPN server and client.
-
MPPE ensures that the transmitted data is protected from unauthorized access and maintains the confidentiality and integrity of the communication.
-
It is commonly used in Microsoft Windows operating systems for establishing secure remote access connections.
-
-
Keylogging
- Keylogging is a type of password attack where a malicious program records every keystroke made by a user.
-
Shoulder Surfing
- Shoulder surfing is a type of password attack where an attacker looks over the victim's shoulder to gain access to their password.
-
Password Spraying
- Password spraying is a type of password attack where an attacker tries a small number of commonly used passwords against multiple user accounts.
-
-
Layer 2 Tunneling Protocol
- Layer 2 Tunneling Protocol (L2TP) is a protocol that allows the creation of virtual private networks (VPNs).
-
Internet Protocol Security
-
• Authentication Header (AH)
-
The Authentication Header (AH) is a protocol used in Internet Protocol Security (IPsec) to provide authentication and integrity for IP packets.
-
AH adds a header to the IP packet, which includes a hash of the packet's contents, ensuring that the packet has not been modified in transit.
-
AH also includes a sequence number to prevent replay attacks, where an attacker resends a captured packet.
-
By verifying the AH header, the recipient can trust the authenticity and integrity of the IP packet.
-
Provides data integrity, data-origin authentication, and protection from replay attacks
-
-
• Encapsulating Security Payload (ESP)
-
Provides confidentiality, data-origin authentication,and data integrity
-
Internet Protocol Security (IPsec) is a protocol suite used to secure Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session.
-
-
Internet Security Association and Key Management Protocol (ISAKMP)
-
ISAKMP is a protocol used for establishing and managing security associations (SAs) and cryptographic keys in an Internet Protocol Security (IPsec) environment.
-
It provides a framework for secure key exchange, authentication, and negotiation of security parameters between two entities on a network.
-
ISAKMP operates at the network layer and is independent of the encryption algorithms used.
-
-
• Internet Key Exchange (IKE)
-
Provides authenticated keying material for use with ISAKMP
-
Internet Key Exchange (IKE) is a protocol used in IPsec VPNs to establish and manage security associations between devices.
-
It is responsible for negotiating the encryption and authentication algorithms to be used during the IPsec communication.
-
IKE provides a secure way to exchange cryptographic keys and ensures the integrity and confidentiality of the communication.
-
-
-
-
Authentication Protocols
-
Password Authentication Protocol (PAP)
-
PAP is an authentication protocol used in remote access scenarios.
-
It is a simple protocol that transmits passwords in clear text.
-
Due to its lack of security, PAP is not recommended for use in most environments.
-
man-in-the-middle
-
vulnerable to sniffing
-
Deauthentication Attacks
-
Bluejacking
-
-
Extensible Authentication Protocol (EAP)
- EAP is an authentication framework that allows for different authentication methods to be used in a network environment.
-
Challenge Handshake Authentication Protocol (CHAP)
-
CHAP is an authentication protocol used in remote access networks.
-
It provides a secure method for verifying the identity of a remote user.
-
CHAP uses a challenge-response mechanism to authenticate the user.
-
During authentication, the remote user receives a challenge from the server and sends back a response.
-
-
-
Eavesdropping
-
simply listening to communication traffic
for the purpose of duplicating it and/or
extracting confidential information.- difficult
to detect because it’s a passive attack
- difficult
-
COUNTERMEASURES:
maintain physical access security, encryption in
transit ( Ipsec , SSH, TLS), one time authentication methods (pads, tokens)
-
-
Impersonation / Masquerading
-
usually implies that authentication
credentials have been stolen or falsified in
order to bypass authentication mechanisms. -
COUNTERMEASURES:
one time pads, token authentication systems
e.g. Kerberos), encrypt traffic, employee awareness training.
-
-
DNS attacks
-
Types
-
DNS poisoning
- attacker alters the domain name to IP address mappings in a DNS system may redirect traffic to a rogue system OR
perform denial of service against system.
- attacker alters the domain name to IP address mappings in a DNS system may redirect traffic to a rogue system OR
-
DNS spoofing
- attacker sends false replies to a
requesting system, beating the real
reply from the valid DNS server.
- attacker sends false replies to a
-
Typo squat
-
Homograph Attack
- leverages similarities in character
sets to register phony international
domain names (IDNs) that appear
legitimate to the naked eye.
- leverages similarities in character
-
DNS Pharming:
-
-
Countermeasure client-side: modern browsers that use punycode
server-side: policies implemented by ICANN
-
-
Drive-by Download
- A drive-by download occurs when a user visits a website that is hosting malicious code and automatically gets infected.
-
-
Wide Area Networks
-
Telecommunications Evolution
-
• Copper lines carry purely analog signals.
-
• T1 lines carry up to 24 conversations.
-
• T3 lines carry up to 28 T1 lines.
-
• Fiber optics and the SONET network.
-
• Asynchronous Transfer Mode (ATM) over SONET.
-
-
Dedicated Links
-
T-carriers
-
E-Carriers
-
Optical Carrier
-
More Multiplexing
-
Statistical time-division multiplexing (STDM)
-
Frequency-division multiplexing (FDM)
-
Wave-division multiplexing (WDM)
-
-
-
WAN Technologies
-
WAN Technologies refer to the various methods and technologies used to connect wide area networks (WANs). These technologies include leased lines, circuit-switched networks, packet-switched networks, and virtual private networks (VPNs).
-
User Agent Client(UAC)
-
The User Agent Client (UAC) is one of the major components of the Session Initiation Protocol (SIP).
-
It is responsible for initiating communication sessions and sending requests to the User Agent Server (UAS) for establishing connections.
-
-
User Agent Server(UAS)
- User Agent Server (UAS) is a component of the Session Initiation Protocol (SIP) that receives requests from User Agent Clients (UACs) and processes them.
-
-
CSU/DSU
-
data terminal equipment (DTE)
-
data circuit-terminating equipment (DCE)
-
-
Switching
-
Circuit Switching
-
• Connection-oriented virtual links.
-
• Traffic travels in a predictable and constant manner.
-
• Fixed delays.
-
• Usually carries voice-oriented data.
-
-
Packet Switching
-
• Packets can use many different dynamic paths to get to the same destination.
-
• Traffic is usually bursty in nature.
-
• Variable delays.
-
• Usually carries data-oriented data.
-
-
-
Virtual Circuits
-
permanent virtual circuit (PVC)
-
A permanent virtual circuit (PVC) is a connection established between two devices in a Wide Area Network (WAN) that remains active all the time.
-
PVCs are usually used in situations where there is a consistent need for communication between the two devices.
-
They are configured by network administrators and provide a dedicated and reliable connection.
-
Unlike a switched virtual circuit (SVC) which is temporary and created on demand, a PVC is permanent and always available.
-
-
switched virtual circuits (SVCs)
-
Switched virtual circuits (SVCs) are a type of virtual circuit used in wide area networks (WANs).
-
In SVCs, a dedicated path is established between the sender and receiver for the duration of a session.
-
This dedicated path ensures reliable and secure communication between the two endpoints.
-
SVCs are commonly used in applications that require real-time or high-bandwidth communication, such as video conferencing or streaming.
-
-
-
Frame Relay
-
obsolescent
-
Frame Relay is a wide area network (WAN) technology that is becoming outdated and less commonly used.
-
WAN Technologies are methods and protocols used to connect wide area networks, such as Frame Relay, MPLS, and Ethernet.
-
Wide Area Networks (WANs) are computer networks that cover a large geographical area, connecting multiple local area networks (LANs) together.
-
-
DTE
- DTE stands for Data Terminal Equipment.
-
DCE
-
DCE stands for Data Circuit-terminating Equipment.
-
It is a device used to connect the customer's equipment to the Frame Relay network.
-
DCE is responsible for providing clocking, signal conversion, and line monitoring functions.
-
-
-
X.25
-
divided into 128 bytes
-
encapsulated in High-level Data Link Control (HDLC) frames.
-
X.25 is a network protocol that defines how data is transmitted over a wide area network (WAN).
-
X.25 is a packet-switched protocol, which means that data is divided into small packets for transmission.
-
It provides reliable and error-free communication by using error detection and correction techniques.
-
-
Asynchronous Transfer Mode (ATM)
-
Asynchronous Transfer Mode (ATM) is a network technology used to transmit data in the form of fixed-size packets called cells.
-
cell-switching
-
53-byte ATM cells
-
Quality of Service (QoS)
-
rate
-
• Constant bit rate (CBR)
-
• Variable bit rate (VBR)
-
• Unspecified bit rate (UBR)
-
• Available bit rate (ABR)
-
-
QoS has three basic levels
-
• Best-effort service
-
• Differentiated service
-
• Guaranteed service
-
-
-
Synchronous Data Link Control(SDLC)
- Synchronous Data Link Control (SDLC) is a communication protocol used for serial communication between devices in a network. It ensures reliable transmission of data over a synchronous connection.
-
High-level Data Link Control (HDLC)
- is a framing protocol that is used mainly for device-to-device communication
-
Point-to-Point Protocol (PPP)
-
Link Control Protocol (LCP)
-
Network Control Protocols (NCPs)
-
Password Authentication Protocol (PAP),
- PAP sends passwords in cleartext and is insecure
-
Challenge Handshake Authentication Protocol (CHAP)
-
Extensible Authentication Protocol (EAP)
-
-
High-Speed Serial Interface (HSSI)
-
HSSI is a high-speed serial interface used for communication between network devices.
-
It is commonly used in wide area networks (WANs) to provide fast and reliable data transmission.
-
HSSI supports high data rates, making it suitable for applications that require large amounts of data to be transferred quickly.
-
It is a popular choice for connecting routers, switches, and other network equipment.
-
-
-
-
Metropolitan Area Networks
-
Metro Ethernet
-
Metro Ethernet is a type of Metropolitan Area Network (MAN) that uses Ethernet technology.
-
It provides high-speed connectivity within a metropolitan area, allowing businesses and organizations to connect their local area networks (LANs) and wide area networks (WANs).
-
Metro Ethernet offers scalable and flexible solutions for data, voice, and video communications.
-
It is commonly used by service providers to deliver internet access and other network services to businesses and residential areas.
-
-
SONET
-
SONET (Synchronous Optical Network) is a standardized optical networking protocol that is used to transmit large amounts of data over long distances.
-
SONET is designed to provide high-speed, reliable communication services for both voice and data traffic.
-
It uses synchronous time-division multiplexing (TDM) to divide a single optical fiber into multiple channels, allowing simultaneous transmission of multiple data streams.
-
SONET supports various data rates, including OC-1 (51.84 Mbps), OC-3 (155.52 Mbps), OC-12 (622.08 Mbps), and OC-48 (2.488 Gbps).
-
-
-
Intranets and Extranets
-
Intranets and extranets are private networks that allow communication and sharing of information within an organization or between organizations, respectively.
-
Value-added Networks
-