Layer 2 Address = MAC Address

Hubs are bad because they broadcast to every port.

Switches are good because they only send to who actually needs the info. LAYER 2 DEVICE!

Port Filtering: Switches filter traffic which prevents others from capturing and viewing potentially
confidential information.

Port Mirroring: Allows monitoring of network traffic on a monitoring port, disabled by default.

Port Security: Configure switch port to only work for one MAC address and shuts it down if another
device is plugged in.

Disable Ports: Best practice to disable unused ports to stop someone from plugging in and gaining access
to the network.

VLANs: Created on a switch segment the network, someone in one VLAN cannot communicate with
someone in another VLAN. Communication across VLANs is not allowed without a router.

Router: LAYER 3 DEVICE

Proxy Server: Makes the request for the Internet Resource on behalf of the user and commonly the
company will filter and log what web sites users have visited.

COAXIAL Cabling: Thinnet = RG-58, used for short distance communication. 185 meters or lesss.

Thicknet = RG-8, used for up to 500meters.

Ethernet Cabling: Unshielded Twisted-Pair (UTP) max distance of 100meters

Shielded Twisted-Pair (STP)

Fiber Optic Cabling: Comes in two varieties:

Single-Mode Fiber SMF: Uses a single ray of light known as a mode to transmit over long
distances.

Multimode Fiber MMF: Uses multiple rays of light (modes) simultaneously with each ray of light
running at a different reflection angle to carry over short distances.

Can go up to 2 KM!

2 Connectors important for exam: The Straight Tip ST connecter and the Subscriber SC
connector. ST is based on the BNC style connecter (RG-58) but has fiber instead of copper. The SC
connector is square and somewhat similar to an RJ-45 (not really).
Address Classes for IP:

Class A addresses have an IP in which the first octet is between 1 and 126. Also have short Default
subnet mask of 255.0.0.0. Also not this subnet mask is displayed as /8. 16,777,214 hosts on network.

Class B addresses have an IP address between 128 and 191. Subnet is 255.255.0.0. Or displayed as /16.
65,534 hosts on network.

Class C is 192-223, 255.255.255.0 or displayed as /24. 254 hosts on network.

Private Address ranges:

10.0.0.0 to 10.255.255.255

172.16.0.0 to 172.31.255.255

192.168.0.0 to 192.168.255.255

Illegal Addresses:

Any Address starting with 127 is reserved for loopback.

All host bits set to 0 or 1. 0 = Network ID. 1 = Broadcast address.

Cannot have duplicate IP addresses on network.

TCP 3 way handshake:

ACK, ACK/SYN, ACK.

Popular ports to know for Exam:

Flags to know for Exam:

TCP and UDP are considered Layer 4 Transport Protocols

Popular UDP Ports:

53 DNS

67-68 DHCP

69 TFTP

137-138 NetBIOS

161 SNMP

IP is a layer 3 protocol of the OSI model and is responsible for logical addressing and routing.

Windows OS default TTL is 128

Firewall filter layer 3 or layer 4 = Source and destination IP address (Layer 3)

Look at ICMP types:

ARP (Address Resolution Protocol) responsible for converting an IP address (Layer 3 address) to the
Physical MAC address (Layer 2 address).
DO EXERCISE 3 on PDF PAGE 37!!!!

FTP uses 2 ports. Port 21 carries the FTP commands from one system to another. Port 20 is responsible
for transferring the Data between 2 hosts in an FTP session.

LDAP is the industry standad protocol for accessing a directory service and is supported by Active
Directory and Novells eDirectory. Uses TCP 389 by default.

IPV6 ICMPv6 Info:

2 features of ICMPv6: Multicast Listener Discovery (MLD) replaces multicast protocol in ip4 as
IGMP and is used for multicast communication. Neighboring Discovery (ND) Replaces ARP from IPv4
performing same function, but it is also responsible for neighboring router discovery, automatic address
assignment, duplicate address detection.

MAC FLOODING: hacker confuse switch into flooding all frames to all ports. This allows the hacker to
connect to any port on the switch and be able to retrieve all traffic on the network.

MOST SECURE CABLING TYPE: Fiber Optic

USE THESE PROTOCOLS OVER THEIR COUNTERPARTS:

SSH instead of Telnet

SCP for copying info between systems.

SFTP or FTPS (Preferred) instead of FTP

HTTPS instead of HTTP

Information Security, Access Control and Encryption of Data and Communications.

Data integrity ensures that the data you send is what is received on the other end of communication.
Hashing is a popular technology used to ensure data integrity.

Other types of integrity concepts:

Digital Signature: Created on a message in order to prove the integrity of the sneder of the
message.

Certificate: An electronic file used to transport keys used to encrypt or digitally sign messages.

Non Repudiation: concept of ensuring that someone cannot dispute that they sent a message or
made a change, which adds to the integrity of the system. You can use digital signatures or auditing as a
method to implement non repudiation.
Availability:

Permissions: Ensures availability because if you limit who can delete the data then the data will
be available when needed.

Backups: In case of corruption or deletion.

Fault Tolerance: Implement data redundancy solutions in case one hard drive fails (RAID)

Clustering: For services such as e-mail or database servers. They are stored on multiple so if one
goes down the rest remain accessible.

Patching: Patching helps reduce security vulnerabilities in systems which could lead to
downtime and lack of availability.

Auditing:

Log Files

Audit Files

Firewalls and proxy servers

Application Logging

-Before you can be given access to resources you must first identify yourself to the system. Your ID info
is then verified against an authentication database to verify that you can gain access to the system or
facility (this is known as authentication).

Security Principles:

-Physical Security: This is physical access to the site and assets contained within.

-Communication Security: Security of the data being transmitted/communicated across the network.

-Computer Security: Authentication, access control, data redundancy, malware protection and system
hardening techniques.

-Network Security: Controlling access to the network (Switch security), what type of traffic can enter the
network (firewalls). Monitoring network traffic for suspicious activity (intrusion detection systems).

Collusion: When multiple person involved in a task get together and take part in fraudulent activity.

Concept of least privilege: Dont give a user permissions to do more than is required by their job. Doing
so will allow them to go beyond their duties and potentially cause harm.
Separation of Duties: Ensure that all roles are not held by one. Writes checks is one persons job, signing
is another, this servers as a form of accountability and oversight.

Rotation of Duties: Rotating job duties will stop one person from knowing everything so there wont be
a catastrophic issue if he quits or moves on. This also acts as oversight as other people rotating in can
keep the normal user honest.

Concept of Need to Know: Dont give anyone more info than they need to do their job. Keeps things
confidential. Not all managers need access to the accounting information, only the accounting manager
needs this.

Layered Security and Diversity of Defense:

Layered Security: have more than just one means of dealing with potential issues; AV, Anti-
Malware, Firewalls, etc. This will help you stop more threats than just one.

Diversity of Defense: Dont use the same type of security throughout but mix up to make it more
difficult for a hacker to gain access. For example firewalls, in a multi layered scenario with a Firewall on
the Internet facing side and others within, use different firewall manufacturers. This will stop one
successful hacking technique from affecting every firewall.

Due Care, Due Diligence:

Due Care: Concept of doing the right thing. When it relates to security, due care is about
implementing the correct security controls to ensure the protection of company assets. Creating
security policies, performing regular backups, and performing regular virus scans.

Due Diligence: Identifying your risk so that you know what security controls to put in place.
Involves regular assesments and analyzing the assessment results to ID security issues in the
environment.

Vulnerability and Exploit:

Vulnerability is a weakness in a piece of software or hardware that was created by the

manufacturer by accident. Hackers spend a lot of time evaluating the software to locate these
vulnerabilities.

Exploit: Once a weakness is found the exploit is the way they leverage that vulnerability.

Hackers:

White-Hat Hacker: Learns how to compromise system security for defensive purposes.

Black-Hat Hacker does it for malicious reasons.

Script Kiddie: Does not have a lot of education about how an attack works, but downloads a
program from the internet to perform the attack.
Security Roles:

System and Data Owner: Person who decides how valuable the asset is and what types of
security controls should be put in place to protect the asset. Owner also decides the sensitivity of the
information. Owner is upper-level management and holds the ultimate responsibility of securing the
asset and security within the organization.

Custodian: Person who implements the security control based on the value of the asset
determined by the owner. This is the IT Admin.

User: Person who actually accesses the resources within the business. The user is affected by
the security controls put in place by the custodian as determined by the owner.

Security Officer: Responsible for making sure that the policies are being followed by educating
everyone on their role within the organization. His job is to ensure management understands the
necessity of the controls and the legal responsibilities behind it.

Security Policies:

Before implementing a security policy within an organization, you need to ensure that you have a buy-in
from management, or else there will be no enforcement of the policy which results in no one following
the policy.

Types of Policies: Standards, Guidelines and Procedures.

Standard Policy: A policy that needs to be followed and typically covers a specific area of
security. Failure to follow a standard policy typically results in disciplinary action or termination.

Guideline Policy: Recommendations on how to follow security best practices. No disciplinary

actions result from these because they are just recommendations.

Procedure Policies: Documents step by step procedures showing how to configure a system or
device or maybe a step-by-step instruction on how to implement a security solution.

Personal Identifiable Information (PII): SS numbers, DL Number, Persons Full Name. Should be
protected at all times and kept confidential.

Security Control: used to identify any mechanism that is used to protect an asset within the
organization. Examples include: Firewalls, av software and Access Control Lists.
Acceptable use policy (AUP): Know what it is and what would typically violate the policy: No social
networking, pornography, chain letters, harassment e-mails, dont leave laptops in plain view, specify
what features of a mobile device are to be enabled or disabled.

Mandatory vacations should be enforced so that fraudulent activities performed by employees can be
more easily detected.