More on this book
Community
Kindle Notes & Highlights
Simple Mail Transfer Protocol (SMTP) transfers email between clients and SMTP servers. SMTP uses TCP port 25.
POP3 and Secure POP. Post Office Protocol v3 (POP3)
IMAP4 and Secure IMAP. Internet Message Access Protocol version 4 (IMAP4) is used to store email on an email server.
HTTP. Hypertext Transfer Protocol (HTTP)
HTTPS. Hypertext Transfer Protocol Secure (HTTPS) encrypts web traffic to ensure it is secure while in transit.
Remember this SMTP sends email on TCP port 25, POP3 receives email on port 110, and IMAP4 uses port 143. STARTTLS allows an encrypted version of the protocol to use the same port as the unencrypted version. HTTP and HTTPS use ports 80 and 443 and transmit data over the Internet in unencrypted and encrypted formats, respectively. Directory Services Use Case
Microsoft Active Directory Domain Services (AD DS). AD DS
Kerberos. Kerberos is the authentication protocol used in Windows domains and some Unix environments. It uses a Key Distribution Center (KDC) to issue timestamped tickets. Kerberos uses UDP port 88.
LDAP uses TCP port 389.
Group Policy. Administrators use Group Policy Objects (GPOs)
Remember this Administrators connect to servers remotely using protocols such as Secure Shell (SSH) and the Remote Desktop Protocol
(RDP). In some cases, administrators use virtual private networks to connect to remote systems.
Network Time Protocol (NTP).
The Simple NTP (SNTP) protocol can also be used for time synchronization.
Dynamic Host Configuration Protocol (DHCP) to dynamically assign IP addresses to hosts.
IPv4 uses 32-bit IP addresses expressed in dotted decimal format.
10.x.y.z. 10.0.0.0 through 10.255.255.255 • 172.16.y.z–172.31.y.z. 172.16.0.0 through 172.31.255.255 • 192.168.y.z. 192.168.0.0 through 192.168.255.255
Remember this Private networks should only have private IP addresses. These are formally defined in RFC 1918.
Internet Assigned Numbers Authority (IANA)
Internet Engineering Task Force (IETF) created IPv6,
Unique local addresses start with the prefix of fc00.
Domain Name System (DNS) is for domain name resolution. DNS resolves host names to IP addresses.
A. Also called a host record. This record holds the host name and IPv4 address
AAAA. This record holds the host name and IPv6 address. It’s similar to an A record except that it is for IPv6.
PTR. Also called a pointer record.
MX. Also called mail exchange or mail exchanger.
CNAME. A canonical name, or alias,
SOA. The start of authority (SOA) record includes information about the DNS zone and some of its settings.
Berkeley Internet Name
Domain (BIND) software and run on Unix or Linux servers.
One risk with DNS is DNS poisoning, also known as DNS cache poisoning. When successful, attackers modify the DNS cache with a bogus IP address.
Remember this DNS zones include records such as A records for IPv4 addresses and AAAA records for IPv6 addresses. DNS uses TCP port 53 for zone transfers and UDP port 53 for DNS client queries. Most Internet-based DNS servers run BIND software on Unix or Linux servers, and it’s common to configure DNS servers to only use secure zone transfers. DNSSEC helps prevent DNS poisoning attacks.
Microsoft systems include nslookup; Linux systems include dig.
nslookup command (short for name server lookup)
The dig command-line tool has replaced the nslookup tool on Linux systems.
Both TCP and UDP use ports with a total of 65,536 TCP ports (0 to 65,535) and 65,536 UDP ports (0 to 65,535).
HTTP uses port 80,
Internet Assigned Numbers Authority (IANA) maintains a list of official port assignments that you can view at http://www.iana.org/assignments/port-numbers.
Well-known ports: 0–1023. IANA assigns port numbers to commonly used protocols in the well-known ports range. • Registered ports: 1024–49,151.
Dynamic and private ports: 49,152–65,535. These ports are available for use by any application.
such as port 22 for SSH, 25 for SMTP, 80 for HTTP, 443 for HTTPS,
Internet Information Services (IIS).
For example, within IPsec, protocol number 50 indicates the packet is an Encapsulating Security Payload (ESP) packet, and protocol number 51 indicates it’s an Authentication Header (AH) packet.
A switch can learn which computers are attached to each of its physical ports.
Remember this Port security includes disabling unused ports and limiting the number of MAC addresses per port. A more advanced implementation is to restrict each physical port to only a single specific MAC address.
Spanning Tree Protocol (STP) or the newer Rapid STP (RSTP) installed and enabled for loop prevention.
Remember this Loop protection such as STP or RSTP is necessary to protect against switching loop problems, such as those caused when two ports of a switch are connected together.
Many switches include a flood guard to protect against MAC flood attacks.
router connects multiple network segments together into a single network and routes traffic between the segments.
You can implement antispoofing on a router by modifying the access list to allow or block IP addresses.
