Chapter 7

A TCP/IP protocol that is used by devices to communicate updates or error information to other devices.

An attacker can use ICMP messages as one of the first steps in reconnaissance to discover information about the hosts that are part of the network.This can include sending individual ICMP echo requests to the broadcast addresses of a network and sending an ICMP address mask request to a host on the network to determine the subnet mask.

Attackers can broadcast a ping request (which uses ICMP) to all computers on the network but change the address from which the request came to that of the target. This makes it appear that the target computer is asking for a response from all computers. Each of the computers then responds to the target server, overwhelming it and causing it to crash or be unavailable to legitimate users.

A malformed ping using ICMP is sent to the victim's computer that exceeds the size of an IP packet. This causes the host to crash.

A TCP/IP protocol that exchanges management information between networked devices. It allows network administrators to remotely monitor, manage, and configure devices on the network.

The Domain Name System (DNS) is a TCP/IP protocol that resolves (maps) an IP address (such as 69.32.148.124) with its equivalent symbolic name (www.course.com). The DNS is a database, organized as a hierarchy or tree, of the name of each site on the Internet and its corresponding IP number.

substitutes addresses so that the computer is automatically redirected to another device. An attacker substitutes a fraudulent IP address for a symbolic name. Substituting a fraudulent IP address can be done in two different locations: the local host table, or the external DNS server.

spanning-tree algorithm: STA can determine that a switch has multiple ways to communicate with a host and then determine the best path while blocking out other paths. Although STA determines the best path, it also registers the other paths in the event that the primary path is unavailable.

Using a data-based IP network to add digital voice clients and new voice applications onto the IP network.

The most common protocol suite used today for local area networks (LANs) as well as the Internet is Transmission Control Protocol/Internet Protocol (TCP/IP). TCP/IP is not one single protocol; instead, it is several protocols that all function together. This combination of protocols is known as a protocol suite.

Each SNMP-managed device must have an agent or a service that listens for commands and then executes them. These agents are protected with a password known as a community string in order to prevent unauthorized users from taking control over a device. There are two types of community strings: a read-only string will allow information from the agent to be viewed, and a read-write string allows settings on the device to be changed.

DNS poisoning can be prevented by using the latest editions of the DNS software known as BIND, or Berkeley Internet Name Domain. These latest editions of BIND make DNS servers less trusting of the information passed to them by other DNS servers and ignore any DNS records received that are not directly relevant to the query. A newer secure version of DNS known as Domain Name System Security Extensions (DNSSEC) that uses advanced measures to determine the authenticity of data can also be used.

There are two options for secure transmissions over FTP. FTP using Secure Sockets Layer (FTPS) uses Secure Sockets Layer/Transport Layer Security (SSL/TLS) to encrypt commands sent over the control port (Port 21) in an FTP session. FTPS is a file transport layer resting "on top" of SSL/TLS, meaning that it uses the FTP protocol to transfer files to and from SSL-enabled FTP servers. However, a weakness of FTPS is that although the control port commands are encrypted, the data port (port 20) may or may not be encrypted. This is because a file that has already been encrypted by the user would not need to be encrypted again by FTPS and incur the additional overhead.

A feature that controls a device's tolerance for unanswered service requests and helps to prevent a DoS attack.

A DNS log can create entries in a log for all queries that are received. Some DNS servers can also create logs for error and alert messages.

Firewall logs can be used to determine whether new IP addresses are attempting to probe the network and if stronger firewall rules are necessary to block them. Decisions can be made on the basis of these logs to trace the probes or take additional action.

Preventing broadcast storms by using the IEEE 802.1d standard spanningtree algorithm (STA).

This allows scattered users to be logically grouped together even though they may be attached to different switches, thus reducing network traffic and providing a degree of security.

A standard that blocks all traffic on a port-by-port basis until the client is authenticated using credentials stored on an authentication server.

A means of managing and presenting computer resources by function without regard to their physical layout or location.

this technology enables a virtual machine to be moved to a different physical computer with no impact to the users.

which is software that runs on a physical computer to manage one or more virtual machine operating systems.

A pay-per-use computing model in which customers pay only for the computing resources that they need, and the resources can be easily scaled.

Cloud Software as a Service: In this model, the cloud computing vendor provides access to the vendor's software applications running on a cloud infrastructure. These applications, which can be accessed through a Web browser, do not require any installation, configuration, upgrading, or management from the user.

Cloud Infrastructure as a Service: In this model, the customer has the highest level of control. The cloud computing vendor allows the customer to deploy and run the customer's own software, including operating systems and applications. The consumer has some control over the operating systems, storage, and their installed applications yet does not manage or control the underlying cloud infrastructure.

Cloud Platform as a Service: Unlike SaaS, in which the application software belonging to the cloud computing vendor is used, in PaaS the consumer can install and run their own specialized applications on the cloud computing network. Although the customer has control over the deployed applications, they do not manage or configure any of the underlying cloud infrastructure (network, servers, operating systems, storage, and so on).