CSIT-460 Computer Security – Lecture 12: Network Security

These flashcards cover key concepts from Lecture 12 on network security, including networking basics, IP addressing, OSI layers, ARP and ARP spoofing, routing, IP spoofing, ICMP, TCP operations and attacks, Ethernet fundamentals, and related defenses.

What is a computer network?

A collection of two or more computing devices interconnected to exchange data and share resources.

In networking, what are “nodes”?

Individual devices (computers, printers, servers, etc.) connected to the network.

Which OSI layer does IP operate at?

Layer 3 – the Network layer.

How many bits are in an IPv4 address and give an example format.

32 bits; example format 192.168.1.1

How many bits are in an IPv6 address and give an example format.

128 bits; example format 2001:0db8:85a3::8a2e:0370:7334

What portion of 192.168.1.1/24 identifies the network?

The first 24 bits (192.168.1).

Which addressing technique replaced classful addressing for efficient allocation?

CIDR – Classless Inter-Domain Routing.

Give one private IPv4 network range commonly used in home LANs.

192.168.0.0/16 (e.g., 192.168.1.0/24).

What is the default subnet mask for a Class C network?

255.255.255.0 (/24).

What special IP address is reserved for loopback testing?

127.0.0.1

Which protocol translates domain names like example.com into IP addresses?

DNS – Domain Name System.

List the seven OSI layers from top to bottom.

Application, Presentation, Session, Transport, Network, Data Link, Physical.

At which OSI layer are port numbers added to a segment?

Layer 4 – Transport.

What two main pieces of information are added at the Network layer?

Source IP address and destination IP address.

Which address is resolved/used at the Data Link layer?

The MAC (Media Access Control) address.

What is a MAC address?

A 48-bit hardware identifier for a network interface, displayed as six hexadecimal pairs (e.g., 00:16:B7:29:E4:7D).

Can a MAC address be changed? If so, how?

Yes; it can be software-modified via the NIC driver (locally administered address).

What does ARP stand for and what is its purpose?

Address Resolution Protocol; it maps IP addresses (Layer 3) to MAC addresses (Layer 2) on a local network.

Describe the two basic ARP messages exchanged.

ARP Request (broadcast): "Who has this IP?" and ARP Reply (unicast): "Here is the MAC for that IP."

Why is ARP vulnerable to spoofing?

Because hosts trust unsolicited ARP replies and update their caches without authentication.

Explain ARP spoofing in one sentence.

An attacker sends forged ARP messages linking their MAC to a legitimate IP to redirect traffic through themselves.

Name one defense technique against ARP spoofing.

Static ARP tables, LAN access restriction, monitoring for duplicate MACs, or ARP packet inspection.

What is IP routing?

The process of forwarding IP packets from source to destination across interconnected networks.

When will a host send a packet directly over the LAN instead of to the default gateway?

When the destination IP is on the same subnet.

Define IP spoofing.

Forging the source IP address in packet headers to impersonate another device or hide identity.

Give one attack type that commonly uses IP spoofing.

DDoS amplification attacks, man-in-the-middle, or bypassing IP-based authentication.

What protocol number and diagnostic tool rely on ICMP?

ICMP protocol (e.g., tools like ping and traceroute).

Name one reason administrators often restrict ICMP at boundaries.

To prevent abuse such as ICMP floods, ping of death, or network scanning.

Is TCP connection-oriented or connectionless?

Connection-oriented.

What three steps make up the TCP three-way handshake?

SYN, SYN-ACK, ACK.

Which TCP feature prevents overwhelming a receiver with data?

Flow control (using the receive window).

What is a SYN flood?

A DoS attack that sends many SYNs without completing the handshake, exhausting server resources with half-open connections.

Name one defense against SYN flood attacks.

SYN cookies, rate limiting, firewall/IDS filtering excessive SYNs.

What flag is set in a packet used to perform a TCP reset attack?

RST flag.

How does encryption (TLS/HTTPS) help defend against TCP reset attacks on video streams?

It hides sequence numbers, preventing attackers from crafting valid RST packets.

What does ingress filtering try to block?

Packets entering a network with spoofed (illegitimate) source IP addresses.

Which Ethernet standard defines the physical and Data Link specs widely used today?

IEEE 802.3

What is an Ethernet collision and how is it mitigated?

Simultaneous frame transmissions on the same segment; Ethernet employs a random-wait (CSMA/CD) strategy to retransmit.

Define a network segment in Ethernet terminology.

A portion of a LAN where devices share the same logical connection and collision domain.

Which OSI layer converts raw bit streams to signals over physical media?

Layer 1 – Physical.

Give one example of a physical transmission medium.

Twisted-pair cables, fiber optics, or Wi-Fi radio waves.

Why can TCP suffer high latency for short-lived connections?

Because the three-way handshake adds at least one and a half round-trip times before data transfer.

Name one modern protocol or option designed to reduce TCP handshake latency.

TCP Fast Open (TFO) or QUIC (UDP-based).

What tool command shows a device’s current ARP cache on most systems?

arp -a

Which OSI layers are most often targeted by buffer overflow or CSRF attacks?

Application layer (Layer 7).