CSEC 378/418 Host Based Security - Network Concepts & Fundamentals

This set of vocabulary flashcards covers fundamental network concepts, addressing, protocols, and security tools based on the Week 1 lecture for CSEC 378/418.

OUI

Organizationally Unique Identifier; the portion of a MAC address that identifies the manufacturer.

Collision Domain

A network segment where data packets can collide with one another when sent on a shared medium; hubs have a single one for all ports, while switches have one per port.

Broadcast Domain

A logical division of a network in which all nodes can reach each other by broadcast at the data link layer; routers serve as the divider between these domains.

Hub

A legacy network device with a single collision domain for all ports that cannot be configured with VLANs and allows only one device to send at a time.

Switch

A modern network device where each port is its own collision domain; it learns MAC addresses and interface information of source devices for forwarding decisions.

PoE (Power over Ethernet)

A technology used to provide power to devices such as WAPs (wireless access points) over network cabling.

LLDP (Link Layer Discovery Protocol)

A vendor-neutral neighbor discovery protocol used by network devices to advertise information about themselves to other devices on the network.

ARP (Address Resolution Protocol)

A layer 2 protocol used to determine what MAC address is associated with a particular IP address on a network.

Gratuitous ARP

An unsolicited ARP message where a device informs all other nodes on a network of its IP and MAC address association to ensure ARP tables are up to date.

Proxy ARP

An ARP response provided by a device on behalf of another node, handling the subsequent forwarding of traffic.

Octet

A section of an IP address represented as a decimal number, consisting of $8$ binary bits.

CIDR (Classless Inter-Domain Routing)

A method for allocating IP addresses and IP routing that replaces the older Class A, B, and C system.

RFC 1918

The Internet Engineering Task Force standard that defines private IP address ranges ($10.0.0.0/8$, $172.16.0.0/12$, and $192.168.0.0/16$).

SLAAC (StateLess Address AutoConfiguration)

An IPv6-only technology that allows clients to determine their own address using Network Discovery Protocol (NDP) and the host's MAC address in EUI-64 format.

DHCP DORA

The four-step process used by DHCP to assign addresses: Discover, Offer, Request, and Acknowledge.

DHCP Relay

A functionality, usually on a gateway router, that allows a DHCP client and server on different networks to communicate by converting broadcasts to unicast.

DHCP Snooping

A Layer 2 security tool on a switch that prevents rogue DHCP servers by allowing only trusted ports to forward DHCP server messages.

FQDN

Fully Qualified Domain Name; the complete domain name for a specific computer, or host, on the internet.

Recursive Query

A DNS query type where the DNS server does the work of querying other nameservers to provide a complete answer to the client.

Iterative Query

A DNS query type where the server responds with the best available information or a list of other nameservers for the client to ask.

PTR Record

A DNS resource record used for reverse queries to map an IP address to a hostname.

CNAME

A DNS record type used to create an alias for one name to another canonical domain name.

Symmetric Cryptography

A type of encryption involving the use of one shared key for both encryption and decryption; examples include AES, DES, and 3DES.

Asymmetric Cryptography

A type of encryption using a public key for encryption and a private key for decryption; examples include RSA and ECC.

Hashing

A one-way function used to produce a unique fixed-length string from input data, commonly used for storing passwords or verifying file integrity.

Salting

A technique used in hashing to protect against rainbow table attacks by adding unique data to a password before it is hashed.

Nmap / Zenmap

Port scanning and reconnaissance tools used to discover open ports, services, and operating systems on a network; Zenmap is the GUI version.

Wireshark

A packet capture and analysis tool used to observe communication specifically at the network header and payload level.

Network Topology

The arrangement of different elements (links, nodes, etc.) in a computer network. Common types include star, ring, and mesh.

VLAN (Virtual Local Area Network)

A subnet within a larger network that allows a group of devices to communicate as if they were on the same physical network, even if they are on different switches.

Subnet Mask

A 32-bit number used to divide an IP address into network and host portions, determining what subnet an IP address belongs to.

NAT (Network Address Translation)

A method used to remap an IP address space into another by modifying network address information in the IP header of packets while in transit.

VPN (Virtual Private Network)

A service that creates a secure connection over the internet, allowing users to send and receive data as if their devices were directly connected to a private network.

Firewalls

Security devices designed to monitor and control incoming and outgoing network traffic based on predetermined security rules.

Load Balancer

A device that distributes network or application traffic across multiple servers to ensure no single server becomes overwhelmed.

DMZ (Demilitarized Zone)

A physical or logical subnetwork that contains and exposes an organization's external services to a larger untrusted network, usually the internet.

Network Addressing

The process of assigning a unique identifier to each device on a network, which facilitates communication between devices.

OSI Model

A conceptual framework used to understand and implement network communication, consisting of seven layers: physical, data link, network, transport, session, presentation, and application.

PAT (Port Address Translation)

A type of NAT that allows multiple devices on a local network to be mapped to a single public IP address, using different ports to manage the connections.

HTTP (Hypertext Transfer Protocol)

Port 80; used for transferring web pages on the internet. It is the foundation of data communication in the World Wide Web.

HTTPS (HTTP Secure)

Port 443; an extension of HTTP that provides secure communication over a computer network by using SSL/TLS.

FTP (File Transfer Protocol)

Port 21; used for transferring files between a client and a server on a computer network.

SSH (Secure Shell)

Port 22; a protocol used to securely access and manage devices over an unsecured network.

Telnet

Port 23; a network protocol used for text-based communication over the internet, often using a command line interface, but lacks encryption.

DNS (Domain Name System)

Port 53; used for resolving domain names into IP addresses, facilitating the accessibility of websites.

SMTP (Simple Mail Transfer Protocol)

Port 25; used for sending emails from a client to a server or between servers.

POP3 (Post Office Protocol 3)

Port 110; used by email clients to retrieve emails from a server, allowing users to download them to their local device.

IMAP (Internet Message Access Protocol)

Port 143; allows email clients to access messages stored on a mail server without downloading them, keeping them synchronized across devices.

RDP (Remote Desktop Protocol)

Port 3389; used for remote management and remote desktop connections to Windows servers and workstations.