Network security

Terms and concepts you should know

Paul Krzyzanowski

April 10, 2024

General concepts

  • Internet design goals and priorities
    • Packet switching
    • End-to-end principle
  • Protocol layers
  • Protocol encapsulation
  • Data link, network, transport, application layers
  • Broadcast

Link layer

  • CAM overflow

  • Switch table

  • Forwarding & filtering

  • Port security

  • 802.1x

  • Managed switch

  • LAN vs. VLAN

  • VLAN trunking

  • 802.1Q, Extended Ethernet frame

  • VLAN hopping attack

  • Auto-trunking

Link layer - Network layer interaction

  • ARP cache poisoning
  • MAC address vs. IP address
  • ARP table (cache)
  • Gratuitious ARP
  • Dynamic ARP inspection
  • DHCP spoofing

Transport layer

  • UDP packet forging
  • TCP sequence numbers
  • TCP sequence number prediction attack
  • TCP SYN flooding attack
  • SYN cookies

Network Layer - Routing

  • Purpose of BGP
  • BGP advertisements
  • BGP hijacking
  • Prefixes
  • RPKI framework
  • Longer route prefixes = More specific routes

DNS

  • Domain Name System (DNS), DNS Resolver
  • Pharming attack
  • DNS spoofing attack (cache poisoning)
  • DNS pharming attack
  • Query ID
  • DNSSEC
  • DNS TTL (time to live)
  • DNS Rebinding attack
  • DNS pinning
Last modified November 27, 2024.

© Paul Krzyzanowski. All rights reserved.

For questions or comments about this site, contact Paul Krzyzanowski, gro.kp@ofnibew

recycled pixels

The entire contents of this site are protected by copyright under national and international law. No part of this site may be copied, reproduced, stored in a retrieval system, or transmitted, in any form, or by any means whether electronic, mechanical or otherwise without the prior written consent of the copyright holder. If there is something on this page that you want to use, please let me know. Any opinions expressed on this page do not necessarily reflect the opinions of my employers and may not even reflect my own.

Page design derived from: HTML5 UP.