8.2 Ports, Protocols, and the OSI Mode Flashcards
Networks use __________ to ensure messages are fully sent and understood.
Networks use protocols to ensure messages are fully sent and understood.
Similar to the military’s use of “over,” a network uses
the TCP message FIN to indicate the end of the transmission.
PAP is used for ______________.
PAP is used for authenticating a user.
SMB is a Windows-based protocol for _________.
SMB is a Windows-based protocol for sharing files.
NetBIOS allows computers to communicate on ___________.
NetBIOS allows computers to communicate on a local network.
NetBIOS allows computers to communicate on ___________.
NetBIOS allows computers to communicate on a local network.
What are the three parts of packets?
Header - Sender’s IP address, receiver’s IP address, protocol
Payload - Data
Trailer - Indicates end of packet, error correction
For example, the version field is indicated in the header. As the first field, it starts at the first bit and ends at the fourth bit.
True or False
The receiver will always find this information in this exact location.
True
What does PAP stand for?
PAP (Password Authentication Protocol)
Ex. PAP Two-Way Handshake
True or False
Ports are like doors that can be opened, closed, or accessible only to certain individuals. Ports are the access points for transmitting and receiving data.
True
It’s important that IT professionals do not allow unauthorized access to these points of entry.
Unauthorized access can potentially lead to a breach.
Computers don’t have enough physical space for every protocol, so we use software to create_________.
Computers don’t have enough physical space for every protocol, so we use software to create virtual ports.
Every protocol is assigned a numerical virtual port number.
The corresponding port is the destination port. It’s where other machines send data to communicate with that protocol.
For example: A machine sending an HTTP message to
a web server sends traffic to the server’s port 80.
True or False
There are 65,536 virtual ports, numbered from 0 to 65535.
True
True or False
System Ports Range 1024-49151
False
System ports range from 0 - 49151
What are common ports?
Port 80 Sending web traffic.
Port 443 Sending encrypted web traffic.
Port 21 Sending files.
Port 22 Securely operating network services.
Port 25 Sending emails.
Port 53 Translating domains into IP addresses.
What is port 80 commonly used for?
Sending web traffic
What is port 443 commonly used for?
Sending ecrypted web traffic
Wha is port 21 commonly used for?
Sending files
What is poer 22 commonly used for?
Securely operating network services
What is port 25 commonly used for?
Sending emails
What is port 53 commonly used for?
Translating domains into IP addresses
What are the 7 layers of the OSI model?
Layer 1: Physical Layer 2: Data Link Layer 3: Network Layer 4: Transport Layer 5: Session Layer 6: Presentation Layer 7: Application
The OSI model is a _______ layer framework that allows security analysts to ________________, by detailing the processes, devices, and protocols in place at each layer.
The OSI model is a seven layer framework that allows security analysts to understand how communication works on a network, by detailing the processes, devices, and protocols in place at each layer.
Explain the Physical layer 1
The Physical layer is responsible for transmission of binary data through a physical medium. It handles how data is physically encoded and decoded.
Explain the Data Link layer 2
The Data Link layer establishes links between nodes. It also ensures data gets to its final destination without corruption, thus protecting data integrity.
Explain the Network layer 3
The Network layer routes data through physical networks using an IP address, deciding which physical path the data will take, and ensuring it gets to the correct destination.
Explain the Transport layer 4
The Transport layer is responsible for actually transmitting data across the network. It puts data onto the network, and assigns source and destination ports.
Explain the Session layer 5
The Session layer manages connections between ports on computers and handles data flow.
Explain the presentation layer 6
The Presentation layer is is the translator for the network. It formats data to be presented to the Application layer, handles data representation, decryption and encryption, character set translation, and conversion.
Explain the application layer 7
The Application layer represents data so the consuming application understands it. This is the layer an individual interacts with, such as a web or email application.
Data moves through the layers, starting from Layer 7 and ending at Layer 1, in a process known as __________.
Data moves through the layers, starting from Layer 7 and ending at Layer 1, in a process known as encapsulation.
Encapsulation is the process of placing headers, and sometimes trailers, around the data to direct it to its destination.
___________ is the process of removing the headers, and sometimes trailers, around the data to confirm the data reaches the destination.
Decapsulation is the process of removing the headers, and sometimes trailers, around the data to confirm the data reaches the destination.
Whay is it important to understand the OSI model as cybersecurity professional?
The OSI model helps us more easily understand new protocals
The OSI model helps determine where problems in the network are occuring, even if we don’t have full knowldge of ths issue.
The OSI model makes it eaiser to communicate where a security attack has occured and what should be done.
At which OSI layer each of the incidents occurred
A networking cable was cut in the Data Center and now no traffic can go out.
Physical cables that are cut or disconnected occur on Layer 1: the Physical layer.
At which OSI layer each of the incidents occurred
A code injection was submitted from an administrative website, and it’s possible that an attacker can now see unauthorized directories from your Linux server.
Attacks that occur directly on the web application would occur on Layer 7: the Application layer.
At which OSI layer each of the incidents occurred
The MAC address of one of your network interface cards has been spoofed and is preventing some traffic from reaching its destination.
Issues or attacks on the MAC Address would occur on the Layer 2: the Data Link layer.
At which OSI layer each of the incidents occurred
Your encrypted web traffic is now using a weak encryption cipher and the web traffic is now vulnerable to decryption.
Encryption occurs on the Layer 6: Presentation layer.
At which OSI layer each of the incidents occurred
The destination IP address has been modified and traffic is being routed to an unauthorized location.
IP Addresses and IP address routing occurs on Layer 3: the Network layer.
At which OSI layer each of the incidents occurred
A flood of TCP requests is causing performance issues.
TCP and source and destination protocols occur on Layer 4: the Transport layer.
At which OSI layer each of the incidents occurred
A SQL injection attack has been detected by the SOC. This SQL injection may have deleted several database tables.
Attacks occurring on the web application occur on Layer 7: the Application layer.
At which OSI layer each of the incidents occurred
A switch suddenly stopped working and local machines aren’t receiving any traffic.
Switches use MAC Addresses to route traffic, so this would occur on Layer 2: the Data Link layer.
At which OSI layer each of the incidents occurred
An ethernet cable was disconnected and the machine connected isn’t able to receive any external traffic.
Physical cables that are cut or disconnected occur on Layer 1: the Physical layer.
At which OSI layer each of the incidents occurred
Traffic within the network is now being directed from the switch to a suspicious device.
Switches use MAC Addresses to route traffic, so this would occur on Layer 2: the Data Link layer.
Networks communicate with sequences of binary data called packets. Wireshark is a _______________.
Networks communicate with sequences of binary data called packets. Wireshark is a packet capturing tool.
True or False
Wireshark is a tool that allows us to look at real-time communication across a network, and monitor the activities of the devices connected to it.
In these packet captures, Wireshark collects and
analyzes the kinds of websites and webpages
individuals on the network are viewing, as well as the
type of communication occurring.
True
Wireshark does this analysis by inspecting individual packets.
Multiple packets collected into a file by Wireshark are called a packet capture. These have file extensions such as .cap, .pcap, and pcapng.
