8.2 Ports, Protocols, and the OSI Mode

Question 1

Networks use __________ to ensure messages are fully sent and understood.

Answer 1

Networks use protocols to ensure messages are fully sent and understood.

Similar to the military’s use of “over,” a network uses
the TCP message FIN to indicate the end of the transmission.

Question 2

PAP is used for ______________.

Answer 2

PAP is used for authenticating a user.

Question 3

SMB is a Windows-based protocol for _________.

Answer 3

SMB is a Windows-based protocol for sharing files.

Question 4

NetBIOS allows computers to communicate on ___________.

Answer 4

NetBIOS allows computers to communicate on a local network.

Question 5

NetBIOS allows computers to communicate on ___________.

Answer 5

NetBIOS allows computers to communicate on a local network.

Question 6

What are the three parts of packets?

Answer 6

Header - Sender’s IP address, receiver’s IP address, protocol

Payload - Data

Trailer - Indicates end of packet, error correction

Question 7

For example, the version field is indicated in the header. As the first field, it starts at the first bit and ends at the fourth bit.

True or False

The receiver will always find this information in this exact location.

Answer 7

True

Question 8

What does PAP stand for?

Answer 8

PAP (Password Authentication Protocol)

Ex. PAP Two-Way Handshake

Question 9

True or False

Ports are like doors that can be opened, closed, or accessible only to certain individuals. Ports are the access points for transmitting and receiving data.

Answer 9

True

It’s important that IT professionals do not allow unauthorized access to these points of entry.

Unauthorized access can potentially lead to a breach.

Question 10

Computers don’t have enough physical space for every protocol, so we use software to create_________.

Answer 10

Computers don’t have enough physical space for every protocol, so we use software to create virtual ports.

Every protocol is assigned a numerical virtual port number.

The corresponding port is the destination port. It’s where other machines send data to communicate with that protocol.

For example: A machine sending an HTTP message to
a web server sends traffic to the server’s port 80.

Question 11

True or False

There are 65,536 virtual ports, numbered from 0 to 65535.

Answer 11

True

Question 12

True or False

System Ports Range 1024-49151

Answer 12

False

System ports range from 0 - 49151

Question 13

What are common ports?

Answer 13

Port 80 Sending web traffic.
Port 443 Sending encrypted web traffic.
Port 21 Sending files.
Port 22 Securely operating network services.
Port 25 Sending emails.
Port 53 Translating domains into IP addresses.

Question 14

What is port 80 commonly used for?

Answer 14

Sending web traffic

Question 15

What is port 443 commonly used for?

Answer 15

Sending ecrypted web traffic

Question 16

Wha is port 21 commonly used for?

Answer 16

Sending files

Question 17

What is poer 22 commonly used for?

Answer 17

Securely operating network services

Question 18

What is port 25 commonly used for?

Answer 18

Sending emails

Question 19

What is port 53 commonly used for?

Answer 19

Translating domains into IP addresses

Question 20

What are the 7 layers of the OSI model?

Answer 20

Layer 1:  Physical
Layer 2: Data Link
Layer 3: Network
Layer 4: Transport
Layer 5: Session
Layer 6: Presentation
Layer 7: Application

Question 21

The OSI model is a _______ layer framework that allows security analysts to ________________, by detailing the processes, devices, and protocols in place at each layer.

Answer 21

The OSI model is a seven layer framework that allows security analysts to understand how communication works on a network, by detailing the processes, devices, and protocols in place at each layer.

Question 22

Explain the Physical layer 1

Answer 22

The Physical layer is responsible for transmission of binary data through a physical medium. It handles how data is physically encoded and decoded.

Question 23

Explain the Data Link layer 2

Answer 23

The Data Link layer establishes links between nodes. It also ensures data gets to its final destination without corruption, thus protecting data integrity.

Question 24

Explain the Network layer 3

Answer 24

The Network layer routes data through physical networks using an IP address, deciding which physical path the data will take, and ensuring it gets to the correct destination.

Question 25

Explain the Transport layer 4

Answer 25

The Transport layer is responsible for actually transmitting data across the network. It puts data onto the network, and assigns source and destination ports.

Question 26

Explain the Session layer 5

Answer 26

The Session layer manages connections between ports on computers and handles data flow.

Question 27

Explain the presentation layer 6

Answer 27

The Presentation layer is is the translator for the network. It formats data to be presented to the Application layer, handles data representation, decryption and encryption, character set translation, and conversion.

Question 28

Explain the application layer 7

Answer 28

The Application layer represents data so the consuming application understands it. This is the layer an individual interacts with, such as a web or email application.

Question 29

Data moves through the layers, starting from Layer 7 and ending at Layer 1, in a process known as __________.

Answer 29

Data moves through the layers, starting from Layer 7 and ending at Layer 1, in a process known as encapsulation.

Encapsulation is the process of placing headers, and sometimes trailers, around the data to direct it to its destination.

Question 30

___________ is the process of removing the headers, and sometimes trailers, around the data to confirm the data reaches the destination.

Answer 30

Decapsulation is the process of removing the headers, and sometimes trailers, around the data to confirm the data reaches the destination.

Question 31

Whay is it important to understand the OSI model as cybersecurity professional?

Answer 31

The OSI model helps us more easily understand new protocals

The OSI model helps determine where problems in the network are occuring, even if we don’t have full knowldge of ths issue.

The OSI model makes it eaiser to communicate where a security attack has occured and what should be done.

Question 32

At which OSI layer each of the incidents occurred

A networking cable was cut in the Data Center and now no traffic can go out.

Answer 32

Physical cables that are cut or disconnected occur on Layer 1: the Physical layer.

Question 33

At which OSI layer each of the incidents occurred

A code injection was submitted from an administrative website, and it’s possible that an attacker can now see unauthorized directories from your Linux server.

Answer 33

Attacks that occur directly on the web application would occur on Layer 7: the Application layer.

Question 34

At which OSI layer each of the incidents occurred

The MAC address of one of your network interface cards has been spoofed and is preventing some traffic from reaching its destination.

Answer 34

Issues or attacks on the MAC Address would occur on the Layer 2: the Data Link layer.

Question 35

At which OSI layer each of the incidents occurred

Your encrypted web traffic is now using a weak encryption cipher and the web traffic is now vulnerable to decryption.

Answer 35

Encryption occurs on the Layer 6: Presentation layer.

Question 36

At which OSI layer each of the incidents occurred

The destination IP address has been modified and traffic is being routed to an unauthorized location.

Answer 36

IP Addresses and IP address routing occurs on Layer 3: the Network layer.

Question 37

At which OSI layer each of the incidents occurred

A flood of TCP requests is causing performance issues.

Answer 37

TCP and source and destination protocols occur on Layer 4: the Transport layer.

Question 38

At which OSI layer each of the incidents occurred

A SQL injection attack has been detected by the SOC. This SQL injection may have deleted several database tables.

Answer 38

Attacks occurring on the web application occur on Layer 7: the Application layer.

Question 39

At which OSI layer each of the incidents occurred

A switch suddenly stopped working and local machines aren’t receiving any traffic.

Answer 39

Switches use MAC Addresses to route traffic, so this would occur on Layer 2: the Data Link layer.

Question 40

At which OSI layer each of the incidents occurred

An ethernet cable was disconnected and the machine connected isn’t able to receive any external traffic.

Answer 40

Physical cables that are cut or disconnected occur on Layer 1: the Physical layer.

Question 41

At which OSI layer each of the incidents occurred

Traffic within the network is now being directed from the switch to a suspicious device.

Answer 41

Switches use MAC Addresses to route traffic, so this would occur on Layer 2: the Data Link layer.

Question 42

Networks communicate with sequences of binary data called packets. Wireshark is a _______________.

Answer 42

Networks communicate with sequences of binary data called packets. Wireshark is a packet capturing tool.

Question 43

True or False

Wireshark is a tool that allows us to look at real-time communication across a network, and monitor the activities of the devices connected to it.

In these packet captures, Wireshark collects and
analyzes the kinds of websites and webpages
individuals on the network are viewing, as well as the
type of communication occurring.

Answer 43

True

Wireshark does this analysis by inspecting individual packets.

Multiple packets collected into a file by Wireshark are called a packet capture. These have file extensions such as .cap, .pcap, and pcapng.