AR's Notes Flashcards
peer-to-peer network
decentralized network architecture where each device in the network can act as both client and server, allowing direct sharing of resources, data, and services among all connected devices without need for a central server
client-server network
multiple client devices connect to central server to access shared resources, services, and applications
network backbone
main infrastructure that interconnects various segments of a computer network, providing central pathway for data exchange
- composed of high-speed, high-capacity links and core routers or switches
mesh topology
each host connected to every other host, creating network with no central connecting point
- high availability and redundancy
core layer
backbone of network, handling high-speed packet switching
- responsible for fast and reliable routing of data
distribution layer
- acts as intermediary between core and access layers, managing routing, filtering, and WAN access
- aggregates data received from access layer switches before transmitted to core layer
access layer
network’s point of entry for devices and end users, connecting them to network
- includes switches and APs
spine and leaf architecture
two layer network topology that is highly scalable and minimizes latency by ensuring every leaf switch is separated by no more than 2 switches from any other leaf switch
collapsed core architecture
merges core and distribution layers into single layer
- ideal for small to medium networks
north-south traffic
flow of network traffic between data center and outside world, involving client-to-server communication
east-west traffic
traffic flow within the data center, including server-to-server, and server-to-storage
multicast
- data sent from one or more sources to multiple destination simultaneously
- efficient for apps where same data needs to be delivered to multiple recipients
anycast
data sent to nearest or best destination as determined by routing protocols
- commonly used in DNS and CDN
broadcast
message sent from one sender to all potential receivers within network segment
- not supported in IPv6
OSI Layer 1
- physical
- converts bits into electrical signal over copper cables or pulses of light for fiber optics
- hubs, cables, connectors, modems
OSI layer 2
- data link
- provides communication within same network via MAC addresses
- transmits frames, converts info into bits
- switches and bridges, APs
OSI layer 3
- Network
- provides communication between different networks via IP addresses
- routers
OSI Layer 4
- transport
- handles end-to-end communication either via TCP or UDP
OSI layer 5
- session
- provides dialog control by allowing multiple persistent connections
- duplexes
- NFS (network file system), SQL, NetBIOS, RPC
OSI layer 6
- Presentation
- gets data ready for application layer by converting, encoding, translating. encrypting, etc.
OSI layer 7
- application
- generates data to be transmitted, processes data that is received
SMTP
- simple mail transfer protocol
- port 25
- application layer
- sending messages from email client to email server/ between servers
SNMP
- simple network management protocol
- port 161
- application layer
- managing devices on IP networks, V3 is best
HTTP
- port 80
- application layer
- stateless protocol, each command executed independently
FTP
- file transfer protocol
- port 20/21
- application layer
- transfer of computer files between client and server
- does not encrypt traffic
Telnet
- port 23
- application layer
- virtual terminal connections, insecure
TFTP
- trivial file transfer protocol
- port 69
- application layer
- no authentication file transfer, used in controlled environments because simple and lacks security
POP3
- port 110
- application layer
- retrieves emails from remote server
- used for infrequent access or offline operation
IMAP
- port 143
- application layer
- email retrieval and storage
- messages can be kept on server and synced across multiple devices
What layer does SSL/TLS operate on?
Transport layer
Network layer protocols
IP, ICMP, RIP, OSPF, BGP, IGMP, IPX, IPSec, NAT
MAC layer
sublayer of datalink that manages protocol access
- responsible for addressing and channel access control mechanisms
logical link control layer
upper sublayer of data link layer that provides flow control and error control
Data link layer protocols
ARP, PPP, L2TP, ethernet, FDDI, asynchronous transfer mode
Layer 1 protocols
EIA/TIA-232, HSSI, ISDN, DSL, 10BASE….
router
- network layer
- directs data packets between different networks based on IP addresses
- uses routing tables, provides network security
switch
- data link layer (2)
- forwards data based on MAC address
- creates separate collision domains for each port
- used to connect devices within same network or VLAN
load balancer
distributes incoming network traffic across multiple servers
- operates at various layers of OSI
CDN
(content delivery network)
globally distributed network of proxy servers
- cache content
Class A IP
1.0.0.0 = 126.255.255.255
Class B IP
128.0.0.0 - 191.255.255.255
Class C IP
192.0.0.0 - 223.255.255.255
APIPA
169.254.0.0 - 169.254.255.255
- self assigned by host when DHCP request fails
loopback address
127.0.0.0 - 127.255.255.255
- used for testing network interface
subnetting
allows for more efficient use of organization’s allocated IP address space by enabling creation of logically segmented networks
SFTP
- port 22
- extension of SSH to provide secure method for file transfer
- application layer
SSH
- port 22
- cryptographic, provides secure channel over unsecured network
- encrypts all traffic
DNS
- port 53
- naming system, translates domain names to IP addresses
DHCP
- port 67/68
- 67 for server and 68 for client
HTTPS/TLS
- port 443
- provides secure web browsing
SMTP TLS
- port 587
- secure email transmission with encrypted data
POP3 over SSL
- port 995
- secure retrieval of email from remote server
IMAP over SSL
- port 993
- secure IMAP
NTP
- network time protocol
- port 123
- synchronizes clocks of computers over network
- high precision time correction
LDAP
- port 389
- accessing and maintaining distributed directory information services over IP network
- storing user credentials and groups
LDAP over SSL (LDAPS)
- port 636
- secured LDAP
SMB
- server message block
- port 445
- used for network file sharing, for windows and IP-based comm.
Syslog
- port 514
- message logging to track and record system messages
SQL server
- port 1433
RDP
- port 3389
- microsoft protocol that enables remote connections to other computers
- graphical interface
SIP
- session initiation protocol
-port 5060 - signaling protocol for sessions
- fundamental to VoIP, enabling establishment of call sessions and multimedia distribution
- app layer
ICMP
- internet control message protocol
- manage and troubleshoot network issues, error reporting, providing feedback
GRE
- generic routing encapsulation
- tunneling protocol by Cisco that creates virtual point-to-point link
- commonly used for VPNs
IPSec
- transport mode and tunnel mode
- securing internet communications and establishing VPNs
802.3 standards
ethernet
copper cable speeds
up to 40 Gb
fiber cable speeds
above 100 Gb
copper cable distances
up to 1100 meters
fiber cable distance
up to 40 km
coaxial cables
used for broadband internet, supporting high speed data transmission
- television and satellite
- RG-6
BNC connector
- secure locking connector
- used in old bus and ring networks
F connector
twisting hand screw commonly found on cable modems
single mode fiber
- long distance communication
- minimizes attenuation and dispersion over distances
- used in telecomm. and cable TV networks
MMF
- larger diameter fibers that allow multiple modes of light to propagate simultaneously
- within building or campus networks
- popular for LANs
ST connector
- fiber optic
- used in SMF installations
SC connector
- fiber optic
- square
- snaps-in
- used in SMF and MMF
LC connector
- fiber optic
- little
- snaps in
- small form factor
- SMF and MMF
Twinaxial
used for high-speed, short-distance coper 10 Gb or 40 Gb ethernet
- shielded
Twisted pair cable
- 8 wires, 4 pairs
- most used in homes and offices
- least expensive
RJ11 connector
- twisted pair
- 4 pin
- dial-up modems and analog phones
RJ45 connector
- twisted pair
- 8 pin
- desktops, laptops, servers
Twisted pair categories
cat standards
Cat 5
- 100 Mbps
- 100 meters
- older networks
Cat 5e
- 1000 Mbps/1Gbps
- 100 m distance
Cat 6
- 10Gbps/55 meters
- 1 Gbps/100 meters
Cat 6a
- 10Gbps
- 100 m
- thicker wires
Cat 7
10 Gbps, 100 m
Cat 8
- 25 - 40 Gbps
- 30 m
crossover cables
used to connect like devices
straight-through cables
used to connect unlike devices
ex: router to switch
SFP (small form-factor pluggable)
optical module transceiver used for data and telecomm.
- up to 4.25 Gbps
- + is up to 10 Gbps
QSFP - quad
connector used for fiber optic or electrical copper connections
- speeds up to 28 Gbps
VXLAN
- network virtualization tech
- extends Layer 2 segments, enabling creation of large number of virtualized LANs
SASE (security access service edge)
emerging frameworks combining network security functions with WAN capabilities
- integrates services and functions directly into network fabric
SSE (security service edge)
centralized various security services provided in cloud
IPv6 addressing
- 128 bit addresses
- improves routing efficiency, enhances security
tunneling
- IPv6 method used to transmit packets over existing IPv4 infrastructure
- allows coexistence of both protocols
- encapsulates IPv6 packets within IPv4 packets
dual stack
network where devices run both IPv4 and IPv6 simultaneously
NAT64
network address translation that facilitates communication between IPv4 and IPv6 devices
routing
process of selecting paths in a network along which to send network traffic
interior gateway protocols
route LAN in one location to LAN in another
exterior gateway protocols
route one customer’s WAN link to another customer’s WAN link
distance-vector
hops-based routing protocol that forwards packets using path with fewest number of hops
link-state
bandwidth-based routing protocol that forwards packet using path with highest bandwidth
RIP (routing information protocol)
uses hop count as metric, with max of 15 hops
- v1 is classful, v2 is classless
- good for small to medium networks
- older
OSPF
- link state routing protocol
- fast convergence and supports large networks
- suitable for large, complex networks
- load balancing and fault tolerance
EIGRP
- distance vector and link state combined
- supports VLSM and CIDR, provides loop-free paths and load balancing
- suitable for medium to large networks with Cisco
BGP
- essential for inter-domain routing on the internet
- crucial for ISPs and large enterprises
prefix length
number of contiguous bits of network mask set to 1
port tagging/802.1Q
inserting VLAN identifier into ethernet frames to distinguish between different VLANs on a trunk link
- multiple VLANS can share a single physical connection
native VLAN
default VLAN on trunk port that carries untagged traffic
spanning tree protocol
helps prevent network loops in ethernet topology by creating spanning tree that logically blocks redundant paths
- routes effectively
port aggregation
combines multiple network ports into single group, increasing bandwidth and providing redundancy for higher data throughput and reliability
- consolidates multiple links between switches or switches/servers
port mirroring/spanning
allows redistribution of traffic from one port to another
jumbo frames
- larger than 1500 bytes and up to 9000 bytes
- can reduce overhead and improve performance in high-throughput networks
2.4GHz
- long range because better wall penetration
- slower data rates
- higher rate of interference
5 GHz
provides faster data rates at short distances
- less interference
802.11h
enhances 802.11 by adding support for dynamic frequency selection and transmit power control
802.11a
- 5GHz
- 54 Mbps
- wifi 1
802.11b
- 2.4 GHz
- 11 Mbps
- wifi 2
802.11g
- 2.4 GHz
- 54 Mbps
- wifi 3
802.11n
- 2.4, 5 GHz
- 600 Mbps
- wifi 4
802.11ac
2.4, 5 GHz
- 3.5 Gbps
- wifi 5
802.11ax
2.4, 5 GHz
- 9.6 Gbps
- wifi 6
BSS (basic service set)
group of wireless devices operating with same AP
BSSID
serves as MAC address for a wireless AP
- essential when multiple APs deployed
omni-directional antennas
- transmits signal in all directions
- most common
- shorter range
yagi antenna
- directional
- focus wireless signal up to a mile
parabolic antenna
- directional
- focus wireless signal up to 8 miles
Ad hoc network
decentralized and do not rely on pre-existing infrastructure
infrastructure networks
rely on fixed routers, most common network type
WPA2
- PSK via CCMP
- encrypts with AES
WPA3
- SAE via GCMP
- encrypts with AES
enterprise authentication
uses more secure approach by employing RADIUS server to manage user’s authentication individually
- stronger security
MDF
primary hub of network’s cabling system
- centrally located
IDF
serves as secondary hub, positioned to reduce distance data must travel between MDF and end users
- located on each floor or section
PDU
designed to distribute electric power to various components within network or data center
NFV
- network functions virtualization
- decoupling network functions from hardware devices
- flexible deployment and management
NAT gateway
allows instances in private subnet to connect to internet
SLAAC
- stateless address auto-configuration
- IPv6 feature that allows device to automatically configure own IP address without DHCP
recursive DNS
DNS server takes on responsibility of retrieving data from other DNS servers on behalf of client
forward zone
resolve domain name to IP address
- records like A, AAAA, MX
reverse zone
handles mapping of IP addresses back to domain names
- used in reverse DNS lookups
DNSSEC
- DNS security extensions
- enhances DNS security by providing authentication of DNS data, verifying integrity and ensuring it has not been tampered with
- used digital signatures
DNS over HTTPS (DoH)
encrypts DNS queries
- routes queries through HTTPs protocol
CNAME
maps alias name to true domain name
PTR
maps IP address to domain name
- opposite of A or AAAA record
IPAM
- IP address management
- organizing, tracking, managing IP address space within network
- helps prevent IP conflicts
SNMP traps
unsolicited messages sent from SNMP-enabled device to management station, notifying it of significant events or conditions
syslog collector
tool used for gathering log data generated by devices within a network
RPO
max acceptable amount of data loss measured in time before disaster occurs
RTO - time objective
targeted duration of time within which business process must be restored to avoid unacceptable consequences
MTBF
calculated average time between failures of a system
MTTR
average time required to repair a failed component
cold sites
- most affordable
- no equipment, connections, or data
- takes days to weeks to recover
warm sites
- contains some equipment and connections, but out of date configurations and data sets
- hours to days to recover
hot sites
- most expensive but fastest recovery
- contains all equipment, connections, recent configurations
site-to-site VPN
connects entire networks to each other
client-to-site VPN
- remote access VPN
- allows individual clients to connect to corporate network securely over the internet
clientless VPN
allows users to securely access network resources through web browser without installing dedicated VPN client software
split tunnel VPN
only network traffic from corporate site passes through VPN tunnel, while other traffic accesses internet directly
- reduces load on VPN gateway but exposes security risks
full tunnel VPN
all of client’s internet traffic is routed through VPN to corporate network
- increases security but leads to higher bandwidth usage and slower performance
integrity methods
- checksums and cryptographic hash functions
- digital signatures
- access controls
risk
probability of a threat exploiting a vulnerability
IAM
- identity and access management
- framework of business processes, policies, and technologies that facilitate management of electronic or digital identities
- controls user access
Mandatory access control (MAC)
- security models where access rights regulated by central authority based on different levels of security clearance
- common in government and military, permissions set/enforced by systems admin
discretionary access control (DAC)
- resource owners decides on access levels; flexible
- risks of users granting excessive access
role based access control
assigns permissions based on user’s role within organization
rule-based access control
based on set of rules defined by systems admin
attribute-based access control
uses policies that evaluate attributes of users, environment, resources
- provides fine-grained control
SAML (security assertion markup language)
- between an identity provider and service provider
- used for SSO, enterprise-level especially
OAuth
open standard for access delegation, used to access user’s data without exposing user credentials
honeynet
network of honeypots
honeyfile
decoy files that appear legit and contain attractive data
honeytoken
broader term that refers to any decoy data or token inserted into a system
network segmentation
dividing network into smaller segments or subnets to improve security and performance
ICS (industrial control system)
systems used in industrial production
PKI (public key infrastructure)
framework used to create, manage, distribute, use, store, and revoke digital certificates and manage public-key encryption
logic bomb
code inserted into software that will set off a malicious function when specified conditions are met
UDP floods
attacker overwhelms random ports on targeted host with IP packets containing UDP datagrams
- slows down/crashes system
SYN floods
type of DoS attack that targets TCP connection sequence 3-way handshake
reflected DDoS
attackers forces third-party servers to direct traffic to victim
- ex: IP spoofing
VLAN hopping
network attack that exploits vulnerabilities to send packets from one VLAN to another, bypassing Layer 2 security measures
MAC flooding
attacker overwhelms network switch with fake MAC. address, leading to switch acting like a hub and broadcasting all incoming traffic to all ports
ARP spoofing
attacker sends falsified ARP messages over LAN resulting in linking of attacker’s MAC address with IP address of a legit computer
ARP poisoning
sending malicious ARP messages to local network, allowing attacker to intercept, modify, or block data
DNS tunneling
encoding data of other programs or protocols in DNS queries and responses
session hijacking
done by stealing session tokens, allowing impersonation of the victim and unauthorized access to systems or information
SSL stripping
attacker downgrades secure HTTPS connection to unencrypted HTTP connection
endpoint protection
installing security software on individual devices (endpoints) like antivirus, anti-malware, firewalls, IDS.
host-based firewall
controls network traffic to and from a single host, managing what traffic is allowed based on predefined security rules
802.1X
IEEE standard for port-based network access control
- used to authenticate devices
how does 802.1X work?
- device attempt to connect
- authenticator blocks all traffic except 802.1X traffic
- supplicant/client device sends credentials to authenticator
- authenticator forwards to authentication server
- server approves credentials and instructs authenticator to allow access
EAP (extensible authentication protocol)
supports multiple authentication mechanisms
- used in PPP, RADIUS, 802.1X
packet filtering firewalls
- basic
- inspects packets and permits/denies based on source/destination IP, ports, protocols
stateful inspection firewall
- track state of active connections and make decisions based on context of the traffic
NGFW (next gen firewalls)
- more advances, integrates functionalities like deep packet inspection, IPS, app awareness
screened subnet/DMZ
subnetwork that contains/exposes organization’s external-facing services to an untrusted network, usually the internet
7 steps of troubleshooting
- identify problem
- establish theory
- test theory
- establish plan of action
- implement solution/escalate
- verify full system functionality
- document findings
identify problelm
- gather information
- question users
- see if anything changed
- duplicate problem
establish theory of probable cause
- question the obvious
- consider multiple approaches
- top-bottom or bottom-top OSI
- divide and conquer
crosstalk
signal transmitted on one cable or channel interferes with signal on another cable or channel
- using incorrect or low quality cable can increase the risk of crosstalk
CRC errors (cyclic redundancy check)
mismatch in the data checksum, indicating data corruption during transmission
runts
packs smaller than minimum allowed sign, usually less than 64 bytes
root bridge
central reference point in an STP-enabled network
incorrect VLAN assignment issues
network segmentation issues where devices on different VLANs unable to communicate as intended
- security vulnerabilities
incorrect subnet mask issues
- leads to improper network segmentation, causing devices to fail in communicating with each other
bottlenecking
particular part of network limits overall performance, creating a point of congestion
- insufficient bandwidth or overloaded network devices
latency
time it takes for data to travel from source to destination
jitter
variability in packet arrival times, affecting quality of real-time communications
protocol analyzer/packet capture
captures data packets traveling over network, allows for detailed analysis of network traffic
ping
sends ICMP echo requests to target host to test connectivity and measure round-trip time for messages sent to target device
traceroute/tracert (windows)
traces path packets take from source to destination, showing each hop along the route
NSlookup
- windows
- queries DNS servers to find IP address associated with hostname or to get DNS information about a domain (dig)
dig
- linux
- get DNS information about a domain
Tcpdump
- linux
- command-line packet filter
netstat
displays network connections, routing tables, and other network interface stats
ipconfig/ifconfig
displays or configures network configuration of a device
- ipconfig = windows
- ifconfig = older Linux
- ip = modern Linux
arp
displays or modifies IP-to-MAC address translation tables used by arp
nmap
network scanning tool that discovers devices and services on a network by sending packets and analyzing responses
LLDP
- link layer discovery protocol
- network discovery protocol used to discover and share information between network devices, used to identify network topology, troubleshoot connectivity issues
speed tester
tool used to measure performance of network connection by testing upload/download speeds
toner
tool used to trace and identify individual wires or cables within a bundle
cable tester
verifies integrity and performance of network cables; tests for continuity, signal strength, and wiring faults such as shorts, opens, cross connections
- essential for validating new cable installations and diagnosing existing cable issues
network tap
hardware device that provides way to access data flowing across network cable
- creates copy of data packets
visual fault locator
tool used to identify faults in fiber optic cables
show mac-address-table
displays MAC address table of network switch
command that displays routing table of router or layer 3 switch
show route
command that provides detailed information about status and configuration of network interfaces
show interface
command that displays current configuration of network device
show config
command that displays ARP table
show arp
command that displays information about VLAN configurations on a switch
show vlan
command that provides information about the power status and consumption of PoE devices
show power
reverse proxy
provides for protocol-specific inbound traffic. Reverse proxies can publish applications from the corporate network to the Internet in this way.
