Chapter 11- Network Design Flashcards
Used to explain network communications between a host and remote device over a LAN or WAN.
OSI Model
What are the seven layers of the OSI model going bottom to top?
- Physical
- Data Link
- Network
- Transport
- Session
- Presentation
- Application
Repsresents the actual network cables and radio waves used to carry data over a network.
Physical Layer
Describes how a connection is established, maintained, and transferred over the physical layer and uses physical addressing (MAC addresses).
Data Link Layer
Uses logical address to route or switch information between hosts, the network, and the internetworks.
Network Layer
Manages and ensures transmission of the packets occurs from a host to a destination using either TCP or UDP.
Transport Layer
Manages the establishment termination, and synchronization of a session over the network.
Session Layer 5
Translates the information into a format that the sender and receiver both understand.
Presentation Layer 6
Layer from which the message is created, formed, and originated.
Application Layer
Attempt to overwhelm the limited switch memory set aside to store the Mac addresses for each port.
MAC Flooding
Occiurs when an attacker masks their own MAC address to pretend they have the MAC address of another device.
MAc Spoofing
Used to connect two or more networks to form an internetwork
Routers
An ordered set of rules that a router uses to decide whether to permit or deny traffic based upon given characteristics.
Access Control List
Focused on providing controlled access to publicly available servers that are hosted within your organizational network.
DE-Militarized Zone (DMZ)
Specialized type of DMZ that is created for your partner organizations to access over a wide area network
Extranet
Any host that accepts inbound connections from the internet.
Internet-facing Host
Hosts or servers in the DMZ which are not configured with any services that run on the local network.
Bastion Hosts
A hardened server that provides access to other hosts within the DMZ.
Jumpbox
Security technique in which devices are scanned to determine its current state prior to being allowed access onto a given network.
Network Access Control (NAC)
A piece of software that is installed on the device requesting access to the network.
Persistent Agents
Uses a piece of software that scans the device remotely or is installed and subsequently removed after the scan.
Non-Persistent Agents
Attacker configures their device to pretend it is a switch and uses it to negotiate a trunk link to break out of a VLAN.
Switch Spoofing
Attacker adds an additional VLAN tag to create an outer and inner tag.
Double Tagging
Act of creating subnetworks logically through the manipulation of IP addresses.
Subnetting
