Domain 4: Communication and Network Security

Question 1

Personal Area Network or PAN

Answer 1

• Typically, a range of 100 meters or much less
• Low-power wireless technologies such as Bluetooth use PANs

Question 2

Local Area Network or LAN

Answer 2

• A comparatively small network
• Typically confined to a building or an area within one

Question 3

Metropolitan Area Network or MAN

Answer 3

Typically confined to a city, a zip code, a campus, or office park

Question 4

Wide Area Network or WAN

Answer 4

Typically covering cities, states, or countries

Question 5

Global Area Network or GAN

Answer 5

A global collection of WANs, also called the internet

Question 6

Demilitarized Zone or DMZ

Answer 6

A partially controlled area between the internet and a fully protected intranet
• Used when a section of your intranet is public-facing

Question 7

Packet-Switched Networks

Answer 7

• Instead of using dedicated circuits, data is broken into packets, each sent individually
• If multiple routes are available between two points on a network, packet switching can choose the best route, and fall back to secondary routes in case of failure
• Packets may take any path (and different paths) across a network, and are then reassembled by the receiving node

Question 8

OSI Model

Answer 8

1 - Phyiscal
2 - Data Link
3 - Network
4 - Transport
5 - Session
6 - Presentation
7 - Application

Question 9

OSI Layer 1

Answer 9

Physical
• Describes units of data such as bits represented by energy (such as light, electricity, or radio waves) and the medium used to carry them (such as copper or fiber optic cables)
• Cabling standards such as Thinnet, Thicknet, and Unshielded Twisted Pair (UTP) exist at layer 1, among many others
• Layer 1 devices include hubs and repeaters

Question 10

OSI Layer 2

Answer 10

Data Link
• Handles access to the physical layer as well as local area network communication
• An Ethernet card and its MAC (Media Access Control) address are at Layer 2, as are switches and bridges.
• Divided into two sub-layers:
• - Media Access Control (MAC) - transfers data to and from the physical layer - touches Layer 1
• - - 12-digit long number – prefix or first 6 assigned to
manufacturers by IEEE, second half represent serial number
• - Logical Link Control (LLC) -handles LAN communications - touches Layer 3
• - - Facilitates node-to-node flow control and error management (ARQ – Automatic Repeat Request)

Question 11

OSI Layer 3

Answer 11

Network
• Describes routing: moving data from a system on one LAN to a system on another
• IP addresses and routers
• Protocols include BGP, RIP, IPv4, IPv6, ICMP, and OSPF among others.
• Fragmentation – the subdivision of a packet into a manageable or allowable size

Question 12

Border Gateway Protocol or BGP

Answer 12

• Autonomous System (AS) is a large network or group of networks managed or controlled by a single entity or organization
• BGP is a path-vector routing protocol used between separate ASs; external BGP (eBGP) used between ASs (eg. ISPs), internal BGP (iBGP) used within a single autonomous system
• Chooses the shortest path through the internet by navigating the least number of ASs along the route;
• Routing Information Base (RIB) stores multiple paths across the internet, and can silently update/remove routes without notifying peers

Question 13

Internet Control Message Protocol (ICMP)

Answer 13

• 3 field that distinguish the type and code of the ICMP packet and those values never change in transit.
• Uses include manual troubleshooting (ping utility), network diagnostics (traceroute utility) and system-generated error messages during IP transmissions

Question 14

OSI Layer 4

Answer 14

Transport
• Handles packet sequencing, flow control, and error detection
• TCP and UDP are Layer 4 protocols
• Resending or re-sequencing packets

Question 15

OSI Layer 5

Answer 15

Session
• Manages sessions, providing maintenance on connections
• Remote Procedure Calls (RPCs)
• A good way to remember the session layer’s function is
“connections between applications”
• Simplex, half-duplex, and full-duplex communication.

Question 16

OSI Layer 6

Answer 16

Presentation
• Presents data to the application (and user) in a comprehensible way
• Concepts include data conversion, characters sets such as ASCII, and image formats such as GIF (Graphics Interchange Format), JPEG (Joint Photographic Experts Group), and TIFF (Tagged Image File Format)

Question 17

OSI Layer 7

Answer 17

Application
• Where you interface with your computer application
• Web browser, word processor, and instant messaging clients exist at Layer 7
• Protocols Telnet and FTP

Question 18

TCP/IP Model

Answer 18

1 - Network Access Layer
2 - Internet Layer
3 - Transport Layer
4 - Application Layer

Question 19

TCP/IP Layer 1

Answer 19

• Combines layers 1 (Physical) and 2 (Data Link) of the OSI model
• Describes Layer 1 issues such as energy, bits, and the medium used to carry them (copper, fiber, wireless, etc.)
• Also describes Layer 2 issues such as converting bits into
protocol units such as Ethernet frames, MAC (Media Access Control) addresses, and Network Interface Cards (NICs)

Question 20

TCP/IP Layer 2

Answer 20

Internet Layer
• Aligns with the Layer 3 (Network) layer of the OSI model
• IP addresses and routing
• IPv4, IPv6, ICMP, and routing protocols (among others)
• IP (Internet Protocol) governs the Internet layer. (All packets go through IP!

Question 21

The TCP Handshake

Answer 21

• Exchange of these four flags is performed in three steps: SYN, SYN-ACK, ACK
• The client chooses an initial sequence number, set in the first SYN packet
• The server also chooses its own initial sequence number, set in the SYN/ACK packet
• Each side acknowledges each other’s sequence number by incrementing it: this is the acknowledgement number
• Once a connection is established, ACKs typically follow for each segment
• The connection will eventually end with a RST (reset or tear down the connection) or FIN (gracefully end the connection)

Question 22

User Datagram Protocol (UDP)

Answer 22

• A simpler and faster cousin to TCP with no handshake, session, or reliability
• Has a simpler and shorter 8-byte header
• Fields include:
• Source IP
• Destination IP
• Packet length (header and data)
• Simple (and optional) checksum - if used, the checksum provides limited integrity to the UDP header and data
• Operates at Layer 4

Question 23

TCP/IP Layer 3

Answer 23

Host-to-host or Transport Layer same as OSI Layer 4 (Transport)
• Sometimes called either “Host-to-Host” or, more commonly, “Transport” alone
• Connects the Internet Layer to the Application Layer
• Where applications are addressed on a network, via ports
• TCP and UDP are the two Transport Layer protocols

Question 24

TCP/IP Layer 4

Answer 24

Application Layer
• Combines Layers 5 though 7 (Session, Presentation, and
Application) of the OSI mode
• Most of these protocols use a client-server architecture, where a client (such as ssh) connects to a listening server (called a daemon on UNIX systems) such as sshd
• Protocols include SSH, Telnet and FTP, among many others

Question 25

Encapsulation (Networking)

Answer 25

• Takes information from a higher layer and adds a header to it, treating the higher layer information as data
• “One layer’s header is another layer’s data.”

Question 26

MAC Addresses

Answer 26

• Unique hardware address of an Ethernet network interface card (NIC)
• Typically, “burned in” at the factory
• Two halves: the first 24 bits form the Organizationally Unique Identifier (OUI). Last 24 bits form a serial number (formally called an extension identifier)

Question 27

Firewall Types

Answer 27

o Static packet filtering firewall: “screening router”, very fast, simple, easiest to bypass/least secure.
o Application-level firewall: “gateway” or “proxy”; slow, complex, very secure.
o Stateful inspection firewall: Like a static packet filtering firewall but maintains “state”. Fast, harder to bypass, doesn’t see data.
o Circuit-level firewall: Operates like a stateful inspection firewall. No data inspection, semi-proxy (traffic appears as though it comes from the gateway).

Question 28

Repeaters, Concentrators, and Amplifiers

Answer 28

• Operate at the Physical Layer (Layer 1) and connect two networks of the same kind together. Same collision domain, collision domains are segmented at Layer 2 (coming up). A hub is a multiport repeater and a security risk.
• NO traffic filtering, what comes in one port goes out the other(s).
• No more than four repeaters in a row (RoT), 5-4-3 rule (5 segments, 4 repeaters, 3 have additional connections.

Question 29

Bridges and Switches

Answer 29

Operate at the Data Link Layer (Layer 2) and connect two networks of the same protocol together, can connect different physical types & speeds. A switch is a multiport bridge.
o Repeat/regenerate the signal (takes care of attenuation).
o Filters traffic based on MAC address (aka physical address).
o Breaks the collision domain, but broadcast domain remains (Layer 3).

Question 30

Switches

Answer 30

Operate a Layer 2 and there are NO ROUTING capabilities. Switches can segment networks using VLANs but cannot route between VLANs without a router. VLANs are created by “tagging” ports in the switch.

Question 31

Routers

Answer 31

Operate at the Network Layer (Layer 3) and connect two networks of the same protocol together, can connect different physical types, speeds, and layer 2 technologies (Ethernet, Token Ring, etc.).
o Repeat/regenerate the signal (takes care of attenuation).
o Filters traffic based on IP address (aka logical address).
o Breaks the collision domain and the broadcast domain.
o Determines the best route (path) through a network. Routing table built manually or with a routing protocol (BGP, OSPF, IGRP, EIGRP, RIP, etc.)

Question 32

Gateways

Answer 32

Can operate at all Layers (1 – 7) and connect two networks of different protocols together. Also called “protocol translators”.
o Repeat/regenerate the signal (takes care of attenuation).
o Many types, including data, mail, application, internet, etc.
o Breaks the collision domain and the broadcast domain.

Question 33

Static packet filtering firewall

Answer 33

• “screening router”, very fast, simple
• easiest to bypass/least secure.
• Sits between OSI Layer 3 and 4 (Network & Transport)

Question 34

Application-level firewall

Answer 34

“gateway” or “proxy”; slow, complex, very secure
- Operates at Layer 7 (Application) of OSI

Question 35

Stateful inspection firewall

Answer 35

• Like a static packet filtering firewall but maintains “state”.
• Fast, harder to bypass, doesn’t see data
• Sits between OSI layer 3 & 4 (Network & Transport)

Question 36

Circuit-level firewall

Answer 36

• Operates like a stateful inspection firewall.
• No data inspection, semi-proxy (traffic appears as though it comes from the gateway).
• Operates at Layer 5 (Session)

Question 37

Proxies

Answer 37

• A type of gateway that does not translate protocols
• Operates at all 7 layers
• Acts on behalf of host/s
• Network Address Translation (NAT) server that breaks the collision and broadcast domains.

Question 38

Secure Multipurpose Internet Mail Extensions (S/MIME)

Answer 38

Used for sending digitally signed and encrypted messages. Uses public key encryption and digital signatures to enable authentication and confidentiality for emails. X.509 digital certificates are used to provide authentication.
Two types of messages:
o Signed messages: To provide integrity, sender authentication, and nonrepudiation of the sender
o Enveloped messages: To provide integrity, sender authentication, and confidentiality

Question 39

Remote Authentication Dial-In User Service or “RADIUS”

Answer 39

o A RADIUS Client (or Network Access Server) is a networking device (like a VPN concentrator, router, switch) that is used to authenticate users.
o A RADIUS Server is a background process that runs on a UNIX or Windows server. It lets you maintain user profiles in a central database. Hence, if you have a RADIUS Server, you have control over who can connect with your network

Question 40

Diameter Protocol

Answer 40

Evolved from RADIUS.
Uses TCP/SCTP and it is reliable.