Module 2 - 03-1 Flashcards
Introduction to network protocols
Define Network protocols
A set of rules used by two or more devices on a network to describe the order of delivery and the structure of the data
Explain Network protocols
Network protocols serve as instructions that come with the information in the data packet. These instructions tell the receiving device what to do with the data. Protocols are like a common language that allows devices all across the world to communicate with and understand each other.
What does TCP stand for?
Transmission Control Protocol (TCP)
Define TCP
An internet communications protocol that allows two devices to form a connection and stream data
Please note: TCP isn’t limited to just two devices. It established a direct connection between two endpoints, but the underlying network infrastructure can handle routing data packets across multiple devices.
What protocol is used when a device wants to establish communications with a web server?
Transmission Control Protocol (TCP)
Briefly Explain TCP
Say you want to access a website. You go to the address bar at the top of your browser and type in the website’s address.
Before you gain access to the website, your device will establish communications with a web server. That communication uses a protocol called the Transmission Control Protocol, or TCP.
TCP also verifies both devices before allowing any further communications to take place. This is often referred to as a handshake. Once communication is established using a TCP handshake, a request is made to the network.
We have requested data from the website server. Their servers will respond to that request and send data packets back to your device so that you can view the web page.
Define TCP Handshake
TCP also verifies both devices before allowing any further communications to take place.
Explain the TCP Handshake
TCP uses a three-way handshake process.
First, the device sends a synchronize (SYN) request to a server.
Then the server responds with a SYN/ACK packet to acknowledge receipt of the device’s request.
Once the server receives the final ACK packet from the device, a TCP connection is established.
What does ARP stand for?
Address Resolution Protocol (ARP)
Define ARP
A network protocol used to determine the MAC address of the next router or device on the path
Briefly Explain ARP
As data packets move across the network, they move between network devices such as routers.
ARP is used to determine the MAC address of the next router or device on the path.
This ensures that the data gets to the right place. Now the communication has been established and the destination device is known, it’s time to access the website.
ARP is used to translate the IP addresses that are found in data packets into the MAC address of the hardware device.
What does HTTPS stand for?
Hypertext Transfer Protocol Secure (HTTPS)
Define HTTPS
A network protocol that provides a secure method of communication between client and website servers.
Briefly Explain HTTPS
It allows your web browser to securely send a request for a webpage to the website server and receive a webpage as a response.
What does HTTPS use to encrypt data?
Secure Sockets Layer and Transport Layer Security, otherwise known as SSL/TLS
What does SSL/TLS stand for?
Secure Sockets Layer and Transport Layer Security (SSL/TLS)
Briefly Explain SSL/TLS
This helps keep the information secure from malicious actors who want to steal valuable information.
Which protocol allows two or more devices to form a connection and stream data?
- Hypertext Transfer Protocol Secure (HTTPS)
- Domain Name System (DNS)
- Transmission Control Protocol (TCP)
- Address Resolution Protocol (ARP)
Transmission Control Protocol (TCP)
TCP is an internet communication protocol that allows two devices to form a connection and stream data.
What does DNS stand for?
Domain Name System (DNS)
Define DNS
A network protocol that translate internet domain names into IP addresses
Briefly Explain DNS
The DNS protocol sends the domain name and the web address to a DNS server that retrieves the IP address of the website you were trying to access. The IP address is included as a destination address for the data packets traveling to the website web server.
When a client computer wishes to access a website domain using their internet browser, a query is sent to a dedicated DNS server. The DNS server then looks up the IP address that corresponds to the website domain.
By visiting one website, what network protocols is your device using (4)?
- TCP
- ARP
- HTTPS
- DNS
How can a nefarious actor use the DNS protocol?
They can use the DNS protocol to divert traffic from a legitimate website to a malicious website containing malware
How many categories can Network Protocols be divided into?
Three (3)
What are the three categories of Network protocols?
- Communication Protocols
- Management Protocols
- Security Protocols
Define Communication Protocols
Communication protocols govern the exchange of information in network transmission.
They dictate how the data is transmitted between devices and the timing of the communication. They also include methods to recover data lost in transit.
What Network Protocols fall under the Communication Protocols category?
- Transmission Control Protocol (TCP)
- User Datagram Protocol (UDP)
- Hypertext Transfer Protocol (HTTP)
- Domain Name System (DNS)
What layer of the TCP/IP model does TCP occur at?
Transport Layer
Define UDP
A connectionless protocol that does not establish a connection between devices before a transmission.
This makes it less reliable than TCP. But it also means that it works well for transmissions that need to get to their destination quickly. For example, one use of UDP is for sending DNS requests to local DNS servers.
What layer of the TCP/IP model does UDP occur at?
Transport Layer
What does HTTP stand for?
Hypertext Transfer Protocol (HTTP)
Define HTTP
An application layer protocol that provides a method of communication between clients and website servers.
HTTP is considered insecure, so it is being replaced on most websites by a secure version, called HTTPS that uses encryption from SSL/TLS for communication. However, there are still many websites that use the insecure HTTP protocol.
What Port does HTTP use?
Port 80
What is Port 80 used for?
Hypertext Transfer Protocol (HTTP)
What layer of the TCP/IP model does HTTP occur at?
Application Layer
What Port does DNS use?
DNS normally uses UDP on Port 53.DNS normally uses UDP on port 53.
However, if the DNS reply to a request is large, it will switch to using the TCP protocol.
What is Port 53 used for?
Domain Name System (DNS)
What layer of the TCP/IP model does DNS occur at?
Application Layer
Define Management Protocols
Management protocols are used for monitoring and managing activity on a network. They include protocols for error reporting and optimizing performance on the network.
What Network Protocols fall under the Management Protocols category?
- Simple Network Management Protocol (SNMP)
- Internet Control Message Protocol (ICMP)
- Dynamic Host Configuration Protocol (DHCP)
What does SNMP stand for?
Simple Network Management Protocol (SNMP)
Define SNMP
A network protocol used for monitoring and managing devices on a network.
SNMP can reset a password on a network device or change its baseline configuration. It can also send requests to network devices for a report on how much of the network’s bandwidth is being used up.
What layer of the TCP/IP model does SNMP occur at?
Application Layer
What does ICMP stand for?
Internet Control Message Protocol (ICMP)
Define ICMP
An internet protocol used by devices to tell each other about data transmission errors across the network.
ICMP is used by a receiving device to send a report to the sending device about the data transmission. ICMP is commonly used as a quick way to troubleshoot network connectivity and latency by issuing the “ping” command on a Linux operating system.
What layer of the TCP/IP model does ICMP occur at?
Internet Layer
Define Security Protocols
Security Protocols are network protocols that ensure that data is sent and received securely across a network.
Security protocols use encryption algorithms to protect data in transit.
What Network Protocols fall under the Security Protocols category?
- Hypertext Transfer Protocol Secure (HTTPS)
- Secure File Transfer Protocol (SFTP)
What port does HTTPS use?
Port 443
What is Port 443 used for?
Hypertext Transfer Protocol Secure (HTTPS)
What layer of the TCP/IP model does ICMP occur at?
Application Layer
What does SFTP stand for?
Secure File Transfer Protocol (SFTP)
Define SFTP
A secure protocol used to transfer files from one device to another over a network.
SFTP uses secure shell (SSH), typically through TCP port 22.
SSH uses Advanced Encryption Standard (AES) and other types of encryption to ensure that unintended recipients cannot intercept the transmissions. SFTP is used often with cloud storage.
Every time a user uploads or downloads a file from cloud storage, the file is transferred using the SFTP protocol.
What does SSH stand for?
Secure Shell (SSH)
What does AES stand for?
Advanced Encryption Standard (AES)
What Port does SFTP use?
SFTP uses secure shell (SSH), typically through TCP port 22.
What is Port 22 used for?
Typically SFTP (Secure Shell (SSH))
What layer of the TCP/IP model does SFTP occur at?
Application Layer
What does IANA stand for?
Internet Assigned Numbers Authority (IANA)
Internet Assigned Numbers Authority
The Internet Assigned Numbers Authority is a standards organization that oversees global IP address allocation, autonomous system number allocation, root zone management in the Domain Name System, media types, and other Internet Protocol–related symbols and Internet numbers.
They assign port numbers to protocols
What does NAT stand for?
Network Address Translation (NAT)
Explain NAT
The devices on your local home or office network each have a private IP address that they use to communicate directly with each other. However, in order for the devices with private IP addresses to communicate with the public internet, they need to have a single public IP address that represents all devices on the LAN to the public.
For outgoing messages, the router can replace a private source IP address with its public IP address and perform the reverse operation for responses.
This process is known as Network Address Translation (NAT) and it generally requires a router or firewall to be specifically configured to perform NAT.
What layer of the TCP/IP model does NAT occur at?
NAT is a part of layer 2 (Internet Layer) and layer 3 (Transport Layer) of the TCP/IP model.
What does DHCP stand for?
Dynamic Host Configuration Protocol (DHCP)
Explain DHCP
DHCP is an application layer protocol used on a network to configure devices. It works with the router to assign a unique IP address to each device and provide the addresses of the appropriate DNS server and default gateway for each device.
What Port does DHCP Servers use?
UDP Port 67
What is Port 67 used for?
DHCP Servers
What Port does DHCP Clients use?
UDP Port 68
What is Port 68 used for?
DHCP Clients
What layer of the TCP/IP model does DHCP occur at?
Application Layer
What layer of the TCP/IP model does ARP occur at?
Network Access Layer
What layer of the OSI model does ARP occur at?
Typically it falls under Layer 2 (Data Link).
It can fall in between Layer 2 (Data Link) and Layer 3 (Network Layer)
Define Telnet
Telnet is an application layer protocol that is used to connect with a remote system. Telnet sends all information in clear text. It uses command line prompts to control another device similar to secure shell (SSH), but Telnet is not as secure as SSH. Telnet can be used to connect to local or remote devices
What Port does Telnet use?
TCP Port 23
What is Port 23 used for?
Telnet
What layer of the TCP/IP model does Telnet occur at?
Application Layer
Define SSH
Secure shell protocol (SSH) is used to create a secure connection with a remote system.
This application layer protocol provides an alternative for secure authentication and encrypted communication. SSH operates over the TCP port 22 and is a replacement for less secure protocols, such as Telnet.
What layer of the TCP/IP model does SSH occur at?
Application Layer
What Port does SSH use?
TCP Port 22
What is Port 22 used for?
SSH
What does POP stand for?
Post office protocol (POP)
Explain POP
Post office protocol (POP) is an application layer (layer 4 of the TCP/IP model) protocol used to manage and retrieve email from a mail server.
POP3 is the most commonly used version of POP.
Many organizations have a dedicated mail server on the network that handles incoming and outgoing mail for users on the network. User devices will send requests to the remote mail server and download email messages locally.
If you have ever refreshed your email application and had new emails populate in your inbox, you are experiencing POP and internet message access protocol (IMAP) in action.
Unencrypted, plaintext authentication uses TCP/UDP port 110 and encrypted emails use Secure Sockets Layer/Transport Layer Security (SSL/TLS) over TCP/UDP port 995.
When using POP, mail has to finish downloading on a local device before it can be read. After downloading, the mail may or may not be deleted from the mail server, so it does not guarantee that a user can sync the same email across multiple devices.
What Port does POP3 (unencrypted) use?
TCP/UDP Port 110
What is Port 110 used for?
POP3 Unencrypted, plaintext authentication
What Port does POP3 (encrypted, SSL/TLS) use?
TCP/UDP Port 995
What is Port 995 used for?
POP3 encrypted emails use Secure Sockets Layer/Transport Layer Security (SSL/TLS)
What layer of the TCP/IP model does POP occur at?
Application Layer
What does IMAP stand for?
Internet Message Access Protocol (IMAP)
Explain POP
IMAP is used for incoming email. It downloads the headers of emails and the message content. The content also remains on the email server, which allows users to access their email from multiple devices.
Using IMAP allows users to partially read email before it is finished downloading. Since the mail is kept on the mail server, it allows a user to sync emails across multiple devices.
What Port does IMAP (unencrypted) use?
TCP Port 143
What is Port 143 used for?
IMAP unencrypted email
What Port does IMAP (encrypted, SSL/TLS) use?
TCP Port 995
What is Port 995 used for?
IMAP encrypted emails use Transport Layer Security (TLS) protocol
What does SMTP stand for?
Simple Mail Transfer Protocol (SMTP)
Explain SMTP
Simple Mail Transfer Protocol (SMTP) is used to transmit and route email from the sender to the recipient’s address. SMTP works with Message Transfer Agent (MTA) software, which searches DNS servers to resolve email addresses to IP addresses, to ensure emails reach their intended destination.
SMTP uses TCP/UDP port 25 for unencrypted emails and TCP/UDP port 587 using TLS for encrypted emails. The TCP port 25 is often used by high-volume spam. SMTP helps to filter out spam by regulating how many emails a source can send at a time.
What Port does SMTP (unencrypted) use?
TCP/UDP Port 25
The TCP port 25 is often used by high-volume spam.
What is Port 25 used for?
SMTP (unencrypted)
What Port does SMTP (encrypted, TLS) use?
TCP/UDP Port 587
What is Port 587 used for?
SMTP (encrypted, TLS)
What does IEEE stand for?
Institute of Electrical and Electronics Engineers
What is IEEE?
An organization that maintains Wi-Fi standards, and 802.11 is a suite of protocols used in wireless communications
What is IEEE 802.11 commonly known as?
Wi-Fi
Wi-Fi is a marketing term commissioned by the Wireless Ethernet Compatibility Alliance (WECA)
Define IEEE 802.11 (WiFi)
A set of standards that define communications for wireless LANs
What does WECA stand for?
Wireless Ethernet Compatibility Alliance (WECA)
WECA has since renamed their organization Wi-Fi Alliance.
How many wireless security protocols are there?
Four (4)
What are the wireless security protocols?
- WEP
- WPA
- WPA2
- WPA3
What does WEP stand for?
Wired equivalent privacy (WEP)
Define WEP
A wireless security protocol designed to provide users with the same level of privacy on wireless network connections as they have on wired network connections
In what year was WEP developed?
1999
What does WPA stand for?
Wi-Fi Protected Access (WPA)
Define WPA
A wireless security protocol for devices to connect to the internet
In what year was WPA developed?
2003
Explain how WPA improved on WEP and some of it challenges
The flaws with WEP were in the protocol itself and how the encryption was used. WPA addressed this weakness by using a protocol called Temporal Key Integrity Protocol (TKIP). WPA encryption algorithm uses larger secret keys than WEPs, making it more difficult to guess the key by trial and error.
WPA also includes a message integrity check that includes a message authentication tag with each transmission. If a malicious actor attempts to alter the transmission in any way or resend at another time, WPA’s message integrity check will identify the attack and reject the transmission.
Despite the security improvements of WPA, it still has vulnerabilities. Malicious actors can use a key reinstallation attack (or KRACK attack) to decrypt transmissions using WPA. Attackers can insert themselves in the WPA authentication handshake process and insert a new encryption key instead of the dynamic one assigned by WPA. If they set the new key to all zeros, it is as if the transmission is not encrypted at all.
What does TKIP stand for?
Temporal Key Integrity Protocol (TKIP)
What is a key reinstallation attack also known as?
KRACK attack
What does KRACK stand for?
Key Reinstallation Attack
What does WPA2 stand for?
Wi-Fi Protected Access 2 (WPA2)
In what year was WPA2 released?
2004
Explain how WPA2 improved on WPA and some of it challenges
The second version of Wi-Fi Protected Access—known as WPA2—was released in 2004. WPA2 improves upon WPA by using the Advanced Encryption Standard (AES). WPA2 also improves upon WPA’s use of TKIP. WPA2 uses the Counter Mode Cipher Block Chain Message Authentication Code Protocol (CCMP), which provides encapsulation and ensures message authentication and integrity. Because of the strength of WPA2, it is considered the security standard for all Wi-Fi transmissions today. WPA2, like its predecessor, is vulnerable to KRACK attacks. This led to the development of WPA3 in 2018.
Personal
WPA2 personal mode is best suited for home networks for a variety of reasons. It is easy to implement, initial setup takes less time for personal than enterprise version. The global passphrase for WPA2 personal version needs to be applied to each individual computer and access point in a network. This makes it ideal for home networks, but unmanageable for organizations.
Enterprise
WPA2 enterprise mode works best for business applications. It provides the necessary security for wireless networks in business settings. The initial setup is more complicated than WPA2 personal mode, but enterprise mode offers individualized and centralized control over the Wi-Fi access to a business network. This means that network administrators can grant or remove user access to a network at any time. Users never have access to encryption keys, this prevents potential attackers from recovering network keys on individual computers.
What does AES stand for?
Advanced Encryption Standard (AES)
What does WPA3 stand for?
Wi-Fi Protected Access 3 (WPA3)
What does CCMP stand for?
Counter Mode Cipher Block Chain Message Authentication Code Protocol (CCMP)
In what year was WPA3 developed?
2018
What are the key differences between WPA2 and WPA3?
WPA3 is a secure Wi-Fi protocol and is growing in usage as more WPA3 compatible devices are released.
These are the key differences between WPA2 and WPA3:
* WPA3 addresses the authentication handshake vulnerability to KRACK attacks, which is present in WPA2.
* WPA3 uses Simultaneous Authentication of Equals (SAE), a password-authenticated, cipher-key-sharing agreement. This prevents attackers from downloading data from wireless network connections to their systems to attempt to decode it.
* WPA3 has increased encryption to make passwords more secure by using 128-bit encryption, with WPA3-Enterprise mode offering optional 192-bit encryption.
What does SAE stand for?
Simultaneous Authentication of Equals (SAE)
Network protocols are rules used by two or more devices on a network to describe the _____ and structure of data.
- maximum size
- optimum speed
- access level
- order of delivery
order of delivery
Network protocols are rules used by two or more devices on a network to describe the order of delivery and the structure of data.
Which network protocol provides a secure method of communication between clients and web servers?
- TCP
- ARP
- DNS
- HTTPS
HTTPS
Hypertext transfer protocol secure (HTTPS) provides a secure method of communication between clients and web servers. HTTPS uses digital certificates to perform authentication and can operate over TCP ports 443 and 80.
To keep information safe from malicious actors, what security protocol can be used?
- Transmission control protocol (TCP)
- Address resolution protocol (ARP)
- Domain name system (DNS)
- Secure sockets layer and transport layer security (SSL/TLS)
Secure sockets layer and transport layer security (SSL/TLS)
To keep information safe from malicious actors, SSL/TLS can be used. It secures hypertext transfer protocol (HTTP) transactions, which is known as hypertext transfer protocol secure (HTTPS).
IEEE 802.11, also known as Wi-Fi, is a set of standards that define communication for wireless LANs.
- True
- False
True
IEEE 802.11, also known as Wi-Fi, is a set of standards that define communication for wireless LANs.
