MODULE 5 - CERTIFICATION CYBER OPS ASSOCIATE Flashcards
Network Communications Process Networks of Many Sizes Networks come in all sizes.
They range from simple networks that consist of two computers, to networks connecting millions of devices. Simple home networks let you share resources, such as printers, documents, pictures, and music, among a few local end devices.
Small office and home office (SOHO) networks allow people to work from home, or a remote office.
Many self-employed workers use these types of networks to advertise and sell products, order supplies, and communicate with customers.
Businesses and large organizations use networks to provide consolidation, storage, and access to information on network servers. Networks provide email, instant messaging, and collaboration among employees.
Many organizations use their network’s connection to the internet to provide products and services to customers.
Small office and home office (SOHO) networks allow people to work from home, or a remote office.
Many self-employed workers use these types of networks to advertise and sell products, order supplies, and communicate with customers.
Businesses and large organizations use networks to provide consolidation, storage, and access to information on network servers. Networks provide email, instant messaging, and collaboration among employees.
Many organizations use their network’s connection to the internet to provide products and services to customers.
The internet is the largest network in existence. In fact, the term internet means a “network of networks”. It is a collection of interconnected private and public networks.
In small businesses and homes, many computers function as both the servers and clients on the network. This type of network is called a peer-to-peer network.
Small Home Networks Small home networks connect a few computers to each other and to the internet.
https://snipboard.io/47RW0J.jpg
Small Office and Home Office Networks The SOHO network allows computers in a home office or a remote office to connect to a corporate network, or access centralized, shared resources.
https://snipboard.io/AXWkzr.jpg
Medium to Large Networks Medium to large networks, such as those used by corporations and schools, can have many locations with hundreds or thousands of interconnected hosts.
https://snipboard.io/PWwcNH.jpg
World Wide Networks The internet is a network of networks that connects hundreds of millions of computers world-wide.
https://snipboard.io/P08NhO.jpg
Client-Server Communications All computers that are connected to a network and that participate directly in network communication are classified as hosts.
Hosts are also called end devices, endpoints, or nodes. Much of the interaction between end devices is client-server traffic.
For example, when you access a web page on the internet, your web browser (the client) is accessing a server. When you send an email message, your email client will connect to an email server.
Servers are simply computers with specialized software. This software enables servers to provide information to other end devices on the network.
A server can be single-purpose, providing only one service, such as web pages.
A server can be multipurpose, providing a variety of services such as web pages, email, and file transfers.
Servers are simply computers with specialized software. This software enables servers to provide information to other end devices on the network.
A server can be single-purpose, providing only one service, such as web pages. A server can be multipurpose, providing a variety of services such as web pages, email, and file transfers.
Client computers have software installed, such as web browsers, email clients, and file transfers applications. This software enables them to request and display the information obtained from the server.
A single computer can also run multiple types of client software. For example, a user can check email and view a web page while listening to internet radio. File Server - The file server stores corporate and user files in a central location.
Web Server - The web server runs web server software that allows many computers to access web pages. Email Server - The email server runs email server software that enables emails to be sent and received.
https://snipboard.io/BsRdES.jpg https://snipboard.io/R1wlK0.jpg
Typical Sessions A typical network user at school, at home, or in the office, will normally use some type of computing device to establish many connections with network servers.
Those servers could be located in the same room or around the world.
Let’s look at a few typical network communication sessions.
– Student
– Gamer
– Surgeon
Student : Terry is a high school student whose school has recently started a “bring your own device” (BYOD) program. Students are encouraged to use their cell phones or other devices such as tablets or laptops to access learning resources. Terry has just been given an assignment in language arts class to research the effects of World War I on the literature and art of the time.
She enters the search terms she has chosen into a search engine app that she has opened on her cell phone. Terry has connected her phone to the school Wi-Fi network. Her search is submitted from her phone to the school network wirelessly. Before her search can be sent, the data must be addressed so that it can find its way back to Terry. Her search terms are then represented as a string of binary data that has been encoded into radio waves.
Her search string is then converted to electrical signals that travel on the school’s wired network until they reach the place at which the school’s network connects to the Internet Service Provider’s (ISP) network.
A combination of technologies take Terry’s search to the search engine website. For example, Terry’s data flows with the data of thousands of other users along a fiber-optic network that connects Terry’s ISP with the several other ISPs, including the ISP that is used by the search engine company.
Eventually, Terry’s search string enters the search engine company’s website and is processed by its powerful servers. The results are then encoded and addressed to Terry’s school and her device. All of these transitions and connections happen in a fraction of a second, and Terry has started on her path to learning about her subject.
Typical Sessions A typical network user at school, at home, or in the office, will normally use some type of computing device to establish many connections with network servers.
Those servers could be located in the same room or around the world.
Let’s look at a few typical network communication sessions.
– Student
– Gamer
– Surgeon
Gamer : Michelle loves computer games. She has a powerful gaming console that she uses to play games against other players, watch movies, and play music. Michelle connects her game console directly to her network with a copper network cable.
Michelle’s network, like many home networks, connects to an ISP using a router and a cable modem. These devices allow Michelle’s home network to connect to a cable TV network that belongs to Michelle’s ISP. The cable wires for Michelle’s neighborhood all connect to a central point on a telephone pole and then connect to a fiber-optic network. This fiber-optic network connects many neighborhoods that are served by Michelle’s ISP.
All those fiber-optic cables connect to telecommunications services that provide access to the high-capacity connections. These connections allow thousands of users in homes, government offices, and businesses to connect internet destinations around the world. Michelle has connected her game console to a company that hosts a very popular online game. Michelle is registered with the company, and its servers keep track of Michelle’s scores, experiences, and game assets.
Michelle’s actions in her game become data that is sent to the gamer network. Michelle’s moves are broken up to groups of binary data that each consist of a string of zeros and ones. Information that identifies Michelle, the game she is playing, and Michelle’s network location are added to the game data.
The pieces of data that represent Michelle’s game play are sent at high speed to the game provider’s network. The results are returned to Michelle in the form of graphics and sounds. All of this happens so quickly that Michelle can compete with hundreds of other gamers in real-time.
Typical Sessions A typical network user at school, at home, or in the office, will normally use some type of computing device to establish many connections with network servers.
Those servers could be located in the same room or around the world.
Let’s look at a few typical network communication sessions.
– Student
– Gamer
– Surgeon
Surgeon : Dr. Ismael Awad is an oncologist who performs surgery on cancer patients. He frequently needs to consult with radiologists and other specialists on patient cases. The hospital that Dr. Awad works for subscribes to a special service called a cloud. The cloud allows medical data, including patient x-rays and MRIs to be stored in a central location that is accessed over the internet.
In this way, the hospital does not need to manage paper patient records and X-ray films. When a patient has an X-ray taken, the image is digitized as computer data. The X-ray is then prepared by hospital computers to be sent to the medical cloud service. Because security is very important when working with medical data, the hospital uses network services that encrypt the image data and patient information.
This encrypted data cannot be intercepted and read as it travels across the internet to the cloud service provider’s data centers. The data is addressed so that it can be routed to the cloud provider’s data center to reach the correct services that provide storage and retrieval of high-resolution digital images.
Dr. Awad and the patient’s care team can connect to this special service, meet with other doctors in audio conferences and discuss patient records to decide on the best treatment that can be provided to the patient. Dr. Awad can work with specialists from diverse locations to view the medical images and other patient data and discuss the case.
All of this interaction is digital and takes place using networked services that are provided by the medical cloud service.
Tracing the Path We tend to think about the data networks we use in our daily lives as we think about driving a car.
We do not really care what happens in the engine as long as the car takes us where we want to go.
However, just like a car’s mechanic knows the details of how a car operates, cybersecurity analysts need to have a deep understanding of how networks operate.
When we connect to a website to read social media or shop, we seldom care about how our data gets to the website and how data from the website gets to us. We are not aware of the many technologies that enable us to use the internet.
A combination of copper and fiber-optic cables that go over land and under the ocean carry data traffic. High-speed wireless and satellite technologies are also used. These connections connect telecommunications facilities and internet service providers (ISP) that are distributed throughout the world, as shown in the figure. These global Tier 1 and Tier 2 ISPs connect portions of the internet together, usually through an Internet Exchange Point (IXP).
Larger networks will connect to Tier 2 networks through a Point of Presence (PoP), which is usually a location in the building where physical connections to the ISP are made. The Tier 3 ISPs connect homes and businesses to the internet.
When we connect to a website to read social media or shop, we seldom care about how our data gets to the website and how data from the website gets to us. We are not aware of the many technologies that enable us to use the internet. A combination of copper and fiber-optic cables that go over land and under the ocean carry data traffic.
High-speed wireless and satellite technologies are also used. These connections connect telecommunications facilities and internet service providers (ISP) that are distributed throughout the world, as shown in the figure. These global Tier 1 and Tier 2 ISPs connect portions of the internet together, usually through an Internet Exchange Point (IXP).
Larger networks will connect to Tier 2 networks through a Point of Presence (PoP), which is usually a location in the building where physical connections to the ISP are made. The Tier 3 ISPs connect homes and businesses to the internet.
Because of different relationships between ISPs and telecommunications companies, traffic from a computer to an internet server can take many paths. The traffic of a user in one country can take a very indirect path to reach its destination. The traffic might first travel from the local ISP to a facility that has connections to many other ISPs.
A user’s internet traffic can go many hundreds of miles in one direction only to be routed in a completely different direction to reach its destination. Some of the traffic can take certain routes to reach the destination, and then take completely different routes to return.
Cybersecurity analysts must be able to determine the origin of traffic that enters the network, and the destination of traffic that leaves it. Understanding the path that network traffic takes is essential to this.
https://snipboard.io/PIWsqL.jpg
Communications Protocols What are Protocols?
Simply having a wired or wireless physical connection between end devices is not enough to enable communication.
For communication to occur, devices must know “how” to communicate.
Communication, whether by face-to-face or over a network, is governed by rules called protocols. These protocols are specific to the type of communication method occurring.
For example, consider two people communicating face-to-face. Prior to communicating, they must agree on how to communicate.
If the communication is using voice, they must first agree on the language. Next, when they have a message to share, they must be able to format that message in a way that is understandable.
For example, if someone uses the English language, but poor sentence structure, the message can easily be misunderstood. Similarly, network protocols specify many features of network communication, as shown in the figure.
https://snipboard.io/p4L5Ud.jpg
Network Protocols Network protocols provide the means for computers to communicate on networks. Network protocols dictate the message encoding, formatting, encapsulation, size, timing, and delivery options. Networking protocols define a common format and set of rules for exchanging messages between devices.
Some common networking protocols are Hypertext Transfer Protocol (HTTP), Transmission Control Protocol (TCP), and Internet Protocol (IP). As a cybersecurity analyst, you must be very familiar with the structure of protocol data and how the protocols function in network communications.
Note: IP in this course refers to both the IPv4 and IPv6 protocols. IPv6 is the most recent version of IP and will eventually replace the more common IPv4.
– Message Structure
– Path Sharing
– Information Sharing
– Session Management
Message Structure :
https://snipboard.io/pvcBxr.jpg
Network Protocols Network protocols provide the means for computers to communicate on networks. Network protocols dictate the message encoding, formatting, encapsulation, size, timing, and delivery options. Networking protocols define a common format and set of rules for exchanging messages between devices.
Some common networking protocols are Hypertext Transfer Protocol (HTTP), Transmission Control Protocol (TCP), and Internet Protocol (IP). As a cybersecurity analyst, you must be very familiar with the structure of protocol data and how the protocols function in network communications.
Note: IP in this course refers to both the IPv4 and IPv6 protocols. IPv6 is the most recent version of IP and will eventually replace the more common IPv4. – Message Structure – Path Sharing – Information Sharing – Session Management
Path Sharing : https://snipboard.io/9rQmpW.jpg
Network Protocols Network protocols provide the means for computers to communicate on networks. Network protocols dictate the message encoding, formatting, encapsulation, size, timing, and delivery options.
Networking protocols define a common format and set of rules for exchanging messages between devices. Some common networking protocols are Hypertext Transfer Protocol (HTTP), Transmission Control Protocol (TCP), and Internet Protocol (IP). As a cybersecurity analyst, you must be very familiar with the structure of protocol data and how the protocols function in network communications.
Note: IP in this course refers to both the IPv4 and IPv6 protocols. IPv6 is the most recent version of IP and will eventually replace the more common IPv4.
– Message Structure
– Path Sharing
– Information Sharing
– Session Management
Information Sharing : https://snipboard.io/16LzwQ.jpg
Network Protocols Network protocols provide the means for computers to communicate on networks. Network protocols dictate the message encoding, formatting, encapsulation, size, timing, and delivery options.
Networking protocols define a common format and set of rules for exchanging messages between devices. Some common networking protocols are Hypertext Transfer Protocol (HTTP), Transmission Control Protocol (TCP), and Internet Protocol (IP). As a cybersecurity analyst, you must be very familiar with the structure of protocol data and how the protocols function in network communications.
Note: IP in this course refers to both the IPv4 and IPv6 protocols. IPv6 is the most recent version of IP and will eventually replace the more common IPv4.
– Message Structure
– Path Sharing
– Information Sharing
– Session Management
Session Management :
https://snipboard.io/OARn7y.jpg
The TCP/IP Protocol Suite Today, the TCP/IP protocol suite includes many protocols and continues to evolve to support new services.
Some of the more popular ones are shown in the figure.
https://snipboard.io/5DOELW.jpg https://snipboard.io/6iyd2Y.jpg
Application Layer :
Name System DNS -
Domain Name System. Translates domain names such as cisco.com, into IP addresses.
Application Layer :
Host Config DHCPv4 - Dynamic Host Configuration Protocol for IPv4.
A DHCPv4 server dynamically assigns IPv4 addressing information to DHCPv4 clients at start-up and allows the addresses to be re-used when no longer needed.
DHCPv6 - Dynamic Host Configuration Protocol for IPv6. DHCPv6 is similar to DHCPv4. A DHCPv6 server dynamically assigns IPv6 addressing information to DHCPv6 clients at start-up.
SLAAC - Stateless Address Autoconfiguration. A method that allows a device to obtain its IPv6 addressing information without using a DHCPv6 server.
Application Layer : :
Email SMTP - Simple Mail Transfer Protocol. Enables clients to send email to a mail server and enables servers to send email to other servers.
POP3 - Post Office Protocol version 3. Enables clients to retrieve email from a mail server and download the email to the client’s local mail application.
IMAP - Internet Message Access Protocol. Enables clients to access email stored on a mail server as well as maintaining email on the server.
Application Layer : :
File Transfer FTP - File Transfer Protocol. Sets the rules that enable a user on one host to access and transfer files to and from another host over a network. FTP is a reliable, connection-oriented, and acknowledged file delivery protocol.
SFTP - SSH File Transfer Protocol. As an extension to Secure Shell (SSH) protocol, SFTP can be used to establish a secure file transfer session in which the file transfer is encrypted. SSH is a method for secure remote login that is typically used for accessing the command line of a device.
TFTP - Trivial File Transfer Protocol. A simple, connectionless file transfer protocol with best-effort, unacknowledged file delivery. It uses less overhead than FTP.
Application Layer : :
Web and Web Service HTTP - Hypertext Transfer Protocol. A set of rules for exchanging text, graphic images, sound, video, and other multimedia files on the World Wide Web. HTTPS - HTTP Secure.
A secure form of HTTP that encrypts the data that is exchanged over the World Wide Web.
REST - Representational State Transfer. A web service that uses application programming interfaces (APIs) and HTTP requests to create web applications.
Transport layer Connection-Oriented TCP - Transmission Control Protocol.
Enables reliable communication between processes running on separate hosts and provides reliable, acknowledged transmissions that confirm successful delivery.
Transport layer :
Connectionless UDP - User Datagram Protocol.
Enables a process running on one host to send packets to a process running on another host.
However, UDP does not confirm successful datagram transmission.
Internet Layer Internet Protocol IPv4 - Internet Protocol version 4. Receives message segments from the transport layer, packages messages into packets, and addresses packets for end-to-end delivery over a network. IPv4 uses a 32-bit address.
IPv6 - IP version 6. Similar to IPv4 but uses a 128-bit address. NAT - Network Address Translation. Translates IPv4 addresses from a private network into globally unique public IPv4 addresses.
Internet Layer :
Messaging ICMPv4 - Internet Control Message Protocol for IPv4. Provides feedback from a destination host to a source host about errors in packet delivery.
ICMPv6 - ICMP for IPv6. Similar functionality to ICMPv4 but is used for IPv6 packets. ICMPv6 ND - ICMPv6 Neighbor Discovery. Includes four protocol messages that are used for address resolution and duplicate address detection.
Internet Layer :
Routing Protocols OSPF - Open Shortest Path First.
Link-state routing protocol that uses a hierarchical design based on areas. OSPF is an open standard interior routing protocol.
EIGRP - EIGRP - Enhanced Interior Gateway Routing Protocol. An open standard routing protocol developed by Cisco that uses a composite metric based on bandwidth, delay, load and reliability.
BGP - Border Gateway Protocol. An open standard exterior gateway routing protocol used between Internet Service Providers (ISPs). BGP is also commonly used between ISPs and their large private clients to exchange routing information.
Network Access Layer
Address Resolution ARP - Address Resolution Protocol. Provides dynamic address mapping between an IPv4 address and a hardware address.
Note: You may see other documentation state that ARP operates at the Internet Layer (OSI Layer 3). However, in this course we state that ARP operates at the Network Access layer (OSI Layer 2) because it’s primary purpose is the discover the MAC address of the destination.
A MAC address is a Layer 2 address.
