Old - Domain 2: Telecommunications and Network Security Flashcards
OSI model
A network model with seven layers: physical, data link, network, transport, session, presentation, and application.
TCP/IP model
A simpler network model with four layers: network access, Internet, transport, and application.
Packet-switched network
A form of networking where bandwidth is shared and data is carried in units called packets.
Switch
A layer 2 device that carries traffic on one Local Area Network, based on Media Access Control (MAC) addresses.
Router
A layer 3 device that routes traffic from one LAN to another, based on IP addresses.
Packet filter and stateful firewalls
Devices that filter traffic based on OSI Layer 3 (IP addresses) and Layer 4 (ports).
Carrier Sense Multiple Access (CSMA)
A method used by Ethernet networks to allow shared usage of a baseband (one-channel) network and avoid collisions (multiple interfering signals).
Simplex communication
One way communication, like a car radio tuned to a music station.
Half-duplex communication
Communication that sends or receives at one time only (not simultaneously), like a walkie-talkie.
Full-duplex communication
Communication that sends and receives simultaneously, like two people having a face-to-face conversation.
Baseband networks
Networks that have one channel and can send only one signal at a time. (Like ethernet networks)
100baseT UTP cable
100 megabit, baseband, and twisted pair cable for ethernet networks.
Broadband networks
Have multiple channels and can send multiple signals at a time, like cable TV.
Analog communication
Communication like what our ears hear, a continuous wave of information. (such as the original phone networks or vinyl record)
Digital communication
Communication that is transferred in bits: ones and zeroes. (such as CD, or VOIP)
Metropolitan Area Network (MAN)
Network that is typically confined to a city, Zip Code, campus, or office park.
Local Area Network (LAN)
Network that is typically confined to a building or area within a building.
Wide Area Network (WAN)
Network that typically covers cities, states, or countries.
Global Area Network (GAN)
Network that is a global collection of WANs. (such as the US Dept of Defense global network)
Personal Area Network (PAN)
Network with a range of 100 meters or less.
Internet
A global collection of peered networks running TCP/IP, providing best-effort service.
Intranet
A privately owned network running TCP/IP, such as a company network.
Extranet
A connection between private Intranets, such as connections to business partners.
Circuit-switched networks
A dedicated circuit or channel (portion of a circuit) between two nodes. Used to provide dedicated bandwidth to point-to-point connections, such as a T1 connecting two offices.
Disadvantage of circuit switched networks?
Once a channel or circuit is connected, it is dedicated to that purpose, even while no data is being transferred.
Packet-switched networks
Designed to address issues with circuit-switched networks, as well as handle network failures more robustly. Designed to make unused bandwidth available for other connections.
ARPAnet
Predecessor of the Internet. Created out of research done in the 1960s by the US Defense Advanced Research Projects Agency (DARPA).
Quality of Service (QoS)
Used in packet-switched networks to give specific traffic precedence over other traffic. (often applied to VoIP traffic)
Network model
A description of how a network protocol suite operates, such as the OSI model or TCP/IP model.
Network stack
A network protocol suite programmed in software or hardware. (TCP/IP)
What network model do most systems now use?
TCP/IP Model
X.200: Information Technology - Open Systems Interconnection - Basic Reference Model
Formal name for OSI model.
Name the 2 sub-layes that the Data Link Layer is dividing into.
Media Access Control (MAC) and Logical Link Control (LLC)
OSI - Data Link Layer - MAC Layer
Transfers data to and from the physical layer. Touches layer 1.
OSI - Data Link Layer - LLC layer
Handles LAN communications. Touches layer 3.
OSI - Physical Layer (Layer 1)
Describes unites of data such as bits represented by energy and the medium used to carry them.
OSI - Data Link Layer (Layer 2)
Handles access to the physical layer as well as local area network communication.
Layer 1 devices
Hubs and repeaters.
Layer 2 devices
Switches and bridges.
OSI - Network Layer (Layer 3)
Describes routing: moving data from a system on one LAN to a system on another.
Layer 3 devices
Routers.
Layer 3 protocols
IPv4 and IPv6
OSI - Transport Layer (Layer 4)
handles packet sequencing, flow control, and error detection.
Layer 4 protocols
TCP & UDP
OSI - Session (Layer 5)
Manages sessions, which provide maintenance on connections.
Good way to remember Session layer.
Connections between applications.
Layer 5 example.
Mounting a network share. Used remote procedure calls (RPCs), which exist at the session layer.
OSI - Presentation Layer (Layer 6)
Presents data to the application (and user) in a comprehensible way.
Layer 6 concepts include what?
Data conversions, character sets such as ASCII, and image formats such as GIF or TIFF.
OSI - Application (Layer 7)
This is where you interface with your computer application.
Layer 7 examples.
Web browser, word processor, and instant messenger client.
Layer 7 protocols.
Telnet and FTP.
Please Do Not Throw Sausage Pizza Away
Mnemonic to help remember layers of OSI model.
TCP/IP was created by?
US Defense Advanced Research Projects Agency in the 1970s
Internet Protocol Suite
Formal name for TCP/IP model.
TCP/IP - Network Access Layer
Combines Layer 1 and Layer 2 of the OSI model.
TCP/IP - Internet Layer
Aligns with Layer 3 of the OSI model.
TCP/IP - Host-to-Host Transport Layer - Sometimes referred to as Host-to-Host or Transport alone.
Aligns with Layer 4 of the OSI model. Connects the Internet Layer to the Application Layer.
TCP/IP - Application Layer
Combines Layers 5 through 7 of the OSI model.
TCP/IP Application Layer protocol examples.
SSH, Telnet, and FTP.
Encapsulation
Takes information from a higher layer and adds a header to it, treating the higher layer information as data.
Protocol Data Unit (PDU) examples
Data, segments, packets, frames, and bits.
Demultiplexing
Sometimes called de-encapsulation, is the reverse of encapsulation.
MAC addresses
Historically 48 bits long. The first 24 bits form the Organizationally Unique Identifier (OUI), and the last 24 bits form a serial number (formally called an extension identifier)
EUI-64 MAC addresses
Created by IEEE. The OUI is still 24 bits, but the serial number is 40 bits. IPv6 autoconfiguration is compatible with this as well as conventional MAC addresses.
IPv4
Fundamental protocol of the Internet, designed in the 1970s to support packet-switched networking for DARPA. Used for ARPAnet, which later became the Internet.
IPv4 Header fields?
20 bytes long (with no options), and contains the following key fields:
- Version - IP version (4 for IPv4)
- IHL - Length of IP header
- Type of Service - Sets the precedence of the packet.
- Identification, Flags, and Offset - Used for IP fragmentation.
- Time to Live - To end routing loops.
- Protocol - Embedded protocol (TCP, UDP, etc)
- Source and Destination Address
- Options and Padding (optional)
IP fragmentation
If a packet exceeds the Maximum Transmission Unit (MTU) of a network, a router along the path may fragment it.
Maximum Transmission Unit (MTU)
Maximum PDU size on a network.
Typical MTU size for IP packet?
1500 bytes
Field used to reassociate fragmented packets?
The IP Identification field (IPID). They will have the same IPID.
Path MTU discovery
Uses fragmentation to discover the largest size packet allowed across a network path.
IPv6
Successor to IPv4, featuring far larger address space (128-bit addresses compared to IPv4’s 32-bit), simpler routing, and simpler address assignment.
IPv6 header fields?
IPv6 header is larger and simpler than IPv4. Fields include:
- Version - IP version (6 for IPv6)
- Traffic Class and Flow Label - Used for QoS
- Payload Length - Length of IPv6 data (not including header)
- Next Header - Next embedded protocol header
- Hop Limit - To end routing loops
IPv6 stateless autoconfiguration
Process by which an IPv6 host statelessly configures an IPv6 address by using the host’s MAC address. This process takes away the need for DHCP with IPv6.
How many IPv6 addresses does each host receive?
Two. The first address is a global (routable) address used for communication beyond the local network. Configured based on IPv6 routing advertisement received from a local router. The second address is a link-local address used for local network communication only. This address is assigned independently, without the need for an IPv6 routing advertisement.
Global IPv6 stateless configuration process?
- Take the MAC. 00:0c:29:ef:11:36
- Embed the ff:ee constant in the middle two bytes. 00:0c:29:ff:ee:ef:11:36
- Set the universal bit. 02:0c:29:ff:ee:ef:11:36
- Prepend the network prefix and convert to “:” format: fc01:0000:0000:0000:020c:29ff:eeef:1136
- Convert one string of repeating zeroes to “::”: fc01::020c:29ff:eeef:1136
In IPv6 addresses, how many consecutive series of zeroes can be summarized with “::”?
Only one.
IPv6 stateful autoconfiguration
IPv6 autoconfiguration method that utilizes DHCP.
Dual stack
When a system uses both IPv4 and IPv6.
Tunnelling
When a host accesses IPv6 networks via IPv4.
IPv6 loopback address
::1
IPv6 security challenges?
- Autoconfiguration - Allows systems to communicate with local network withouth admins knowledge.
- While modern network tools can see IPv6, many aren’t configured to do so.
- Many network administrators have limited understanding of IPv6.
Classful networks
- Class A: 0.0.0.0-127.255.255.255
- Class B: 128.0.0.0-191.255.255.255
- Class C: 192.0.0.0-239.255.255.255
- Class D (multicast): 224.0.0.0-239.255.255.255
- Class E (reserved): 240.0.0.0-255.255.255.255
CIDR
Classless Inter-Domain Routing
Name the RFC that describes the private IPv4 addresses that may be used for internal traffic and are not routable on the Internet.
- 10.0.0.0-10.255.255.255 (10.0.0.0/8)
- 172.16.0.0-172.31.255.255 (172.16.0.0/12)
- 192.168.0.0-192.168.255.255 (192.168.0.0/16)
RFC 1918 address
Three types of NAT?
- Static NAT
- Pool Nat (Dynamic NAT)
- Port Address Translation (PAT, or NAT overloading)
Address Resolution Protocol (ARP)
Used to translate between Layer 2 MAC addresses and Layer 3 IP addresses.
Reverse Address Resolution Protocol (RARP)
Used by diskless workstations to request an IP address.
Unicast traffic
One-to-one traffic, such as a client surfing the Web.
Multicast traffic
One-to-many traffic, where the “many” is preselected. (uses class D addresses and UDP)
Broadcast traffic
One-to-all traffic on a LAN.
Name the two types of broadcast traffic.
Limited broadcast and directed broadcast.
Limited broadcast
255.255.255.255, never forwarded across a router.
Name the directed broadcast address for the 192.0.2.0/24 network.
192.0.2.255
Layer 2 broadcast.
Reaches all nodes in a broadcast domain. A switch is an example of a broadcast domain.
Example of layer 2 broadcast address?
FF:FF:FF:FF:FF:FF
Promiscuous network access.
Provides the ability to access all unicast traffic on a network segment.
TCP
Transmission Control Protocol and is a reliable Layer 4 protocol. Uses a 3-way handshake to create reliable connections across a network.
TCP header
20 bytes long (with no options) and contains the following important fields:
- Source Port and Destination Port
- Sequence Number and Acknowledgement Number
- TCP Flags
- Window Size (amount of data that may be sent before receiving acknowledgment)
Name the two types of TCP ports.
Reserved (1023 or lower) and ephemeral (1024 to 65535)
Socket
Combination of an IP address and a TCP or UDP port on one node.
Socket pair
Describes a unique connection between two nodes: source ip & port, destination ip & port.
Sockets can be in what states?
Listening (waiting for connection) or established (active connection)
TCP flags
-URG - Packet contains urgent data.
-ACK - Acknowledge received data.
-PSH - Push data to app server.
-RST - Reset (tear down) connection.
-SYN - Synchronize a connection.
-FIN - Finish a connection (gracefully)
Additional flags used to manage congestion:
Added in 2001:
-CWR - Congestion window reduced.
-ECE - Explicit congestion notification echo.
Added in 2003:
-NS - Nonce sum.
TCP three-way handshake?
SYN, SYN/ACK, ACK. Used when establishing a connection.
UDP header
8 bytes long and contains the following fields:
- Source Port,
- Destination Port
- Packet length (header and data)
- Simple checksum (optional)
UDP
The User Datagram Protocol is a simpler and faster cousin to TCP. Has no handshake, session, or reliability. Operates at Layer 4. Commonly used for lossy applications, such as streaming audio and video. Also for query-response applications such as DNS.
ICMP
The Internet Control Message Protocol is a helper protocol that helps Layer 3. Used to troubleshoot and report error conditions. Does not use ports like TCP and UDP, instead uses types and codes.
Commonly used ICMP types.
- Echo request (used for ping)
- Echo reply (used for ping)
- Time to live exceeded in transit (used for traceroute)
Traceroute
Uses the Time to Live (TTL) field to determine all routers between two nodes. Most clients send UDP packets outbound for this (such as UNIX and Cisco), but Windows uses ICMP.
Telnet port?
TCP port 23
FTP ports?
TCP port 21 - Control connection (where commands are sent)
-TCP port 20 - the data connection for Active FTP (where data is transferred)
Trivial File Transfer Protocol (TFTP)
Provides a simpler way to transfer files and is often used for saving router configs or bootstrapping (downloading OS) via network by diskless workstations. Has no authentication or directory structure. No confidentiality or integrity.
TFTP port?
UDP port 69
SSH
Designed as a secure replacement for Telnet, FTP, and the UNIX “R” commands (rlogin, rshell, etc.)
SSH port?
TCP port 22
SSH version 1
Original version of SSH, has since been found vulnerable to man-in-the-middle attacks. SSH v2 is the current recommended version.
SMTP port?
TCP port 25
POP port?
TCP port 110
IMAP port
TCP port 143
DNS ports?
- UDP port 53 (small answers)
- TCP port 53 (large answers such as zone transfers)
DNS weaknesses?
Uses the unreliable UDP protocol for most requests, and native DNS provides no authentication. Security of DNS relies on a 16 bit source port and 16 bit DNS query ID. Attackers who are able to guess both numbers can forge UDP DNS responses.
Domain Name Server Security Extensions (DNSSEC)
Provides authentication and integrity to DNS responses via the use of public key encryption. Note that this does not provide confidentiality.
Simple Network Management Protocol (SNMP)
Protocol that is primarily used to monitor network devices.
SNMP port?
UDP port 161
Versions of SNMP?
SNMPv1 and v2c provide no authentication or confidentiality. Vulnerable to attacks of attacker can sniff or has access to network. SNMPv3 was designed to provide confidentiality, integrity, and authentication via encryption. Use of this version is strongly encouraged.
HTTP port?
TCP port 80
HTTPS port?
TCP port 443
Bootstrap Protocol (BOOTP)
Used for bootstrapping via a network by diskless systems. Used to load OS via a network without a disk. Normally used to determine the IP and OS image name, then TFTP is used to download the OS.
Dynamic Host Configuration Protocol (DHCP)
Designed to replace and improve on BOOTP. Allows more config options than BOOTP, as well as assigning temporary IP leases to systems.
BOOTP ports?
UDP port 67 - for servers
UDP port 68 - for clients
Electomagnetic Interference (EMI)
Interference caused by magnetism created by electricity.
Noise
Any unwanted signal (such as EMI) on a network cable.
Crosstalk
Occurs when a signal crosses from one cable to another.
Attenuation
The weakening of a signal as it travels further from the source.
Unshielded Twisted Pair (UTP)
Network cabling that uses pairs of wires twisted together. Twisting the wires dampens the magnetism making the pair less susceptible to EMI.
UTP category cabling speeds and usages?
Category Speed (Mbps) Common use
- Cat 1 <1 Analog voice
- Cat 2 4 ARCNET
- Cat 3 10 10baseT Ethrnt
- Cat 4 16 Token Ring
- Cat 5 100 100baseT Ethrnt
- Cat 5e 1000 1000baseT Ethrnt
- Cat 6 1000 1000baseT Ethrnt
Coaxial cable
Core and shield used by this cable is thicker and better insulated than other cable types, such as twisted pair. Makes this cabling more resistant to EMI and allows higher bandwidth and longer connections.
Thinnet and Thicknet
Two older types of coaxial cable used for Ethernet bus networking.
Advantages of fiber.
Speed, distance, and immunity to EMI.
Disadvantages of fiber.
Cost and complexity.
Multimode fiber
Carrier uses multiple modes (paths) of light, resulting in light dispersion. This type of fiber is used for shorter distances.
Single-mode fiber
Uses a single strand of fiber, and the light uses one mode (path) down the center of the fiber. This type of fiber is used for longer distances and high-speed networking.
Wavelength-division multiplexing (WDM)
Allows multiple signals to be carried via the same fiber through the use of multiple light “colors” to transmit different channels of information. Combined speeds of over a terabit/second can be achieved when this is used to carry 10-gigabits per color.
Ethernet
Dominant LAN technology that transmits network data via frames. Originally used a physical bus topology but later added support for physical star schema.
Carrier Sense Multiple Access (CSMA)
Designed to address collisions on ethernet networks.
CSMA/CD (Collision Detection)
Used to immediately detect collisions within a network. Used on systems that can send and receive simultaneously, such as wired Ethernet. It takes the following steps:
- Monitor network to see if idle.
- If not idle, wait a random amount of time.
- If idle, transmit.
- While transmitting, monitor the network.
- If more electricity is received than sent, another station must also be sending.
- Send Jam signal to tell all nodes to stop transmitting.
- Wait a random amount of time before retransmitting.
CSMA/CA (Collision Avoidance)
Used for systems such as 802.11 wireless that cannot send and receive simultaneously. Relies on receiving an acknowledgement from the receiving station; if no acknowledgement is received there must have been a collision. The node will wait and retransmit.
CSMA/CA or CSMA/CD better?
CSMA/CD is better because collision detection detects a collision almost immediately.
The attached Resource Computer Network (ARCNET) and Token Ring.
Both are legacy LAN technologies. Both pass network traffic via tokens. Possession of a token allows a node to read or write traffic on a network. No collisions due to this.
The Fiber Distributed Data Interface (FDDI)
Another legacy LAN technology, running a logical network ring via primary and secondary counter-rotating fiber optic ring. Single ring runs at 100 megabits.
Bus network
Connects the network nodes in a string. Each node inspects the data as it passes along the bus. Fragile. Should the network cable break anywhere along string, the entire network would go down.
Tree (hierarchical) network
A network with a root node and branch nodes that are at least three levels deep (two levels would make it a star) The root node controls all traffic. Legacy network design, root node was often a mainframe.
Ring network
Physical ring connects network nodes in a ring. If you follow the cable from node to node, you will finish where you began.
Star network
Has become the dominant physical topology for LANs. First popularized by ARCNET and later adopted by Ethernet. Each node is connected directly to a central device such as hub/switch. Features better fault tolerance than other networks, but require more cable. Cost is typically outweighed by fault tolerance advantages.
Remember that physical and logical topologies are related but different. A logical ring can run via a physical ring, but there are exceptions. FDDI uses both, but Token Ring is a logical ring that runs on a physical star. If you see the word “ring” on the exam, check context to see if physical, logical, or both.
Blank
Mesh network
Interconnects network nodes to each other. Provides superior availability and is often used for HA server clusters.
Name the 2 most prevalent international circuit standards available.
T Carriers (United States) and E Carriers (Europe). T1s, T3s, E1s, E3s
T1 (often used interchangeably with DS1)
Dedicated 1.544-megabit circuit that carries 24 64-bit DS0 (digital signal 0) channels (such as 24 switched phone calls). Often rounded off to 1.5 megabits.
Difference between DS1 and T1.
DS1 describes the flow of bits (via any medium, such as copper, fiber, or wireless); a T1 is a copper telephone circuit that carries a DS1.
T3 (often used interchangeably with DS3)
28 bundled T1s, forming a 44.736-megabit circuit. Often rounded off to 45 megabits.
E1
Dedicated 2.048-megabit circuits that carry 30 channels.
E3
34.368-megabit circuit. Formed by bundling 16 E1s.
Synchronous Optical Networking (SONET)
Carries multiple T-carrier circuits via fiber optic cable. Uses a phisical fiber ring for redundancy.
Frame Relay
Packet-switched Layer 2 WAN protocol that provides no error recovery and focuses on speed. Higher layer protocols carried by this protocol, such as TCP/IP, can be used to provide reliability.
Frame Relay
Multiplexes multiple logical connections over a single physical connection to create Virtual Circuits; this shared bandwidth model is an alternative to dedicated circuits such as T1s.
Switched Virtual Circuit (SVC)
In Frame relay, this type of circuit sets up each “call”, transfers data, and terminates the connection after an idle timeout.
Permanent Virtual Circuit (PVC)
In frame relay, this type of circuit is always connected, analogous to a real dedicated circuit like a T1.
X.25
Older packet-switched WAN protocol. Provided a cost-effective way to transmit data over long distances in the 1970s through early 1990s, when the most common other option was a direct call via analog modem. Popularity faded with rise of Internet.
Asynchronous Transfer Mode (ATM)
WAN technology that uses fixed length cells. Allows reliable network throughput compared to Ethernet. While ethernet packet sizes range greatly, all of these cells are the same size (53 bytes).
Switched Multimegabit Data Services (SMDS)
Older protocol that is similar to ATM, also uses 53-byte cells.
Multiprotocol Label Switching (MPLS)
Provides a way to forward WAN data via labels, via a shared ____ cloud network. Allows these networks to carry many types of network traffic, including ATM, Frame Relay, IP, and others. Can carry voice and data and can simplify WAN routing. Assume 12 offices connect to 1 data center. T1s require 12 circuits, this would require 1.
Synchronous Data Link Control (SDLC)
A synchronous Layer 2 WAN protocol that uses polling to transmit data. Polling is similar to token passing, diff is that a primary node polls secondary nodes, which can transmit data when polled. Combined nodes can act as either prim or sec. Supports NRM transmission only.
High-Level Data Link Control (HDLC)
Successor to SDLC. Adds error correction and flow control, as well as 2 additional modes (ARM and ABM).
What are the 3 modes of HDLC?
- Normal Response Mode (NRM) - Secondary nodes can transmit when given permission by the primary.
- Asynchronous Response Mode (ARM) - Secondary nodes may initiate communication with the primary.
- Asynchronous Balanced Mode (ABM) - Combined mode where nodes may act as either primary or secondary.
