Section 11 Network Design Flashcards
Used to explain network communications between a host and remote device over a LAN or Wan.
OSI Model
Represents the actual network cables and radio waves used to carry data over a network.
Physical Layer
Describes how a connection is established, maintained, and transferred over the physical layer and uses physical addressing (MAC addresses).
Data Link Layer
Uses logical address to route or switch information between hosts, the network, and the internet works.
Network Layer
Manages and ensures transmission of the packets occurs from a host to a destination using either TCP or UDP.
Transport Layer
Manages the establishment, termination, and synchronization of a session over the network.
Session Layer
Translates the information into a format that the sender and receiver both understand.
Presentation Layer
Layer from which the message is created, formed, and originated.
Application Layer
Attempt to overwhelm the limited switch memory set aside to store the MAC addresses for each part.
MAC Flooding
Occurs when an attacker masks their own MAC address to pretend they have the MAC address of another device.
MAC Spoofing
Occurs when an attacker attempts to gain physical access.
Physical Tampering
Used to connect two or more networks to form as internetowrks.
Routers
An ordered set of rules that a router uses to decide whether to permit or deny traffic based upon given characteristics.
Access Control List
Focused on providing controlled access to publicly available servers that are hosted within your organizational networks.
De-Militarized Zone (DMZ)
Specialized type of DMZ that is created for your partner organizations to access over a wide area network.
Extranet
Any host that accepts inbound connections from the internet.
Internet-facing Host
Hosts or servers in the DMZ which are not configured with any services that run on the local network.
Bastion Hosts
A hardened server that provides access to other hosts within the DMZ.
Jumpbox
Security technique in which devices are scanned to determine its current state prior to being allowed access onto a given network.
Network Access Control (NAC)
A piece of software that is installed on the device requesting access to the network.
Persistent Agents
Uses a piece of software that scan the device remotely or is installed and subsequently removed after the scan.
Non-Persistent Agents
Attacker configures their device to pretend it is a switch and uses it to negotiate a trunk link to break out of a VLAN.
Switch Spoofing
Attacker adds on additional VLAN tag to create an outer and inner tag
Double Tagging
Act of creating subnetworks logically through the manipulation of IP addresses
Subnetting
Process of changing an IP address while it transmits across a router.
Network Address Translation
Router keeps track of requests from internal hosts by assigning them random high number ports for each request.
Port Address Translation (PAT)
Term used to describe devices that provide voice communications to users.
Telephony
A device that could modulate digital information into an analog signal for transmission over a standard dial up phone line.
Modem
Internal phone system used in large orgnaizaitons.
Public Branch Exchange (PBX)
Digital phone service provided by software or hardware devices over a digital network.
Voice Over Internet Protocol (VOIP)
