Telecom Flashcards
TCP/IP Layers
Network Access (OSI: Physical & Data Link)
Internet (OSI: Network)
Host-to-Host Transport (OSI: Transport)
Application (OSI: Session, Presentation, App)
Protocol
Protocol: Standard set of rules that determine how systems will communicate across networks
IP
IP (Internet Protocol): A connectionless protocol that supports network addressing and packet forwarding and routing.
TCP
TCP (Transport Control Protocol): A reliable and connection-oriented protocol, that ensures that packets are delivered to the destination computer.
UDP
UDP (User Datagram Protocol): Is a best-effort and connectionless oriented protocol. Does not have packet sequencing, flow and congestion control and the destination does not acknowledge every packet it receives.
TCP Handshake
TCP Handshake:
- Host sends a SYN packet
- Receiver answers with a SYN/ACK packet
- Host sends an ACK packet
Ethernet
Ethernet: Devices share the same media and use broadcast and collision domains.
(This is also known as a contention technology)
• Uses CSMA/CD, CSMA/CA
• Usually implemented in star or bus topology.
CSMA/CD
Carrier Sense Multiple Access with Collision Detection (CSMA/CD- 802.3), LAN and WAN
CSMA/CA
Carrier Sense Multiple Access with Collision Avoidance (CSMA/CA- 802.11), Wi-Fi
FDDI
FDDI—Fiber Distributed Data Interface: A high speed token-passing media access topology.
• Provides fault tolerance by providing a second counter-rotating fiber ring.
• Enables several tokens to be present on the ring at the same time.
Coaxial Cable
Coaxial Cable: Is more resistant to EMI electromagnetic interference;
provides a higher bandwidth and longer cable lengths compared to twisted pair.
Can transmit using a baseband or broadband method
Twisted pair
Twisted pair: Is cheaper and easier to work with than coaxial cable.
• STP Shielded twisted pair
• UTP Unshielded twisted pair. (More susceptible to interference)
Fiber-optic cabling
Fiber-optic cabling: • Has high transmission speeds that can travel over longer distances • Is not affected by attenuation and EMI • Very hard to tap into. • Very expensive and hard to work with. • Multimode & Singlemode fiber
Multimode fiber
Multimode fiber carrier uses multiple modes (paths) of light, resulting in light dispersion. Used for shorter distances.
Single-mode fiber
Single-mode fiber uses a single strand of fiber, and the light uses one mode (path) down the center of the fiber. Used for long-haul, high-speed networking
Noise
Noise – Signal interference that can be caused by motors, electrical devices or florescent lightning.
Attenuation
Attenuation – The loss of signal strength as it travels down a length of wire
Crosstalk
Crosstalk - When electrical signals of one wire spill over to another wire.
Transmission types
- Asynchronous communication
- Synchronous communication
- Baseband
- Broadband
- Unicast method
- Multicast method
- Broadcast method
Asynchronous communication
Asynchronous communication: Two devices are not synchronized in any way. The sender can send data at anytime and the receiving end must always be ready. Uses start and stop bits.
Synchronous communication
Synchronous communication: Takes place between two devices that are synchronized, usually via a clocking mechanism. Transfers data as a stream of bits.
Baseband
Baseband: Uses the full cable for its transmission
Broadband
Broadband: Divides the cable into channels so that data can be transmitted on more than one channel at a time
Unicast
Unicast method: A packet needs to go to one particular system
Multicast
Multicast method: A packet need to go to a specific group of systems
Broadcast
Broadcast method: A packet goes to all computers on its subnet
Network Topologies
Ring
Bus
Star
Mesh
Ring Topology
Ring Topology: Has a series of devices connected by unidirectional transmission links that form a logical ring. Each node is dependent upon the preceding nodes. The physical topology is often a star.
Bus Topology
Bus Topology: A single cable runs the entire length of the network. Each node decides to accept, process or ignore packets. The cable where all nodes are attached is a potential single point of failure.
Star Topology
Star Topology: All nodes connect to a central hub or switch. Each node has a dedicated link to the central hub
Mesh Topology
Mesh Topology: Each node in the network has more than one path to any other node
ARP
ARP – Address Resolution Protocol: Knows the IP address and broadcasts to find the matching hardware address (the MAC address).
Masquerading attack: An attacker alters a system’s ARP table so that it contains
incorrect information (ARP table poisoning).
ICMP
ICMP - Internet Control Message Protocol: Delivers messages, reports errors, replies to certain requests, reports routing information and is used to test connectivity and troubleshoot problems on IP networks. (Used by PING)
SNMP
SNMP – Simple Network Management Protocol: Allows for remote network monitoring and status checking of network devices
PPP
PPP – Point to Point Protocol: An asynchronous encapsulation protocol for transporting IP traffic. One of the best solutions for dial-up access
PBX
PBX Private Branch Exchange: Is a telephone switch that is located on a company’s property.
Many PBX systems have default system manager passwords which makes them vulnerable to
attacks by telephone hackers, known as Phreakers.
DMZ
DMZ - Demilitarized Zone: A Network segment that is located between the protected and the unprotected networks.
Packet Filtering
Packet Filtering (L3): Uses an Access Control List (ACL) to determine which packets to let through. Does not keep track of state. Works on the network layer information. Access decisions are based on:
• Source and destination IP addresses
• Source and destination port numbers
• Protocol types
Application Proxy Server
Application Proxy Server (L7): Stands between a trusted and untrusted network and does not allow direct connections between trusted and untrusted systems. May be a “Duel Homed Host” with separate NIC cards for interfacing the trusted and un-trusted network.
• Makes a copy of each accepted packet before transmitting it and repackages the packet to hide the packet’s true origin.
• Works at the application layer
• Inspect the entire packet
• Understands different services and protocols and the commands that are used within them
• There must be one application-level proxy per service.
Circuit-Level Proxy
Circuit-Level Proxy (L5): Similar to a proxy server in that there are no direct connections, hides addresses from outside world. Operates like a packet filter for making access decisions.
Stateful Inspection Firewall
Stateful Inspection Firewall (L5): Maintains a record of communication processes in a state table and uses that table to make access decisions. If a response packet is received there must be a corresponding request in the state table or the packet is rejected.
• Highly secure
• Scalable
• Better performance than “Proxy” servers.
SOCKS
SOCKS: Is an example of a circuit-level proxy gateway that provides a secure channel between two TCP/IP computers.
• Does not provide detailed protocol-specific control.
• Requires applications that are SOCKS compliant
multi-homed firewall
multi-homed firewall - It’s fitted with two NICs that sits between an untrusted network (like the Internet) and trusted network (such as a corporate network) to provide secure access
Bastion Host
Bastion Host: Is a locked down system with no unnecessary services, ports, protocols, subsystems or applications running. It is patched and has no unnecessary user accounts. This is a hardened server to be used on the perimeter or in a demilitarized zone.
Screened Host
Screened Host: A bastion host firewall that has a screening packet filtering router between it and the untrusted network.
Screened Subnet
Screened Subnet: The bastion host, housing the firewall, is sandwiched between two packet filtering routers
