Chapter 3 - Networking and Communications

Question 1

What does OSI stand for?

Answer 1

Open Systems Interconnection

created by ISO - International Organization for Standardization

Question 2

What is the OSI model?

Answer 2

A standard model for network communications allowing similar and dis-similar networks and computers to communicate.

Question 3

What are the 7 layers of the OSI model…in order?

Answer 3

1. ) Physical
2. ) Data Link
3. ) Network
4. ) Transport
5. ) Session
6. ) Presentation
7. ) Application

Question 4

What is the OSI mneumonic?

Answer 4

Either
All people seem to need data processing.
or
Please do not throw sausage pizza away.

Question 5

What 3 layers of the OSI model comprise the Protocol Data Unit (PDU)?

Answer 5

Session, Presentation, Application

5, 6, 7

Question 6

Describe the Physical layer.

Answer 6

How data is passed into the network including the transmission method. Responsible for converting media to bit streams and passing to the Data Link Layer.

Includes cabling (&standards), hubs, repeaters, wireless radio, etc.

Question 7

What is an example of a security threat at the Physical layer.

Answer 7

Packet sniffer attached to a cable that transmits unencrypted traffic.

Question 8

Name 4 types of transmission media.

Answer 8

1. ) Coaxial cable - easy to tap
2. ) Shielded/Unshielded Twisted Pair - easy to tap
3. ) Fiber optic - free from EMI and RFI issues. Harder to tap
4. ) Wireless Transmissions - easiest to tap/intercept

Question 9

Describe the Data Link layer.

Answer 9

Responsible for reliable packet delivery. It packages data into ordered frames and provides error notifications.

Question 10

What are the 2 sublayers of the Data Link Layer

Answer 10

1. ) Media Access Control (MAC) - defines physical (aka MAC) addresses.
2. ) Logical Link Control - Interacts with Physical layer.

Question 11

What is an example of a security threat at the Data Link layer?

Answer 11

MAC address spoofing.

Question 12

Describe the Network layer.

Answer 12

Provides routing for data packets across network by analyzing IP address and determining the best route to the target computer. It controls the flow of data across the network.

Question 13

What are some devices at the Network layer?

Answer 13

Routers and Layer 3 devices. They use ACLs to route/block/filter traffic.

Question 14

What is IP and its versions?

Answer 14

Internet Protocol - used for addressing. IPv4 and IPv6.

Question 15

Describe the Transport layer and its primary protocols.

Answer 15

Provides reliable end to end communication for services and applications. It matched logical port assignments to upper-layer protocols (i.e. 80 for HTTP).

Protocols

1. ) TCP - Transmission control protocol
2. ) UDP - User datagram protocol

Question 16

How is data packaged and transmitted at each layer of the OSI model?

Answer 16

1. ) Physical - Bit streams
2. ) Data Link - Frames
3. ) Network - Packets (Datagram if IP)
4. ) Transport - Segments (Datagram if UDP)
5. ) Session - Protocol Data Units
6. ) Presentation - as per standards
7. ) Application

Question 17

Describe TCP.

Answer 17

Connection oriented, using packet sequencing and destination acks to provide reliable communication for network devices. Uses a 3 way handshake to establish communications.

Question 18

What is a 3 way handshake?

Answer 18

The method in which a client establishes a TCP connection with a server.

1. ) Client sends packet with SYN flag set
2. ) Server responds with packet that has SYN and ACK flags set
3. ) Client sends server a packet with ACK flag set

Question 19

What kind of attack uses TCP 3 way handshake.

Answer 19

DDOS (Synflood) attack where Client withholds the 3rd packet to keep the session open, but then floods with more SYN packets.

Question 20

How are IP and TCP related?

Answer 20

IP does not guarantee delivery, but will layer on TCP to do so.

Question 21

Describe UDP.

Answer 21

Connectionless protocol that does not check for a connection like TCP. It just sends the packet and does not guarantee or verify delivery.

Question 22

Give an example of where UDP is used.

Answer 22

Audio or Video streaming

Question 23

Describe the Session Layer

Answer 23

Establishes and maintains sessions between apps/components on the local and remote system.

Question 24

What is a protocol that operates at the Session layer?

Answer 24

RPC - Remote Procedural Call - used to request a service on another computer.

Question 25

Describe the Presentation Layer.

Answer 25

Standardizes data presentation for the application layer by translating it using standards such as ASCII, EBCDIC, JPEG, MPEG, etc. Data de/encryption and de/compression can be at this layer.

Question 26

Describe the Application Layer.

Answer 26

The layer for User Apps. Provides the services needed for applications that communicate over a network. This is where authentication, access control, encryption, hashing, signatures and other security measures reside.

Question 27

What is RFC 1122 and 1123?

Answer 27

4 and 5 layer TCP/IP models created by DARPA. The 4 Layer model is the authoritative.

Question 28

What are the layers of the Four-Layer TCP/IP Model?

Answer 28

1. ) Application (app, presentation, session from OSI)
2. ) Transport
3. ) Internet
4. ) Link (data link and physical from OSI)

Question 29

What are the layers of the Five-Layer TCP/IP Model?

Answer 29

1. ) Application (app, presentation, session from OSI)
2. ) Transport
3. ) Network
4. ) Data Link
5. ) Physical

Question 30

What is network topology?

Answer 30

It is the layout of the network for physical components and cables. Examples include, mesh, star, bus, tree, token, ring.

Question 31

What is IEEE 802.3

Answer 31

Introduced in 1973 as a standard for Ethernet. Changes with major progressions in bandwidth such as twisted pairs or fiber.

Question 32

Define CSMA/CD.

Answer 32

Carrier Sense Multiple Access / Collision Detection.
Network components detect collisions and wait a random amount of time before resend. An issue with half duplex devices. Ethernet standard supports this still.

Question 33

Define CSMA/CA.

Answer 33

Carrier Sense Multiple Access / Collision Avoidance.
Listen before sending to avoid collisions, if busy wait random amount of time. 802.11 wireless networks use this as well as Request/Clear to Send to avoid collisions.

Question 34

What is a bus topology?

Answer 34

Hosts connected by a single cable an a terminator on each end. Expensive to troubleshoot and a single issue with a terminator or cable takes the whole network down.

Question 35

What is a star topology?

Answer 35

All hosts or nodes are connected to a central point like a switch, but not to each other. Used for most Ethernet based networks.

Question 36

What is the difference between a Hub and a Switch?

Answer 36

A hub connects network servers, but all traffic that goes into a single port goes out of all others. A switch will only send traffic to a computer that it is directly addressed to sent to. Reduces attack vectors and is more efficient.

Question 37

What is a tree topology?

Answer 37

Connects multiple star networks on a bus topology.

Question 38

What is token ring topology?

Answer 38

Connects multiple computers in a ring.  They pass around a token to communicate.  
A MASU (multistation access unit) can be centered between them to control traffic around the ring.  This way a loss of one computer does not take the network down.
When scaled, performance is an issue with this topology. Can be designed with a second ring and fiber (FDDI) to help speeds.

Question 39

What is mesh topology?

Answer 39

Fault tolerant as there are multiple connections between computers. Can be partial or full. For full number of connections is n(n-1)/2.

Question 40

What is a peer to peer network?

Answer 40

Computers are connected to the same network but are independent of each other and authentication is decentralized. In MS it is known as a workgroup.

Question 41

What is a client server network?

Answer 41

Centralized authentication. In MS it is known as a domain.

Question 42

What is a key step in server hardening?

Answer 42

Removing all unneeded protocols and ports.

Question 43

Key differences between IPv4 vs IPv6.

Answer 43

1. ) 32 bits (4 groups) vs 128 bits (8 groups)
2. ) Decimal notation vs. Hexidecimal
3. ) IPv6 representation can be shortened to remove leading zeros by adding a 2nd :

Question 44

What is DHCP Protocol and what is it’s OSI layer?

Answer 44

Protocol used to dynamically assign IP, subnet masks, and DNS server addresses to a computer when it connects to the network.
- nearly 70 attributes can be set.
Sits at the Application layer

Question 45

What are the 4 DHCP messages between the client and DHCP server?

Answer 45

1. ) DHCPDiscover - Client broadcasts request for DHCP server
2. ) DHCPOffer - DHCP Server/Router response for the clients subnet mask. Includes an available IP.
3. ) DHCPRequest - Client Request to use the offer
4. ) DHCPAck - Server acknowledges configuration of that IP for client.

Question 46

What is Address Resolution Protocol (ARP)?

Answer 46

Resolves IP to MAC. A method of directing a datagram (@IP Layer) to a computer with appropriate MAC address.

Question 47

What is RARP?

Answer 47

Reverse Address Resolution Protocol.

Using client IP address to get MAC address.

Question 48

What is network discovery protocol (NDP)?

Answer 48

Similar to ARP but for IPv6. Used to:

1. ) Auto configure nodes
2. ) Discover other nodes on network
3. ) Locate available routers on network
4. ) Detect duplicate addresses on network

Question 49

What is Domain Name System (DNS) and what layer of the OSI does it reside?

Answer 49

Resolves IP addresses to hostnames. Uses hierarchical naming and a distributed database. No single server has all mappings.

@Application Layer.

Question 50

How many root DNS Servers are there?

Answer 50

13 at the top of the hierarchy for top level domains such as .com, .gov, .edu, etc. Each tier knows the addresses of the tier below it.

Question 51

What are some types of DNS records?

Answer 51

1. ) A - resolves hostname to IPv4
2. ) AAAA - resolves hostname to IPv6
3. ) PTR - Pointer - Resolves IP to hostname
4. ) MX - Mail Exchange - Identifies mail server
5. ) CNAME - Canonical name - Aliases for a system

Question 52

What ports and protocol does DNS use?

Answer 52

• Port 53 for both DNS and TCP

- Protocol - UDP for name resolution. TCP for info transfer between DNS servers.

Question 53

How can you prevent DNS cache poisoning attacks?

Answer 53

By implementing DNSSEC and using RRSIGs.

Question 54

What is DNSSEC?

Answer 54

DNS Security Extension. Validates DNS responses against a RRSIG.

Question 55

What is a RRSIG?

Answer 55

Resource Record Signature. Like a digital signature for DNS responses.

Question 56

What is ICMP and what OSI layer does it reside?

Answer 56

Internet Control Message Protocol.
Used to diagnose the health and availability of a network. Ping, Tracert use this.

@Network layer

Question 57

What attack is common with ICMP protocol?

Answer 57

DoS - Thus firewalls often block it.

Question 58

What is IGMP and what OSI layer does it reside?

Answer 58

Internet Group Messaage Protocol.
IPv4 multicasting from 1:many computers

@Network Layer

Question 59

What is the IGMP group IP range?

Answer 59

224.0.0.0 to 239.255.255.255

Question 60

What is the IPv6 multicast protocol?

Answer 60

ICMPv6 with MLD (Multicast Listener Discovery)

Question 61

What is SNMP and what OSI layer does it reside?

Answer 61

Simple Network Messaging Protocol.

Used to manage network devices. Sends traps/errors and notifications back to central server. Can be use to configure devices remotely.

Agents use UDP on ports 161 to recieve data and 162 to send traps. If over TLS ports 10161 and 10162 respectively.

@Application layer

Question 62

What is FTP and what OSI layer does it reside.

Answer 62

File Transfer Protocol
Upload and download of files across servers over TCP ports 20/21.
Trivial FTP is UDP over port 69.
Both are clear text.

@Application Layer

Question 63

What is SFTP?

Answer 63

Secure FTP.

Uses SSL encryption

Question 64

What is FTPS?

Answer 64

FTP Secure

Uses TLS encryption.

Question 65

What is Telnet and what OSI layer does it reside?

Answer 65

Command Line Interface protocol for interface with a remote system. Uses TCP port 23.

@Application Layer

Question 66

What is SSH and what OSI layer does it reside?

Answer 66

Secure Shell for creating a secure session between two computers. It encrypts the traffic of other protocols such as FTP, SCP. Replaces Telnet, rLogin, rsh, rexec. Uses TCP port 22.

Uses symmetric and asymmetric encryption as well as supporting mutual auth.

@Application layer.

Question 67

What is HTTP/S and what OSI layer does it reside?

Answer 67

Hypertext Transfer Protocol (/Secure).

Used to process Internet traffic.

@Application Layer

Question 68

What is TLS and what OSI layer does it reside?

Answer 68

Transport Layer Security
Used to encrypt different types of traffic.
Replacement for SSL (Secure socket layer) traffic as it was vulnerable to POODLE.
@Application Layer(7), Session Layer (5), Transport Layer (4)

Question 69

What is NFS?

Answer 69

Network file share

Allows computers on different operating systems to share files.

Question 70

What are the two primary routing protocols and OSI layer do they reside.

Answer 70

1. ) RIPv2 - Routing information protocol (smaller networks)
2. ) OSPF - Open shortest path first (larger networks)

@Network Layer

Question 71

What are the primary email protocols?

Answer 71

1. ) SMTP - Simple mail transfer protocol. TCP port 25/465.
2. ) POP3 - Post office protocol - server delivers to client. TCP port 110/995.
3. ) IMAP4 - Internet message access protocol - stored on server. Allows header download (protect against viruses and phishing) and supports multiple devices. TCP port 143/993.

Question 72

What is IPSec

Answer 72

IP Security - provides security for traffic over a network. Provides Mutual auth., integrity and confidentiality. Two primary components.
1.) AH - Auth header. Provides auth and integrity checks. Header is an encrypted hash of the packets and auth data. Systems identify AH packets with protocol 51

2.) ESP - Encapsulating Security Protocol - Encryption of data packets. Systems identify ESP packets with protocol 50.

Question 73

What are common tunneling protocols and what are they used for?

Answer 73

Used for creating Virtual Private Networks (VPNs) between private networks across a public network such as the Internet.
1.) L2TP - Layer 2 Tunneling Protocol - uses IPSec for encryption. UDP Port 1701

2.) PPTP - Point to Point Tunneling Protocol - provides encryption. TCP Port 1723