Exam 2 CIS 320 Connolly

What does the application layer do?

It is the layer which interacts with the user to provide access to services and data that is sent/received over a network.

What is unique about the application layer?

-only layer that interacts with user

- only layer that can access computer files

What layer are files and viruses downloaded on?

Application Layer

HTTP (Hypertext Transfer Protocol)

Whats its purpose and what does it do?

- the protocol used for transmitting web pages over the Internet

-facilitates transfer of files from web server to local computer

-GET request/response used to access file for the webpage

SMTP (Simple Mail Transfer Protocol)

protocol used to transfer email between mail and servers

POP (Post Office Protocol)

- protocol that allows a user to access a mailbox on an email server and perform useful actions on the contents of the mailbox.

- Download to local machine and deleted off server at retrieval

-3 states: Authorization, Transaction and Update

IMAP (Internet Mail Access Protocol)

-protocol that allows a client to access a mailbox on an email server

-synchronizes messages across home and office

-4 states: Not auth, auth, selected, and logout

What does URL stand for and what is it?

Universal Resource Locator - a unique address on the internet.

contains host, port #, absolute path, and query

FTP (File Transfer Protocol)

protocol for transferring files from one computer to another, regardless of the hardware and software configurations of the two computers

- Useful for uploading web pages to web servers

What are APIs and how can exposing them to partners benefit a company?

thought of as contracts between 2 parties

- create new revenue channels or extend existing ones

- expand reach of brand

Cookies

small piece of information stored on a client computer by a web browser, for later reference

- often simply a token that identifies you

How do SMTP, POP, and IMAP differ?

- SMTP is email between servers

- POP is user access to mailbox on server

- IMAP is user access to mailbox on server and can manipulate messages

FTP is ________ (unidirectional/bidirectional) and has _________ (1/2) channels for ________

bidirectional, 2 channels, one for commands and another for data transfer

DHCP (Dynamic Host Configuration Protocol) Stopgap #1 transition from IPv4 to IPv6

- service that enables automatic assignment and repossession of IP addresses

- computer broadcasts a DHCP request for network parameters, such as lease time,

user computer then broadcasts to all DHCP servers,

the chosen DHCP server responds with an acknowledgment (ACK)

- No security provisions

- Subject to abuse by hackers and employees

What are some reasons why IPs aren't assigned manually?

- set it and forget it

- lots of users like a college campus

- hard to keep track of who has what IP

List DHCP allocation schemes

Network admin selects scheme that make sense for the application:

- Automatic: 1st come, 1st servem forever

- Manual: Network admin specifies, forever

- Dynamic: Temporary leases

Describe cookies tendencies like Dark Patterns, Nudge, and Sludge

Dark Pattern - Intentional human computer interaction design to force or nudge the user to do something

Nudge - Suggestion that encourages user to click "Accept All" such as highlighting the button and not highlighting "Reject All"

Sludge - excessive frictions that increase the effort and decrease the attention of a specific choice such as burying the user in sub-menus

Bit Torrent

- is a peer-to-peer (P2P) file sharing protocol designed to reduce the bandwidth required to transfer files (computers share bandwidth)

- "seed" computer holds the whole file and send parts of it to each computer in the "swarm" where everyone receives a different piece tracking the upload speed of each computer

VoIP (Voice over Internet Protocol)

protocol that transmits phone calls over the same data lines and networks that make up the Internet; also called Internet telephony

- relies on IP protocol

- converts analog voice into digital signals

DHCP Server Spoofing/Man-in-the-middle (MITM) Attack

Spoof (impersonating a legitimate server) the server and send forged replies with fake network settings

DHCP Starvation

Simulates enough devices to drain all the IP addresses from the server, blocking legitimate devices

DHCP/DNS poisoning attack

Attacker sends fake DNS packets to the server causing fake entries in the DNS table redirecting user to fake website intended by attacker

What is the one way to prevent DHCP Hacks?

DHCP Snooping, compiling information on hosts which have uccessfully completed a DHCP transaction in a database of "bindings" and use security or accounting features to monitor the traffic

- similar to firewall

Non-routable/reusable Addresses

(RFC 1918)

Set of IP addresses defined as reusable as many times as necessary, that are internal and not globally unique

- a small pool of IPs can serve a large number of computers

Who can use Non-routable/reusable addresses? What will happen when trying to use these addresses outside of the network?

- anyone can use them INTERNALLY within any network without permission from the internet registries

- Routers and firewalls will not pass packets with these addresses outside of the network

Network Address Port Translation (NAPT) Stopgap #3 transition from IPv4 to IPv6

Method of mapping IP addresses from one address block to another while still providing transparent routing to end hosts

Allows your computer to get packets and send packets to proper application

(Like Google Translate for routers, IPs are the language and routers are the people)

Explain what NAPT does and why it is so important (SHORT ANSWER ON TEST)

NAPT is a type of NAT (network address translation) that translates a private source IP address to an external source address and port

Example: the NAPT (like a receptionist at an office) allows many devices in your home or office (employees) to use the internet with one shared phone number (IP address). Each device gets a unique extension (port number) so the receptionist knows where to direct incoming phone calls (data)

Why is NAPT so important? (SHORT ANSWER CONTINUED)

1) IP conservation, it saves addresses by letting many devices share one address

2) Provides security, hides internal network addresses from outside networks

Where is NAPT configured?

On a routing device such as a router

What are NAT and PAT?

NAT (Network Address Translation) - translates between internal IPs directing responses to the right internal client but also through the external

- designed to support outbound connections from the internal network

PAT (Port Address Translation)

ARP (Address Resolution Protocol)

connects the two layers: network and data link layer

- Senders broadcasts an ARP request on the LAN, computer with the associated IP replies with its MAC

DNS (Domain Name Service/System)

Database that translates host names to IP addresses and vice versa.

Names organized by hierarchy form right to left

Difference between Switching and Routing?

Switching operates on the data link layer while routing operates on the network layer.

Switching is used to switch data packets between devices on the same network or LAN while routing is to route packets between different networks.

Routing could be multiple paths between source and destination while switching only has one path.

Routers send packets using "best available path" while switches don't have to choose.

Which domains have jurisdiction over one another in this example:

business.usf.edu

edu has jurisdiction over usf.edu and usf.edu has jurisdiction over business.usf.edu

BGP (Border Gateway Protocol)

is the protocol for exterior routing.

This connects AS to each other and informs neighbors about distance path (vector) to accessible networks.

"Distance vector protocol", between external networks.

OSPF (Open Shortest Path First)

is the protocol for interior routing.

This is used within an AS and informs all routers about state of a router's links to its neighbors.

To reach internal networks, "link state protocol".

AS (Autonomous System)

basic unit of Internet routing, data flows from source AS to destination AS

AS - connected group of 1 or more IP prefixes with a SINGLE and CLEARLY DEFINED routing policy

Each AS has a globally unique AS number

Routing Table

A data table stored in a router that lists the routes to particular network destinations

For each known path to a destination, the router records the next hop (Tracert)

Route aggregation in CIDR

combination of two or more IP address blocks to one larger address block reducing the number of routes in a routing table

Assign larger blocks of addresses to large network service providers instead of address blocks to end-user organizations

Routers in the rest of the world maintain one entry to the ISP's larger address block

MPLS (Multiprotocol Label Switching)

a packet-forwarding mechanism that uses predefined labels to determine how to deliver packets

eliminates unnecessary processing at routers by adding a special label to traffic going the same place, like luggage tags at the airport

Multi-protocol label switching simplifies network layer equipment on a WAN

SDN (Software Defined Networking)

reates a central entity to view the entire network at once rather than each device only knowing its neighbors

What are the 3 layers of SDN

Controller - core lament of an SDN architecture, enables centralized management and control

Southbound APis - relay info between controller and individual network devices( switches, APs, routers, and firewalls)

Northbound APis - relay inf between the controller and the applications and policy engines, to which an SDN looks like a single logical network device

Cite one example of SDN and its application in a business

OpenFlow Protocol, a programmable network protocol to help manage and direct traffic among routers and switches, no matter the vendor

Verizon uses SDN to combine all its existing service edge routers for Ethernet and IP-based services into one platform

Disadvantages to Decentralized Routing

- Each router has to independently find its neighbors and forward

- networks operate around 50% capacity to avoid delays

- requires added functionality in the router to maintain routing tables

Subnetting

a way of breaking down large IP blocks into smaller address blocks to help organize networks

allows organizations to distribute pools of IP addresses based on their needs

subnet mask

tells the network where hosts are, "finds" their subnet ID

- 1's indicate network ID and subnet ID bits

- 0's indicate host ID bits

- Mask the network art so router can find host

Describe what /12 would mean in terms of the network and host including the # of IPs?

there is 12 bits for the network

this allows for 32-12 = 20 bits for the host

# of IPs would be 2^20 = 1,048,576

Given this information, convert IPs to binary, and create the subnet mask binary and dotted decimal:

CIDR Addresses:

129.107.0.0/16

(5 bits per subnetID, 11 bits per HostID)

204.154.80.0/21

(3 bits per subentID, 8 bits per HostID)

73.5.0.0/17

(5 bits per subnetID, 10 bits per HostID)

How do subnet masks work?

- 1's indicate network ID and subnet ID bits

- 0's indicate host ID bits

- Mask the network art so router can find host

- Then router looks up subnetID in the routing table and forwards the packets to the appropriate router within the network

Benefits of subnetting

- Improve network speed

- Reduce congestion

- Boost security by controlling the flow of traffic

- Control growth

- Reduce effort for network administrators (more efficient)

Why use subnet masks?

splits the network part and host part of the IP helping identify the correct router (finding subnetID) to route to

WAN (Wide Area Network)

a wide area network which provides data to many independent users, is usually spread out over a large geographic area, transports large amounts of data over long distances, and merges traffic from multiple sources into a seamless stream.

LAN (Local Area Network)

use ethernet, simpler technologies, CSMA/CD broadcast, have a limited number of users and smaller geography, has a low cost, low utilization, and little need to optimize links.

Compare WANs and LANs

WANs

- more complex technologies

- Multiplexing, link sharing

- Scales up to hundreds of millions of users globally

- Expensive to build

LANs

- Uses Ethernet

- Simpler technology

- CSMA/CD broadcast

- Limited users (256 max) and geography

- Low cost, low util, little need to optimize links