Network and Security Foundations

Notes for D315 class through Western Governor's University

Physical Layer

Connection of devices in a network and deals with bits, signals/media, NIC card/cabling/fiber. Devices on this layer include hubs, repeaters, modems, cabling.

Data Link Layer

Provides for the flow and delivery of data and uses MAC addresses. Devices on this layer include switches, bridge devices, wireless/wired network cards.

Network Layer

Provides routing decisions and transmission of data and deals with packets and IP/IPX. Devices on this layer include routers and switches.

Transport Layer

Considered the “heart of OSI”, this layer provides and recieves services while ensuring error free packet delivery. Protocols on this layer include UDP and TCP.

Session Layer

This layer establishes, manages, and terminates sessions.

Presentation Layer

This layer is responsible for encryption and decryption.

Application Layer

This layer provides support for applications. Protocols on this level include HTTP, FTP, DNS, SMTP.

What layers of the OSI model match layer 1 of the TCP/IP model?

Layers 1 and 2

What layers of the OSI model match layer 2 of the TCP/IP model?

Layer 3

What layers of the OSI model match layer 3 of the TCP/IP model?

Layer 4

What layers of the OSI model match layer 4 of the TCP/IP model?

Layers 5-7

Hub

The device that connects the router to the network and it sends signals to all receivers. It operates on the 1st layer of the OSI model.

Modem

The device that translates digital signals to analog (and vice versa) which allows computers to transport digital information. It opperates on the 1st and 2nd layers of the OSI model.

Repeater

The devices that strengthens, replicates, and regenerates weakened signals. It operates on the 1st layer of the OSI model.

Switch

The devices that connects devices in a network and allows them to communicate by using MAC addresses to send traffic directly to the receiver without other devices being aware. It typically operates on the 2nd layer of the OSI model but sometimes can operate on the 3rd layer.

Bridge

The device that’s similar to a router but doesn’t analyze anything and instead just sends it. It operates on the 2nd layer of the OSI model.

Router

The device that connects networks to each other. It operates on the 3rd layer of the OSI model.

What OSI layer does a hub operate on?

Layer 1

What OSI layer does a modem operate on?

Layer 1 and 2

What OSI layer does a repeater operate on?

Layer 1

What OSI layer does a switch operate on?

Layer 2 (sometimes 3)

What OSI layer does a bridge operate on?

Layer 2

What OSI layer does a router operate on?

Layer 3

Cat3 Cable

10 Mbps for 100 meters, used for phone lines

Cat4 Cable

16 Mbps for 100 meters, was used for token rings but not really used any more

Cat5 Cable

100 Mbps for 100 meters, was used for Ethernet LANs but has been replaced

Cat5e Cable

1 Gbps for 100 meters, used for Ethernet LANs

Cat6 Cable

1 Gbps for 100 meter or 10 Gbps for 50 meters, good for server racks and used in Ethernet LANs and data centers

Cat6a

10 Gbps for 100 meters, higher quality cable that’s more resistant to interference and is most commonly used today

What UTP cables have 2 pairs of wires?

Cat3, Cat4, and Cat 5

What UTP cables have 4 pair of wires?

Cat5e, Cat6, and Cat6a

Coaxial Cables

Old analog cables mad of copper with metal shields to block interference that are basically only used today by TV companies.

Fiber Cables

Cables that use light instead of electricity that are more durable/secure and better for long distance.

Single Mode

Fiber cables with 10 micron strands that have a higher bandwidth and are better for submarine cabling.

Multimode

Fiber cables with 50-100 micron fibers that have a wider frequency of light and are cheaper across shorter distances.

Crossover Cable

A cable that directly connects two computing devices of the same type. On computers, it connects through the NIC or switches.

Patch Cable

A cable that connect a device to a patch panel.

Patch Panel

A panel that is wired to a switch.

ARP (Address Resolution Protocol)

The command used to displays the IP to physical address mappings for hosts in the cache and can be used to edit the cache.

Dig (Domain Information Groper)

The command used to query the DNS name servers. It’s helpful for troubleshooting and it replaced nslookup.

Finger

The command used to display information about a user on a remote system. It’s primarily used on Linux.

FTP

The command used to copy files from one host to another without encryption using TCP.

Ipconfig

The command used to provide a user with the IP, subnet mask, and default gateway for each network adapter.

Ifconfig

The command used to configure the kernel network interfaces and debugging/tuning the system. It’s primarily used on Linux.

Netstat

The command used to display information about active ports and their state. It’s useful for troubleshooting and capacity management.

Nmap

The command used to scan networks for hosts and open ports to determine what is deployed on a network. This information is used for vulnerability analysis and security scans. It’s not native to Linux or Windows.

Nslookup

The command used to display information for the DNS. It’s helpful for troubleshooting DNS problems.

Ping

The command used to test connectivity to other hosts by sending ICMP echo requests, listening for a reply, then displaying the time it took.

Route

The command used to display current route tables on a host and determine where to send traffic. It can also add or remove routes.

SCP (Secure Copy Protocol)

The command used to securely copy files between servers by using SSH for authentication and encryption.

Tcpdump

The command used to display TCP/IP and other network packets being transmitted over the network system in a human-readable format which makes it helpful for troubleshooting, security analysis, etc.. It is not native to Linux or Windows.

Telnet

The command that allows users to manage accounts and devices remotely and is NOT encrypted.

SSH

The command that allows user to manage accounts and devices remotely and IS encrypted.

TFTP (Trivial File Transfer Protocol)

The command used to transfer files between client and servers using UDP.

Traceroute

The command used to trace the route an IP packet takes by displaying the IP address and time it took for each hop. Needs special authorization to use.

Tracepath

The command used to Trace the route an IP packet takes by displaying the IP address and time it took for each hop. Does not need special authorization so anyone can use it.

Whois

The command used to look up who owns a domain or block of IP addresses.

PAN (Personal Area Network)

A network centered around a person and their devices. Ex. computer, mouse, printer, headphones, cellphone

LAN (Local Area Network)

A network with devices connected within a limited area. Ex. a home, lab, office building

WLAN (Wireless Local Area Network)

A network with devices wirelessly connected within a limited area.

SAN (Storage Area Network)

A network dedicated to storage device and the servers that need to access them. The reason to use these is to reduce the interference from normal LAN traffic during data transfer.

CAN (Campus Area Network)

A network for multiple LANs across a limited area. Ex. university campus, group of buildings owned by one company

MAN (Metropolitan Area Network)

A network that spans across an area larger than a CAN but smaller than a WAN and is made up of many LANs owned by multiple organizations, government entities, etc.. Ex. a city

WAN (Wide Area Network)

A network that covers a large geographical area. Ex. international companies, satellites

Bus Topology

The topology that has a single line of devices connected together by one shared network cable.

Ring Topology

The topology that connects devices to two other devices and pass information in a circular path.

Star Topology

The topology that has a central network device connected to various network devices.

Mesh Topology

The topology where every device has direct access to another device.

Centralized Network Architecture

Network architecture where data is stored on one machine and users use other machines to access the data.

Decentralized Network Architecture

Network architecture where data is stored on the device using it.

Client-Server Model Network Architecture

Network architecture where applications store data in a centralized data center and used a decentralized computer to access the server.

Peer-to-Peer Model Network Architecture

Network architecture where client computers act as servers and workstations by sharing files and printers while also being used for normal tasks.

What is the advantage of a wired network?

There is a more stable connection and a higher bandwidth in some cases.

What is the advantage of a wireless network?

There is better portability.

What is the difference between a Type 1 and Type 2 hypervisor?

A type 1 is installed directly on the hardware as the OS while a type 2 is treated as an application on top of the OS.

IaaS

Provider takes care of hypervisors, server/storage, and physical networks.

PaaS

Provider takes care of the OS, virtual networks, hypervisors, servers/storage, and physical networks.

SaaS

Provider takes care of applications, the OS, virtual networks, hypervisors, servers/storage, and physical networks.

Private Cloud

Where only the people who own the cloud have access to its data.

Public Cloud

Where lots of people can access the cloud and the provider is responsible for upkeep.

Community Cloud

Where the cloud is jointly owned and operated by the tenants.

Hybrid Cloud

Where the cloud is a combination of private and public.

Multi-Cloud

Where the cloud leverages the services of multiple public cloud providers.

SecOPs

IT security operations

Dictionary Attack

A method of breaking passwords by using a library of common words/phrases to guess possible passwords.

Brute Force Attack

A password attack where the attacker uses all possible combination of characters until a password match is found.

Advanced Persistent Threat

A virus that remains undetected while it sits idle for long periods of time waiting for the right time.

Zero-day

When a vulnerability is not yet known by the public and there is no patch available to fix it.

Red team

Attackers who attempt to compromise security.

Blue team

Attackers who attempt to defend against the attacker team.

White team

Team who observes or referees.

Purple team

When attacker teams and defender teams go until a certain criteria is met then get together to cross train.

White Hat

IT professionals who specialize in penetrating and compromising network security to help a company improve.

Black Hat

Attackers who posses knowledge to hack and will breach systems for profit.

Gray Hat

Attackers who have no malicious intent but may not have prior permission for the attack.

Script Kiddie

Attackers without a lot of knowledge or training who hack out of curiosity or entertainment.

Packet Sniffer

Allows an attacker to listen and record traffic on a network.

Port Scanning

When an attacker sends packets to TCP ports to find out which ones are being used.

SQL Injection Attack

When an attacker takes control of a server by inserting coded commands into an input box instead of plain text.

Buffer Overflow Attack

When an attacker purposefully enters text that is too large and causes the overwriting of neighboring areas of memory with code that will grant the attacker control of the server.