CompTIA Net+ Chapter 7 - Explaining Application Services
Learn
Practice Test
Spaced Repetition
Match
Flashcards1/49
Earn XP
Description and Tags
CompTIA Net+ Chapter 7
Name | Mastery | Learn | Test | Matching | Spaced |
|---|
No study sessions yet.
50 Terms
Transport Layer Security (TLS)
Works as a layer between the Application and Transport layers of the TCP/IP stack
To implement TLS
The server is installed with a digital certificate issued by some trusted certificate authority (CA).
When a client connects to a secure service, a TLS handshake is performed. During the handshake, the server provides its certificate to the client. The cryptographic data in the certificate proves the identity of the server, assuming that the client also trusts the CA.
The certificate contains the public key part of a public/private encryption key pair.
The private key is kept a secret known only to the server.
Network Time Protocol (NTP)
Enables time synching
Words over UDP port 123
Time drift is when a system’s clock begins to deviate from the source clock. NTP can use two methods to deal with time drift:
Slew method—If the time is off by only a few seconds, NTP adjusts the time a few milliseconds at a time to get it back on track. Slewing is a slower, methodical method of correcting the time, but the risk of problems occurring is much less.
Slam method—If the time is off by more than a few seconds and slewing will take too long, NTP will hard reset the time. While this is a quick and immediate fix, slamming can cause some programs to not function properly.
Network Time Security (NTS)
Works over TCP pot 4460
Mitigates risk from unauthorized time sources
Precision Time Protocol (PTP)
Capable of nanosecond precision
General replacement for NTP
Defined in the IEEE 1588 Standard
PTP uses the following clock types:
Grandmaster clock is the authoritative time source within a PTP domain.
Boundary clock is one with interfaces in multiple PTP segments.
Ordinary clock is one with a single PTP interface.
HyperText Transfer Protocol
Enables clients to request resources from an HTTP server
TCP port 80 by default
The following types of hosting packages are common:
Dedicated server
Virtual private server (VPS)
Cloud hosting
Shared hosting
Dedicated Server
The ISP allocates your own private server computer. This type of service is usually unmanaged (or management comes at additional cost).
Virtual Private Server (VPS)
The ISP allocates you a virtual machine (VM) on a physical server. This is isolated from other customer instances by the hypervisor.
Cloud Hosting
Your website is run on a cloud over several hardware computers, allowing more scalability if demand patterns change.
Shared Hosting
Your website is hosted within a private directory on a shared server. Performance can be severely affected by other sites hosted on the server, because all the sites are competing for the same resources.
HTTPS
Protected by Transport Layer Security (TLS)
Encrypted over TCP port 443
File Transfer Protocol
Is still often used to perform the administrative upload/download of files to and from servers and appliances
Data transfer can operate in one of two modes:
active
passive
In active mode
the client sends a PORT command specifying its chosen data connection port number (typically n+1), and the server opens the data connection between the chosen client port and TCP port 20 on the server.
In passive mode
the client opens a data port (again, typically n+1) and sends the PASV command to the server's control port. The server then opens a random high port number and sends it to the client using the PORT command. The client then initiates the connection between the two ports.
Trivial File Transfer Protocol
Connectionless protocol running over UDP port 69
Most commonly used by legacy network appliances
No security mechanisms
Secure File Transfer Protocol (SFTP)
Addresses the privacy and integrity issues of FTP by encrypting the authentication and data transfer between client and server
Uses TCP port 22
There are two means of configuring FTP over TLS:
Explicit TLS (FTPES)—Use the
AUTH TLScommand to upgrade an insecure connection established over TCP port 21 to a secure one. This protects authentication credentials. The data connection for the actual file transfers can also be encrypted (using thePROTcommand).Implicit TLS (FTPS)—Negotiate an SSL/TLS tunnel before the exchange of any FTP commands. This mode uses TCP port 990 for the control connection.
Server Message Block (SMB)
File/Print Sharing Service on Windows
Allows a host to share its directories/files and printers to make them available for other machines to use
On legacy networks, ran on TCP port 139
On modern networks, it runs over TCP port 445
Network Attached Storage (NAS)
Device dedicated to performing a file server role
Accessed via an IP address or domain name
Each RDBMS uses a different TCP port to distinguish it as an application service:
Oracle's remote data access protocol SQL*Net uses TCP/1521.
Microsoft SQL Server uses TCP/1433.
The open source MySQL platform uses TCP/3306. The MariaDB platform forked from MySQL uses the same port.
The open source PostgreSQL platform uses TCP/5432.
Simple Mail Transfer Protocol
Specifies how email is delivered from one system to another
The SMTP server of the sender discovers the IP address of the recipient SMTP server by using the domain name part of the recipient’s email address.
The SMTP servers for the domain are registered in DNS using mail exchange (MX) and host (A/AAAA) records.
There are two ways for SMTP to use TLS:
STARTTLS—This is a command that upgrades an existing insecure connection to use TLS. This is also referred to as explicit TLS or opportunistic TLS. This method is now deprecated but does remain in widespread use.
Implicit TLS—This establishes the secure connection before any SMTP commands (HELO, for instance) are exchanged. Implicit TLS is now considered the preferred method.
Typical SMTP configurations use the following ports and secure services:
Port 25—Used for message relay between SMTP servers, or message transfer agents (MTAs). If security is required and supported by both servers, the STARTTLS command can be used to set up the secure connection.
Port 465—Used for SMTP Submission with implicit TLS. SMTP Submission is a subset of SMTP that allows the message submission agent (MSA) part of a mail client to transfer messages for delivery by a server.
Port 587—Used for SMTP Submission with explicit TLS. Servers configured to support port 587 should use STARTTLS and require authentication before message submission.
Internet Message Access Protocol (IMAP)
Most widely used mail retrieval protocol
IMAP supports permanent connections to a server and connecting multiple clients to the same mailbox simultaneously. It also allows a client to manage the mailbox on the server (to organize messages in folders and to control when they are deleted, for instance) and to create multiple mailboxes.
A client connects to an IMAP server over TCP port 143, but this port is insecure. Connection security can be established using a TLS. The default port for IMAPs is TCP/993.
The protocols designed to support real-time services cover one or more of the following functions:
Session control—Used to establish, manage, and disestablish communications sessions. They handle tasks such as user discovery (locating a user on the network), availability advertising (whether a user is prepared to receive calls), negotiating session parameters (such as use of audio/video), and session management and termination.
Data transport—Handles the delivery of the actual video or voice information.
Quality of service (QoS)—Provides information about the connection to a QoS system, which in turn ensures that voice or video communications are free from problems, such as dropped packets, delay, or jitter.
Session Initiation Protocol
One of the most widely used session control protocols
Runs over UDP or TCP ports 5060 (insecured) and 5061 (SIP-TLS)
Disaster Recovery Plan (DRP)
Addresses large-scale network outage incidents.
A Disaster Recovery Plan (DRP) should accomplish the following:
Identify scenarios for natural and non-natural disasters and options for protecting systems.
Identify tasks, resources, and responsibilities for responding to a disaster. Disaster recovery focuses on tasks such as switching services to failover systems or sites and restoring systems and data from backups.
Train staff in the disaster planning procedures and how to react well to adverse events.
Tabletop Excercises
Involve teams discussing and working through hypothetical scenarios to assess their response plans and decision-making processes.
These exercises help identify knowledge, communication, and coordination gaps, ultimately strengthening the organization's incident response capabilities.
For example, a tabletop exercise might be an earthquake that destroys processing ability at a primary site, testing failover to an alternate processing location.
Validation Tests
Involve performing simulations of failovers. This tests that services can be restored using backup configurations and data.
Validation tests can also test metrics for recovery time. They can also reveal any unexpected problems, such as dependencies between services not being met during the failover process.
Continuity planning activity focuses on the functions performed by a business or other organization:
Business impact analysis (BIA) identifies mission essential and primary business functions and the risks that would arise if the organization cannot fulfill them.
IT contingency planning (ITCP) or IT service continuity planning (ITSCP) ensures that these functions are supported by resilient IT systems, working to identify and mitigate all single points of failure from a process or function.
High availability
A characteristics of a system that can guarantee a certain level of availability.
Maximum Tolerable Downtime (MTD)
A metric that states the requirement for a business function
The MTD metric sets the upper limit on the amount of recovery time that system and asset owners have to resume operations. Additional metrics can be used to govern recovery operations:
Recovery time objective (RTO). This is the period following a disaster that an individual IT system may remain offline. This represents the maximum amount of time allowed to identify that there is a problem and then perform recovery (restore from backup or switch in an alternative system, for instance).
Work recovery time (WRT). Following systems recovery, there may be additional work to reintegrate different systems, restore data from backups, test overall functionality, and brief system users on any changes or different working practices so that the business function is again fully supported.
Recovery Point Objective
This is the amount of data loss that a system can sustain, measured in time units.
Site resiliency is described as hot, warm, or cold:
A hot site can failover almost immediately. It generally means that the site is already within the organization's ownership and is ready to deploy. For example, a hot site could consist of a building with operational computer equipment that is kept updated with a live dataset.
A warm site could be similar but with the requirement that the latest dataset will need to be loaded.
A cold site takes longer to set up. A cold site may be an empty building with a lease agreement in place to install whatever equipment is required when necessary.
Mean time between failures (MTBF)
Represents the expected lifetime of a product. The calculation for MTBF is the total operational time divided by the number of failures.
For example, if you have 10 appliances that run for 50 hours and two of them fail, the MTBF is 250 hours/failure (10*50)/2.
Mean time to failure (MTTF)
Expresses a similar metric for non-repairable components. For example, a hard drive may be described with an MTTF, while a server, which could be repaired by replacing the hard drive, would be described with an MTBF.
The calculation for MTTF is the total operational time divided by the number of devices. For example, say two drives were installed in the server in a RAID array. One had failed after 10 years, but had never been replaced, and the second failed after 14 years, bringing down the array and the server. The MTTF of the drives is (10+14)/2 = 12 years
Mean time to repair (MTTR)
Is a measure of the time taken to correct a fault so that the system is restored to full operation.
This can also be described as mean time to replace or recover. MTTR is calculated as the total number of hours of unplanned maintenance divided by the number of failure incidents.
This average value can be used to estimate whether a recovery time objective (RTO) is achievable.
Examples of devices and solutions that provide fault tolerance include the following:
Redundant spares—Components such as power supplies, network cards, drives (RAID), and cooling fans provide protection against hardware failures. A fully redundant server configuration is configured with multiple components for each function (power, networking, and storage). A faulty component will then automatically failover to the working one.
Network links—If there are multiple paths between switches and routers, these devices can automatically failover to a working path if a cable or network port is damaged.
Uninterruptible power supplies (UPSs) and standby power supplies—Provide power protection in the event of complete power failure (blackout) and other types of building power issues.
Backup strategies—Provide protection for data.
Cluster services—A means of ensuring that the total failure of a server does not disrupt services generally.
Load Balancer
Can be deployed as a hardware appliance or software instance to distribute client requests across server nodes in a farm or pool
There are two main types of load balancers:
Layer 4 switch—Basic load balancers make forwarding decisions on IP address and TCP/UDP header values, working at the Transport layer of the OSI model.
Layer 7 switch (content switch)—As web applications have become more complex, modern load balancers need to be able to make forwarding decisions based on application-level data, such as a request for a particular URL or data types like video or audio streaming. This requires more complex logic, but the processing power of modern appliances is sufficient to deal with this.
Clustering
Allows multiple redundant processing nodes that share data with one another to accept connections.
Active-Passive Clustering
Where one node is active, and the other is passive
Active-Active Clustering
Means that both nodes are processing connections concurrently
Hot Standby Router Protocol (HSRP)
Developed by Cisco allows multiple physical routers to serve as a single default gateway for a subnet
To do this, each router must have an interface connected to the subnet, with its own unique MAC address and IP address.
In addition, they also need to be configured to share a common virtual IP address and a common MAC address.