FBLA network design terms

OSI Model

A 7-layer conceptual framework (Physical Data Link Network Transport Session Presentation Application) that standardizes how network devices communicate

Physical Layer (L1)

OSI layer dealing with raw bit transmission over physical media like cables and radio signals

Data Link Layer (L2)

OSI layer responsible for node-to-node delivery using MAC addresses; includes switches and frames

Network Layer (L3)

OSI layer responsible for logical addressing and routing using IP addresses; includes routers

Transport Layer (L4)

OSI layer that manages end-to-end communication reliability segmentation and flow control via TCP/UDP

Session Layer (L5)

OSI layer that establishes manages and terminates connections (sessions) between applications

Presentation Layer (L6)

OSI layer that translates formats encrypts and compresses data for the application layer

Application Layer (L7)

OSI layer closest to the end user; provides network services directly to applications like HTTP and FTP

TCP/IP Model

A 4-layer model (Network Access Internet Transport Application) that maps to the OSI model and underlies the modern internet

TCP (Transmission Control Protocol)

A connection-oriented reliable transport protocol that uses a three-way handshake and guarantees delivery and order

UDP (User Datagram Protocol)

A connectionless unreliable transport protocol with low overhead used for speed-sensitive applications like streaming and gaming

Three-Way Handshake

The TCP connection process consisting of SYN SYN-ACK and ACK packets

Subnetting

The process of dividing a larger network into smaller logical sub-networks to improve efficiency and security

CIDR (Classless Inter-Domain Routing)

A method of IP address allocation using a slash notation (e.g. /24) to indicate the number of network bits

Subnet Mask

A 32-bit number that separates the network portion from the host portion of an IP address

Class A Address

IP addresses ranging from 1.0.0.0 to 126.255.255.255 with a default mask of 255.0.0.0 used for very large networks

Class B Address

IP addresses ranging from 128.0.0.0 to 191.255.255.255 with a default mask of 255.255.0.0 used for medium networks

Class C Address

IP addresses ranging from 192.0.0.0 to 223.255.255.255 with a default mask of 255.255.255.0 used for small networks

Private IP Ranges

Reserved non-routable address ranges: 10.0.0.0/8 172.16.0.0/12 and 192.168.0.0/16

IPv4

A 32-bit addressing scheme written in dotted decimal notation (e.g. 192.168.1.1) providing about 4.3 billion addresses

IPv6

A 128-bit addressing scheme written in hexadecimal separated by colons designed to replace IPv4 due to address exhaustion

MAC Address

A 48-bit physical hardware address burned into a network interface card used for Layer 2 communication

Default Gateway

The router address a device uses to send traffic destined for outside its local network

Port

A 16-bit number that identifies a specific process or service on a device for network communication

Port 20/21

FTP (File Transfer Protocol) - used for transferring files; 20 is data and 21 is control

Port 22

SSH (Secure Shell) - used for secure remote command-line access

Port 23

Telnet - used for unencrypted remote access (insecure legacy protocol)

Port 25

SMTP (Simple Mail Transfer Protocol) - used for sending email

Port 53

DNS (Domain Name System) - used for resolving domain names to IP addresses

Port 67/68

DHCP (Dynamic Host Configuration Protocol) - used for automatic IP address assignment

Port 80

HTTP (Hypertext Transfer Protocol) - used for unencrypted web traffic

Port 110

POP3 (Post Office Protocol v3) - used for retrieving email by downloading it to a single device

Port 143

IMAP (Internet Message Access Protocol) - used for retrieving email while keeping it synced on the server

Port 443

HTTPS (HTTP Secure) - used for encrypted web traffic via TLS/SSL

Port 3389

RDP (Remote Desktop Protocol) - used for remotely accessing a Windows desktop

Star Topology

A network layout where all devices connect to a central hub or switch; easy to manage but the central device is a single point of failure

Bus Topology

A network layout where all devices share a single central cable; cheap but a cable break disables the whole network

Ring Topology

A network layout where each device connects to exactly two others forming a circular path for data

Mesh Topology

A network layout where devices are interconnected with many redundant paths providing high reliability but high cost

Hybrid Topology

A network layout combining two or more different topology types

LAN (Local Area Network)

A network confined to a small geographic area like a home office or building

WAN (Wide Area Network)

A network that spans a large geographic area connecting multiple LANs often using leased lines or the internet

MAN (Metropolitan Area Network)

A network spanning a city or large campus larger than a LAN but smaller than a WAN

PAN (Personal Area Network)

A very short-range network typically using Bluetooth connecting personal devices

Client-Server Model

A network architecture where centralized servers provide resources/services to multiple client devices

Peer-to-Peer (P2P) Model

A network architecture where devices share resources directly with each other without a central server

Intranet

A private internal network accessible only to an organization's members

Extranet

A controlled private network that allows access to authorized outside parties such as vendors or partners

Router

A Layer 3 device that forwards data packets between different networks based on IP addresses

Switch

A Layer 2 device that connects devices within a LAN and forwards frames based on MAC addresses

Hub

A basic Layer 1 device that broadcasts incoming data to all connected ports without filtering

Bridge

A Layer 2 device that connects and filters traffic between two network segments

Gateway

A device that connects two networks using different protocols translating between them

Repeater

A Layer 1 device that regenerates and amplifies a signal to extend transmission distance

Firewall

A security device or software that monitors and controls incoming/outgoing traffic based on defined rules

Packet Filtering Firewall

A firewall type that inspects packets individually based on IP address port and protocol without tracking connection state

Stateful Firewall

A firewall type that tracks the state of active connections and makes filtering decisions based on context

Access Point (AP)

A device that allows wireless devices to connect to a wired network via Wi-Fi

Modem

A device that converts digital signals to analog (and vice versa) for transmission over telephone or cable lines

NIC (Network Interface Card)

Hardware that allows a device to connect to a network either wired or wireless

Patch Panel

A mounted hardware unit containing ports used to connect and manage incoming and outgoing cables in a server room

Cat5e Cable

A twisted pair Ethernet cable supporting up to 1 Gbps

Cat6 Cable

A twisted pair Ethernet cable supporting up to 10 Gbps over shorter distances with reduced crosstalk

Cat6a Cable

An enhanced Cat6 cable supporting 10 Gbps over the full 100m distance

Single-Mode Fiber

Fiber optic cable with a small core that uses a single light path allowing long-distance high-bandwidth transmission

Multi-Mode Fiber

Fiber optic cable with a larger core that allows multiple light paths suited for shorter distances

DNS (Domain Name System)

A hierarchical system that translates human-readable domain names into IP addresses

A Record

A DNS record type that maps a domain name to an IPv4 address

AAAA Record

A DNS record type that maps a domain name to an IPv6 address

CNAME Record

A DNS record type that creates an alias pointing one domain name to another

MX Record

A DNS record type that specifies the mail server responsible for receiving email for a domain

NS Record

A DNS record type that specifies the authoritative name servers for a domain

TXT Record

A DNS record type that holds arbitrary text often used for verification (SPF DKIM etc.)

DHCP (Dynamic Host Configuration Protocol)

A protocol that automatically assigns IP addresses and network configuration to devices on a network

DORA Process

The DHCP lease process: Discover Offer Request Acknowledge

HTTP

An application-layer protocol for transmitting unencrypted web pages

HTTPS

An application-layer protocol for transmitting encrypted web pages using TLS/SSL

FTP

A protocol used to transfer files between client and server typically unencrypted

SFTP

A secure version of FTP that encrypts file transfers using SSH

SMTP

The protocol used to send email from a client to a server or between mail servers

POP3

An email retrieval protocol that downloads messages to a device and typically removes them from the server

IMAP

An email retrieval protocol that synchronizes messages across devices by keeping them stored on the server

VPN (Virtual Private Network)

A technology that creates an encrypted tunnel over a public network to provide secure remote access

PPTP

An older VPN tunneling protocol that is fast but considered insecure by modern standards

L2TP

A VPN tunneling protocol often paired with IPSec for encryption since it provides no encryption itself

IPSec

A protocol suite that authenticates and encrypts IP packets often used to secure VPN tunnels

SSL VPN

A VPN type that uses SSL/TLS encryption typically accessed through a web browser

NAT (Network Address Translation)

A process that translates private IP addresses to a public IP address for internet access

PAT (Port Address Translation)

A form of NAT that maps multiple private IPs to a single public IP using different port numbers

Symmetric Encryption

An encryption method that uses the same key for both encryption and decryption (e.g. AES)

Asymmetric Encryption

An encryption method that uses a public key to encrypt and a private key to decrypt (e.g. RSA)

AES (Advanced Encryption Standard)

A widely used symmetric encryption algorithm considered highly secure

RSA

A widely used asymmetric encryption algorithm based on the mathematical difficulty of factoring large numbers

2FA/MFA (Two/Multi-Factor Authentication)

A security process requiring two or more independent credentials to verify identity

AAA Framework

A security framework standing for Authentication Authorization and Accounting

WEP (Wired Equivalent Privacy)

An outdated and easily broken wireless security protocol

WPA (Wi-Fi Protected Access)

An improved wireless security protocol that replaced WEP using TKIP encryption

WPA2

A wireless security protocol using AES encryption that became the standard for secure Wi-Fi

WPA3

The newest wireless security protocol offering stronger encryption and protection against brute-force attacks

DDoS (Distributed Denial of Service)

An attack that overwhelms a server or network with traffic from multiple sources to make it unavailable