CMSC 426 Lecture 5

1. Q: What is a computer network?
A: A computer network is a group of interconnected devices that communicate and share resources. Examples include Local Area Networks (LANs), the Internet, and networks provided by Internet Service Providers (ISPs).

2. Q: What is the TCP/IP 5 Layer Model?
A: It’s a framework that organizes network protocols into five layers: Physical, Data Link, Network, Transport, and Application, providing structure for how data is transmitted across networks.

3. Q: What is the Internet Protocol Suite (TCP/IP)?
A: It is a set of standards and protocols defined by the IETF that dictate how data is formatted, transmitted, routed, and received over the Internet and other networks.

4. Q: What does the Physical Layer encompass?
A: The Physical Layer is responsible for transmitting raw bits over a physical medium, such as Ethernet cables, fiber-optic cables, wireless signals, or cellular signals.

5. Q: What is the role of the Data Link Layer?
A: It manages how data is formatted for transmission on the physical medium, ensuring reliable delivery, error detection/correction, and handling MAC addressing on a LAN.

6. Q: How do Ethernet switches function at the Data Link Layer?
A: Ethernet switches connect devices on a LAN by using MAC addresses to forward network traffic only to the intended destination device.

7. Q: What is the primary function of the Network Layer?
A: The Network Layer routes packets between different networks, handling addressing (IPv4/IPv6) and forwarding, but does not guarantee reliable delivery.

8. Q: What is a router and what role does it play?
A: A router is a device that forwards packets between networks, determining the best path for data to travel and acting as the default gateway for devices.

9. Q: What defines an IPv4 address?
A: An IPv4 address is a unique 32-bit numerical label for a host on a network, typically written as four decimal numbers (octets) separated by dots (e.g., 192.168.84.2).

10. Q: How is a subnet mask used in networking?
A: A subnet mask distinguishes the network portion from the host portion of an IP address by performing a bitwise AND, helping to identify the network address (e.g., 255.255.255.0).

11. Q: What is CIDR notation?
A: CIDR (Classless Inter-Domain Routing) notation is a shorthand way to represent an IP address and its subnet mask, written as an IP address followed by a slash and the number of network bits (e.g., 192.168.84.2/24).

12. Q: How do IPv6 addresses differ from IPv4 addresses?
A: IPv6 addresses are 128 bits long, expressed in hexadecimal and separated by colons, providing a vastly larger address space than the 32-bit IPv4 addresses.

13. Q: What is the purpose of the Transport Layer?
A: The Transport Layer ensures end-to-end communication by segmenting data, managing data transfer reliability, and reassembling data using protocols such as TCP and UDP.

14. Q: What is TCP and how does it operate?
A: TCP (Transmission Control Protocol) establishes reliable, ordered connections using a three-way handshake and guarantees data delivery through retransmission and sequencing.

15. Q: What are the steps of the TCP three-way handshake?
A: The client sends a SYN packet, the server replies with a SYN/ACK packet, and the client responds with an ACK, establishing a reliable connection.

16. Q: How does UDP differ from TCP?
A: UDP (User Datagram Protocol) is connectionless and provides fast, “best effort” delivery without error recovery, flow control, or guarantee of packet order, making it suitable for streaming.

17. Q: What is the Application Layer responsible for?
A: The Application Layer interfaces directly with end-user applications and provides protocols (e.g., DHCP, DNS, HTTP, HTTPS, FTP, SMTP) for services and data exchange.

18. Q: What is the role of DHCP in the Application Layer?
A: DHCP (Dynamic Host Configuration Protocol) automatically assigns IP addresses and configuration settings to devices when they join a network.

19. Q: What does DNS do?
A: DNS (Domain Name System) translates human-friendly domain names into IP addresses, allowing users to access websites without remembering numerical addresses.

20. Q: What is HTTP?
A: HTTP (Hypertext Transfer Protocol) is the protocol used to transfer web pages and resources from servers to clients over the Internet in a client-server model.

21. Q: What distinguishes HTTPS from HTTP?
A: HTTPS is HTTP secured with SSL/TLS encryption, which ensures the confidentiality, integrity, and authentication of data transmitted between client and server.

22. Q: What is FTP used for?
A: FTP (File Transfer Protocol) is used to transfer files between computers over a network. It is unencrypted by default, although secure versions (FTPS/SFTP) exist.

23. Q: What role does SMTP play in networking?
A: SMTP (Simple Mail Transfer Protocol) is the standard protocol for sending emails across networks, often used with POP3 or IMAP for retrieving mail.

24. Q: How does the OSI model compare to the TCP/IP model?
A: The OSI model is a 7-layer conceptual framework for network communication, while the TCP/IP model is a practical 5-layer framework used for the Internet; both serve to standardize communication functions.

25. Q: What is a firewall?
A: A firewall is a security device or software that filters network traffic based on predefined rules to block unauthorized access while permitting legitimate communication.

26. Q: What types of filtering capabilities can firewalls use?
A: Firewalls can filter based on IP addresses, protocols, port numbers, application data, user identity, and even network activity patterns such as time or request rate.

27. Q: What are the main types of firewalls?
A: They include network-based firewalls (protecting entire networks), host-based firewalls (protecting individual devices), packet filtering firewalls, stateful inspection firewalls, and application-level gateway firewalls.

28. Q: What is a packet filtering firewall?
A: It inspects individual packets based on header information (source/destination IP, port, protocol) and allows or blocks traffic based on a list of rules.

29. Q: How does a stateful inspection firewall enhance security?
A: It monitors the state of active connections and makes filtering decisions based on the context of packets within a session, offering improved security over basic packet filtering.

30. Q: What is an application-level gateway firewall?
A: Also known as a proxy firewall, it relays traffic for specific applications, examining the content and enforcing security policies at the application layer, often with user authentication.

31. Q: What characterizes a “next-generation” firewall?
A: Next-generation firewalls integrate traditional packet filtering with advanced features such as deep packet inspection, application awareness, and intrusion prevention systems.

32. Q: What is a Virtual Private Network (VPN)?
A: A VPN creates a secure, encrypted tunnel over the Internet, allowing remote users or networks to connect as if they were on the same local network.

33. Q: What is a remote access VPN?
A: It connects a single device (such as a remote employee’s computer) securely to a remote network, providing access to resources as if directly connected to that network.

34. Q: What is a site-to-site VPN?
A: A site-to-site VPN links entire networks (e.g., branch offices to a corporate headquarters) together securely over the Internet, appearing as one seamless network.

35. Q: What is IPSec and why is it used?
A: IPSec (Internet Protocol Security) is a suite of protocols that encrypt and authenticate IP packets to ensure secure communication at the network layer.

36. Q: What does the Authentication Header (AH) protocol do in IPSec?
A: AH provides integrity and authentication for IP packets by adding an authentication header (using HMAC) but does not encrypt the data.

37. Q: What is the function of the Encapsulating Security Payload (ESP) protocol?
A: ESP encrypts the payload of IP packets to provide confidentiality, and it can also offer optional authentication and integrity checks.

38. Q: What is the difference between IPSec Transport Mode and Tunnel Mode?
A: In Transport Mode, only the payload is encrypted and the original IP header is retained (used for end-to-end security). In Tunnel Mode, the entire IP packet is encapsulated and encrypted, then rewrapped with a new IP header (used for site-to-site VPNs).

39. Q: What are VPN services?
A: VPN services allow users to establish a secure connection to a VPN provider’s network, which then routes and encrypts their internet traffic, hiding it from local ISPs.

40. Q: What is virtualization in computing?
A: Virtualization is the creation of virtual instances of computing resources—such as servers, storage, networks, or applications—allowing multiple virtual environments to run on a single physical machine.

41. Q: What are the two main types of hypervisors?
A: Type 1 hypervisors run directly on hardware (bare-metal), while Type 2 hypervisors run on top of an existing operating system (hosted).

42. Q: What benefits does virtualization provide?
A: It enables resource consolidation, isolation of environments, flexible network segmentation, efficient backup/recovery, and the ability to run multiple operating systems on a single physical server.

43. Q: What are some security benefits of virtualization?
A: Virtualization enhances security through isolation and containment of workloads, improved incident response, better access control, and streamlined patch management and disaster recovery.

44. Q: What are common risks associated with virtualization?
A: Risks include hypervisor vulnerabilities, potential for virtual machine escape, resource contention, misconfigurations, and insider threats.