Critical Knowledge ™

SUMMARY NOTES

UNIT 1:
NETWORK
FUNDAMENTALS
1.1 Theory, Technologies, Implementation

Physical and Logical Addressing

● Logical addresses, called IP addresses, are used to send data between networks.

● Physical addresses, called MAC addresses, are used to send data between devices
within the same network.

● Think of a logical address as the destination city for a package.

● Think of the physical address as the destination street name and number for a
package.

● Logical and physical addresses operate at different communication layers.

Transmission Types

● Computers communicate in three basic ways:

● 1.) Unicast

○ One-to-one transmission.

○ A single computer communicates with another single computer.

● 2.) Multicast

○ One-to-many transmission, but not to all.

○ A single computer communicates with multiple specific computers.

○ A multicast address, configured by a Network Administrator, includes a

mapping of specific computers to a single IP address.

● 3.) Broadcast

○ One-to-all transmission.

○ Sends the message to every computer on the network.

Transmission Modes

● Three types of communications modes:

● 1.) Simplex

○ One direction (e.g., a radio station)

● 2.) Half Duplex

○ Bi-directional, but not simultaneous (e.g., a walkie-talkie)

 Unit 1 Summary Notes

● 3.) Full duplex

○ Bi-directional, can be simultaneous (e.g., a phone call)

● Switches can convert each switch port from half duplex to full duplex.

● Full duplex allows switches to send and receive information at the same time, helping
to avoid collisions.

2
 Unit 1 Summary Notes

1.2 Computing Fundamentals

External Ports

● Types:
○ USB
○ Video
○ Storage

USB: most common type of port, used to connect peripherals such as mice, keyboards, flash
drives, CD/DVD players, printers

● Presents the biggest security issue of any port

○ Access to the BIOS/UEFI is possible

○ Easily used to install malware and bypass OS security controls
○ Backdoors and keyloggers are frequently installed via USB ports

Video: Used to connect displays/monitors

● Types
○ VGA − legacy
○ DVI − older monitors and TVs
○ DisplayPort − proprietary, designed to replace VGA/DVI
○ Component video − uses 3 connectors (Green, Blue and Red)
○ S-video − 4 pin connector
○ HDMI − most common on modern TVs/monitors, used for HD video

● Video ports are limited in access and do not pose much security risk

Storage: used to write and copy data (input/output), all storage types present risks for
malware and represent a security concern

● Types
○ Express Card – connects peripherals like modems
○ PC card – legacy, used to expand memory
○ Compact Flash – flash memory
○ Lightning – Apple (proprietary) used to charge devices and transfer data
○ Thunderbolt – Apple (proprietary) connects peripherals

● Can connect to storage devices that contain malware

Internal Components

● GPU – video card, can be hijacked to mine cryptocurrency

3
 Unit 1 Summary Notes

● CPU – processor, can have vulnerabilities (e.g. Intel/Meltdown and Spectre)

● HDD – hard drive (both internal or external) can be removed easily, compromising
sensitive data
● RAM – can be removed easily, but does not retain sensitive data when the machine is
off
● PSU – power supply, provides power to all components in the computer
● CD/DVD Drive – difficult to remove, but can be stolen or tampered with to gain access
to CDs or DVDs that contain sensitive information

Operating Systems Overview

Desktop

Windows
● General: most common desktop operating system in the world (approx. 75% of all
desktop PCs)
○ Current versions include Windows 10 and Windows Server 2016
● Security Issues: Long history of holding valuable business data
○ Most commonly targeted by hackers
○ To prevent attacks, MS leaves many components uninstalled unless needed
● Security Measures: Keep Windows up to date with latest patches
○ Other steps: anti-virus software, implementing a host-based firewall, and using
safe browsing

Linux

● General: The LINUX operating system is an open-source UNIX-like OS

○ Popular in server environments
○ Distributions use system software and libraries provided by the GNU Project
● Security Issues: Every distribution of Linux is different
○ Security is achieved through variety
○ Hackers encounter slight differences with each distribution making it more
difficult to hack
● Security Measures: Linux is open source, security is achieved through the community
of developers

Mobile OS Overview

Android

● General: Created by Google

○ Based on Linux
○ Has a large community of developers

4
 Unit 1 Summary Notes

● Security Issues: If users have root access and their account is compromised, attackers
will have root access as well
● Security Measures: Android sandboxes the operation of apps from one another

iOS
● General: Proprietary to Apple and only runs on Apple devices
● Security Measures:
○ Secure Boot − Ensures that no malicious or otherwise unauthorized software
can be run on an iOS device
○ Secure Enclave − Helps protect against brute force attacks
● Security Issues: As in Android, if the user has root access and the device is
compromised, attackers will also have root access

5
 Unit 1 Summary Notes

1.3 Types, Design, Implementation of Network Architectures

Client-Server and P2P Communication

● Server OSs serve resources to, and perform work for, users.
● Server OSs require more resources than client OSs.
● Client OSs are designed for desktop work, not serving resources to others.
● Both servers and clients are targets for attackers, but servers may be more valuable to
hackers because of the information they hold, and the number of users that depend
on them.
● When two clients communicate, this is known as a Peer to Peer (P2P) network.
● When a client and server communicate, this is known as a Client & Server network.

P2P Network Client and Server Network

● Decentralized, hard to manage ● Centralized, easy to manage security

security structure structure

● Less secure and efficient ● More secure and efficient

● Enterprises should block or prohibit ● Enterprises should mostly utilize

use of P2P networks client and server networks

Network Devices

Repeaters Regenerates signal Non-intelligent Layer 1 device

and extends the
maximum length a
cable can send a
signal.

Patch Panel Terminates wires Non-intelligent Layer 1 device

that come through
walls in room wall
outlet; electrical
junction box.

Hub Connects computers. Non-intelligent Layer 1 device

Hubs have security
and performance

6
 Unit 1 Summary Notes

issues.

Switch Connects computers Intelligent Layer 2 device

through MAC
addresses through
hardware. Better
performance and
security.

Simple Network Mapping

● Routers move traffic from one network to another using IP addresses.

● Switches move traffic within a network using MAC address.

7
 Unit 1 Summary Notes

1.4 Types, Media, and Implementation

Network Types

Local area networks (LAN)

● Small in terms of geographic area, not number of devices

● Use one of several technologies: Ethernet, Token Ring, or FDDI
● Typically high-speed networks

Campus area network (CAN)

● Spans an entire set of office buildings or an educational campus

● Larger in size than a LAN, but not as large as a MAN

Metropolitan area network (MAN)

● Span entire city areas

● Often wireless and uses the IEEE 802.16 WiMAX standard

Wide Area Networks (WAN)

● Used to tie LANs, CANs, and MANs together

● Leased to enterprises to connect offices and locations together
● Ethernet is used in some scenarios, but more often technologies such as Frame Relay,
ISDN, and ATM are used

Network Topologies Overview

Network topologies

● Each network has a physical and a logical topology

● Physical topology: how the devices are connected
● Logical topology: how data is transmitted in the network

Types

● Bus: one of the earliest physical topologies; connects devices in a straight line
○ Each end of the bus must have a special "terminator" cable installed
○ Transmissions are sent in both directions from where the computer is
positioned
○ Destination is located by computer’s IP or MAC address
○ All devices except the computer to which the packet is addressed will ignore it

● Advantages: easy to implement, requires less cabling, inexpensive, simple design

● Disadvantages: network is down if cable is broken, terminators are required, locating
breaks is difficult, limits on cable length and number of nodes, poor performance

● Ring: devices are connected one to another in a closed circle.

○ Transmissions are sent in one direction from where the computer is positioned
○ Transmissions locate the destination computer by IP or MAC address

8
 Unit 1 Summary Notes

○ All devices except the computer to which the packet is addressed will ignore it

● Advantages: better performance than bus, prevents collisions, larger than bus
● Disadvantages: network is down if cable is broken, locating break is difficult,
adding/removing devices breaks network

● Star: most common topology used in networks today

○ Devices are connected/communicate through a central device
○ Transmission goes to a hub or switch
○ Hub sends transmissions to all devices except the destination device
○ Switch sends transmissions only to the destination device

● Advantages: better performance than bus or ring, cable breaks only affect connected
device, easy to troubleshoot, no network disruption by removing/adding devices
● Disadvantages: single point of failure at hub/switch, performance dependent on
central device, size limited by physical connections

● Mesh: each computer has an individual connection to every other computer

○ Requires that each computer be able to support multiple network connections
○ If connection fails, only the two computers using that connection are affected

● Advantages: best fault tolerance, easy to troubleshoot, no network disruption when

adding or removing devices
● Disadvantages: expensive, high cost, limitation of devices in each mesh

Transition Media Types

Twisted Pair: most common cabling, using four pairs of wires that are twisted or braided to
reduce crosstalk

• Two types: Shielded and Unshielded (STP/UTP)

• Uses RJ-45, less expensive than Fibre (fiber-optic)
• Maximum cable length is over 100 meters
• Security Risk: Susceptible to eavesdropping

Coaxial: “Cable TV,” copper, comes in two forms, both impervious to RFI and EMI

• Uses Ethernet at Network layer

• Physical implementation = 10Base2 and 10Base5, both run at 10mps
o 10Base2 (Thinnet) flexible, inexpensive, connects with T-connector
o 10Base5 (Thicknet) less flexible, more attenuation, connects with N-connector
• Both Thinnet & Thicknet operate in a bus topology
• Cheaper than UTP, same costs as STP, and cheaper than Fibre
• Security Risk: Susceptible to eavesdropping

Fiber-optic: a glass or plastic tube rather than a wire at its center and uses beams of light

• Not electrical, therefore not susceptible EMI or RFI

9
 Unit 1 Summary Notes

• Most expensive and requires special skills to install

• Longer cable runs than Twisted Pair or Coaxial
• Security Risk: Very limited susceptibility to eavesdropping
o Two connector models: straight tip (ST) and small form-factor pluggable (SFP)
o Can use both subscriber connectors (SC) and lucent connectors (LC)

Radio Waves: Commonly known as “wireless” and includes technologies like 802.11 WLAN,
Bluetooth, NFC, and cellular

• Speeds vary widely

• 802.11 WLAN offers bandwidth up to 1300 Mbps on 5 GHz channel and 450 Mbps on 2.4
GHz channel
• Security Risk: Extremely easy to “sniff” and impossible to know when it is occurring. No
sensitive data should be sent over wireless without encryption

10
 Unit 1 Summary Notes

1.5 Wireless Protocols, Standards, Bluetooth

Wireless Standards

802.11 Standards

• 802.11a − not widely adopted initially due to hardware upgrades, operates in 5.0 GHz,
supports up to 56mps
• 802.11b – same frequency as 802.11, adopted initially because it required no hardware
upgrades, supports up to 11mps
• 802.11g − can achieve 56 Mbps within 2.4 GHz band, compatible with both to 802.11 and
802.11b.
• 802.11n − uses multiple antennas, (up to 8) via MIMO to transmit multiple frames at
once, uses a 40 MHz channel, double the speed of other 802.11 standards
• 802.11ac − builds upon 802.11n and uses wider RF bandwidth (up to 160 MHz), more
MIMO streams and high-density modulation, speeds from 433 Mbits for a station with a
single antenna, and up to 3.39 Gbits when 8 antennas communicate with a station
with 4 antennas

Wireless security protocols

• WEP – first attempt at wireless security

o WEP is vulnerable because of encryption weaknesses
o Highly vulnerable, can be cracked easily

• WPA - Designed to address problems with WEP

o Implements the 802.11i standard
o Uses TKIP, which is vulnerable to brute force attacks because of a small IV
o TKIP keys are issued an integrity check to verify they have not been modified or
tampered with during transit
• WPA2 - Modern, most secure wireless security option
o Utilizes CCMP encryption algorithm
o WPA2 is not compatible with older wireless cards

Bluetooth Overview

• Short-range wireless technology used to create a wireless connection between digital

devices. Often used for speakers, headphones, GPS units, and keyboards
• Several Bluetooth standards have been introduced
• Newest version (V5) is compatible with Wi-Fi, LTE, IPv6, and IoT devices
• Bluetooth uses “spread-spectrum frequency hopping”
o Randomly chosen frequencies within a designated range, change rapidly
o Any interference on a frequency will only last a fraction of a second

Security Risks

11
 Unit 1 Summary Notes

• Bluejacking
o Contact information is sent to an unsuspecting user
o After being added, attacker can send messages that might be automatically
opened as they are from a known contact

• Bluebugging
o Allows hackers to remotely access a user's phone and use its features, including
calls and SMS

• Car Whisperer
o Software that allows hackers to send audio to and receive audio from a
Bluetooth-enabled car stereo

Wireless and Wired Security

• Sniffing – intercepting data using a protocol analyzer or packet capturing program

o Attackers can read sensitive network information (if unencrypted)
o Attack is difficult to detect
• Spoofing – disguising a communication from an unknown source as being from a
trusted source
o IP address – used to bypass access list on router
o MAC address – used to receive information sent to a trusted device via a switch
o Email address – editing an email header to appear to come from a trusted
source, often used to gain sensitive information
• Social Engineering- information gathering with human skills not technology, e.g.
pretending to be IT staff in order to can passcode/password information
• Physical Security – gaining physical access to devices, such as switches, routers,
computers, and servers; presents the greatest risk to both wired and wireless networks
• MITM (Man in the Middle) – i.e. eavesdropping, an attack wherein the attacker secretly
relays or intercepts communication between two parties
• Session Hijacking – attacker takes over an authenticated session, ending the session
for a legitimate user, allowing the attacker to gain access to a server
• DoS – Denial of service attack, designed to force victims offline by overloading servers
with traffic, disrupting services, or preventing normal operations, compromising
availability

Specific to Wired

• Cable tapping – twisted pair and coaxial cabling is susceptible to tapping, cables
should not be exposed but recessed in walls; tapping into fiber-optic cabling is difficult
and much easier to detect

Specific to Wireless

• Rogue AP (Access Point)

o An AP is a central juncture point in a wireless network

12
 Unit 1 Summary Notes

o Any AP not under your control presents a security risk to devices

• “Evil Twin Attack” – an attacker creates an AP on a separate channel with an identical

SSID name to a trusted AP, then jams the legitimate AP, causing devices to connect to
the attacker’s AP and reveal sensitive information such as passwords

13
 Unit 1 Summary Notes

1.6 OSI Model, TCP/IP Model, and Protocols

OSI Model Overview

OSI – Breaks up process into 7 layers, allows for segmentation, and provides a common
framework for hardware and software developers

• Application − Where encapsulations starts. Receives the raw data from the application
in use and provides services, such as file transfer and message exchange
o Protocols: (HTTP) − used to transfer web pages across the network
• Presentation – Responsible for data representation
• Session – Adds information enabling communication between a service or application
on the source device
• Transport layer − Receives all the information from layers 7, 6, and 5, and adds
information that identifies the transport protocol and specific port number
• Network – Includes information to route the packet in the form of a source and
destination logical address
o In TCP/IP, this is in the form of an IP address
• Data Link − Determines the destination physical address (MAC)
• Physical – Turns information into bits (ones and zeroes) and sends it out

OSI Model vs TCP/IP Model

TCP/IP Suite − Describes the encapsulation process from the TCP/IP networking protocol

• Application – User’s application interface to the networking process

• Transport – Dedicated to using information provided by port numbers
o UDP and TCP are two sub-protocols on this layer
• Internet − Determines logical addresses of the source and destination devices. This
information (IP addresses) is used by devices on the network that operate at the
Internet layer and then route the package to its destination

14
 Unit 1 Summary Notes

• Network Access − Source and destination of physical addresses are put on the front of
the message (header), and information for performing a frame check sequence on the
message is placed at the end (trailer)

Packet Encapsulation and Layered Protocols

7 – Application Layer – accepts raw data and attaches first header

6 – Presentation Layer – responsible for syntax, standardization, and details how data must be
presented to the destination

5 – Session Layer – destination service is identified, responsible for connection application on

sending and receiving device

4 – Transport Layer – information received from the session layer is translated into values
which identify common services, i.e. port numbers

3 – Network Layer – source and destination IP addresses are added to the packet
(logical addressing)

2 – Data Link Layer – source and destination mac addresses are added to the packet (physical
addressing)

1 – Physical Layer – converts entire data packet into bits (1s and 0s), the physical
communication of these bits is dependent upon the type of the network

● wireless network = modulated radio waves

● Fiber-optic network = light patterns
● Electrical network = voltages

15
 Unit 1 Summary Notes

1.7 Addressing and Packets

IPv4 Addressing

IP address structure:

• Each field is divided by dots, and expressed with decimals

o Each field is called an octet and can be expressed in binary format in 8 bits
o Because each section is 8 bits in length, it results in a string of 32 0s and 1s
• Five classes of addresses exist, and the value of the first octet determines the class
• Classes are intended for application to individual devices
• One class is reserved for multicasting and the fifth class is labeled experimental

An IP address has two parts: network and host

• Similar to street address/house number

• Network portion determines the LAN in which the computer is located
• Host portion identifies the computer in that LAN

Subnets

• When a computer reads a subnet mask, 255 = network and 0 = host

• A computer cannot have an IP address without a subnet mask
• Addressing is incomplete if both values are not present

IPv4 vs IPv6

• IPv6 uses 128 bits and IPv4 uses 32 bits

• IPv6 is represented in hexadecimal and IPv4 is represented in dotted decimal format
• IPv6 has built-in support for Internet Protocol Security (IPsec)
• IPv6 address sections are separated by colons rather than dots
• Each IPv6 section has four characters rather than one to three in IPv4

e.g.: IPv4 = 192.168.5.6 vs. IPv6 = 2001:0db8:85a3:0000:0000:8a2e:0370:7334

IPv6

• Address has two logical parts—64-bit network prefix and 64-bit host address
• Host address is automatically generated from the MAC address
• No broadcasting in IPv6
• Uses anycast addresses (different than unicast and multicast, which are the same in
IPv4):
o A packet is delivered to the nearest of multiple interfaces
o Unique to IPv6 and allows an IPv6 address to be applied to multiple interfaces
o Packet goes to closest interface

16
 Unit 1 Summary Notes

IPv4 Header Overview

● Multiple fields, more difficult for routers to process than IPv6

● Source/Destination Address is maintained in IPv6, while other fields are either
combined or omitted to create a simpler header

IPv6 Addressing Overview

● Fewer fields and simpler header structure, easier for routers to process
● Faster than IPv4 despite larger packet size

17
 Unit 1 Summary Notes

1.8 Subnetting

IPv4 Address Conversion

● Computers deal with addressing in binary

● In standard IPv4 addressing, dotted decimal IP addresses are broken into eight-bit
portions called “octets”
● Octets consist of four decimal numbers, each ranging from 0 to 255, separated by dots,
which are then converted into binary

Binary to Decimal Conversion

● Each octet has a bit position and corresponding positional value

● Conversion is done by adding the values of the positions together

● Example – Take the binary value 10110111

128 + 0 + 32 + 16 + 0 + 4 + 2 + 1 = 183

Decimal to Binary Conversion

● Binary position value is used to convert decimals

● Example –Look at the first bit position

If 128 can go into 192, we place a 1 to indicate the binary value

Next, if 64 can be added to 128 without going over 192, we add another 1
(128 + 64 = 192)

18
 Unit 1 Summary Notes

1 1

Since we cannot add the remaining position values without going over 192, these
positions have a value of zero

1 1 0 0 0 0 0 0

IPv6 Address Conversion

● An IPv6 address is represented as eight sections of four hexadecimal digits

● Each section represents 16 bits, separated by single colons
● Consecutive strings of four zeros (:0000:0000:0000) can be replaced with a double
colon (::)
● Initial zeroes in each section can be omitted (but not trailing zeroes)
● One set of four zeros per address (:0000) can be rewritten as a single zero (:0)

IPv4 (Decimal) to IPv6 (Hexadecimal) Conversion Demo

Example – 109.0.66.10 (dotted decimal notation) has a hexadecimal value of 6d:00:42:0a

● Each octet is taken in reverse order and multiplied by 254 to the (n) power, where N
represents the positional value from 0 to 3

3 2 1 0
109.0.66.10 (position 0 = 10, position 1 = 66, position 2 = 0, position 3 = 109)

This makes our equation: 10 x 254 0 + 66 x 254 1 + 0 x 254 2 + 109 x 254 3

19
 Unit 1 Summary Notes

● This is then converted to hexadecimal notation:

(0−9 decimal is written as 0−9 hexadecimal, and 10−15 decimal is written as A−F in
hexadecimal)

IPv4 Network and Host Identification

● Every IP address contains a network and host portion

○ Network – describes which network the computer is on
○ Host – the number of the computer on the network
● The network portion is on the left-hand side of the address while the host is on the
right
e.g. 192.168.10.8
network-----------host

● Networks are divided into 5 categories called “classes”

● The class is determined by the value in the first octet
● The size of networks is determined by the number of octets allocated to either
networks or hosts
● More bits in the network portion = more possible networks
● More bits in the host portion = more possible hosts in each network

IP Address Classes and Subnet Masks

Network Class Number of Possible Networks

● Class A (1-126) ●
28 = 256
○ n.h.h.h
● Class B (128-191) ●
216 = 65,536
○ n.n.h.h.
● Class C (192-223) ●
224 = 16,777,216
○ n.n.n.h.

● Class D and E networks are reserved, and cannot be given to computers

● Class D is reserved for multicasting and Class E is experimental and used for research
● The entire 127.0.0.0 network is used only for diagnostics
● 127.0.0.1 can be pinged to determine if network cards are functioning (loopback)
● 127 cannot be used within the first octet for addressing

Subnet Masks – number that masks an IP address, and defines which portion of the IP
address is the network and which portion is the host

Notation

● 255 is used for networks

● 0 is used for hosts

Rules for Networks

20
 Unit 1 Summary Notes

● Hosts cannot be over 255 in value because 8 bits cannot accommodate a larger value
● The hosts portion cannot contain all zeroes or all ones

Special Address Types

● Network ID – 192.0.0.0 – cannot be assigned, and refers to the entire network of devices
○ The Network ID address allows the router to use one entry to refer to an entire
network of computers

● Broadcast Address – 192.255.255.255 – cannot be assigned because it is used to send

packets to every computer on the network

IPv4 Addresses in CIDR Notation

Subnetting – dividing a network into two or more smaller networks

● Increases routing efficiency and performance

● Enhances network security
● Reduces the size of the broadcast domain

“Borrowing Bits”

● We can divide blocks of IP address ranges into smaller blocks by “borrowing” bits from
the host range and adding them to the subnet
● Example – Subnet mask 255.255.255.0
○ Binary Value: 11111111.11111111.11111111.00000000
● We can 'borrow' two bits from the host portion and create a net subnet mask,
e.g. 11111111.11111111.11111111.11000000.
● Changing two bits from 0s to 1s makes the last octet = 192
● By 'borrowing' bits we can now create four new subnets within your original subnet,
e.g. four new combinations = 00, 01, 10, 11

CIDR – Classless Inter-Domain Routing – developed as an alternative to traditional subnetting

● Example – assume the IP address 192.168.0.15 with the subnet mask 255.255.255.0
● CIDR notation is a compact presentation of an IP address and its routing prefix
● In CIDR notation, 192.168.0.15 and the subnet mask 225.225.225.0 = 192.168.0.15/24,
meaning that there are 24 bits in the mask

Why is CIDR Useful?

● By changing the subnet mask, the dividing line is moved between the host and
network portion, changing the class value of the address
● By implementing CIDR, the subnet mask can be manipulated to get the exact size of
network desired

Public vs Private IP Addressing

● Public – IP addresses that are routable on the internet

● Private – IP addresses to be used inside networks and not routable on the internet

21
 Unit 1 Summary Notes

Network Address Translation (NAT) – either a router or server is used to convert private IP
addresses from devices to public IP addresses

● NAT devices allow a single server to be the gateway to the Internet, and multiple
computers can connect to the Internet using a single IP address

● NAT devices takes the private IP addresses from a packet and substitutes its own
public IP address
● The results are relayed back from the NAT device to the computer
● These private IP addresses can now be used and reused thousands of times within a
network without causing an IP address conflict via the NAT process
● Three ranges of private IP addresses allow for the NAT process to take place:
○ Class A—10.0.0.0 to 10.255.255.255
○ Class B—172.16.0.0 to 172.31.255.255
○ Class C—192.168.0.0 to 192.168.255.255

22
 Unit 1 Summary Notes

1.9 Network Protocols

IP and MAC Addresses

IP = Logical addresses, can be represented in binary format and dotted decimal

MAC = Physical addresses, can be represented in both binary and hexadecimal

ARP − Address Resolution Protocol – used to map IP addresses to MAC addresses (logical to
physical – OSI model)

• ARP Cache – Lists the ARP entries saved to the device

• Allows network devices to discover each other
• Works with DNS to allow interoperability

How ARP Addressing Works

• Step 1: A packet is created, the source and destination IP are identified, and inserted in
the IP header.
• Step 2: The physical address that corresponds to the address of the next hop must be
determined.
• The ARP protocol is used to make this determination

Reverse ARP − obsolete protocol used for diskless workstations to acquire an IP address based
off their MAC address

DHCP Overview

DHCP − Dynamic Host Configuration Protocol

• Runs on routers or servers

• Automates assigning of IP addresses, subnet masks, default gateways, and DNS server
• Prevents IP address conflicts by keeping track of issued and non-issued IP addresses

DHCP client-server process

• Before DHCP can function, the service must be enabled, and an IP address range or
scope must be created

23
 Unit 1 Summary Notes

• Scope = a set of IP addresses that the DHCP server will issue to clients in the subnet
• IP addresses are issued on a “first-come, first-served basis”
• Issued addresses are marked to prevent duplicates
• Computers must be enabled for the DHCP process

DNS Overview

DNS- Domain Name System

• DNS performs resolution of an IP address to a computer name or website

• DNS servers are organized in hierarchies to prevent the Internet from being
overwhelmed with the number of names to resolve
• Each level of the hierarchy contains part of the information used to locate a website
• By storing and delivering the name/IP address, servers can manage the data
• Different parts of the name are derived from different levels of the hierarchy
Example: www.rutgers.edu

• The dot (period) at the far right represents the root level
• The .edu portion is from the top level, and (Rutgers) is at the domain level
• Finding an IP address begins at the root level
• Root-level servers have information about only top-level servers (.com, .mil, .net, .org)
• Root-level servers direct queries to a top-level server
• The (.com) server knows all records in this (.com) range
• The server then returns the IP address to the computer, allowing an IP-address-to-IP-
address connection to the web server

DNS on LAN

• Computers are configured with the address of the DNS server – statically or
dynamically via DHCP
• Queries and resolutions use UDP port 53 (low overhead and fast)
• Multiple DNS servers provide fault tolerance
• DNS servers keep records synchronized – these records are called “zones”
• Synchronization is done via “zone transfers” and uses TCP port 53

Email Communication Protocols

Email: As one of our most critical services, email involves serval protocols that work together to
send and secure email traffic

SMTP – Simple Mail Transfer Protocol (Internet Standard)

• A text-based, “store-and-forward” protocol executable from a command line

• Client-server in nature, makes requests called “transactions”
• Can respond to clients by using protocols such as Post Office Protocol (POP3) or
Internet Message Access protocol (IMAP4)
• These protocols are necessary because SMTP servers can deliver but CANNOT request
email

24
 Unit 1 Summary Notes

• Uses TCP port 25 and benefits from all the features and overhead of TCP

MIME − Multipurpose Internet Mail Extensions

• Internet standard that allows email to include non-text attachments, non-ASCII

character sets/header information, and multiple-part message bodies
• SMTP in MIME format transmits the majority of all email
• MIME allows email clients to send attachments with a header describing the file type
• The receiving system uses this header to identify the attachment type and open it

S/MIME – Secure MIME

• Allows MIME to encrypt and digitally sign emails and encrypt attachments
• Adheres to the Public Key Cryptography Standards (PKCS)
• Uses encryption to provide confidentiality and hashing to provide integrity

HTTP Overview

HTTP – Hypertext Transfer Protocol

• One of the most frequently used protocols today

• Stateless protocol, uses TCP port 80
• Used to view and transfer web pages/content between a web server and a web client
• Originally had no encryption

HTTPS − Hypertext Transfer Protocol Secure

• Layers HTTP on top of the SSL/TLS protocol

• SSL/TLS keeps the session open using a secure channel
• HTTPS websites always include the (https://) designation in the URL
• Often used for secure websites and requires no software or configuration changes on
the web client to function securely
• Uses TCP port 443

S-HTTP

• Rarely used
• Unlike HTTPS, which encrypts the entire communication, S-HTTP encrypts only the
served page data and submitted data such as POST fields
• Secure-HTTP and HTTP processing can both use TCP port 80

FTP Overview

FTP – File Transfer Protocol

• TCP/IP protocol and software that permits the transfer of files between computer
systems
• Uses TCP ports 20 and 21 by default, and can be configured to allow or deny access to
specific IP addresses

25
 Unit 1 Summary Notes

• Can be run within most browsers, but a number of FTP applications are available (such
as FileZilla)
• Security Risk: FTP is not secure
o To protect confidentiality, SFTP (FTP encrypted with SSH) or FTPS (encrypted
with SSL) should be used

NTP Overview

NTP – Network Time Protocol

• Used for clock synchronization

• Synchronizes computers within milliseconds of the correct time
• Used by routers, firewalls, and switches to uphold log integrity by ensuring all devices
have times synced from a single source
• Logs are packets of information which contain “events” that are valuable for
troubleshooting security and performance
o Combining logs in a server makes it simpler to correlate events across multiple
devices into a single log file

• NTP uses a hierarchical system of time sources called “Stratum”

o Each stratum has a number indicating the trustworthiness of a time source
o Stratum are ranked according to reliability in ascending order (0, 1, 2, 3, etc.)
o This hierarchical system is used to determine trustworthiness for devices over a
network, to guide troubleshooting and security analysis

Remote Access Protocols

Telnet

• Protocol that functions at the application layer of the OSI model

• Provides terminal-emulation capabilities
• Runs on TCP port 23
• Security Risk: Telnet sends data—including passwords—in plain-text format

SSH – Secure Shell

• Remote administration tool for accessing and configuring devices (routers/switches)

• Secure alternative to Telnet
• Provides an encrypted command-line session for managing devices remotely
• Uses TCP port 22

SSH − Encryption

• SSH provides confidentiality and integrity of data over unsecured networks such as the
Internet

26