Professional Documents
Culture Documents
SUMMARY NOTES
UNIT 1:
NETWORK
FUNDAMENTALS
1.1 Theory, Technologies, Implementation
● Logical addresses, called IP addresses, are used to send data between networks.
● Physical addresses, called MAC addresses, are used to send data between devices
within the same network.
● Think of the physical address as the destination street name and number for a
package.
Transmission Types
● 1.) Unicast
○ One-to-one transmission.
● 2.) Multicast
● 3.) Broadcast
○ One-to-all transmission.
Transmission Modes
● 1.) Simplex
● Switches can convert each switch port from half duplex to full duplex.
● Full duplex allows switches to send and receive information at the same time, helping
to avoid collisions.
2
Unit 1 Summary Notes
External Ports
● Types:
○ USB
○ Video
○ Storage
USB: most common type of port, used to connect peripherals such as mice, keyboards, flash
drives, CD/DVD players, printers
● Types
○ VGA − legacy
○ DVI − older monitors and TVs
○ DisplayPort − proprietary, designed to replace VGA/DVI
○ Component video − uses 3 connectors (Green, Blue and Red)
○ S-video − 4 pin connector
○ HDMI − most common on modern TVs/monitors, used for HD video
● Video ports are limited in access and do not pose much security risk
Storage: used to write and copy data (input/output), all storage types present risks for
malware and represent a security concern
● Types
○ Express Card – connects peripherals like modems
○ PC card – legacy, used to expand memory
○ Compact Flash – flash memory
○ Lightning – Apple (proprietary) used to charge devices and transfer data
○ Thunderbolt – Apple (proprietary) connects peripherals
Internal Components
3
Unit 1 Summary Notes
Desktop
Windows
● General: most common desktop operating system in the world (approx. 75% of all
desktop PCs)
○ Current versions include Windows 10 and Windows Server 2016
● Security Issues: Long history of holding valuable business data
○ Most commonly targeted by hackers
○ To prevent attacks, MS leaves many components uninstalled unless needed
● Security Measures: Keep Windows up to date with latest patches
○ Other steps: anti-virus software, implementing a host-based firewall, and using
safe browsing
Linux
Mobile OS Overview
Android
4
Unit 1 Summary Notes
● Security Issues: If users have root access and their account is compromised, attackers
will have root access as well
● Security Measures: Android sandboxes the operation of apps from one another
iOS
● General: Proprietary to Apple and only runs on Apple devices
● Security Measures:
○ Secure Boot − Ensures that no malicious or otherwise unauthorized software
can be run on an iOS device
○ Secure Enclave − Helps protect against brute force attacks
● Security Issues: As in Android, if the user has root access and the device is
compromised, attackers will also have root access
5
Unit 1 Summary Notes
● Server OSs serve resources to, and perform work for, users.
● Server OSs require more resources than client OSs.
● Client OSs are designed for desktop work, not serving resources to others.
● Both servers and clients are targets for attackers, but servers may be more valuable to
hackers because of the information they hold, and the number of users that depend
on them.
● When two clients communicate, this is known as a Peer to Peer (P2P) network.
● When a client and server communicate, this is known as a Client & Server network.
Network Devices
6
Unit 1 Summary Notes
issues.
7
Unit 1 Summary Notes
Network Types
Network topologies
Types
● Bus: one of the earliest physical topologies; connects devices in a straight line
○ Each end of the bus must have a special "terminator" cable installed
○ Transmissions are sent in both directions from where the computer is
positioned
○ Destination is located by computer’s IP or MAC address
○ All devices except the computer to which the packet is addressed will ignore it
8
Unit 1 Summary Notes
○ All devices except the computer to which the packet is addressed will ignore it
● Advantages: better performance than bus, prevents collisions, larger than bus
● Disadvantages: network is down if cable is broken, locating break is difficult,
adding/removing devices breaks network
● Advantages: better performance than bus or ring, cable breaks only affect connected
device, easy to troubleshoot, no network disruption by removing/adding devices
● Disadvantages: single point of failure at hub/switch, performance dependent on
central device, size limited by physical connections
Twisted Pair: most common cabling, using four pairs of wires that are twisted or braided to
reduce crosstalk
Coaxial: “Cable TV,” copper, comes in two forms, both impervious to RFI and EMI
Fiber-optic: a glass or plastic tube rather than a wire at its center and uses beams of light
9
Unit 1 Summary Notes
Radio Waves: Commonly known as “wireless” and includes technologies like 802.11 WLAN,
Bluetooth, NFC, and cellular
10
Unit 1 Summary Notes
Wireless Standards
802.11 Standards
• 802.11a − not widely adopted initially due to hardware upgrades, operates in 5.0 GHz,
supports up to 56mps
• 802.11b – same frequency as 802.11, adopted initially because it required no hardware
upgrades, supports up to 11mps
• 802.11g − can achieve 56 Mbps within 2.4 GHz band, compatible with both to 802.11 and
802.11b.
• 802.11n − uses multiple antennas, (up to 8) via MIMO to transmit multiple frames at
once, uses a 40 MHz channel, double the speed of other 802.11 standards
• 802.11ac − builds upon 802.11n and uses wider RF bandwidth (up to 160 MHz), more
MIMO streams and high-density modulation, speeds from 433 Mbits for a station with a
single antenna, and up to 3.39 Gbits when 8 antennas communicate with a station
with 4 antennas
Bluetooth Overview
Security Risks
11
Unit 1 Summary Notes
• Bluejacking
o Contact information is sent to an unsuspecting user
o After being added, attacker can send messages that might be automatically
opened as they are from a known contact
• Bluebugging
o Allows hackers to remotely access a user's phone and use its features, including
calls and SMS
• Car Whisperer
o Software that allows hackers to send audio to and receive audio from a
Bluetooth-enabled car stereo
Specific to Wired
• Cable tapping – twisted pair and coaxial cabling is susceptible to tapping, cables
should not be exposed but recessed in walls; tapping into fiber-optic cabling is difficult
and much easier to detect
Specific to Wireless
12
Unit 1 Summary Notes
13
Unit 1 Summary Notes
OSI – Breaks up process into 7 layers, allows for segmentation, and provides a common
framework for hardware and software developers
• Application − Where encapsulations starts. Receives the raw data from the application
in use and provides services, such as file transfer and message exchange
o Protocols: (HTTP) − used to transfer web pages across the network
• Presentation – Responsible for data representation
• Session – Adds information enabling communication between a service or application
on the source device
• Transport layer − Receives all the information from layers 7, 6, and 5, and adds
information that identifies the transport protocol and specific port number
• Network – Includes information to route the packet in the form of a source and
destination logical address
o In TCP/IP, this is in the form of an IP address
• Data Link − Determines the destination physical address (MAC)
• Physical – Turns information into bits (ones and zeroes) and sends it out
TCP/IP Suite − Describes the encapsulation process from the TCP/IP networking protocol
14
Unit 1 Summary Notes
• Network Access − Source and destination of physical addresses are put on the front of
the message (header), and information for performing a frame check sequence on the
message is placed at the end (trailer)
6 – Presentation Layer – responsible for syntax, standardization, and details how data must be
presented to the destination
4 – Transport Layer – information received from the session layer is translated into values
which identify common services, i.e. port numbers
3 – Network Layer – source and destination IP addresses are added to the packet
(logical addressing)
2 – Data Link Layer – source and destination mac addresses are added to the packet (physical
addressing)
1 – Physical Layer – converts entire data packet into bits (1s and 0s), the physical
communication of these bits is dependent upon the type of the network
15
Unit 1 Summary Notes
IPv4 Addressing
IP address structure:
Subnets
IPv4 vs IPv6
IPv6
• Address has two logical parts—64-bit network prefix and 64-bit host address
• Host address is automatically generated from the MAC address
• No broadcasting in IPv6
• Uses anycast addresses (different than unicast and multicast, which are the same in
IPv4):
o A packet is delivered to the nearest of multiple interfaces
o Unique to IPv6 and allows an IPv6 address to be applied to multiple interfaces
o Packet goes to closest interface
16
Unit 1 Summary Notes
● Fewer fields and simpler header structure, easier for routers to process
● Faster than IPv4 despite larger packet size
17
Unit 1 Summary Notes
1.8 Subnetting
18
Unit 1 Summary Notes
1 1
Since we cannot add the remaining position values without going over 192, these
positions have a value of zero
1 1 0 0 0 0 0 0
● Each octet is taken in reverse order and multiplied by 254 to the (n) power, where N
represents the positional value from 0 to 3
3 2 1 0
109.0.66.10 (position 0 = 10, position 1 = 66, position 2 = 0, position 3 = 109)
19
Unit 1 Summary Notes
● Class A (1-126) ●
28 = 256
○ n.h.h.h
● Class B (128-191) ●
216 = 65,536
○ n.n.h.h.
● Class C (192-223) ●
224 = 16,777,216
○ n.n.n.h.
Subnet Masks – number that masks an IP address, and defines which portion of the IP
address is the network and which portion is the host
Notation
20
Unit 1 Summary Notes
● Hosts cannot be over 255 in value because 8 bits cannot accommodate a larger value
● The hosts portion cannot contain all zeroes or all ones
● Network ID – 192.0.0.0 – cannot be assigned, and refers to the entire network of devices
○ The Network ID address allows the router to use one entry to refer to an entire
network of computers
“Borrowing Bits”
● We can divide blocks of IP address ranges into smaller blocks by “borrowing” bits from
the host range and adding them to the subnet
● Example – Subnet mask 255.255.255.0
○ Binary Value: 11111111.11111111.11111111.00000000
● We can 'borrow' two bits from the host portion and create a net subnet mask,
e.g. 11111111.11111111.11111111.11000000.
● Changing two bits from 0s to 1s makes the last octet = 192
● By 'borrowing' bits we can now create four new subnets within your original subnet,
e.g. four new combinations = 00, 01, 10, 11
● Example – assume the IP address 192.168.0.15 with the subnet mask 255.255.255.0
● CIDR notation is a compact presentation of an IP address and its routing prefix
● In CIDR notation, 192.168.0.15 and the subnet mask 225.225.225.0 = 192.168.0.15/24,
meaning that there are 24 bits in the mask
● By changing the subnet mask, the dividing line is moved between the host and
network portion, changing the class value of the address
● By implementing CIDR, the subnet mask can be manipulated to get the exact size of
network desired
21
Unit 1 Summary Notes
Network Address Translation (NAT) – either a router or server is used to convert private IP
addresses from devices to public IP addresses
● NAT devices allow a single server to be the gateway to the Internet, and multiple
computers can connect to the Internet using a single IP address
● NAT devices takes the private IP addresses from a packet and substitutes its own
public IP address
● The results are relayed back from the NAT device to the computer
● These private IP addresses can now be used and reused thousands of times within a
network without causing an IP address conflict via the NAT process
● Three ranges of private IP addresses allow for the NAT process to take place:
○ Class A—10.0.0.0 to 10.255.255.255
○ Class B—172.16.0.0 to 172.31.255.255
○ Class C—192.168.0.0 to 192.168.255.255
22
Unit 1 Summary Notes
ARP − Address Resolution Protocol – used to map IP addresses to MAC addresses (logical to
physical – OSI model)
• Step 1: A packet is created, the source and destination IP are identified, and inserted in
the IP header.
• Step 2: The physical address that corresponds to the address of the next hop must be
determined.
• The ARP protocol is used to make this determination
Reverse ARP − obsolete protocol used for diskless workstations to acquire an IP address based
off their MAC address
DHCP Overview
• Before DHCP can function, the service must be enabled, and an IP address range or
scope must be created
23
Unit 1 Summary Notes
• Scope = a set of IP addresses that the DHCP server will issue to clients in the subnet
• IP addresses are issued on a “first-come, first-served basis”
• Issued addresses are marked to prevent duplicates
• Computers must be enabled for the DHCP process
DNS Overview
• The dot (period) at the far right represents the root level
• The .edu portion is from the top level, and (Rutgers) is at the domain level
• Finding an IP address begins at the root level
• Root-level servers have information about only top-level servers (.com, .mil, .net, .org)
• Root-level servers direct queries to a top-level server
• The (.com) server knows all records in this (.com) range
• The server then returns the IP address to the computer, allowing an IP-address-to-IP-
address connection to the web server
DNS on LAN
• Computers are configured with the address of the DNS server – statically or
dynamically via DHCP
• Queries and resolutions use UDP port 53 (low overhead and fast)
• Multiple DNS servers provide fault tolerance
• DNS servers keep records synchronized – these records are called “zones”
• Synchronization is done via “zone transfers” and uses TCP port 53
Email: As one of our most critical services, email involves serval protocols that work together to
send and secure email traffic
24
Unit 1 Summary Notes
• Uses TCP port 25 and benefits from all the features and overhead of TCP
• Allows MIME to encrypt and digitally sign emails and encrypt attachments
• Adheres to the Public Key Cryptography Standards (PKCS)
• Uses encryption to provide confidentiality and hashing to provide integrity
HTTP Overview
S-HTTP
• Rarely used
• Unlike HTTPS, which encrypts the entire communication, S-HTTP encrypts only the
served page data and submitted data such as POST fields
• Secure-HTTP and HTTP processing can both use TCP port 80
FTP Overview
• TCP/IP protocol and software that permits the transfer of files between computer
systems
• Uses TCP ports 20 and 21 by default, and can be configured to allow or deny access to
specific IP addresses
25
Unit 1 Summary Notes
• Can be run within most browsers, but a number of FTP applications are available (such
as FileZilla)
• Security Risk: FTP is not secure
o To protect confidentiality, SFTP (FTP encrypted with SSH) or FTPS (encrypted
with SSL) should be used
NTP Overview
Telnet
SSH − Encryption
• SSH provides confidentiality and integrity of data over unsecured networks such as the
Internet
26