Network Security Fundamentals

Questions and Answers

What primary characteristic defined the design goals of the early Internet?

• Strict access control and user authentication.
• Robustness and the ability to function autonomously with minimal intervention. (correct)
• Centralized control and monitoring of network traffic.
• Prioritization of data encryption and secure transmission.

Why is network security often considered an 'afterthought' in the context of early network design?

• Security was a primary concern, but early encryption methods proved ineffective over time.
• Early networks were small, trusted communities where security threats were minimal. (correct)
• Network administrators intentionally delayed security implementation to optimize performance.
• Early networks were designed with inherent security measures that have since been bypassed.

In cybersecurity, what role does a computer network play when described as an 'attack vector'?

• A tool for mitigating cyberattacks by rerouting traffic.
• A means for delivering malicious payloads using network protocols. (correct)
• A method for isolating compromised systems to prevent further damage.
• A secure zone within an organization's infrastructure.

Which of the following network components is responsible for directing data packets between different networks?

Router (B)

Which term describes the measure of the rate at which data is transmitted over a communication link in a network?

Bandwidth (C)

What is the primary function of 'packet switching' in computer networks?

To divide data into smaller segments for efficient transmission. (D)

Which term best describes a set of rules that govern communication between network devices?

Protocol (B)

In the context of network models, what is the purpose of layering?

To divide network processes into manageable and modular functions. (B)

What is the role of metadata in the context of network layers?

To provide information for transport and processing at each layer. (C)

Which of the following is the best description of a Protocol Data Unit (PDU)?

A data structure that contains control information and user data for a specific protocol layer. (D)

In network communication, what is the process of encapsulation?

Adding headers and trailers to data as it moves down the protocol stack. (A)

Which tool is most commonly used to capture and analyze network traffic to inspect data and protocol information?

Wireshark (A)

Which layer in the TCP/IP model is responsible for formatting requests and responses between applications?

Application Layer (C)

What is the primary function of the HTTP protocol?

To transfer web pages and related content between a web server and a browser. (A)

In the context of HTTP, what is the difference between an HTTP request and an HTTP response?

A request is sent by the client to ask for resources, while a response is sent by the server providing those resources. (A)

What is the primary role of Mail Transfer Agents (MTAs) in email communication?

To manage the delivery and routing of email between mail servers. (A)

Which protocols enables users to manipulate and manage their email messages directly on the mail server?

IMAP (D)

Which layer is primarily responsible for end-to-end delivery of messages across a network?

Transport Layer (B)

What is the main reason the transport layer breaks down larger messages into smaller segments?

To facilitate easier transmission and reassembly. (B)

Which networking layer is responsible for determining the best path or route for data packets to travel?

Network Layer (B)

What process does the network layer perform on outgoing message segments?

Encapsulation (D)

Which of the following is true regarding Internet Protocol (IP) addresses?

They are managed globally by ICANN. (C)

Which header is larger, IPv4 or IPv6?

IPv6 (D)

Which of the following is a primary function of the transport layer?

Segmenting data. (D)

In networking, segmentation refers to?

Breaking messages from the application layer into smaller pieces. (A)

Packetization, also called reassembly, involves?

Combining different packets into the correct order. (B)

Which type of session management does UDP provide?

Connectionless routing (B)

How many bytes are contained in a UDP packet header, and how many fields does it contain?

8 bytes, 4 fields (A)

Which network protocol sets up virtual circuits for audio-video applications?

RTSP (B)

The network layer is responsible for which of the following key functions?

Addressing and routing messages. (A)

Which of the following best defines address resolution?

Translating between other network addresses. (B)

Which layer’s address is most synonymous with a name like www.iub.edu?

Application (B)

A server typically uses which type of address?

Application, data link, and network (C)

Which organization manages most of the IP Addresses on the internet?

ICANN (D)

What is the use of a URL?

For servers only. (A)

Flashcards

What is a Protocol?

Rules that guide communication between two or more parties.

What are Network Models?

Characterized by a layered approach, where each layer processes data in turn and adds metadata for transport.

What is a Protocol (in context)?

It specifies rules, functionality, and messages for communication between layers.

What is a Protocol Data Unit (PDU)?

Layer-specific information necessary for a message to be transmitted through a network, added by each layer.

What is Wireshark?

A network traffic analysis tool that captures frames, displays protocols metadata, and shows raw data - used for debugging.

What is the Application Layer?

It allows different programs to correctly format requests and responses to remote network computers.

What is an Application?

A program that runs on end systems and communicates over a network.

What is an HTTP Client?

A program that requests, receives, and displays Web objects using HTTP.

What is an HTTP Server?

A program that sends Web objects in response to requests, using HTTP.

What is Mail User Agent (MUA)?

A formal name for mail client software.

What is Mail Transfer Agent (MTA)?

A formal name for mail server software.

What is Simple Mail Transfer Protocol (SMTP)?

A protocol used to send a message to an MTA.

Responsibilities of the Transport and Network Layers

Move messages from end-to-end in a network reliably.

What is TCP/IP?

Most common protocol suite, which is used by all Internet equipment.

What is Segmenting?

It breaks outgoing messages from the application layer into smaller segments for network transmission.

What is a Session?

Virtual connections are of two types: Connection Oriented and Connectionless Routing.

What is Connectionless Routing

Sending packets individually without a virtual circuit.

Protocols Supporting OOS

There are two protocol suites that support connectionless routing : Real-Time Streaming Protocol (RTSP) and Real-Time Transport Protocol (RTP

Internet Protocol (IP)

Two versions are of Internet Protocol (IP).

What is Addressing?

Each device on the path between source and destination must have an address.

Types of Addresses

A URL falls into Application Layer, an IP Address to the Network lLayer and MAC Address to the Data Link Layer.

Study Notes

• The early Internet design prioritized redundancy, speed, efficiency, and autonomy.
• Network protocols were designed to be lightweight and task-specific.
• The self-healing nature of the Internet removed human control from daily operations.
• Security was not a primary consideration in the early Internet.
• Initial networks had limited connectivity, no valuable data transmission, and restricted public exposure.
• Current network security measures are often added as an afterthought to existing protocols.

Network in Cybersecurity

• A computer network has multiple roles in cybersecurity.
• The network can be used as a tool, or as an attack vector.
• The network itself can be a target, and be flooded or corrupted.

Network components:

• Network components comprise of network devices, circuit pathways and end devices.
• Computing devices are connected hosts or end devices.
• Routers and switches are used to forward packets.
• Communication links are fiber, copper, radio, and/or satellite.
• Bandwidth refers to the data transmission rate.

Networking Evolution

• Packet-switched networks split data into smaller packets and send them sequentially.
• Rules and standards were needed to share the medium and locate the destination.
• Protocols control sending and receiving messages, examples being TCP, IP, HTTP, SMTP and 802.11.
• Internet standards are RFC (Request for Comments), and IETF (Internet Engineering Task Force).
• The Internet is a network of interconnected ISPs (Internet Service Providers).

Network Protocols

• Protocols follows a set of rules for communication between two or more parties.
• Protocols define the format, order, and actions taken during transmission and receipt of messages.
• Protocols define how to communicate and interface with adjacent layers.

Network Models

• Networking follows a layered model for characterization.
• Data is sent by the application, processed by each layer, and metadata added for transport.
• The final layer connects to the physical medium.
• Layered modularity allows for diverse protocols and functions.
• Data is encapsulated by each layer when leaving the sender and de-encapsulated upon arrival.
• Protocol Data Unit (PDU) defines the language of transmission and specifies the rules, functionality, and messages for each layer.
• The PDU contains layer-specific data for network transmission.
• Each layer applies a PDU to the data.
• PDUs are nested, and encapsulation occurs when a higher-level PDU is placed inside a lower-level PDU.

How Layers Work:

• Each layer interacts with adjacent layers in the network model.
• The operating system's networking software adds administrative metadata.
• Application data remains within the growing data bundle through subsequent transfers.
• The final frame containing all the encapsulated data, is transmitted over the network medium.

Common Network Protocols:

• Ethernet is used for local physical network communications, and first published in IEEE 802.3.
• Internet Protocol (IP) is used for internetwork addressing, routing, and packet fragmentation (RFC 760).
• Transmission Control Protocol (TCP) handles session management, application affinity, error correction, and flow control (RFC 793).
• Hypertext Transfer Protocol (HTTP) is used for requesting and transmitting hypertext between web browsers and servers (RFC 2068).
• Simple Mail Transfer Protocol (SMTP) is used for addressing, sending and routing email between user and message transfer agents (RFC 821).

Application Layer

• Application layer protocols allow programs to properly format requests and responses to remote network computers.
• Most common application protocols are HTTP, SMTP, and DNS.
• HTTP (Hypertext Transfer Protocol) uses TCP port 80.
• SMTP (Simple Mail Transfer Protocol) uses TCP port 25.
• DNS (Domain Name System) uses UDP port 53.

Application protocols:

• Enables users to interact with the network and perform tasks.
• Applications run on different end systems.
• Applications are programs which can communicate over a network.
• It is unnessecary to write software for network core devices.
• End-system applications allow for rapid app development and propagation.

Web and HTTP:

• HTTP is the application layer protocol for the web, and uses a client/server model.
• The client (browser) requests, receives and displays web objects using HTTP.
• The server (web server) sends objects in response to requests, again using HTTP.

Two types of HTTP messages:

• The HTTP request message uses ASCII (human-readable format) and it includes:
  • Request line
  • Header commands
• The HTTP response provides includes information from the web server to the client, such as:
  • The protocol
  • A status Line
  • Header Lines
  • The requested page.

Email Protocols:

• Mail User Agent (MUA) is a mail client.
• Mail Transfer Agent (MTA) is a mail server, responsible for the formal email server software.
• Simple Mail Transfer Protocol (SMTP) sends message to a MTA and originally only handled text files.
• Internet Message Access Protocol (IMAP) and Post Office Protocol (POP) are examples of other email protocols.
• Delivery, storage, and retrieve functions are executed during transfer.

Network Layers

• Transport and Network layers allow for moving messages and ensure that the destination is reached.
• Layers include Application, Transport, Network, and Data Link.
• TCP /IP model is most used protocol in the Internet.

Transport / Network Layer Protocols

• TCP/IP (Transmission Control Protocol/Internet Protocol) is the most common, developed in 1974.
• TCP/IP was part of Arpanet (U.S. Department of Defence).
• TCP/IP is most commonly used protocol suite and is used by the Internet.

Introducing the Transport Layer

• The Transport Layer is responsible for end-to-end delivery of messages.
• The application, transport and network layers are all integral.
• Segmentation and reassembly are key features with the transport layer.
• The message is broken into several smaller pieces at the sending end.
• The original message is is reconstructed into a single whole at the receiving end.

Introducing the Network Layer:

• Responsible for addressing and routing of messages during transfer.
• The transport, network and data link layers are all integral.
• Selection occurs on the best path from computer to computer, to reach the intended destination.
• Encapsulation on sending end is performed, which applies a network header to message segments.

Internet Protocol (IP)

• The two versions of Internet Protocol in current use are IPv4 (24 bytes) and IPv6 (40 bytes).

Transport Layer Functions:

• The Application and Network Layers rely on the Transport Layer.
• Segmenting is a feature of the transport layer.
• Linking from the Transport layer to the application layer.
• Session management.

Segmenting:

• Segmenting breaks outgoing messages from the application layer into smaller segments.
• Segmenting transmits packets through the network.
• The transport layer determines what size segments will be utilized.
• Data Link protocols influence what size will maximize use.

Packetization and Reassembly:

• Incoming packets are delivered as they arrive or only delivers on total arrival for message (for example emails)
• Packets are segmented for File Transfer protocol (FTP) and Transport Control Protocol before reaching Ip packets.

Session Management:

• Session manages the conversation between two computers.
• The two types of sessions are Connection Oriented and Connectionless Routing.

Setting Virtual Connections

• In the process, SYN, data, ACK and FIN processes occur between the devices.

Session management:

• UDP provides connectionless routing.
• Data is sent individually without a virtual circuit.
• Each packet is sent independently and routed separately.

UDP User Datagram Protocol.

• Protocol is used for connectionless routing in TCP/IP suite without ACKs or flow control
• Packet has a small header of only 8 bytes with limited fields:
  • Source Port
  • Destination Port
  • Message Length
  • Header Checksum
• It can also be used for applications where packet loss can occur, this applies to information rich video.

Protocols Supporting OOS

• Asynchronous Transfer Mode (ATM) is a high-speed data link layer protocol.
• A general TCP/IP protocol suite requires setup of virtual circuits for purpose real-time applications.
• They need to setup virtual circuits for audio-video applications.
• Real-Time Transport Protocol (RTP) needs setup after a virtual connection.

Network Layer Functions:

• Addressing between the transport, network and data link layers.
• All devices on the path need addressing, and assigning internet addresses.
• Translations occur between network layer addresses and other addresses, a process called address resolution.

Types of Addresses:

• Application Layer Address
• Network Layer Address
• Data Link Layer Address

Types of Addresses

• Application Layer uses a URL, for example www.iub.edu for name analogy.
• Network Layer has an IP address, fo example 129.79.127.4 for Zip Code analogy.
• Data Link Layer a MAC address, for example 00-0C-00-F5-03-5A for analogy of a physical street address.
• Addresses have to be translated for travels to senders and receivers.
• The translation procress is called address resolution.

Assignment Of Addresses

• Used by server only (clients do not need this process)
• Assigned by network managers and placed in co figuration files.
• Some servers may have several application layer addresses.
• Network Layer Address (IP address).
• Addresses are assigned by network managers, DHCP.
• Internet uses IP Addresses for use on its network.

Internet Addresses:

• Managed by ICANN (Internet Corporation for Assigned Names and Numbers).
• Assignment is managed for both IP and application layer names (domain names).
• Assigned at the same time in groups, managed by ICANN directly and authorize registrars as well.
• URL that can end in .uncw.edu.