Final Exam Revision.pdf

Full Transcript

Final Exam Revision

Introduction to Networks
Lecturer: Ms. Jugan
Final Exam Structure

❑ Multiple Choice & True/False
❑ Matching/Drag & Drop
❑ Filling in Blanks
❑ Descriptive
Final Exam Topics

❑ Basic Router Configurations
❑ IPv4 Addressing
❑ ICMP
❑ Transport Layer
❑ Application Layer
❑ Network Security
 Basic Router Configuration Steps

Router(config)# hostname hostname

Router(config)# enable secret password
❑ Configure the device name.
Router(config)# line console 0 ❑ Secure privileged EXEC mode.
Router(config-line)# password password
Router(config-line)# login ❑ Secure user EXEC mode.
Router(config)# line vty 0 4 ❑ Secure remote Telnet / SSH access.
Router(config-line)# password password
Router(config-line)# login ❑ Encrypt all plaintext passwords.
Router(config-line)# transport input {ssh | telnet}
❑ Provide legal notification and save
Router(config)# service password encryption
the configuration.
Router(config)# banner motd # message #
Router(config)# end
Router# copy running-config startup-config
Configure Router Interfaces

❑ Configuring a router interface includes issuing the following commands

Router(config)# interface type-and-number
Router(config-if)# description description-text
Router(config-if)# ip address ipv4-address subnet-mask
Router(config-if)# ipv6 address ipv6-address/prefix-length
Router(config-if)# no shutdown

❑ It is a good practice to use the description command to add information
about the network connected to the interface.
❑ The no shutdown command activates the interface.
Default Gateway on a Switch

❑ A switch must have a default gateway address configured to remotely manage
the switch from another network.
❑ To configure an IPv4 default gateway on a switch, use the ip default-gateway
ip-address global configuration command.
IPv4 Addressing

❑ IPv4 address structure
▪ 32-bit address that is made up of a host portion and a network portion
▪ Subnet mask determines the network hosts belongs to
✓ When IP is given to a device, subnet mask determines the network address of the device
✓ Must be identical to all devices in the same network

❑ Private & public IPv4 addresses
▪ Public IPv4 addresses are globally routed between internet service provider (ISP) routers.
▪ Private addresses are common blocks of addresses used by most organizations to assign IPv4
addresses to internal hosts. These addresses are not globally routable. Routing to the internet
will require NAT protocol.
IPv4 Address Structure: Network, Host & Broadcast
Addresses

❑ Within each network are three types of IP addresses:
▪ Network address

▪ Host addresses
▪ Broadcast address

Network Portion Host Portion Host Bits

Subnet mask 255 255 255 0
255.255.255.0 or /24 11111111 11111111 11111111 00000000
Network address 192 168 10 0
All 0s
192.168.10.0 or /24 11000000 10100000 00001010 00000000
First address 192 168 10 1
All 0s and a 1
192.168.10.1 or /24 11000000 10100000 00001010 00000001
Last address 192 168 10 254
All 1s and a 0
192.168.10.254 or /24 11000000 10100000 00001010 11111110
Broadcast address 192 168 10 255
All 1s
192.168.10.255 or /24 11000000 10100000 00001010 11111111
IPv4 Unicast, Broadcast & Multicast

❑ Unicast
▪ Unicast transmission is sending a packet to one destination IP address.
▪ E.g. a PC at 172.16.4.1 sends a unicast packet to another PC at 172.16.4.253.

❑ Multicast
▪ Multicast transmission is sending a packet to a selected group of hosts
▪ Multicast IPv4 address range 224.0.0.0 to 239.255.255.255

❑ Broadcast
▪ Broadcast transmission is sending a packet to all other destination IP addresses.
▪ Broadcast packet has a destination IP address with all 1s in the host portion
▪ May be directed or limited.
✓ Directed – sent to all hosts on a specific network (e.g. 192.168.4/24 → 192.168.4.255
✓ Limited – sent to all hosts on the same network (255.255.255.255)
Types of IPv4 Addresses: Routing to the Internet

❑ Network Address Translation (NAT)
translates private IPv4 addresses to
public IPv4 addresses.
❑ NAT is typically enabled on the edge
router connecting to the internet.
❑ It translates the internal private
address to a public global IP address
Network Segmentation: Broadcast Domains &
Segmentation

❑ Devices use broadcasts and ARP to locate
other devices.
❑ Switches propagate broadcasts out all
interfaces except the interface on which it
was received.
❑ The only device that stops broadcasts is a
router.
❑ Routers do not propagate broadcasts.
❑ Each router interface connects to a
broadcast domain and broadcasts are only
propagated within that specific broadcast
domain.
Network Segmentation: Problems with Large
Broadcast Domains

❑ A problem with a large broadcast domain is
that these hosts can generate excessive
broadcasts and negatively affect the network.
❑ The solution is to reduce the size of the
network to create smaller broadcast domains
using a process called subnetting.
▪ E.g. Dividing the network address 172.16.0.0 /16
into two subnets of 200 users each: 172.16.0.0
/24 and 172.16.1.0 /24.
❑ Broadcasts are only propagated within the
smaller broadcast domains.
Reasons for Segmenting Networks

❑ Subnetting reduces overall network traffic and improves network
performance.
❑ It can be used to implement security policies between subnets.
❑ Subnetting reduces the number of devices affected by abnormal broadcast
traffic.
❑ Subnets are used for a variety of reasons including by:
Group or Function Device Type
Location
 VLSM: Variable Length Subnet Mask

❑ The left side displays the traditional subnetting scheme (i.e., the same subnet mask) while the
right side illustrates how VLSM can be used to subnet a subnet and divided the last subnet into
eight /30 subnets.
❑ When using VLSM, always begin by satisfying the host requirements of the largest subnet and
continue subnetting until the host requirements of the smallest subnet are satisfied.
❑ The resulting topology with VLSM applied.
Structed Design: Device Address Assignment

❑ Within a network, there are different types of devices that require addresses:
▪ End user clients – Most use DHCP to reduce errors and burden on network support staff. IPv6
clients can obtain address information using DHCPv6 or SLAAC.
▪ Servers and peripherals – These should have a predictable static IP address.
▪ Servers that are accessible from the internet – Servers must have a public IPv4 address, most
often accessed using NAT.
▪ Intermediary devices – Devices are assigned addresses for network management, monitoring,
and security.
▪ Gateway – Routers and firewall devices are gateway for the hosts in that network.
❑ When developing an IP addressing scheme, it is generally recommended that you have
a set pattern of how addresses are allocated to each type of device.
Ping – Test Connectivity

❑ The ping command is an IPv4 and IPv6 testing utility that uses ICMP echo request and
echo reply messages to test connectivity between hosts and provides a summary that
includes the success rate and average round-trip time to the destination.
❑ If a reply is not received within the timeout, ping provides a message indicating that
a response was not received.
❑ It is common for the first ping to timeout if address resolution (ARP or ND) needs to
be performed before sending the ICMP Echo Request.
❑ Type of connectivity test performed with ping include:
▪ Pinging the loopback
▪ Pinging the default gateway
▪ Pinging the remote host
Traceroute – Test the Path

❑ Traceroute (tracert) is a utility that is used to test the path between two hosts
and provide a list of hops that were successfully reached along that path.
❑ Traceroute provides round-trip time for each hop along the path and indicates if
a hop fails to respond. An asterisk (*) is used to indicate a lost or unreplied
packet.
❑ This information can be used to locate a problematic router in the path or may
indicate that the router is configured not to reply.
Transport Layer

❑ Role of the transport layer
▪ Provide services to allow end devices to exchange data
❑ Specific Responsibilities of transport layer
▪ Tracking individual conversations
▪ Segmenting data and reassembling segments
▪ Adds header information
▪ Identify, separate, and manage multiple conversations
▪ Uses segmentation and multiplexing to enable different communication on the same network
❑ Two main protocols
▪ Transmission Control Protocol
▪ User Datagram Protocol
Transport Layer Protocols: TCP & UDP

❑ TCP provides reliability and flow control using these basic operations:
▪ Number and track data segments transmitted to a specific host from a specific application
▪ Acknowledge received data
▪ Retransmit any unacknowledged data after a certain amount of time
▪ Sequence data that might arrive in wrong order
▪ Send data at an efficient rate that is acceptable by the receiver

❑ UDP provides the basic functions for delivering datagrams between the appropriate
applications, with very little overhead and data checking.
▪ UDP is a connectionless protocol.
▪ UDP is known as a best-effort delivery protocol because there is no acknowledgment that the data
is received at the destination.
Transport Layer Protocols: TCP Features

❑ Establishes a Session - TCP is a connection-oriented protocol that negotiates
and establishes a permanent connection (or session) between source and
destination devices prior to forwarding any traffic.
❑ Ensures Reliable Delivery - For many reasons, it is possible for a segment to
become corrupted or lost completely, as it is transmitted over the network.
TCP ensures that each segment that is sent by the source arrives at the
destination.
❑ Provides Same-Order Delivery - Because networks may provide multiple routes
that can have different transmission rates, data can arrive in the wrong order.
❑ Supports Flow Control - Network hosts have limited resources (i.e., memory
and processing power). When TCP is aware that these resources are overtaxed,
it can request that the sending application reduce the rate of data flow.
TCP & UDP Characteristics

❑ TCP is a stateful protocol which means it keeps track of the state of the
communication session.
▪ TCP records which information it has sent, and which information has been acknowledged.
▪ TCP handles all tasks associated with dividing the data stream into segments, providing
reliability, controlling data flow, and reordering segments.
▪ Applications that uses TCP includes; HTTP, FTP, SMTP, SSH

❑ UDP features include the following:
▪ Data is reconstructed in the order that it is received.
▪ Any segments that are lost are not resent.
▪ There is no session establishment.
▪ The sender is not informed about resource availability.
TCP & UDP: Socket Pairs

❑ TCP and UDP transport layer protocols use port
numbers to manage multiple, simultaneous
conversations.
❑ Socket
▪ combination of the source IP address and source
port number, or the destination IP address and
destination port number.
▪ enable multiple processes running on a client to
distinguish themselves from each other, and
multiple connections to a server process to be
distinguished from each other.
❑ Port number groups
▪ Well-known (0 to 1,023)
▪ Registered (1,024 to 49,151)
▪ Private/dynamic (49,152 to 65,535)
Application Layer

❑ The upper three layers of the OSI model
(application, presentation, and session) define
functions of the TCP/IP application layer.
❑ Application layer
▪ Closest layer to the end user
▪ Provides the interface between the applications used
to communicate
❑ Some of the most widely known application
layer protocols include HTTP, FTP, TFTP, IMAP,
DNS, etc.
▪ exchange data between programs running on the
source and destination hosts
▪ used by both the source and destination devices
during a communication session.
 HTTP and HTTPS

❑ HTTP is a request/response protocol that
specifies the message types used for that
communication.
❑ The three common message types are:
▪ GET - This is a client request for data. A client
(web browser) sends the GET message to the
web server to request HTML pages.
▪ POST - This uploads data files to the web
server, such as form data.
▪ PUT - This uploads resources or content to the
web server, such as an image.

Note: HTTP is not a secure protocol. For secure communications
sent across the internet, HTTPS should be used.
Application Layer: Email Protocols

❑ Three common email protocols include:
▪ Simple Mail Transfer Protocol (SMTP)
✓ Used by client to send mail.

▪ Post Office Protocol (POP)
✓ Used by clients to receive mail
✓ Mails can be downloaded

▪ Internet Message Access Protocol (IMAP)
✓ Used by clients to receive mail.
✓ Copies of mail can be downloaded to the client
application
Domain Name Service

❑ Domain names were created to convert the numeric IP
addresses into a simple, recognizable name.
❑ Fully-qualified domain names (FQDNs), such
as http://www.cisco.com, are much easier for people to
remember than 198.133.219.25.
❑ The DNS protocol defines an automated service that matches
resource names with the required numeric network address.
It includes the format for queries, responses, and data.
DNS Hierarchy

❑ DNS uses a hierarchical system to create a
database to provide name resolution.
❑ Each DNS server maintains a specific database
file and is only responsible for managing name-
to-IP mappings for that small portion of the
entire DNS structure.
❑ When a DNS server receives a request for a
name translation that is not within its DNS
zone, the DNS server forwards the request to
another DNS server within the proper zone for
translation.
❑ Examples of top-level domains:
▪.com - a business or industry
▪.org - a non-profit organization
▪.au - Australia
 Dynamic Host Configuration Protocol

❑ The Dynamic Host Configuration Protocol (DHCP) for IPv4
service automates the assignment of IPv4 addresses,
subnet masks, gateways, and other IPv4 networking
parameters.
❑ DHCP is considered dynamic addressing compared to static
addressing. Static addressing is manually entering IP
address information.
❑ When a host connects to the network, the DHCP server is
contacted, and an address is requested. The DHCP server
chooses an address from a configured range of addresses
Note: DHCP for IPv6 (DHCPv6) provides similar called a pool and assigns (leases) it to the host.
services for IPv6 clients. However, DHCPv6 does
not provide a default gateway address. This can ❑ Many networks use both DHCP and static addressing. DHCP
only be obtained dynamically from the Router is used for general purpose hosts, such as end user
Advertisement message of the router.
devices. Static addressing is used for network devices,
such as gateway routers, switches, servers, and printers.
 DHCP Operation

❑ When an IPv4, DHCP-configured device boots up or connects to the
network, the client broadcasts a DHCP discover (DHCPDISCOVER)
message to identify any available DHCP servers on the network.
❑ A DHCP server replies with a DHCP offer (DHCPOFFER) message, which
offers a lease to the client. (If a client receives more than one offer
due to multiple DHCP servers on the network, it must choose one.)
❑ The client sends a DHCP request (DHCPREQUEST) message that
identifies the explicit server and lease offer that the client is
accepting.
Note: DHCPv6 has a set of messages that is
❑ The server then returns a DHCP acknowledgment (DHCPACK) message
similar to those for DHCPv4. The DHCPv6
messages are SOLICIT, ADVERTISE, that acknowledges to the client that the lease has been finalized.
INFORMATION REQUEST, and REPLY.
❑ If the offer is no longer valid, then the selected server responds with
a DHCP negative acknowledgment (DHCPACK) message, and the
process must begin with a new DHCPDISCOVER message.
Access Attacks

❑ Access attacks exploit known vulnerabilities in authentication services, FTP services,
and web services to gain entry to web accounts, confidential databases, and other
sensitive information.
❑ Access attacks can be classified into four types:

▪ Password attacks - Implemented using brute force, trojan horse, and packet sniffers
▪ Trust exploitation - A threat actor uses unauthorized privileges to gain access to a system,
possibly compromising the target.
▪ Port redirection - A threat actor uses a compromised system as a base for attacks against other
targets. For example, a threat actor using SSH (port 22) to connect to a compromised host A.
Host A is trusted by host B and, therefore, the threat actor can use Telnet (port 23) to access it.
▪ Man-in-the middle - The threat actor is positioned in between two legitimate entities in order
to read or modify the data that passes between the two parties.
Firewalls

❑ Network firewalls reside between two or more networks, control the traffic
between them, and help prevent unauthorized access.
❑ A firewall could allow outside users-controlled access to specific services. For
example, servers accessible to outside users are usually located on a special
network referred to as the demilitarized zone (DMZ). The DMZ enables a
network administrator to apply specific policies for hosts connected to that
network.

❑ Types of Firewall
▪ Packet filtering - Prevents or allows access based on IP or MAC addresses
▪ Application filtering - Prevents or allows access by specific application types
based on port numbers
▪ URL filtering - Prevents or allows access to websites based on specific URLs or
keywords
▪ Stateful packet inspection (SPI) - Incoming packets must be legitimate responses
to requests from internal hosts. Unsolicited packets are blocked unless
permitted specifically. SPI can also include the capability to recognize and filter
out specific types of attacks, such as denial of service (DoS).
Types of Vulnerabilities

❑ Vulnerability is the degree of weakness in a network or a device. Some degree of
vulnerability is inherent in routers, switches, desktops, servers, and even security
devices. Typically, the network devices under attack are the endpoints, such as
servers and desktop computers
❑ There are three primary vulnerabilities or weaknesses:
▪ Technological – include TCP/IP protocols, OS and network equipment weaknesses, etc.
▪ Configuration – include unsecured user, systems account with easily guessed passwords,
misconfigured settings on network devices, etc.
▪ Security policy – include lack of user authentication, unauthorized software and hardware
changes, etc.
❑ All three of these sources of vulnerabilities can leave a network or device open to
various attacks, including malicious code attacks and network attacks.
Types of Malware

❑ Malware is short for malicious software. It is code or software specifically designed
to damage, disrupt, steal, or inflict “bad” or illegitimate action on data, hosts, or
networks. The following are types of malware:
▪ Viruses - A computer virus is a type of malware that propagates by inserting a copy of itself
into, and becoming part of, another program. It spreads from one computer to another,
leaving infections as it travels.
▪ Worms - Computer worms are similar to viruses in that they replicate functional copies of
themselves and can cause the same type of damage. In contrast to viruses, which require the
spreading of an infected host file, worms are standalone software and do not require a host
program or human help to propagate.
▪ Trojan Horses - It is a harmful piece of software that looks legitimate. Unlike viruses and
worms, Trojan horses do not reproduce by infecting other files. Trojan horses must spread
through user interaction such as opening an email attachment or downloading and running a
file from the internet.
Physical Security

❑ If network resources can be physically compromised, a threat actor can deny the use of
network resources. The four classes of physical threats are as follows:
▪ Hardware threats - This includes physical damage to servers, routers, switches, cabling plant,
and workstations.
▪ Environmental threats - This includes temperature extremes (too hot or too cold) or humidity
extremes (too wet or too dry).
▪ Electrical threats - This includes voltage spikes, insufficient supply voltage (brownouts),
unconditioned power (noise), and total power loss.
▪ Maintenance threats - This includes poor handling of key electrical components (electrostatic
discharge), lack of critical spare parts, poor cabling, and poor labeling.
❑ A good plan for physical security must be created and implemented to address these
issues.
Additional Password Security

❑ There are several steps that can be taken to help
ensure that passwords remain secret on a Cisco
router and switch including these:
▪ Encrypt all plaintext passwords with the service
password-encryption command.
▪ Set a minimum acceptable password length with the
security passwords min-length command.
▪ Deter brute-force password guessing attacks with the
login block-for # attempts # within # command.
▪ Disable an inactive privileged EXEC mode access
after a specified amount of time with the exec-
timeout command.
 Enable SSH

❑ It is possible to configure a Cisco device to support SSH using the following steps:
1. Configure a unique device hostname. A device must have a unique hostname other than the default.
2. Configure the IP domain name. Configure the IP domain name of the network by using the global
configuration mode command ip-domain name.
3. Generate a key to encrypt SSH traffic. SSH encrypts traffic between source and destination. However, to
do so, a unique authentication key must be generated by using the global configuration command crypto
key generate rsa general-keys modulus bits. The modulus bits determines the size of the key and can be
configured from 360 bits to 2048 bits. The larger the bit value, the more secure the key. However, larger
bit values also take longer to encrypt and decrypt information. The minimum recommended modulus
length is 1024 bits.
4. Verify or create a local database entry. Create a local database username entry using
the username global configuration command.
5. Authenticate against the local database. Use the login local line configuration command to authenticate
the vty line against the local database.
6. Enable vty inbound SSH sessions. By default, no input session is allowed on vty lines. You can specify
multiple input protocols including Telnet and SSH using the transport input [ssh | telnet] command.