Module 1 Review Exam PDF

Summary

This document reviews the key layers of the OSI model, including the application, session, presentation, transport, network, data link, and physical layers. It also discusses proxy servers and routers.

Full Transcript

The **Application Layer** is the topmost layer and interacts directly
with end-user applications. It provides network services to applications
such as web browsers, email clients, and file transfer programs. This
layer facilitates communication between software applications and the
network, using protocols like HTTP, FTP, SMTP, and DNS. Devices that
operate at layer 7 of the OSI model include firewalls, proxy servers,
application load balancers, and multilayer switches.

The **Session Layer** establishes, manages, and terminates sessions
between applications. It controls the dialog between systems, including
session establishment, maintenance, and termination. This layer ensures
that data streams are properly synchronized and maintained throughout
the session. Gateway devices operate at layer 5.

The **Presentation Layer** translates data between the application layer
and the network format. It handles data encryption, compression, and
translation, ensuring that data is readable by the receiving system.
This layer acts as a translator for the network, converting data into a
format that the application layer can understand. Gateway devices
operate at layer 6.

The **Transport Layer** ensures reliable data transfer between end
systems and provides error recovery and flow control. It segments and
reassembles data for communications between end devices and ensures
complete data transfer. Common protocols operating at this layer include
the Transmission Control Protocol (TCP), which ensures reliable, ordered
delivery, and the User Datagram Protocol (UDP), which provides faster,
but less reliable, data transmission. Load balancers, gateways, and
layer 4 switches operate at this layer.

The **Network Layer** is responsible for the logical addressing and
routing of data packets between devices across different networks. It
determines the best path for data transmission and manages the delivery
of packets from the source to the destination. This layer uses IP
addresses for routing and includes routers and layer 3 switches.

The **Data Link Layer** provides node-to-node data transfer and is
responsible for error detection and correction from the Physical Layer.
It ensures that data frames are properly formatted for transmission and
reception between devices on the same network. This layer is divided
into two sublayers: the Media Access Control (MAC) layer, which controls
how devices on the network gain access to the data and permission to
transmit it, and the Logical Link Control (LLC) layer, which controls
frame synchronization, flow control, and error checking. This layer uses
unique MAC addresses for each node on the same network and includes
network interface cards (NICs), layer 2 switches, and bridges.

The **Physical Layer** is the lowest layer of the OSI model and is
concerned with the transmission and reception of raw data bits over a
physical medium. It defines the hardware elements involved, such as
cables, hubs, repeaters, and network interface cards (NICs). This layer
handles the electrical, mechanical, and procedural aspects of network
communication

**Proxy servers **act as intermediaries for requests from clients
seeking resources from other servers, enhancing security, privacy, and
performance in network environments.

One of the primary functions of proxy servers is to provide anonymity by
masking the client\'s IP address, which helps protect user identity and
sensitive information. Additionally, proxy servers offer content
caching, storing frequently accessed content to improve load times and
reduce bandwidth usage. They also enforce access control policies, such
as blocking certain websites or content, to regulate and monitor user
activity.

**Routers** are critical networking devices designed to direct data
packets between different networks. They use routing tables and
protocols such as EIGRP, OSPF, and BGP to determine the most efficient
paths for data transmission. One of their key features is Network
Address Translation (NAT), which allows multiple devices on a local
network to share a single public IP address, enhancing security and
conserving IP addresses. Routers also implement Quality of Service (QoS)
to prioritize certain types of traffic, ensuring optimal performance for
critical applications. Commonly used to connect local area networks
(LANs) to wide area networks (WANs) and facilitate internet access,
routers are essential for interconnecting branch offices and different
network segments. Additionally, virtual routers extend these
capabilities into software, running on virtual machines or as virtual
network functions (VNFs) within cloud environments, providing flexible
and scalable routing solutions without the need for physical hardware.

A **Content Delivery Network (CDN)** is a system of distributed servers
designed to deliver web content and other digital assets to users based
on their geographic location, thereby enhancing the performance,
availability, and security of web services. CDNs cache content on
strategically located servers, known as edge servers, around the world.
When a user requests content, the request is routed to the nearest edge
server, which reduces latency and improves load times.

**Firewalls** are critical for network security, monitoring and
controlling incoming and outgoing traffic based on predetermined
security rules. They perform packet filtering, inspecting packets to
allow or block them based on defined criteria. Stateful inspection is
another key feature, where firewalls track the state of active
connections and make filtering decisions based on the context of the
traffic. Additionally, firewalls can perform application layer
filtering, analyzing data at the application layer (Layer 7) for more
granular control. Commonly used to protect networks from unauthorized
access, malware, and other cyber threats, firewalls enforce security
policies and safeguard sensitive information.

**Intrusion Detection Systems (IDS)** play a crucial role in network
security by detecting suspicious activities and policy violations. These
systems employ signature-based detection, which uses known patterns of
attack to identify threats, as well as anomaly-based detection, which
identifies deviations from normal network behavior. An IDS operates
passively, monitoring network traffic and generating alerts when
potential threats are detected without taking direct action to block
them. They are commonly used to complement other security measures by
providing detailed insights into potential intrusions and enabling
timely responses

**Switches** are vital components in networking that connect devices
within the same network, facilitating efficient communication and data
transfer. They operate primarily at Layer 2 (Data Link) of the OSI
model, using MAC addresses to forward data within the network. However,
Layer 3 switches also incorporate routing functions using IP addresses.

**Intrusion Prevention Systems (IPS)** are critical for network
security, detecting and preventing suspicious activities in real-time.
Unlike an IDS, an IPS is deployed inline, directly in the path of
network traffic, allowing them to take immediate actions such as
dropping malicious packets, resetting connections, and blocking IP
addresses.

Key features of IPS include active response capabilities and a
combination of intrusion detection and firewall functionalities,
providing both detection and proactive blocking of threats. Commonly
used to protect networks by actively preventing detected threats from
compromising systems, an IPS ensures that malicious activities are
thwarted before they can cause harm.

A **Virtual Private Network (VPN)** is a technology that creates a
secure and encrypted connection over a less secure network, such as the
internet. VPNs enable secure remote access to a private network,
allowing users to transmit data securely over public networks. They
create a \"tunnel\" that encrypts data between the user\'s device and
the destination network, protecting it from interception and
unauthorized access. VPNs use encryption protocols (e.g., IPsec,
SSL/TLS) to secure data transmitted over the internet, ensuring that
only authorized parties can access the information. Strong
authentication mechanisms, such as multi-factor authentication, verify
the identity of users and devices before granting access to the VPN.
Additionally, VPNs utilize tunneling protocols to encapsulate and
transmit data securely. This allows remote users to access resources on
a private network as if they were directly connected to it, enabling
secure remote work and collaboration.

**Load balancers** are essential for distributing network or application
traffic across multiple servers, ensuring the high availability and
reliability of web applications and services. They utilize various load
balancing algorithms, such as round-robin, least connections, and IP
hash, to evenly distribute traffic and prevent any single server from
becoming overwhelmed,

**Quality of Service (QoS)** is a network feature that manages and
prioritizes network traffic to ensure the performance of critical
applications and services. By controlling the allocation of bandwidth,
QoS helps maintain optimal performance for high-priority traffic even
during periods of congestion. QoS ensures that important data traffic
receives the necessary bandwidth, reduces latency, and avoids packet
loss, enhancing the overall performance of critical applications and
services within a network.

**Public cloud **-- is a model in which the tenant rents the underlying
infrastructure from a third-party CSP. With this model, cloud computing
resources are owned and operated by the CSP, and accessed in a
multi-tenant configuration. As a shared resource model, the public cloud
may be considered higher in potential risks related to security and
performance. Public cloud model resources can be provisioned, scaled up
or down, and de-provisioned easily without CSP interaction. This model's
services may be free, or based on a pay-per-use model where the tenant
will pay only for the resources they use.

**Private cloud **-- is a model where an organization owns and manages
the physical infrastructure. The organization sets up an on-premises
cloud environment in its data centers. In this model, all resources are
for the exclusive use of the organization and are not shared with
others. The costs involved with a private cloud are incurred by the
organization and include all hardware, software, maintenance, and
management. Unlike a public cloud model, when resources need to be
scaled up, the organization will incur all costs related to the upgrade.
This model is often considered to minimize the security and performance
risks associated with the public cloud

**Hosted private cloud **-- is a model that is for the exclusive use of
an organization and is hosted by a third-party CSP. This model offers
many of the same advantages as a private cloud and is considerably less
expensive.

**Hybrid cloud **-- is a model that allows an organization to utilize a
private cloud and a public cloud concurrently. The private cloud can be
used for processing and storing sensitive data and the public cloud can
be used as needed for non-sensitive data. For instance, when the
workload in the private cloud increases to a predetermined threshold,
non-sensitive data can be temporarily migrated to the public cloud for
processing and storage. When the workload decreases, the data can be
moved back to the private cloud. The elasticity, scalability, and
pay-per-use characteristics of the public cloud make a hybrid model a
cost-effective alternative to scaling up the private cloud
infrastructure for these temporary spikes in workloads.

**Infrastructure as a Service (IaaS)** -- on-demand delivery and access
to not yet configured resources such as servers, storage, networking,
and security controls. The cloud tenant is relieved of the
responsibilities involved with purchasing and configuring hardware;
securing a physical plant; providing power, environmental controls
(HVAC), fire suppression, and network cabling.

**Platform as a Service (PaaS)** -- is built on top of IaaS and provides
a platform for on-demand delivery and access to operating systems,
databases, software development tools, and middleware (sits between OS
and applications, provides functions not available through OS alone).

**Software as a Service (SaaS)** -- on-demand access to fully developed
and configured, cloud-hosted applications. The apps can be developed and
tested using PaaS and then deployed to SaaS. The tenant pays an annual
or monthly fee and accesses the app in their browser, mobile app, or
desktop client. The vendor is responsible for updates and patches, as
well as scalability

**Scalability** is a fundamental concept in cloud computing, referring
to the capacity of a system or resource, how it handles an increase in
workload, and the ability of a system, network, or process to handle a
growing amount of work (or its potential to be enlarged to accommodate
that growth). In the context of cloud computing, scalability is one of
the primary benefits, enabling businesses to dynamically adjust their
resources according to their needs. A scalable system can operate at the
correct size for current and future needs, without gaps, and without the
need to restructure the entire system.

**Elasticity** in cloud computing refers to the ability of a system to
automatically adjust its resources to meet changing workloads and
demands. It allows an application or infrastructure to dynamically
increase or decrease resource capacity in real time, ensuring optimal
performance and cost efficiency. Elasticity is a core characteristic of
cloud environments, providing flexibility and responsiveness to
fluctuating demands.

**Multitenancy** is a key architectural principle in cloud computing
that enables multiple customers, known as tenants, to share a single
instance of a software application or cloud resource while maintaining
data isolation and privacy. This model allows cloud service providers to
optimize resource utilization and deliver cost-effective services by
hosting multiple users on the same infrastructure

A **cloud gateway** is a critical component that facilitates
connectivity between different network environments. Cloud gateways
enable secure and efficient communication between cloud networks and
other networks, such as on-premises data centers or the public internet.
They act as intermediaries, managing the flow of data and ensuring that
the connections are secure and optimized for performance.

A **Virtual Private Cloud (VPC) **is a logically isolated section of a
public cloud where an organization can launch and manage resources in a
virtualized environment. VPCs provide the benefits of a public cloud,
such as scalability and flexibility, while maintaining the security and
isolation typically associated with private clouds.

VPCs offer network isolation by creating a private network within the
public cloud through virtual network interfaces, subnets, and IP address
ranges that are segregated from other users in the public cloud. Within
a VPC, you can create subnets, which are smaller segments of the VPC\'s
IP address range, and these subnets can be designated as public or
private, depending on whether they need internet access.

**Internet Control Message Protocol (ICMP)**

**Internet Control Message Protocol (ICMP)** is a protocol within the
Internet Protocol Suite used for network diagnostics and error
reporting. It operates at the network layer (Layer 3) and is used by
network devices, like routers, to send error messages and operational
information. ICMP is primarily used for diagnostic and control purposes,
providing feedback about issues in the communication environment.

Common uses of ICMP include **ping** which** s**ends ICMP Echo Request
messages to check the reachability of a host and measure the round-trip
time. **Traceroute/tracert** uses ICMP Time Exceeded messages to
determine the path packets take to reach a destination.

ICMP is essential for error reporting, as it is used by network devices
to report errors in the processing of IP packets, such as unreachable
destinations or network congestion. It also provides operational
messages, such as Time Exceeded or Redirect messages, to optimize
routing. Unlike TCP or UDP, ICMP does not transport application data;
instead, it carries messages about the network itself. ICMP messages are
encapsulated within IP packets, with the IP protocol field set to 1 to
indicate that the payload is an ICMP message.

**Generic Routing Encapsulation (GRE)**

**Generic Routing Encapsulation (GRE)** is categorized as an IP type
because it is a tunneling protocol used to encapsulate a wide variety of
network layer protocols inside virtual point-to-point links over an IP
network. GRE is primarily used to establish direct, private network
connections across the public Internet by encapsulating packets in a way
that allows them to be routed through IP networks.

Unlike application layer protocols that define specific data exchange
mechanisms, GRE specifies how to encapsulate and route packets of
various protocols across IP networks. It is identified by the protocol
number 47 in the IP header and facilitates the creation of virtual
point-to-point links, enabling various networking applications such as
VPNs and network virtualization.

As a traffic type, GRE influences how encapsulated data is managed,
routed, and transported over IP networks, distinguishing it from other
protocol categories.

**Internet Protocol Security (IPsec)**

**Internet Protocol Security (IPsec)** is a suite of protocols designed
to ensure secure communication over IP networks by providing data
confidentiality, integrity, and authentication. IPsec operates at the
network layer, protecting and authenticating IP packets between
participating devices such as routers, firewalls, and servers. It is
commonly used for VPNs, secure communications, and network security.
IPsec offers strong security features, flexibility in configuration, and
broad applicability (interoperability), making it a preferred choice for
secure networking in various environments.

IPsec is a protocol suite, meaning it is comprised of more than one
protocol working together.

- **Authentication Header (AH)** -- a protocol that provides data
integrity and authentication. AH generates a hash checksum of the
entire datagram, combined with a shared secret key value, at the
sending device. Upon receipt, the receiver compares the embedded
hash with a calculated hash using the same shared secret, to ensure
both values match. It is important to note that AH does not encrypt
the packet's payload.

- **Encapsulating Security Payload (ESP)** -- a protocol that provides
data confidentiality through the use of encryption. ESP can encrypt
the entire packet or only the payload. ESP can also provide
authentication along with encryption, and both are often utilized
together in practice.

IPsec operates in two different modes:

- Tunnel mode -- is used to securely transport data through an
untrusted public network. Using ESP, the entire packet (including
header and payload) is encrypted and wrapped in an entirely new
packet with a new header.

*IPsec datagram encapsulated using ESP for encryption and authentication
in **tunnel mode**.*

- Transport mode -- encrypts only the packet's payload leaving the
original header intact. This mode is commonly used to transport data
between hosts on a trusted network.

*IPsec datagram encapsulated using ESP for encryption and authentication
in **transport mode**.*

**Internet Key Exchange (IKE)** is a protocol used for key exchange
between VPN endpoints. It is a dynamic method of securing VPN tunnels by
allowing the VPN endpoints to negotiate new secret keys at specified
times during communication. Because IPsec relies on the use of a shared
secret, IKE makes it more difficult for an attacker to reuse captured
keys (especially with the additional use of perfect forward secrecy).

Using IKE, the devices at each end of the connection negotiate and set
security associations (SA). The SA contains the necessary details for
the tunnel to use the IPsec protocol suite.

IKE version 1 has been deprecated and IKE version 2 (IKE v2) is
recommended.

**Internet Protocol (IP) Traffic Types**

An **IP traffic type** is a classification that defines how data packets
are transmitted and delivered over an IP network. It specifies the
pattern of communication between the sender and recipients, determining
how packets are addressed, routed, and processed within the network
infrastructure. IP traffic types are essential for understanding the
flow of data and optimizing network resources for different applications
and use cases.

**Unicast** traffic is the most common type of network communication
where data is sent from a single source to a single destination. Each
packet is addressed to a specific recipient, and a separate copy of the
data is sent to the intended receiver. Unicast is used in applications
such as web browsing, file transfers, and email. An example of unicast
traffic is a user accessing a website from their computer.

**Broadcast** traffic involves sending data from one source to all
possible destinations within a network segment. Every device on the
local network receives the broadcast message. While broadcast traffic is
useful for applications like ARP (Address Resolution Protocol) requests
and network announcements, it can also lead to network congestion if
overused. An example of a broadcast is a router sending a DHCP (Dynamic
Host Configuration Protocol) request to assign IP addresses to devices
on the network.

**Multicast **traffic involves sending data from one source to multiple
designated receivers simultaneously. Instead of sending individual
copies of the data to each recipient, multicast sends a single copy that
is then distributed to the subscribers. This type of traffic is
efficient for applications that require the same data to be sent to
multiple recipients, such as streaming video, online gaming, and video
conferencing. An example of multicast traffic would be live streaming a
webinar to multiple participants.