Final Exam Revision PDF
Document Details
Ms. Jugan
Tags
Summary
This document is a revision guide, or past paper, covering topics in computer networking. It includes sections on final exam revision, structure, topics, and detailed steps for basic router configuration.
Full Transcript
Final Exam Revision Introduction to Networks Lecturer: Ms. Jugan Final Exam Structure ❑ Multiple Choice & True/False ❑ Matching/Drag & Drop ❑ Filling in Blanks ❑ Descriptive Final Exam Topics ❑ Basic Router Configurations ❑ IPv4 Addressing ❑ ICMP ❑ Transport Layer ❑ Application Layer ❑ Network...
Final Exam Revision Introduction to Networks Lecturer: Ms. Jugan Final Exam Structure ❑ Multiple Choice & True/False ❑ Matching/Drag & Drop ❑ Filling in Blanks ❑ Descriptive Final Exam Topics ❑ Basic Router Configurations ❑ IPv4 Addressing ❑ ICMP ❑ Transport Layer ❑ Application Layer ❑ Network Security Basic Router Configuration Steps Router(config)# hostname hostname Router(config)# enable secret password ❑ Configure the device name. Router(config)# line console 0 ❑ Secure privileged EXEC mode. Router(config-line)# password password Router(config-line)# login ❑ Secure user EXEC mode. Router(config)# line vty 0 4 ❑ Secure remote Telnet / SSH access. Router(config-line)# password password Router(config-line)# login ❑ Encrypt all plaintext passwords. Router(config-line)# transport input {ssh | telnet} ❑ Provide legal notification and save Router(config)# service password encryption the configuration. Router(config)# banner motd # message # Router(config)# end Router# copy running-config startup-config Configure Router Interfaces ❑ Configuring a router interface includes issuing the following commands Router(config)# interface type-and-number Router(config-if)# description description-text Router(config-if)# ip address ipv4-address subnet-mask Router(config-if)# ipv6 address ipv6-address/prefix-length Router(config-if)# no shutdown ❑ It is a good practice to use the description command to add information about the network connected to the interface. ❑ The no shutdown command activates the interface. Default Gateway on a Switch ❑ A switch must have a default gateway address configured to remotely manage the switch from another network. ❑ To configure an IPv4 default gateway on a switch, use the ip default-gateway ip-address global configuration command. IPv4 Addressing ❑ IPv4 address structure ▪ 32-bit address that is made up of a host portion and a network portion ▪ Subnet mask determines the network hosts belongs to ✓ When IP is given to a device, subnet mask determines the network address of the device ✓ Must be identical to all devices in the same network ❑ Private & public IPv4 addresses ▪ Public IPv4 addresses are globally routed between internet service provider (ISP) routers. ▪ Private addresses are common blocks of addresses used by most organizations to assign IPv4 addresses to internal hosts. These addresses are not globally routable. Routing to the internet will require NAT protocol. IPv4 Address Structure: Network, Host & Broadcast Addresses ❑ Within each network are three types of IP addresses: ▪ Network address ▪ Host addresses ▪ Broadcast address Network Portion Host Portion Host Bits Subnet mask 255 255 255 0 255.255.255.0 or /24 11111111 11111111 11111111 00000000 Network address 192 168 10 0 All 0s 192.168.10.0 or /24 11000000 10100000 00001010 00000000 First address 192 168 10 1 All 0s and a 1 192.168.10.1 or /24 11000000 10100000 00001010 00000001 Last address 192 168 10 254 All 1s and a 0 192.168.10.254 or /24 11000000 10100000 00001010 11111110 Broadcast address 192 168 10 255 All 1s 192.168.10.255 or /24 11000000 10100000 00001010 11111111 IPv4 Unicast, Broadcast & Multicast ❑ Unicast ▪ Unicast transmission is sending a packet to one destination IP address. ▪ E.g. a PC at 172.16.4.1 sends a unicast packet to another PC at 172.16.4.253. ❑ Multicast ▪ Multicast transmission is sending a packet to a selected group of hosts ▪ Multicast IPv4 address range 224.0.0.0 to 239.255.255.255 ❑ Broadcast ▪ Broadcast transmission is sending a packet to all other destination IP addresses. ▪ Broadcast packet has a destination IP address with all 1s in the host portion ▪ May be directed or limited. ✓ Directed – sent to all hosts on a specific network (e.g. 192.168.4/24 → 192.168.4.255 ✓ Limited – sent to all hosts on the same network (255.255.255.255) Types of IPv4 Addresses: Routing to the Internet ❑ Network Address Translation (NAT) translates private IPv4 addresses to public IPv4 addresses. ❑ NAT is typically enabled on the edge router connecting to the internet. ❑ It translates the internal private address to a public global IP address Network Segmentation: Broadcast Domains & Segmentation ❑ Devices use broadcasts and ARP to locate other devices. ❑ Switches propagate broadcasts out all interfaces except the interface on which it was received. ❑ The only device that stops broadcasts is a router. ❑ Routers do not propagate broadcasts. ❑ Each router interface connects to a broadcast domain and broadcasts are only propagated within that specific broadcast domain. Network Segmentation: Problems with Large Broadcast Domains ❑ A problem with a large broadcast domain is that these hosts can generate excessive broadcasts and negatively affect the network. ❑ The solution is to reduce the size of the network to create smaller broadcast domains using a process called subnetting. ▪ E.g. Dividing the network address 172.16.0.0 /16 into two subnets of 200 users each: 172.16.0.0 /24 and 172.16.1.0 /24. ❑ Broadcasts are only propagated within the smaller broadcast domains. Reasons for Segmenting Networks ❑ Subnetting reduces overall network traffic and improves network performance. ❑ It can be used to implement security policies between subnets. ❑ Subnetting reduces the number of devices affected by abnormal broadcast traffic. ❑ Subnets are used for a variety of reasons including by: Group or Function Device Type Location VLSM: Variable Length Subnet Mask ❑ The left side displays the traditional subnetting scheme (i.e., the same subnet mask) while the right side illustrates how VLSM can be used to subnet a subnet and divided the last subnet into eight /30 subnets. ❑ When using VLSM, always begin by satisfying the host requirements of the largest subnet and continue subnetting until the host requirements of the smallest subnet are satisfied. ❑ The resulting topology with VLSM applied. Structed Design: Device Address Assignment ❑ Within a network, there are different types of devices that require addresses: ▪ End user clients – Most use DHCP to reduce errors and burden on network support staff. IPv6 clients can obtain address information using DHCPv6 or SLAAC. ▪ Servers and peripherals – These should have a predictable static IP address. ▪ Servers that are accessible from the internet – Servers must have a public IPv4 address, most often accessed using NAT. ▪ Intermediary devices – Devices are assigned addresses for network management, monitoring, and security. ▪ Gateway – Routers and firewall devices are gateway for the hosts in that network. ❑ When developing an IP addressing scheme, it is generally recommended that you have a set pattern of how addresses are allocated to each type of device. Ping – Test Connectivity ❑ The ping command is an IPv4 and IPv6 testing utility that uses ICMP echo request and echo reply messages to test connectivity between hosts and provides a summary that includes the success rate and average round-trip time to the destination. ❑ If a reply is not received within the timeout, ping provides a message indicating that a response was not received. ❑ It is common for the first ping to timeout if address resolution (ARP or ND) needs to be performed before sending the ICMP Echo Request. ❑ Type of connectivity test performed with ping include: ▪ Pinging the loopback ▪ Pinging the default gateway ▪ Pinging the remote host Traceroute – Test the Path ❑ Traceroute (tracert) is a utility that is used to test the path between two hosts and provide a list of hops that were successfully reached along that path. ❑ Traceroute provides round-trip time for each hop along the path and indicates if a hop fails to respond. An asterisk (*) is used to indicate a lost or unreplied packet. ❑ This information can be used to locate a problematic router in the path or may indicate that the router is configured not to reply. Transport Layer ❑ Role of the transport layer ▪ Provide services to allow end devices to exchange data ❑ Specific Responsibilities of transport layer ▪ Tracking individual conversations ▪ Segmenting data and reassembling segments ▪ Adds header information ▪ Identify, separate, and manage multiple conversations ▪ Uses segmentation and multiplexing to enable different communication on the same network ❑ Two main protocols ▪ Transmission Control Protocol ▪ User Datagram Protocol Transport Layer Protocols: TCP & UDP ❑ TCP provides reliability and flow control using these basic operations: ▪ Number and track data segments transmitted to a specific host from a specific application ▪ Acknowledge received data ▪ Retransmit any unacknowledged data after a certain amount of time ▪ Sequence data that might arrive in wrong order ▪ Send data at an efficient rate that is acceptable by the receiver ❑ UDP provides the basic functions for delivering datagrams between the appropriate applications, with very little overhead and data checking. ▪ UDP is a connectionless protocol. ▪ UDP is known as a best-effort delivery protocol because there is no acknowledgment that the data is received at the destination. Transport Layer Protocols: TCP Features ❑ Establishes a Session - TCP is a connection-oriented protocol that negotiates and establishes a permanent connection (or session) between source and destination devices prior to forwarding any traffic. ❑ Ensures Reliable Delivery - For many reasons, it is possible for a segment to become corrupted or lost completely, as it is transmitted over the network. TCP ensures that each segment that is sent by the source arrives at the destination. ❑ Provides Same-Order Delivery - Because networks may provide multiple routes that can have different transmission rates, data can arrive in the wrong order. ❑ Supports Flow Control - Network hosts have limited resources (i.e., memory and processing power). When TCP is aware that these resources are overtaxed, it can request that the sending application reduce the rate of data flow. TCP & UDP Characteristics ❑ TCP is a stateful protocol which means it keeps track of the state of the communication session. ▪ TCP records which information it has sent, and which information has been acknowledged. ▪ TCP handles all tasks associated with dividing the data stream into segments, providing reliability, controlling data flow, and reordering segments. ▪ Applications that uses TCP includes; HTTP, FTP, SMTP, SSH ❑ UDP features include the following: ▪ Data is reconstructed in the order that it is received. ▪ Any segments that are lost are not resent. ▪ There is no session establishment. ▪ The sender is not informed about resource availability. TCP & UDP: Socket Pairs ❑ TCP and UDP transport layer protocols use port numbers to manage multiple, simultaneous conversations. ❑ Socket ▪ combination of the source IP address and source port number, or the destination IP address and destination port number. ▪ enable multiple processes running on a client to distinguish themselves from each other, and multiple connections to a server process to be distinguished from each other. ❑ Port number groups ▪ Well-known (0 to 1,023) ▪ Registered (1,024 to 49,151) ▪ Private/dynamic (49,152 to 65,535) Application Layer ❑ The upper three layers of the OSI model (application, presentation, and session) define functions of the TCP/IP application layer. ❑ Application layer ▪ Closest layer to the end user ▪ Provides the interface between the applications used to communicate ❑ Some of the most widely known application layer protocols include HTTP, FTP, TFTP, IMAP, DNS, etc. ▪ exchange data between programs running on the source and destination hosts ▪ used by both the source and destination devices during a communication session. HTTP and HTTPS ❑ HTTP is a request/response protocol that specifies the message types used for that communication. ❑ The three common message types are: ▪ GET - This is a client request for data. A client (web browser) sends the GET message to the web server to request HTML pages. ▪ POST - This uploads data files to the web server, such as form data. ▪ PUT - This uploads resources or content to the web server, such as an image. Note: HTTP is not a secure protocol. For secure communications sent across the internet, HTTPS should be used. Application Layer: Email Protocols ❑ Three common email protocols include: ▪ Simple Mail Transfer Protocol (SMTP) ✓ Used by client to send mail. ▪ Post Office Protocol (POP) ✓ Used by clients to receive mail ✓ Mails can be downloaded ▪ Internet Message Access Protocol (IMAP) ✓ Used by clients to receive mail. ✓ Copies of mail can be downloaded to the client application Domain Name Service ❑ Domain names were created to convert the numeric IP addresses into a simple, recognizable name. ❑ Fully-qualified domain names (FQDNs), such as http://www.cisco.com, are much easier for people to remember than 198.133.219.25. ❑ The DNS protocol defines an automated service that matches resource names with the required numeric network address. It includes the format for queries, responses, and data. DNS Hierarchy ❑ DNS uses a hierarchical system to create a database to provide name resolution. ❑ Each DNS server maintains a specific database file and is only responsible for managing name- to-IP mappings for that small portion of the entire DNS structure. ❑ When a DNS server receives a request for a name translation that is not within its DNS zone, the DNS server forwards the request to another DNS server within the proper zone for translation. ❑ Examples of top-level domains: ▪.com - a business or industry ▪.org - a non-profit organization ▪.au - Australia Dynamic Host Configuration Protocol ❑ The Dynamic Host Configuration Protocol (DHCP) for IPv4 service automates the assignment of IPv4 addresses, subnet masks, gateways, and other IPv4 networking parameters. ❑ DHCP is considered dynamic addressing compared to static addressing. Static addressing is manually entering IP address information. ❑ When a host connects to the network, the DHCP server is contacted, and an address is requested. The DHCP server chooses an address from a configured range of addresses Note: DHCP for IPv6 (DHCPv6) provides similar called a pool and assigns (leases) it to the host. services for IPv6 clients. However, DHCPv6 does not provide a default gateway address. This can ❑ Many networks use both DHCP and static addressing. DHCP only be obtained dynamically from the Router is used for general purpose hosts, such as end user Advertisement message of the router. devices. Static addressing is used for network devices, such as gateway routers, switches, servers, and printers. DHCP Operation ❑ When an IPv4, DHCP-configured device boots up or connects to the network, the client broadcasts a DHCP discover (DHCPDISCOVER) message to identify any available DHCP servers on the network. ❑ A DHCP server replies with a DHCP offer (DHCPOFFER) message, which offers a lease to the client. (If a client receives more than one offer due to multiple DHCP servers on the network, it must choose one.) ❑ The client sends a DHCP request (DHCPREQUEST) message that identifies the explicit server and lease offer that the client is accepting. Note: DHCPv6 has a set of messages that is ❑ The server then returns a DHCP acknowledgment (DHCPACK) message similar to those for DHCPv4. The DHCPv6 messages are SOLICIT, ADVERTISE, that acknowledges to the client that the lease has been finalized. INFORMATION REQUEST, and REPLY. ❑ If the offer is no longer valid, then the selected server responds with a DHCP negative acknowledgment (DHCPACK) message, and the process must begin with a new DHCPDISCOVER message. Access Attacks ❑ Access attacks exploit known vulnerabilities in authentication services, FTP services, and web services to gain entry to web accounts, confidential databases, and other sensitive information. ❑ Access attacks can be classified into four types: ▪ Password attacks - Implemented using brute force, trojan horse, and packet sniffers ▪ Trust exploitation - A threat actor uses unauthorized privileges to gain access to a system, possibly compromising the target. ▪ Port redirection - A threat actor uses a compromised system as a base for attacks against other targets. For example, a threat actor using SSH (port 22) to connect to a compromised host A. Host A is trusted by host B and, therefore, the threat actor can use Telnet (port 23) to access it. ▪ Man-in-the middle - The threat actor is positioned in between two legitimate entities in order to read or modify the data that passes between the two parties. Firewalls ❑ Network firewalls reside between two or more networks, control the traffic between them, and help prevent unauthorized access. ❑ A firewall could allow outside users-controlled access to specific services. For example, servers accessible to outside users are usually located on a special network referred to as the demilitarized zone (DMZ). The DMZ enables a network administrator to apply specific policies for hosts connected to that network. ❑ Types of Firewall ▪ Packet filtering - Prevents or allows access based on IP or MAC addresses ▪ Application filtering - Prevents or allows access by specific application types based on port numbers ▪ URL filtering - Prevents or allows access to websites based on specific URLs or keywords ▪ Stateful packet inspection (SPI) - Incoming packets must be legitimate responses to requests from internal hosts. Unsolicited packets are blocked unless permitted specifically. SPI can also include the capability to recognize and filter out specific types of attacks, such as denial of service (DoS). Types of Vulnerabilities ❑ Vulnerability is the degree of weakness in a network or a device. Some degree of vulnerability is inherent in routers, switches, desktops, servers, and even security devices. Typically, the network devices under attack are the endpoints, such as servers and desktop computers ❑ There are three primary vulnerabilities or weaknesses: ▪ Technological – include TCP/IP protocols, OS and network equipment weaknesses, etc. ▪ Configuration – include unsecured user, systems account with easily guessed passwords, misconfigured settings on network devices, etc. ▪ Security policy – include lack of user authentication, unauthorized software and hardware changes, etc. ❑ All three of these sources of vulnerabilities can leave a network or device open to various attacks, including malicious code attacks and network attacks. Types of Malware ❑ Malware is short for malicious software. It is code or software specifically designed to damage, disrupt, steal, or inflict “bad” or illegitimate action on data, hosts, or networks. The following are types of malware: ▪ Viruses - A computer virus is a type of malware that propagates by inserting a copy of itself into, and becoming part of, another program. It spreads from one computer to another, leaving infections as it travels. ▪ Worms - Computer worms are similar to viruses in that they replicate functional copies of themselves and can cause the same type of damage. In contrast to viruses, which require the spreading of an infected host file, worms are standalone software and do not require a host program or human help to propagate. ▪ Trojan Horses - It is a harmful piece of software that looks legitimate. Unlike viruses and worms, Trojan horses do not reproduce by infecting other files. Trojan horses must spread through user interaction such as opening an email attachment or downloading and running a file from the internet. Physical Security ❑ If network resources can be physically compromised, a threat actor can deny the use of network resources. The four classes of physical threats are as follows: ▪ Hardware threats - This includes physical damage to servers, routers, switches, cabling plant, and workstations. ▪ Environmental threats - This includes temperature extremes (too hot or too cold) or humidity extremes (too wet or too dry). ▪ Electrical threats - This includes voltage spikes, insufficient supply voltage (brownouts), unconditioned power (noise), and total power loss. ▪ Maintenance threats - This includes poor handling of key electrical components (electrostatic discharge), lack of critical spare parts, poor cabling, and poor labeling. ❑ A good plan for physical security must be created and implemented to address these issues. Additional Password Security ❑ There are several steps that can be taken to help ensure that passwords remain secret on a Cisco router and switch including these: ▪ Encrypt all plaintext passwords with the service password-encryption command. ▪ Set a minimum acceptable password length with the security passwords min-length command. ▪ Deter brute-force password guessing attacks with the login block-for # attempts # within # command. ▪ Disable an inactive privileged EXEC mode access after a specified amount of time with the exec- timeout command. Enable SSH ❑ It is possible to configure a Cisco device to support SSH using the following steps: 1. Configure a unique device hostname. A device must have a unique hostname other than the default. 2. Configure the IP domain name. Configure the IP domain name of the network by using the global configuration mode command ip-domain name. 3. Generate a key to encrypt SSH traffic. SSH encrypts traffic between source and destination. However, to do so, a unique authentication key must be generated by using the global configuration command crypto key generate rsa general-keys modulus bits. The modulus bits determines the size of the key and can be configured from 360 bits to 2048 bits. The larger the bit value, the more secure the key. However, larger bit values also take longer to encrypt and decrypt information. The minimum recommended modulus length is 1024 bits. 4. Verify or create a local database entry. Create a local database username entry using the username global configuration command. 5. Authenticate against the local database. Use the login local line configuration command to authenticate the vty line against the local database. 6. Enable vty inbound SSH sessions. By default, no input session is allowed on vty lines. You can specify multiple input protocols including Telnet and SSH using the transport input [ssh | telnet] command.