606 – TCP/IP for Networking Professionals

Author: Maureen Fitzgerald Maureen.Fitzgerald@us.origin-it.com

 

Obj #

Objective Text

1

Identify the layers of the DoD model and how they relate to the TCP/IP stack.

 

Process Application  =  Acts as the interface for the user.

                                     Provides applications that transfer data between hosts.

                                     OSI Model -  Application/Presentation/Session

                                     TCP/IP Suite

                                         -Telnet = terminal emulation

                                         -FTP (File Transfer Protocol) and TFTP (Trivial File Transfer

                                              Protocol = file transfer

                                         -NFS (Network File System) = file sharing

                                         -Xwindows = application sharing

                                         -SMTP (Simple mail Transfer Protocol) = electronic mail

                                         -LPD (Local Print Daemon) and RPR (Remote Printing)=printing

                                         -SNMP (Simple Network Management Protocol=network mgmt

 

Host-To-Host =  TCP only: Maintains data integrity and sets up reliable, end-to-end

                            communication between hosts. 

                            Ensures error-free delivery of data units in proper sequence and with no

                             loss or duplication.

                            OSI Model – Transport Layer

                            TCP/IP Suite

                                -TCP (Transmission Control Protocol)= establishes a virtual circuit,

                                  provides a reliable connection, and sends packets that are

                                  sequenced and acknowledged.

                                  (like a telephone conversation)

                                -UDP (User Datagram Protocol)= connectionless/unreliable, but less

                                  overhead Is used by any protocol that uses broadcasts.

                                  (like sending a letter)

 

Internet =  Routes data packets between difference hosts or networks.  The Internet

                  Layer is the foundation of the TCP/IP protocol suite.

                       

                        OSI Model -  Network Layer

                        TCP/IP Suite

                                  IP = (Internet Protocol) handles packet routing, fragmentation, and

                                            reassembly between hosts.

                                  ICMP =  (Internet Control Message Protocol) used to send error

                                            and control messages to hosts and routers.

                                  BOOTP = (used by workstations to discover 3 items:

1.       their IP address

2.       the IP address of the server

3.        the name of a file loaded into memory that is executed at

                                  ARP = (Address Resolution Protocol) = translates a software address

                                             to a hardware (MAC) address

                                  RARP = (Remote Adddress Protocol) = used by diskless

                                                 Workstations to translate their hardware (MAC) address to 

                                                 A software address.

 

Network Access = defines physical interconnection between hosts.

                 OSI Model -  DataLink/Physical Layers

                 TCP/IP Suite – Ethernet, Token Ring, FDDI, and Others

1

(cont)

 

 

 

 

 

 

 

2

The TCP/IP Protocol Suite specifies functions above the Network Access Layer of the DOD Model and above the DataLink Layer of the OSI Model.

 

TCP (Transmission Control Protocol) = responsible for establishing communication between 2 hosts.

 

IP (Internet Protocol) = responsible for the transfer of data.

 

------------------------------------------------------------------------------------------------------------------------

Describe TCP/IP addressing concepts.

  • 32-bit Internet address value
  • 4-bytes long
  • identifies IP network and node
  • 1st byte determines class
  • each host must have a unique host number
  • each byte of a node address falls in the range of 0 to 255
  • 0 and 255 are usually not used in addressing (reserved for broadcasting packets)
  • 8-bits in an octet
  • use Windows calculator on desktop to convert binary number to decimal

 

3

List TCP/IP addressing classes and characteristics.

 

Class A =  0 – 127 first byte Network last 3 bytes Host

  • first bit must be zero
  • up to 12 classes created each having 16+Million hosts.

Class B = 128 – 191 first 2 bytes Network last 2 bytes Host

  • first 2 bits of first byte are 1 and 0.
  • Possible 16,384 class B networks each having up to 65,584 hosts.

Class C = 192 – 223 first three bytes Network last byte Host

  • First 3 bits of first byte are 1, 1, and 0.
  • Possible 2+Million class C networks each having up to 255 hosts.

Class D = 224 – 239 (MultiCast)

  • First 4 bits of first byte are 1, 1, 1, and 0.
  • Use for multicast packets
  • Multicast packets are used by a host to transmit messages to a specific group of hosts on network
  • Packets exchanged between routers only

Class E = 240 – 255 (Reserved for Experimental or Broadcast

  • First 5 bits of byte are 1, 1, 1, 1, and 0.
  • Reserved for experimental use and potential future addressing modem
  • Class E addresses typically used for broadcasts.

 

 

 

 

 

 

 

 

4

Define TCP/IP addressing types.

 

Unicast

  • Includes addresses that allow for communication between one source sending data and one source receiving it.
  • The single interface, is specified by the destination address.
  • Communication between any 2 hosts in the shared network doesn’t affect any of the other hosts.

Multicast

  • Includes addresses that refer to a group of hosts by using a single IP address; identified by Ipv4 class D addresses.
  • Simply, a subnet of the PCs on a network agree to listen to a given multicast address.
  • Every PC in this multicast group can be reached with a single packet transmission.

Broadcast

  • Includes messages that are transmitted to every host on the network.
  • 255.255.255.255 used to identify a broadcast message.
  • the message is directed to all hosts on the network from which it originated.
  • routers do not typically forward broadcast messages to other networks.

Anycast

  • similar to multicast; references a group of systems.
  • Transmits data by finding the closest member of a group and sends messages only to that member.
  • Only available with Ipv6.

 

 

5

Identify the purpose of subnets.

 

Subnet Masking – process of creating subnets on the network.

All hosts and networks must have a unique address.

Subnet Mask – is an extension of the IP addressing scheme that allows a site to use a single network address for multiple physical networks.

 

Purpose of subnets:

  • To expand the network – by adding routers and creating subnets
  • To reduce congestion – by splitting single network into smaller, separate subnets reducing bandwidth problems and number of hosts.
  • To reduce CPU use – more hosts on network causes more broadcasts on network. Each host must listen to every broadcast before accepting or discarding it. Uses CPU capabilities.
  • To isolate network problems – by splitting larger networks into smaller networks, limit the impact of one subnet’s problems on another.
  • To improve security – by restricting sensitive network traffic to only one network, other users on other subnets can be prevented from accessing secure data. Subnets also ensure that network structure is never visible outside organization’s private network.
  • To use multiple media – allows you to combine different media by putting each type of media on a different subnet.

 

 

6

Determine an appropriate subnet mask.

 

  • A subnet mask is a 4-byte number that is logically “ANDed” with an IP address to identify the network and host address of a host.
  • TCP/IP requires that all IP addresses be assigned a subnet mask even if the network is not segmented into subnets.
  • Any bit that is part of the network address is assigned a value of “1” in the mask.
  • Any bit that is part of the host address is assigned a value of “0” in the mask.
  • Subnet mask is defined using part of the host portion of the IP address. The host portion used depends on the class of the network address you were assigned.

 

7

Choose a subnet address given a subnet mask.

 

  • The subnet mask depends on how many bits you choose to use for subnet addressing

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

8

Demonstrate the ability to use subnet masks to divide a network.

 

Classful Hierarchy – the standard IP address conforms to a standard number of bits for the network address and host address for each type of class.

 

Classless Hierarchy – when you add a subnet address to the IP address, the host address is divided into a subnet address and a host address. The number of bits used by the subnet address and the host address can vary.

 

Assigning Subnet Addresses

After the subnet value has been assigned to a network, you must assign IP addresses to each device using the following rules: 

  • Each address must be unique
  • The network and subnet numbers must be the same for all devices on the same network
  • The host (physical) portion of the address must not be set to all 1’s or all 0’s/

 

When you create subnet addresses, you need to

  • Plan for growth
  • Avoid using IP addresses reserved for special use

 

To prepare for possible changes in the number of subnets required, RFC 1219 suggests that you assign subnet addresses from the left-most bit of the subnet address field, and that you assign hosts in numeric order from the right-most bit of the host address field.

 

To create a subnet, you must

  • Determine the number of subnets you need
    • When you are deciding how many subnets your network needs, you must take into account future network growth.
  • Determine your subnet mask and subnet addresses
    • To assign subnet mask and address values, complete the following:
    • 1) determine the number of available subnet address values and the number of available host address values per subnet.
    • 2) calculate the subnet address values:
    • identify the rightmost [1] bit in the subnet mask and convert its binary value to decimal. The number you obtain is referred to as ‘delta’.
  • Assign IP addresses to each host on the subnet

 

9

Define supernetting and identify the number of hosts available on a network that uses supernetting.

 

  • Developed in 1993 to extend the lifetime of a 32-bit IP address
  • Working with Ipv6, a new version of IP with larger addresses.
  • To accommodate growth until Ipv6 is standardized and adopted, supernetting used as a temporary solution.
  • Opposite of subnet addressing; (instead of using a single IP network address for multiple physical networks in an organization, it uses many IP network address for a single organization).
  • Number of bits used for the subnet mask is “reduced” to increase the number of available hosts.

Number of hosts available on a Class C Network – 510

10

Describe the TCP/IP communication process.

 

  • Connection-oriented
  • Reliable communications
  • 2 hosts using TCP must establish a TCP connection with each other before they can exchange data

 

1)       server’s OS delivers the raw data to TCP in a byte stream.

2)       If data stream too large for lower-layer protocols, TCP divided the stream into segments, adds sequence numbers, and passes each segment to IP.

3)       IF forms IP datagrams by adding source and destination logical addresses to each segment.

4)       Through ARP, the physical address of the destination or next immediate device is determined and passed, with the IP datagrams, to the DataLink Layer.

5)       Based upon the DataLink Layer chosen, several other steps are performed until the DataLink frames reach the client device. When an internetwork is involved, several additional IP encodings and decodings occur with each hop to determine the next IP address in the route.

6)       The client DataLink Layer receives the frames and passes its data to the client IP.

7)       The client IP discards the IP header and passes the IP datagrams to the client TCP.

8)       TCP acknowledges receipt if each datagram.

9)       TCP combines the datagrams into one continuous byte stream by examining the sequence numbers and reordering the segments.

10)   The service requester’s application receives the same byte stream that was submitted by the server’s OS, as if it were directly connected.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

11

Compare and contrast the IPv4 and IPv6 protocols.

 

IPv4= established late 1960’s

  • Defines a 32-bit address
  • Decreasing ability to route traffic between an increasing number of networks and the Internet
  • Is a 20-byte header and has 12 required fields and 1 optional field

 

IPv6= being developed and implemented to resolve the short comings of IPv4

  • Designed to address the current growth trends affecting TCP/IP-based networks.
  • Is one solution that will be deployed to deal with issues of addressing and routing.
  • Benefits:
    • Expanded routing and addressing capabilities
    • Header format simplification
    • Improve support for options
    • Quality-of-service capabilities
    • Authentication and privacy capabilities
  • Is a 40-byte (fixed) header and has 8 fields of information

 

Interoperate

  • Similar language
  • Embedded address communication
  • Allow checksum

 

Migration Strategies from IPv4 to IPv6:

  • Dual Stack – have both loaded/bound to NIC boards. Communicates regardless of which stack being used.
  • Tunneling – Encapsulate IPv6 datagram inside IPv4 datagrams. Allows IPv6 to cross over IPv4 network segments.
  • Header Translation – Software on routers connecting both network segments, strips headers, replace with one appropriate for network segment entering.

 

2 Types of IPv6 addresses can be embedded:

  • IPv4-compatible = understand IPv6
  • IPv4-mapped = do not understand IPv6

 

 

 

 

 

 

 

 

 

 

 

 

12

Describe utilizing private network addresses to overcome the IPv4 address shortage.

 

10-Netting = using private network address to overcome shortages

 

Approach

Addresses reserved for private networks are filtered out by Internet routers and do not conflict with registered addresses.

 

Private Address Blocks

Class A =  10.0.0.0 ßà 10.255.255.255

Class B =  172.16.0.0 ßà 172.31.255.255

Class C =  192.168.0.0 ßà 192.168.255.255

 

  • Implement 10-netting by assigning hosts on the private, internal part of network IP address and placing a router between the private internal network and the public network (Internet).
  • Private interface on router assigned address from private network
  • Public interface on router assigned registered IP address.
  • Router runs network address translation (NAT) software, which translates addresses when packets pass through from private to public network.

 

Advantages

  • If the 10.0.0.0 range selected, private network can have entire Class A network address.
  • Only 1 registered IP address is required for entire private network
  • Security is increased because entire private network appears to have only 1 IP address on the public network.

 

13

Identify the role of TCP/IP ports.

 

IP Port

  • number assigned to a service running on an IP host
  • number used to link incoming data to correct service

 

Divided into 3 Ranges:

  • Well-Known Ports = 0 - 1023
  • Registered Ports = 1024 – 49151
  • Dynamic or Private Ports = 49152 – 65535

 

Well-Known Ports are standard port numbers used by everyone.

Assigned by the IANA (internet Assigned Numbers Authority) and on most systems can only be used by system processes or by programs executed by privileged users.

 

See chart, page 1-40 for Well-Known Port number assignments.

 

 

 

 

14

List sources of TCP/IP information.

RFCs

  • Request for Comments
  • Series of technical reports about the Internet
  • Discuss different aspects of computing, including new and revised protocols, standards, procedures and programs.
  • Defined documents of the Internet protocol suite (standards) by the IETF.

ARIN

  • American Registry for Internet Numbers
  • Non-profit organization created to manage IP address space for assigned territories
  • Similar to RIPE and APNIC, pleased management of IP space under user control (ISPs, corporate entities, colleges, and individuals)

APNIC

  • Asia-Pacific Network Information Center
  • 1 of 3 regional Internet Registries (IRs) of the IANA
  • Serves the Asia-Pacific area
  • Allocates Internet resources, including IP addresses, autonomous systems (AS) numbers, and domain delegations

ICANN

  • Internet Corporation for Assigned Names and Numbers
  • Supercedes the IANA
  • Has authority over all number spaces used in Internet
  • Allocates parts of the Internet address space to 3 regional IRs.
  • Responsible for managing Internet address, domain names, and protocol parameters

IETF

  • Internet Engineering Task Force
  • Group dedicated to identifying problems on and proposing technical solutions for the Internet

InterNIC

  • Internet Network Information Center
  • 1 of 3 regional IRs of the IANA
  • serves North America and handles Internet domain name registration
  • managed by Network Solutions, Inc. (NSI)

RIPE NCC

  • Reseaux IP Europeans Network Coordination Center
  • Is 1 of 3 regional IRs of IANA
  • Handles internet domain name registration for Europe.

 

15

Identify the purpose of the Internet Protocol (IP).

 Used in packet-switched networks (CATENET)

  • Transmits blocks of data, called datagrams, from sources to destinations. Sources and destinations are hosts identified by fixed-length addresses.
  • Can also fragment and reassemble long datagrams, if necessary, for transmission through small-packet networks
  • Does not provide end-to-end data reliability, flow control, sequencing, or other services commonly found in host-to-host protocols.
  • Relies on the services of its supporting networks to provide various types and qualities of services.

 

16

Identify the fields that compose the IP header and the function of each.

 

Version         indicates the format of the IP header

IHL                (Internet Header Length) indicates the length of the IP in 32-bit words, and

                         thus points to the beginning of data. The minimum value for a correct

                         header is 5.         

Type of Service – specifies the treatment of the datagram during its transmission

                               through the Internet system.

Total Length – length of datagram measured in octets, including Internet Header

                         and data. This field allows the length of a datagram to be up to 65,535

                         octets (whether they arrive whole or in fragments.)

Identification –an identifying value assigned by the sender to aid in assembling

                         the fragments of a datagram.

Flags             –identifies the amount a packet is fragmented.

Fragments Offset – indicates where in the datagram this fragment belongs.

Time To Live (TTL) – indicates the maximum time the datagram can remain in the 

                                   Internet system.

Protocol      – indicates the next-level protocol used in the data portion of the IP

                       datagram.

Header Checksum –displays a checksum of the header only.

Source Address –displays the source address of the datagram.

Destination Address –displays the destination address of the datagram.

Options       –displays options that might appear in datagrams.

Padding      –used to ensure that the Internet header ends on a 32-bit boundary.

                       the padding is zero.

    

IP provides 2 basic functions:

  • Addressing
  • Fragmentation

 

IP sees the addresses carried in the header to transmit datagrams to their destination.

IP uses fields in the header to fragment and reassemble Internet datagrams for transmission through small-packet networks.

 

4 Key features in providing its services:

  • Type of Service
    • Indicates the quality of the service wanted.
    • Type of service provides a generalized set of parameters that characterize the service choices provided in the network that make up the Internet
  • Time To Live
    • Indicates an upper boundary on the lifetime of an Internet datagram
    • It is set by the sender of the datagram and reduced at the points along the route where it is processed
    • Can be thought of as a self-destruct time limit.
  • Options
    • Provides control functions that might be useful in some situations but that are unnecessary for the most common communication
    • Options include functions for time stamps security, and special routing.
  • Header Checksum
    • Verifies that the information used in processing the Internet datagram has been transmitted correctly.

 

 

17

Identify the purpose of Transmission Control Protocol (TCP).

 

  • Highly reliable Host-to-Host protocol in packet-switched networks and internetworks
  • Provides process-to-process communications in multi-network environments
  • Interacts between user or application processes and a lower-level protocol such as IP.
  • Provides a set of calls for manipulating data.
  • Can also communicate with application programs asynchronously.
  • Designed to work in a very general environment of interconnected networks

 

18

Identify the purpose of User Datagram Protocol (UDP).

 

  • Provides a datagram mode of packet-switching in an internetwork
  • Assumes that IP is used as the underlying protocol
  • Allows application programs to send messages to other programs with a minimum of protocol mechanism.
  • Is transaction oriented; duplicate and delivery protection are not guaranteed.
  • Offers a minimal transport service-non-guaranteed datagram delivery—and gives applications direct access to the datagram service of the IP layer.
  • The only services UDP provides over IP are check summing of data and multiplexing by port number.
  • Does not maintain end-t-end connection with the remove UDP module; it only pushes the datagram out on the network and accepts incoming datagrams off the network.
  • Used by application that do not require level of service provided by TCP or applications that want to use communications services (such as multicast or broadcast delivery) not available from TCP.
  • NFS (Network File System) and SNMP (Simple Network Management Protocol) use UDP.
  • The service is little more than an interface to IP.
  • Cannot provide:
    • Retransmission for reliably delivery
    • Packetization and reassembly
    • Flow control
    • Congestion avoidance
  • 1 of 2 main protocols that resides on top of IP

 

 

 

 

 

 

 

 

 

 

 

 

 

19

Identify the purpose of Internet Control Message Protocol (ICMP) and the types of ICMP messages.

 

  • Although layered on IP, ICMP is a control protocol that is an integral part of IP.
  • Provides error reporting, congestion reporting, and first-hop gateway redirection
  • ICMP messages are grouped into 2 classes:
    • Error messages
      • Destination unreachable
      • Redirect
      • Source quench
      • Time exceeded
      • Parameter problem
    • Query messages
      • Echo
      • Information
      • Time stamp
      • Address mask
  • If an ICMP message of unknown type is received, it is silently discarded.

 

 

20

Identify the purpose of Internet Group Management Protocol (IGMP).

 

  • Used by hosts and gateways on a single network to establish hosts’ membership in particular multicast groups
  • Gateways use this information with a multicast routing protocol to support IP multicasting across the Internet.
  • Implementation of IGMP is optional
  • A host can still participate in multicasting local to its connected networks without IGMP.

 

21

Identify the purpose of Network Time Protocol (NTP).

 

  • Synchronizes a set of network clocks using a set of distributed clients and servers.
  • Is built on the UDP, which provides a connectionless transport mechanism.
  • Specifies the precision and estimated error of both the local clock and reference clock it might be synchronized to.
  • Designed to connect a few primary reference clocks to centrally accessible resources such as gateways.
  • Provides information that can be used to organize this hierarchy on the basis of precision or estimated error.

 

 

 

 

 

 

22

Describe TELNET and identify its purpose.

 

  • Provides a remote login capability on TCP. The operation and appearance is similar to keyboard dialing through a telephone switch.
  • Works very well
  • Its an old application and has widespread interoperability.
  • Implementations of TELNET usually work between different operating systems
  • Is TCP/IP’s virtual terminal protocol
  • Allows a user from one host to log in to another host while appearing to be directly attached to the terminal at the remote system. This TCP/IPs definition of a virtual terminal.
  • Very powerful tool
  • Can use TELNET to access a remote client and provide the same functionality as local client software. Can do this by specifying a port number with the TELNET command.
    • TELNET [IP_address\hostname][port]

 

23

Describe Hypertext Transport Protocol (HTTP) and identify its purpose.

 

  • Allows basic hypermedia access to resources available from diverse applications
  • Is an application-level protocol that can be used to transport, retrieve, search for, update, and annotate information that is distributed and collaborative, and that includes hypermedia.
  • Provides an open-ended set of methods and headers that indicate the purpose of a request.
  • Is based on the Uniform Resource Identifier (URI).
  • Uses a Uniform Resource Locator (URL) or Uniform Resource Name (URN) to indicate the resource that a process should be applied to.
  • Also used as a generic protocol for communication between user agents and proxies or gateways to other Internet systems, including those supported by the SMTP, NNTP, FTP, Gopher, and WAIS protocols.

 

24

Identify the purpose of File Transfer Protocol (FTP) and the functionality of some FTP commands.

 

  • Useful and powerful TCP/IP utility for general user.
  • Allows you to upload and download files between local and remote hosts.
  • Commonly available at file archive sites to allow users to access files without having to pre-establish an account at the remote host.

 

FTP [IP_address\host_name]

 

Commands:

     HELP ?  =  used to obtain a list of available FTP commands and help topics

     TYPE     =  used to specify the file type when you transfer a binary or executable file

     DIR        =  used to see a directory listing of the files in the current directory at the

                        Remote host

     CD         =  change directory

     SHOW   =  see what directory you are in

Other commands:  GET, QUIT, CLOSE, OPEN, and PUT (or SEND)

25

Identify the purpose of Trivial File Transfer Protocol (TFTP).

 

  • Simple protocol used to transfer files
  • Runs on top of the Internet UDP and is used to move files between machines on different networks implementing UDP.
  • Designed to be small and easy to implement.
  • Lacks most of the features of a regular FTP.
  • Only services it provides are reading and writing files and sending mail to and from a remote server.
  • Passes 8-bit bytes of data, cannot list directories or provide user authentication.
  • Supports 3 modes of transfer:
    • NETASCII
    • Octet
    • Mail
  • Errors caused by 3 types of events:
    • Not being able to satisfy the request
    • Receiving a packet that cannot be explained by a delay or duplication in the network
    • Losing access to a necessary resource
  • Protocol very restrictive

 

26

Describe TFTP operation.

 

  • A transfer begins with a request to read or write a file.
  • If the server grants request, the connection is opened and file sent.
  • File divided into packets.
  • If packet gets lost, intended receiver times out and retransmits last packet (acknowledgement)
  • Sender of lost packet retransmits lost packet
  • Sender keeps 1 packet on hand for retransmission.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

27

Match the TCP/IP protocols with their definitions.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

28

List sources of TCP/IP security information.

 

CERT  

  • Computer Emergency Response Team
  • Is part of the Survivable Systems Initiative at the Software Engineering Institute
  • Publishes advisories addressing current security threats and ways to counteract them

 

CSRS

  • Computer Security Resource Clearinghouse
  • Provided information or network security issues

 

CIAC

  • Computer Incident Advisory Capability
  • Responsible for protecting DOE computer networks

29

Identify the purpose of firewalls.

 

  • Is to create a system that prevents unauthorized users from accessing proprietary information
  • Is a combination of hardware and software that reduces the risk of a security breach into a private TCP/IP network
  • Provide security for services, such as email
  • Also protect hosts
  • Effective firewall between the private network and the Internet, or between private network segments, enforces corporate security and access control policies
  • Also helps regulate the type of traffic that can access the private network and provides information about that traffic to the Administrator.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

30

Identify the types of firewalls and features of each.

 

Screening Routers

  • Basic type of firewall, uses only the packet-filtering capability to control and monitor network traffic that passes through the border.
  • Can block traffic between networks or to and from specific hosts on an IP port level.

 

Bastion Hosts

  • Represents private network on the Internet
  • Host is point of contact for incoming traffic from the Internet
  • Acts as a proxy server to allow internal network clients access to external services
  • Runs few services – email, FTP, DNS, or Web Services
  • Does not require authentication
  • Does not store any sensitive data

 

Screened Hosts

  • Combination of Bastion Host and Screening Routers
  • Adds security by using Internet access to deny or permit certain traffic from the Bastion Host.
  • First stop for traffic, which can continue only if the Screening Router lets it through

 

Dual-Homed Hosts

  • Based on a server with at least 2 network interfaces.
  • Host acts as a router between the network and the interfaces to which it is attached
  • Host blocks direct traffic between the private network and the Internet

 

Screened Subnets

  • Variation of Screen Host.
  • In screened subnetting, the Bastion Host is placed on its own subnetwork.
  • 2 screening routers used to do this:  1 between the subnet and the private network and the other between the subnet and the Internet.

 

Tri-Homed Hosts

  • combines elements of a Screening Router and a Screened Host; thereby overcoming the limitations of each.
  • Security is centered on the screening routers by using interfaces for the Internet, the private network, and the subnets that contain the Bastion Hosts and application servers.

 

 

 

 

 

 

 

31

Describe encryption and its role in a TCP/IP network.

 

  • Securing a network because information sent over a TCP/IP internetwork can pass through numerous other routers and hosts before it reaches its destination
  • Code your information

 

Three (3) Encryption Issues:

  • Eavesdropping
  • Modification
  • Impersonation – pretending “spoofing”

 

Public Key

 

Private Key

 

Secure Socket Layer (SSL) provides safeguard against threats:

  • Confidentiality
  • Integrity
  • Authentication

 

Transforms information so it cannot be decrypted or read by anyone but the intended recipient.

 

Ciphertext – disguised information

 

Symmetric Encryption – like a combination lock; anyone who uncovers code can access it

 

32

Describe denial of service attacks and how to defend against them.

 

DoS = most threatening security flaw

 

DoS attack is an assult that floods a network with so much traffic that normal network activities and slowed dramatically or stopped altogether.

 

Usually does not corrupt network file systems

 

Three (3) groups of attacks:

  • TCP/IP Implementation
    • Based attacks
    • Exploits a weakness in a specific TCP/IP stack
    • Ping of Death
    • Tear Drop
  • TCP/IP Standard
    • Based attacks
    • Exploits a weakness in the TCP/IP standard itself
    • SYN attack
    • Land
  • Brute-Force Attack
    • Creates excess traffic on a network
    • SMURF
    • UDP Flood – known as “Pepsi”

 

33

Describe snooping.

 

  • Capturing of all packets being transmitted on a network
  • Can be used for a variety of purposes using a number of different tools
    • Password Capture
    • Port Scanning

 

34

Describe routing fundamentals.

 

IP is the portion of TCP/IP that provides addressing and connectionless services for packet forwarding.

 

It also provides packet-switching services.

 

Autonomous Systems

  • Group of networks administered as a whole system by a single authority.

 

IGP

  • Interior Gateway Protocol
  • Routing protocol that manages routing information within a Autonomous System

 

EGP

  • Exterior Gateway Protocol
  • Autonomous Systems are interconnected using an Exterior Gateway Protocol

 

BGP

  • Border Gateway Protocol
  • Enhancement of EGP
  • New interdomain routing protocol

 

 

 

 

 

 

 

 

 

 

 

 

 

35

Describe Routing Information Protocol (RIP)

 

RIP

  • Developed to provide consistent routing and reachability information between PCs on a LAN
  • In small networks, RIP uses very little bandwidth and configuration and management time
  • Very easy to implement
  • Allows hosts and gateways to exchange info for computing routes through an IP-based network
  • Any host using RIP should have interfaces to one or more networks. These networks are referred to as Directly Connected Networks
  • Relies on access to certain information about each of these networks. The most important information about a network is its metric cost.
  • The metric cost is between 1 and 15.  16 is considered unreachable.
  • Is the TCP/IPs suite distance vector routing protocol.
  • Disadvantages:
    • Amount of time it takes for routers to synchronize their databases when change occurs to network  (‘convergence’)
    • Count-to-infinity – slow convergence
    • Split horizon – decreases the amount of RIP traffic on network, but increases convergence time.
    • Poison reverse – all routes learned from network are advertised back to same network with cost of 16.

RIP II

  • Provide support for:
    • Authentication
    • Subnet masks
    • Next hop addresses
    • Multicast packets

36

Describe the Open Shortest Path First (OSPF) protocol.

 

  • Link State protocol most commonly used on IP internetworks
  • Responsible for establishing and maintaining neighbor relationships, or adjacencies, between routers connected to the same segment

 

Hello Packet = each router advertising itself send periodic multicasting hello packets

Flooding = when router detects changes, it distributes new information to all routers

 

Learning Routes

  1. identifying neighboring OSPF routers
  2. synchronizing link state advertisement databases

 

OSPF Terms

  • Autonomous Systems – group of routers exchange routing information using common routing protocols in single administrative unit
  • Autonomous System Border Router (ASBR) – router that exchanges routing information with routers belonging to other AS systems.
  • Area – small/medium networks
  • Backbone – logical area where areas are connected. Address always 0.0.0.0.
  • Stub Area – only one Area Border Router (ABR) is defined
  • Transit Area – areas containing more than one ABR

37

Describe Exterior Gateway Protocol (EGP) and Border Gateway Protocol (BGP).

 

EGP

  • Exterior Gateways Protocol supported by software
  • Exchange information between different Autonomous Systems
  • Usually used only when connecting different companies or commercial services
  • EGP routers are called external routers
  • Exterior or interior neighbors
  • Cannot support a looped topology
  • Can only advertise one route to a given network
  • Difficult to switch to an alternate route if the primary route fails

 

BGP

  • Made EGP obsolete
  • Is an inter-AS routing protocol that exchanges network reachability information with other BGP speakers
  • Can support any policy conforming to the hop-by-hop routing paradigm
  • Implementation should allow an AS to:
    • Control announcements of the BGP learned routes to adjacent Ass
    • Prefer a particular path to a destination
    • Ignore routes with certain Ass in the AS_PATH path attribute

 

38

Describe other routing configurations.

 

Static Routing Configuration

  • Provides a means of explicitly defining the next hop from a router for a particular destination
  • Support following:
    • Type of service
    • Subnet mask
    • Prefix length
    • Metric specific to a given routing protocol that can input the route

 

Directed Broadcast Forwarding

  • Allows a remote system to send a single packet that will be broadcast on the network.

 

39

Compare RIP and OSPF.

 

OSPF considered superior to RIP for following reasons:

  • Support for large networks
  • Variable-length subnetting
  • Rapid convergence
  • Reduced internetwork traffic

 

 

 

40

Identify TCP/IP network design criteria.

 

Network Design

  • Drawn up in a diagram in form of logical network topology
  • Include design for hardware, connectivity, and services
  • Must also take into account for communications, functions, and security unique to IP protocol
  • Purpose of design:
    • Serves as a vehicle for planning ahead before setting up an IP network
    • For evaluating an existing network, so you can avoid problems and limitations
  • Allows you to ensure that your IP network will have:
    • Manageable IP addressing
    • Efficient routing
    • Scalability
    • Overall management
    • An appropriate level of network security
    • Remote network access, if necessary

Parts of an IP Network Design

  • Should contain diagrams indicating placement of servers, DHCP servers, workstations, printers, cabling, switches, hubs, and routers
  • If connected to Internet, include firewalls, web servers, and DNS servers
  • The IP addressing scheme must also be indicated on design

A Design Approach

  • Top-Down
  • First concern is business needs network being built on

 

41

Identify IP address management issues when planning a network design.

 

Assigning a Static IP Address

  • Always stays with the same node
  • Generally, preferred when a node is a router or server or another service-providing device

Subnetting

  • Creates extra level of control over address management

Supernetting

  • Rarely used in local network level
  • Helps contain routing table explosion due to excess Class C networks

Host Name Management

  • Made necessary to manage distribution of domain names and static host files

DHCP

  • Provides functions and reduced administrative workload:
    • Automatic allocation – assigns permanent address to host
    • Dynamic allocation – leased IP address assigned to node for limit of time
    • Manual allocation – host address manually configured by Network Administrator

DNS

  • Servers included in design:
    • Primary Name Server – maintains data for the zone it has authority over and answers queries for data.
    • Secondary Name Server – does not maintain data for zone, but copies data from Primary Server at startup, and gets updates.

42

Identify network design considerations involving routers.

 

Incorporate if you:

Need to connect dissimilar networks

  • Either topology or IP network address are connected via router. If not, use a bridge

Can Improve your design with routing

  • Network should be modular in design to allow scalability, performance, and manageability
  • Essentially comprised of smaller networks connected by routers

Can use routing to satisfy security needs

  • Can use routers to filter unwelcome traffic
  • Security check functions done at Network Layer

Need to connect networks over a WAN

  • If you have LANs distantly located away from central corporate
  • Can only be connected over a WAN link through a router

Distance Vector Protocol

  • Used with RIP/RIP II
  • Builds own routing table; broadcasts to neighbors
  • Finds lower-cost path (hops)
  • Overhead, slow convergence
  • Simple to implement
  • Requires little management

Link State Protocol

  • Used with OSPF
  • Only exchanges new information with routers
  • Ease to implement on larger internetworks
  • Fast convergence
  • Better performance

 

43

Identify scalability issues when planning a network design.

 

Physical Topology

  • Designed around users and types of things they need to be able to do
  • View your network as a collection of small and medium networks

Logical Topology

  • How you plan to assign addresses on your network
  • Modular approach

Public & Private Networks

  • (Public) – presents one IP address to the worldwide
  • (Private) – world cannot see IP address
  • 10-Netting
    • Is a Class A Network address
    • Contains 16+ million addresses
    • Reserved for private use
    • Adds security
    • Address is 10.0.0.0

NAT

  • Network address translation
  • Manages outbound traffic from host on private network by removing source IP address and replacing it with an official address that is permitted on Internet
  • Inbound traffic goes through reverse process 

44

Identify network management issues involved with planning a network design.

 

Low Traffic

  • One purpose of creating a network design before creating the network is avoiding network traffic congestion, often blamed on limited bandwidth
  • By using Top-Down design approach and a Modular Topology, you can accomplish goal

High Availability & Reliability

  • Must include both physical and logical redundancy in your design

Physical Redundancy

  • Most costly to provide because it requires redundant hardware (routers and switches) and redundant connectivity.
  • Can be expensive
  • Build a backbone with redundant switches and connections.

Logical Redundancy

  • Provided by using an appropriate routing protocol with re-routing capability
  • OSPF is used
  • Use in STAR or MESH topology

 

45

Identify remote network access methods.

 

Three (3) basic types:

  • Remote Application Packages
    • Application package that has remote access support built-in
  • Remote Control Access
    • User uses remote (offsite) PC as a long-distance clone of a PC or host in the office
    • Applications appear to be running on remote PC, but actually executing on the office PC
    • Only keyboard and screen updates being sent over phone lines
  • Remote Node Access
    • Remote PC becomes a workstation on the network, connected over a phone line by modem rather than NIC card.
    • Very slow
  • Hybrid Solutions
    • Combine remote control and remote node

 

                                                                PROS                        CONS

Remote Application                            Simple                           Limited to communications

                                                              Low Cost                        within the application

 

Remote Control                                  Good performance        High Cost

                                                             With many apps             limited security features

 

Remote Node                                      Cost effective                Poor performance with

                                                             Scalable                        data-intensive applications

 

 

 

 

46

Identify the symptoms and causes of various TCP/IP network errors.

 

ARP Problems

  • Used to resolve MAC address problems
  • ARP communication failed
  • No ARP reply
  • ARP values interpreted incorrectly

DNS Problems

  • Used to resolve processes using DNS servers
  • Wrong DNS server
  • DNS server down or unreachable
  • Incorrect entries in DNS Host Table
  • DNS/DHCP contradictions

DHCP Problems

  • Key components in creating dynamically configured TCP/IP network
  • Relay Agent requirement
  • Multiple DHCP Servers
  • Non-standard DHCP implementations
  • DHCP Server Down
  • Windows 95 Specific Address-Caching issues
  • DHCP Security problems
  • Unsupported DHCP Options

SLP Problems

  • Service Location Protocol
  • Provides service location through User Agents (UA), Service Agents (SA), and Directory Agents (DA)
  • Winsock version problems
  • Isolated User Agents
  • Incorrectly Identified Directory Agents

IP Problems

  • Addressing system used in IP networks
  • IP addressing problems:
    • Communication cannot be established
    • The client cannot initialize on the network
    • Routes are lost or unavailable
    • Bandwidth is wasted on unnecessary or misdirected traffic
  • Fragmentation not allowed
  • Time to Live (TTL) Faults
  • Unsupported Options

NTP Problems

  • Defines a cross-platform time synchronization system with a Primary Server synchronized to UTC via Global Positioning Service (GPS) receiver.
  • Time cannot be established
  • Time Is Out of Synchronization

 

 

 

 

 

 

 

 

 

NAT Problems

  • Enables you to maintain separate set of addresses and translate between those addresses when accessing the Internet
  • Dynamic Private Clients are Isolated
    • Configured improperly
    • Cannot communicate with NAT router
    • Router cannot communicate with publish network
    • Router is not default gateway for the client
  • Private Device Is Inaccessible
  • Local Network Services are Inaccessible

Security Problems

  • Many protocols in TCP/IP suite are open because of their trusting, unsecured, and unencrypted nature
  • Denial of Service
  • Eavesdropping
  • Impersonation
  • Packet modification and replay

Mixed Environment Problems

  • Non-standard stack implementations

Firewall Problems

  • Packet filtering drop-packets with destination port or address trouble
  • Over-reactive filtering
  • Improper filters

 

47

List the steps for TCP/IP error resolution.

 

Step 1 – Examine the communication process

Step 2 – Identify the possible points of failure

Step 3 – Develop a plan of action

Step 4 – Test your solution

Step 5 – Record your solution

 

 

 

 

 

 

 

 

 

 

 

48

Identify the purpose and functionality of troubleshooting tools.

 

Network Tools

  • Help gather information about the network configuration, status of communications and links within an internetwork
  • TCPCON – general TCP/IP stack configuration and performance statistics
  • PING – end-to-end connectivity test (menu-driven)
  • TPING – end-to-end connectivity test (command line)
  • IPTRACE – trace rout path test
  • DEBUG – communication dumps/recordings

Windows 95/98 & NT Tools

  • Basic tools used to isolate problems on network
  • WINIPCFG – local configuration information; enables refresh of IP address or renewal
  • IPCONFIG – NT equivalent of WINIPCFG, same functions
  • PING – used to query another IP device
  • ROUTE – looks at client, route tables to determine how to route packets to a remote destination
  • ARP – view local device’s ARP cache; used to force broadcast to resolve IP-to-Ethernet address
  • TRACE ROUTE (TRACERT) – determine path packet takes to get from A to B
  • NETSTAT – detail list of current protocol operations for TCP/IP connections

Unix & Linux Tools

  • TCPDUMP – command-line tool for monitoring network traffic.
  • TRACEROUTE – trace and print the route the packets travel from source to destination
  • ARPWATCH and ARPSNMP – monitor Ethernet or FDDI network traffic and build databases of Ethernet/IP address pairs
  • BIND-UTILS – for querying DNS name servers to find out information on Internet hosts
  • PING – ICMP echo test
  • WHOIS – query remote server database of domain or IP address registries
  • NSLOOKUP – query remote DNS server for DNS registry information
  • DIG (Domain Internet Groper) – send domain name query packets to any DNS name server in the Internet
  • IFCONFIG – used to obtain interface information such as packets received, packets sent, MTU, and metric

Protocol Analyzers

  • Capture packets off the cabling system and display conversations and individual packets in a readable format
    • Step 1 – access the network
    • Step 2 – capture the traffic
    • Step 3 – view the captured traffic
    • Step 4 – filter out and view just the needed traffic
    • Step 5 – document findings
  • Analyzer elements:
    • Pots
    • Decodes
    • Capture filters
    • Display filters (post-filters)
    • Gauges and graphs
    • Alarms and alarm thresholds
    • Trace buffer
  • Use of Protocol Analysis
    • Troubleshooting
    • Optimization
    • Planning and testing
  • Protocol Analyzer Types
    • Stand Alone – capture packets that cross wire to which analyzer connected
    • Distributed – captures packets on remote networks
    • Hardware and Software – LZFW, Sniffer Basic, ManageWise, Sniffer Pro
    • Analyzer Placement – hubbed or bridged networks, routed, or WAN links, Switched (includes hubout, analyzer agents, and port scanning or mirroring)
  • TCP/IP ToolKits – AGNet Tools, NPS NetScanTools Pro 2000
  • IP Addressing Calculators
  • Other Tools – Top MAC pairs, top senders/receivers; utilization, datalink errors; Token Rotation Time; response time, routing traffic efficiency; signal attenuation, crosstalk, cable lengths, cable faults
  • Shareware and Freeware

 

49

Troubleshoot TCP/IP protocol errors

 

  • Isolate the problem:
  • PING the URL, i.e., www.iana.org  Results: successful
  • Traceroute to www.iana.org.  Results: successful
  • Use NSLOOKUP to obtain the IP address for www.iana.org.  Results: 128.9.160.83
  • Portscan 128.9.160.83.  Results: HTTP port 80 is not active on the host.
  • You might need to use a variety of tools to isolate TCP/IP problems.