Network Layer Protocol and Transport Layer Protocol Review

Application- end user, application firewall
Presentation
Session – SSL
Transport- TCP or UDP
Network – logical addressing (IP or IPX), icmp
Data-link – mac/ physical, switches
Physical – 0s,1s, cables and hubs
“All people seem to need data protection”
Open Systems Interconnection (OSI)
Is a theoretical way of classifying and talking about the complex process of sending data on a network. The OSI model divides the complex task of networking into various layers to facilitate the development of standards and to allow for interoperability between protocols and hardware components.
Application
(Layer 7)
The Application layer integrates network functionality into the host operating system, and enables network services. The Application layer does not include specific applications that provide services, but rather provides the capability for services to operate on the network.

The Application layer is associated with the data that is generated by a service or a protocol. A security device operating at the Application layer makes security decisions based on the actual data within a data stream.
An example of an application at this layer is an application proxy firewall. Functions defined by the Application layer include:

*Communication partner identification.

*Gateway services (protocol translation).

*Programming interfaces that allow services to operate and clients to access the service.

*Advertisement of networking services.

*Protocols associated with the Application layer include HTTP, TELNET, FTP, TFTP, and SNMP.

Presentation
(Layer 6)
The Presentation layer formats or “presents” data into a compatible form for receipt by the Application layer or the destination system. Specifically, the Presentation layer ensures:

*Formatting and translation of data between systems. Data format (file formats) such as JPEG, BMP, WMV, AVI, WAV, and MIDI are supported at this layer.

*Negotiation of data transfer syntax between systems, through converting character sets to the correct format.

*Encapsulation of data into message envelopes by encryption and compression.

*Restoration of data by decryption and decompression.

Session
(Layer 5)
The Session layer’s primary function is managing the sessions in which data is transferred. Functions at this layer include:

*Management of multiple sessions (each client connection is called a session). A server can concurrently maintain thousands of sessions.

*Assignment of the session ID number to each session to keep data streams separate.

*Negotiation of communication parameters to set up, maintain, and tear down a session.

*SSL is a protocol that operates at this layer.

Transport
(Layer 4)
The Transport layer provides a transition between the upper and lower layers of the OSI model, making the upper and lower layers transparent from each other. Functions defined by the transport layer include:

*Host and service identification through port and socket numbers.

*Breaking larger messages into segments and combining smaller messages.

*Recombining segments into the original message using segment sequencing.

*Ensuring reliable data transmissions (called connection-oriented services) using acknowledgements and other mechanisms. Connectionless services do not guarantee delivery, but are delivered with best-effort delivery, which results in low overhead.

*Controlling the information flow rate between sender and receiver.

*Using port numbers to identify source and destination upper-layer protocols.
Two protocols associated with the Transport layer are:

*The Transmission Control Protocol (TCP) provides services that ensure accurate and timely delivery of network communications between two hosts. TCP provides the following services to ensure message delivery:

*Sequencing of data packets
*Flow control
*Error checking

TCP is referred to as a connection-oriented protocol because it includes these delivery guarantees.

*The User Datagram Protocol (UDP) is similar to TCP, but does not include mechanisms for ensuring timely and accurate delivery. Because it has less overhead, it offers fast communications, but at the expense of possible errors or data loss. UDP is referred to as a connectionless protocol because it lacks these delivery guarantee mechanisms.

Network
(Layer 3)
The Network layer describes how data is routed across networks and on to the destination. Functions defined by the Network layer include:

*Definition of the logical host address, in the form of the IP address.

*Path identification and selection.

*Breaking larger segments into datagrams (also called packets).

Routers operate at the Network layer by reading the IP address in the packet to make forwarding decisions. Protocols associated with the Network layer include IP, IPX, and ICMP.

Data Link
(Layer 2)
The Data Link layer defines the rules and procedures for hosts as they access the Physical layer, including how multiple nodes share and coordinate the use of the same physical segment of the network. Functions defined by the Data Link layer include:

*Converting bits into bytes and bytes into frames.

*Physical addressing using the MAC address with Ethernet.

*Describing how messages travel through the network (logical topology).

*Controlling access to the transmission medium.

*Controlling the rate of data transmissions between intermediary devices (host-to-host flow control).

*Detecting, and in some cases, correcting errors in frames through parity or CRC.

*Employing protocols such as IBM’s Synchronist Data Link Control (SDLC) and ISO’s High-level Data Link Control (HDLC) to send data across a serial link.

Network interface cards (NICs) contain the MAC address and perform functions at the Data Link layer. Switches operate at the Data Link layer by reading the MAC address in a frame to make forwarding decisions.

Physical
(Layer 1)
The Physical layer sets standards for sending and receiving electrical signals between devices. Hubs operate at the physical layer because they simply forward electrical signals out all hub ports without interpreting the meaning of those signals that are present at higher layers. Cables are also associated with the Physical Layer. Functions defined by the Physical layer include:

*Details regarding the transmission medium, such as cable and connector specifications.

*Details about the electrical composition of signals as they pass through the transmission medium, such as voltage levels and synchronization.

*Specifications for the physical topology (layout) of network devices.
Standards that are associated with the Physical layer include EIA/TIA 232 (serial signaling), V.35 (modem signaling), Cat5 (cable specifications), and RJ45 (connector specifications).

Devices work at various layers of the OSI model:
*Gateways operate at the Application layer.

*Routers and most firewalls operate at the Network layer.

*Bridges, switches, and network interface cards (NICs) operate at the Data Link layer.

*As the name implies, Layer 3 switches operate at the Network layer and use switching technology for routing functions.

*Hubs and repeaters operate at the Physical layer.

IP Address
The IP address that is assigned is different than the MAC address. The MAC address is an OSI layer 2 address that is physically assigned in the firmware of the network interface card. Some interfaces will allow you to change the MAC address assigned to the card, but as a general rule it is static. The IP address is an OSI layer 3 address that is logically assigned to the host.
IPv4 address details:
*An IPv4 address is a 32-bit binary number between 0 and 255, represented as four octets (four 8-bit numbers). Each octet is separated by a period. IPv4 addresses can be represented in one of two ways:

*Decimal (for example 131.107.2.200).

*Binary (for example 10000011.01101011.00000010.11001000). In binary notation, each octet is an 8-character number.

To convert from binary to decimal and vice versa, memorize the decimal equivalent to the following binary numbers:
10000000 -> 128
01000000 -> 64
00100000 -> 32
00010000 -> 16
00001000 -> 8
00000100 -> 4
00000010 -> 2
00000001 -> 1
How to convert to binary:
Take each bit position with a 1 value and add the decimal values for that bit together. For example, the decimal equivalent of 10010101 is: 128 + 16 + 4 + 1 = 149
Subnet mask
A 32-bit number associated with each IPv4 address that identifies the network portion of the address.

*In binary form, the subnet mask is always a series of 1’s followed by a series of 0’s (1’s and 0’s are never mixed in sequence in the mask). A simple mask might be 255.255.255.0.

*In Classless Inter-Domain Routing (CIDR) form, the subnet mask appears as a slash (/) followed by the number of bits in the mask that are set to 1. A simple mask might be /24.

IP4 default address class : Class A
Address Range -> 1.0.0.0 to 126.255.255.255
First Octet Range -> 1-126
(00000001–01111110 binary)

Default Subnet Mask -> 255.0.0.0
CIDR Notation -> /8

IP4 default address class: : Class B
Address Range -> 128.0.0.0 to 191.255.255.255
First Octet Range -> 128-191
(10000000–10111111 binary)

Default Subnet Mask -> 255.255.0.0
CIDR Notation -> /16

IP4 default address class : Class C
Address Range -> 192.0.0.0 to 223.255.255.255
First Octet Range -> 192-223
(11000000–11011111 binary)

Default Subnet Mask -> 255.255.255.0
CIDR Notation -> /24

IP4 default address class : Class D
Address Range -> 224.0.0.0 to 239.255.255.255
First Octet Range -> 224-239
(11100000–11101111 binary)

Default Subnet Mask -> n/a
CIDR Notation -> n/a

IP4 default address class : Class E
Address Range -> 240.0.0.0 to 255.255.255.255
First Octet Range -> 240-255
(11110000–11111111 binary)

Default Subnet Mask -> n/a
CIDR Notation -> n/a

Network Address Translation (NAT) router
Translates multiple private addresses into the single registered IP address.
New IP addressing system named IP version 6 or IPv6
Used when IPv4 does not have enough unique IP address to meet growing demands. The IPv6 address is a 128-bit binary number. A sample IPv6 IP address looks like: 35BC:FA77:4898:DAFC:200C:FBBC:A007:8973.
Features of an IPv6 address:
*The address is made up of 32 hexadecimal numbers organized into 8 quartets.

*The quartets are separated by colons.

*Each quartet is represented as a hexadecimal number between 0 and FFFF. Each quartet represents 16-bits of data (FFFF = 1111 1111 1111 1111).

*Leading zeros can be omitted in each section. For example, the quartet 0284 could also be represented by 284.

*Addresses with consecutive zeros can be expressed more concisely by substituting a double-colon for the group of zeros. For example:

*FEC0:0:0:0:78CD:1283:F398:23AB

*FEC0::78CD:1283:F398:23AB (concise form)

*If an address has more than one consecutive location where one or more quartets are all zeros, only one location can be abbreviated. For example, FEC2:0:0:0:78CA:0:0:23AB could be abbreviated as:

*FEC2::78CA:0:0:23AB or
*FEC2:0:0:0:78CA::23AB
But not FEC2::78CA::23AB
*FEC2:0:0:0:78CA::23AB
But not FEC2::78CA::23AB

Part 1 of 128-bit address Prefix
The first 64-bits is known as the prefix.

*The 64-bit prefix can be divided into various parts, with each part having a specific meaning. Parts in the prefix can identify the geographic region, the ISP, the network, and the subnet.

*The prefix length identifies the number of bits in the relevant portion of the prefix. To indicate the prefix length, add a slash (/) followed by the prefix length number. Full quartets with trailing 0’s in the prefix address can be omitted (for example 2001:0DB8:4898:DAFC::/64).

*Because addresses are allocated based on physical location, the prefix generally identifies the location of the host. The 64-bit prefix is often referred to as the global routing prefix.

Part 2 of 128-bit address Interface ID
The last 64-bits is the interface ID. This is the unique address assigned to an interface.

*Addresses are assigned to interfaces (network connections), not to the host. Technically, the interface ID is not a host address.

*In most cases, individual interface IDs are not assigned by ISPs, but are rather generated automatically or managed by site administrators.

*Interface IDs must be unique within a subnet, but can be the same if the interface is on different subnets.

*On Ethernet networks, the interface ID can be automatically derived from the MAC address. Using the automatic host ID simplifies administration.

The IPv6 local loopback address for the local host :
0:0:0:0:0:0:0:1 (also identified as ::1 or ::1/128). The local loopback address is not assigned to an interface. It can be used to verify that the TCP/IP protocol stack has been properly installed on the host.
Subnetting
The process of dividing a large network into smaller networks. When you subnet a network, each network segment (called a subnet) has a different network address (also called a subnet address). In practice, the terms network and subnet are used interchangeably to describe a physical network segment with a unique network address.
Subnet physical standpoint
Subnetting is necessary because all network architectures have a limit on the number of hosts allowed on a single network segment. As your network grows, you will need to create subnets (physical networks) to:

*Increase the number of devices that can be added to the LAN (to overcome the architecture limits)

*Reduce the number of devices on a single subnet to reduce congestion and collisions

*Reduce the processing load placed on computers and routers

*Combine networks with different media types within the same internetwork (subnets cannot be used to combine networks of different media type on to the same subnet)

Subnetting is also used to efficiently use the available IP addresses.
Example: an organization with a class A network ID is allocated enough addresses for 16,777,214 hosts. If the organization actually uses only 10,000,000 host IDs, over 6 million IP addresses are not being used. Subnetting provides a way to break the single class A network ID into multiple network IDs.

*Subnetting uses custom rather than the default subnet masks. For example, instead of using 255.0.0.0 with a Class A address, you might use 255.255.0.0 instead.

*Using custom subnet masks is often called classless addressing because the subnet mask cannot be inferred simply from the class of a given IP address. The address class is ignored and the mask is always supplied to identify the network and host portions of the address.

*When you subnet a network by using a custom mask, you can divide the IP addresses between several subnets. However, you also reduce the number of hosts available on each network.

Class B subnet addresses
Network address
Default example 188.50.0.0
Custom example 188.50.0.0
Subnet mask
Default example 255.255.0.0
Custom example 255.255.255.0
# of Subnet addresses
Defualt example One
Custom example 254
# of hosts per subnet
Default example 65,534
Custom example 254 per subnet
Subnet Addresses
Default example 188.50.0.0 (only one)
Custom example 188.50.1.0
188.50.2.0
188.50.3.0
(and so on)

Host address ranges
Default example 188.50.0.1 to 188.50.255.254
Custom example 188.50.1.1 to 188.50.1.254
188.50.2.1 to 188.50.2.254
188.50.3.1 to 188.50.3.254
(and so on)

Classful addresses
IP addresses that use the default subnet mask. They are classful because the default subnet mask is used to identify the network and host portions of the address. Classless addresses are those that use a custom mask value to separate network and host portions of the IP address.
Classless addresses
made possible by a feature called Classless Inter-Domain Routing (CIDR). CIDR allows for non-default subnet masks (variable length subnet mask or VLSM). Routers use the following information to identify networks:

*The beginning network address in the range

*The number of bits used in the subnet mask

For example, the subnet 199.70.0.0 with a mask of 255.255.0.0 is represented as 199.70.0.0/16 (with 16 being the number of 1 bits in the subnet mask).

Which of the following best describes the purpose of using subnets?
Subnets divide an IP network address into multiple network addresses.
Which of the following is not a reason to use subnets on a network?
Subnets cannot be used to combine networks of different media type on to the same subnet. Each network with a distinct media type has its own subnet.
Which of the following IPv6 addresses is equivalent to the IPv4 loopback address of 127.0.0.1?
::1
The local loopback address is not assigned to an interface. It can be used to verify that the TCP/IP protocol stack has been properly installed on the host.
::
is the unspecified address (also identified ::/128) The unspecified address is used when there is no IPv6 address.
Which of the following best describes an IPv6 address?
Eight hexadecimal quartets
128 bit address
Which of the following correctly describe the most common format for expressing IPv6 addresses?
32 numbers, grouped using colons
Hexadecimal numbers
Which of the following are valid IPv6 addresses?
Both
6384:1319:7700:7631:446A:5511:8940:2552
141:0:0:0:15:0:0:1
Which of the following is a valid IPv6 address?
FEC0: AB: 9007 is a valid IPv6 address. The :: in the address replaces blocks of consecutive 0’s. The longer form of this address would be FEC0:: 0000:0000:0000:0000:0000:00AB:9007. Leading 0’s within a quartet can also be omitted.
Routers operate at what level of the Open System Interconnect model?
The network layer is where the primary network protocol resides. At this layer, routers are able to manage traffic based on the contents of the IP packet header.
You’ve decided to use a subnet mask of 255.255.192.0 on the 172.17.0.0 network to create four separate subnets. Which network IDs will be assigned to these subnets in this configuration?
172.17.0.0
172.17.128.0
In binary notation 172.17.0.0 can be viewed as 11111111.11111111.11000000.000000. Because the first two bits of the third octet are used for the network portion of the address, four subnets are possible:
172.17.0.0
172.17.64.0
172.17.128.0
172.17.192.0
Protocol
Protcols set of standards for communication between network hosts. Protocols often provide services, such as e-mail or file transfer. Most protocols are not intended to be used alone, but instead rely on and interact with other dependent or complimentary protocols.
Transmission Control Protocol (TCP)
TCP provides services that ensure accurate and timely delivery of network communications between two hosts. TCP is an OSI layer 4 (Transport layer) protocol. TCP is connection-oriented which means that it provides a guaranteed delivery of data between hosts through the following services:

*Sequencing of data packets

*Flow control

*Error checking
The TCP three-way handshake is the process used to establish a TCP session.

The steps to a TCP three-way handshake process are:

1.A host sends a SYN packet to the target host.

2.The target host responds to the original host with a SYN ACK packet.

3.The host responds to the target host with an ACK packet.

User Datagram Protocol (UDP)
UDP is a host-to-host protocol like TCP. However, UDP is connectionless, which means that it does not include mechanisms for ensuring timely and accurate delivery, but uses a best effort delivery. Because it has less overhead, it offers fast communications, but at the expense of possible errors or data loss.
Internet Protocol (IP)
IP is an OSI layer 3 protocol that is connectionless and relies on upper layer protocols like TCP to ensure delivery and connection orientation.
Internetwork Packet Exchange (IPX)
IPX is an older protocol used with older Novell networks. IPX has been replaced with TCP/IP in newer versions of NetWare. Unless you are running a version of NetWare that does not support TCP/IP, or are using applications that rely on IPX, you should disable IPX to eliminate attacks against IPX on your network.
Network Basic Input/Output System (NetBIOS)
NetBIOS is the term used to describe the combination of two protocols: NetBEUI and NetBIOS. Because NetBIOS is a non-routable protocol, it was often combined with TCP/IP or IPX/SPX to enable internetwork communications.

*NetBIOS was used in early Windows networks.

*Beginning with Windows 2000, NetBIOS is no longer required.

*NetBIOS might be needed if the network includes clients running previous versions of Windows.

Internet Control Message Protocol (ICMP)
ICMP is commonly used for troubleshooting and information gathering. ICMP works closely with IP in providing error and control information, and by allowing hosts to exchange packet status information which helps move the packets through the internetwork. Two common management utilities use ICMP messages to check network connectivity.

*ping is an ICMP Echo Request and once executed should initiate an Echo Reply to the source from the target device. Ping can be used to determine whether devices are reachable and can communicate across the network.

*traceroute determines how many routers (hops) are between the source and the target in addition to determining timeout response values for each router.

ICMP also works with IP to send notices when destinations are unreachable and when devices’ buffers overflow. ICMP messages are used to determine the route and hops packets take through the network and whether devices can communicate across the network.

Address Resolution Protocol (ARP)
ARP provides IP address-to-MAC address name address resolution. Using ARP, a host that knows the IP address of a host can discover the corresponding MAC address.
Domain Name System (DNS)
DNS is a hierarchical, distributed database that maps logical host names to IP addresses. For example, the namewww.mydomain.com would be identified with a specific IP address. When you use the host name of a computer (for example if you type a URL such as www.mydomain.com), your computer uses the following process to find the IP address.

1.The host looks in its local cache to see if it has recently resolved the host name.

2.If the information is not in the cache, it checks the Hosts file. The Hosts file is a static text file that contains hostname-to-IP address mappings.

3.If the IP address is not found, the host contacts its preferred DNS server. If the preferred DNS server can’t be contacted, it continues contacting additional DNS servers until one responds.

4.The host sends the name information to the DNS server. The DNS server then checks its cache and Hosts file. If the information is not found, the DNS server checks any zone files that it holds for the requested name.

5.If the DNS server can’t find the name in its zones, it forwards the request to a root zone name server. This server returns the IP address of a DNS server that has information for the corresponding top-level domain (such as .com).

6.The first DNS server then requests the information from the top-level domain server. This server returns the address of a DNS server with the information for the next highest domain. This process continues until a DNS server is contacted that holds the necessary information.

7.The DNS server places the information in its cache and returns the IP address to the client host. The client host also places the information in its cache and uses the IP address to contact the desired destination device.

Simple Network Management Protocol (SNMP)
SNMP is a protocol designed for managing complex networks. SNMP lets network hosts exchange configuration and status information. This information can be gathered by management software and used to monitor and manage the network. SNMP uses the following components:

*A manager is the computer used to perform management tasks. The manager queries agents and gathers responses.

*An agent is a software process that runs on managed network devices. The agent communicates with the manager and can send dynamic messages to the manager.

*The management information base (MIB) is a database of host configuration information. Agents report data to the MIB, and the manager can then view information by requesting data from the MIB.

*A trap is an event configured on an agent. When the event occurs, the agent logs details regarding the event.
SNMP version 2 added some security features, but most security comes with SNMP version 3. SNMP version 3 adds the following:

*Authentication for agents and managers.

*Encryption of SNMP information.

*Message integrity to ensure that data is not altered in transit.

Ports
Logical connections, provided by the TCP or UDP protocols at the Transport layer, for use by protocols in the upper layers of the OSI model. The TCP/IP protocol stack uses port numbers stored in the TCP or UDP header to determine what protocol incoming traffic should be directed to. Some characteristics of ports are listed below:

*Ports allow a single host with a single IP address to run multiple network services. Each port number identifies a distinct service.

*Each host can have over 65,000 ports per IP address.

*Port use is regulated by the Internet Corporation for Assigning Names and Numbers (ICANN).

Corporation for Assigning Names and Numbers (ICANN). ICANN specifies three categories for ports:
*Well-known ports range from 0 to 1023 and are assigned to common protocols and services.

*Registered ports range from 1024 to 49151 and are assigned by ICANN to a specific service.

*Dynamic (also called private or high) ports range from 49,152 to 65,535 and can be used by any service on an ad hoc basis. Ports are assigned when a session is established, and released when the session ends.

Ports 20 TCP
21 TCP
File Transfer Protocol (FTP)
Ports 22 TCP and UDP
Secure Shell (SSH)
SSH File Transfer Protocol (SFTP)
Secure Copy (SCP)
Port 23 TCP
Telnet
Port 25 TCP
Simple Mail Transfer Protocol (SMTP)
Ports 49 TCP and UDP
Terminal Access Controller Access-Control System (TACACS)
Port *IP protocol number 50
Encapsulating Security Payload (ESP) (used with IPSec)
Port *IP protocol number 51
Authenticating Header (AH) (used with IPSec)
Ports 53 TCP and UDP
Domain Name Server (DNS)
Ports 67 UDP
68 UDP
Dynamic Host Configuration Protocol (DHCP)
Port 69 UDP
Trivial File Transfer Protocol (TFTP)
Port 80 TCP
HyperText Transfer Protocol (HTTP)
Port 88 TCP
Kerberos
Port 110 TCP
Post Office Protocol (POP3)
Port 119 TCP
Network News Transport Protocol (NNTP)
Port 123 UDP
Network Time Protocol (NTP)
Ports 135 TCP
137 and 138 TCP and UDP
139 TCP
Network Basic Input/Output System (NetBIOS)
Ports 143 TCP and UDP
Internet Message Access Protocol (IMAP4)
Ports 161 TCP and UDP
162 TCP and UDP
Simple Network Management Protocol (SNMP)
Ports 389 TCP and UDP
Lightweight Directory Access Protocol (LDAP)
Ports 443 TCP and UDP
HTTP with Secure Sockets Layer (SSL/TLS) (HTTPS)
Port 445 TCP
Windows 2000 CIFS/SMB (file access)
Port 500 UDP
Internet Key Exchange (IKE) (used with IPSec)
Ports 636 TCP and UDP
Lightweight Directory Access Protocol over TLS/SSL (LDAPS)
Ports 989 TCP and UDP
990 TCP and UDP
FTP Secure (FTPS or FTP over SSL/TLS)
Port 1701 UDP
Layer 2 Tunneling Protocol (L2TP)
Ports 1723 TCP and UDP
Point-to-Point Tunneling Protocol (PPTP)
Ports 1812 TCP and UDP
1813 TCP and UDP
Remote Authentication Dial In User Service (RADIUS)
Port 3389 TCP
Remote Desktop Protocol (RDP)
Be aware of the following regarding ports:
*Attackers use port scanning software to identify open ports, then focus their attacks on services that use those ports.

*Configure a firewall to open (allow) or block ports through the firewall or on a device.

*As a best practice, only open the necessary ports. For example, if the server is only being used for e-mail, then shut down ports that correspond to FTP, DNS, and HTTP (among others).

*For auditing purposes, you can use a port scanner to check systems and firewalls for open ports.

*Use netstat -a to view a list of opened ports on a system.

*Use a port scanning tool such as Nmap to scan for open ports on local and remote systems.

You have been using SNMP on your network for monitoring and management. You are concerned about the security of this configuration. What should you do?
Implement version 3 of SNMP
You want to implement a protocol on your network that allows computers to find the IP address of a host from a logical name. Which protocol should you implement?
DNS
Which of the following protocols allows hosts to exchange messages to indicate problems with packet delivery?
ICMP
You are configuring a network firewall to all SMTP outbound e-mail traffic, and POP3 inbound e-mail traffic. Which of the following TCP/IP ports should you open on the firewall?
25
110
Which port number is used by SNMP?
161
Which of the following ports does FTP use to establish sessions and manage traffic?
20
21
Using the Netstat command, you notice that a remote system has made a connection to your Windows Server 2008 system using TCP/IP port 21. Which of the following actions is the remote system most likely to be performing?
Downloading a file
To increase security on your company’s internal network, the administrator has disabled as many ports as possible. Now, however, though you can browse the Internet, you are unable to perform secure credit card transactions. Which port needs to be enabled to allow secure transactions?
443
Which of the following network services or protocols uses TCP/IP port 22?
SSH
SNMP
161 TCP and UDP
SSH
22 TCP and UDP
TFTP
69 UDP
SCP
22 TCP and UDP
Tellnet
23 TCP
HTTPS
443 TCP and UDP
HTTP
80 TCP
FTP
20 TCP
SMTP
25 TCP
POP3
110 TCP
Which two of the following lists accurately describes TCP and UDP?
UDP: connectionless, unreliable, unsequenced, low overhead
TCP: conncetion-ortiented, reliable, sequenced, high overhead.
You are an application developer creating applications for a wide variety of custoers. In which two of the following situations would you select a connectionless protocol?
A gaming company wants to create a networked version of its latest game. Communication speed and reducing packet overhead are more important thatn error-free delivery.
A company connects two networks through an expensive WAN link. The communication media is reliable, but very expensive. They want to minimize connection times.
You want to maintain tight security on your internal network so you restrict access to the network through certain port numbers. If you want to allow users to continue to use DNS, which port should you enable?
53
Your company’s network provides HTTP, HTTPS and SSH access to remote employees. Which ports must be opened on the firewall to allow this traffic to pass?
80, 443, 22
Your network recently experienced a series of attacks aimed at the Telnet and FTP services. You have rewritten the security policy to abolish the unsecured services, and not you must secure the network using your firewall and routers. Which ports must be closed to prevent traffic directed to these two services?
23,21