By Fatskills Exam Guides Team — the exam nerds behind 28,500+ quizzes and 2.1M practice questions across 500+ global exams.
The OSI Model is a framework for connecting multiple computers to each other. The ISO developed it and it has seven layers. The layers, listed from layer 1 to layer 7, are Physical, Data Link, Network, Transport, Session, Presentation, and Application. The TCP/IP Model (also called the TCP Model and the DoD Model) is similar to the OSI Model, but it has fewer layers. RFCs 1122 and 1123 identify four layers of the OSI Model, but some references identify five layers. Two important protocols operate on the Transport layer (layer 4). They are TCP and UDP. TCP is connection-oriented and establishes sessions with a three-way handshake. UDP is connectionless and doesn’t use a three-way handshake to establish a session. Instead, UDP uses its best effort to send the data. Other protocols can work with either TCP or UDP, depending on the protocol’s needs. For example, FTP uses TCP for guaranteed delivery, while TFTP uses UDP. Network configurations include bus, star, tree, token ring, and mesh. In a bus configuration, all devices share a common bus cable connection that has terminators at both ends. A bus is inexpensive to install but very difficult to troubleshoot, increasing the total cost of ownership. A star configuration is much more common and uses a central device such as a switch. All devices connect to each other via the central device in a star. A tree is a combination of bus and star topologies. A token ring configuration uses a logical token, and devices in the ring can transmit only when they have the token. Traditional token ring configurations are slower and don’t scale well. FDDI uses a token ring concept but adds a second ring for redundancy and has significantly higher speeds because it uses fiber-optic cables. Mesh networks have multiple redundant connections, connecting each device with all other devices, and they provide the highest availability. Network relationship types include peer-to-peer and client-server. Smaller networks use a peer-to-peer configuration and have decentralized authentication. Larger networks typically use a client-server configuration with centralized authentication. In a Microsoft environment, user accounts are maintained and managed on domain controllers. TCP/IP includes a full suite of protocols used by computers on the Internet and on many internal networks. The SSCP exam doesn’t expect you to be an expert on all the protocols within TCP/IP, but you should be familiar with many of them. DHCP provides IP addresses and other TCP/IP configuration information to hosts. ARP resolves IPv4 addresses to MAC addresses and must be running to transfer data on a network. RARP is similar to DHCP in that it provides IP addresses to clients with MAC addresses (also known as physical or hardware addresses). BootP provides diskless clients with an operating system. NDP is similar to ARP but resolves IPv6 addresses to EUI-64 addresses. DNS uses a hierarchical naming system with a distributed database to resolve host names to IP addresses. DNSSEC protects against DNS poisoning attacks using Resource Record Signatures (RRSIGs), which are similar to digital signatures. The digital signature provides authentication of the response, validating the integrity of the DNS response. ICMP is used for diagnostics. While it is useful when it is running, it is often disabled or blocked at firewalls to thwart attacks that use ICMP. IPv4 uses IGMP for multicasting, while IPv6 uses ICMPv6 for multicasting. SNMP is used to manage network devices. Agents receive data on UDP port 161 and send traps and other data over UDP port 162. FTP is efficient for sending large files, while TFTP is good for sending small files such as configuration files for network devices. FTP uses TCP ports 20 and 21, and supports authentication. TFTP uses UDP port 69 and does not include authentication. Both FTP and TFTP send data across a network in cleartext. Sending data over a network in cleartext is a security risk because an attacker with a sniffer can capture these transmissions and read the data. Several protocols, such as Telnet and rlogin, send credentials over a network in cleartext. SSH is a more secure alternative as it encrypts the transmissions using a combination of symmetric and asymmetric encryption for confidentiality. SSH uses hashing for integrity, and can use an authenticated tunnel for mutual authentication. SSH can also encrypt other protocols such as FTP (as SFTP) and Secure Copy. SSH uses TCP port 22. HTTP is the common protocol used to transfer web pages over the Internet. HTTPS encrypts e-commerce transactions with SSL or TLS. TLS is the designated replacement for SSL. HTTP uses TCP port 80 and HTTPS uses TCP port 443. Routers use routing protocols such as RIPv2 and OSPF to share information with each other. RIPv2 is good for smaller networks, while OSPF works better in larger networks. Both protocols operate on the Network layer. E-mail protocols include SMTP, POP3, and IMAP4. Clients send e-mail with SMTP and receive e-mail with POP3. IMAP4 allows clients to access and manipulate e-mail on a server, including organizing e-mail within folders. SMTP uses TCP port 25, POP3 uses TCP port 110, and IMAP4 uses TCP port 143. VPNs use tunneling protocols to protect data. PPTP and L2TP are two tunneling protocols, and both operate on the Data Link layer. PPTP provides encryption, while L2TP depends on IPsec for encryption. IPsec uses AH for authentication and integrity. IPsec ESP includes the functionality of AH and provides confidentiality by encrypting the data. AH uses protocol number 51, and ESP uses protocol number 50. TLS can also be used as a VPN tunneling protocol. Both TCP and UDP can use any of 65,536 ports (numbered from 0 to 65,535). Ports 0 to 1023 are well-known ports, and IANA maps them to specific protocols. For example, SSH uses port 22, HTTP uses port 80, and SMTP uses port 25. You should be able to identify the port used by many common protocols, in addition to the protocol numbers used by other protocols. Different network architectures provide different levels of trust. For example, an intranet is internal within an organization and provides a high level of trust. The Internet is external and has the least level of trust. A DMZ hosts Internet-facing servers that are accessible by anyone on the Internet, and an extranet hosts Internet-facing servers that are accessible only by trusted entities such as business partners. Internal clients use private IP addresses, and Internet hosts have public IP addresses. NAT translates IP addresses from public to private and from private back to public. Wireless networks (sometimes called WiFi networks) allow clients to connect using radio-wave transmissions. These radio-wave transmissions are the easiest to capture and intercept (compared to transmissions on wired networks), but some basic security steps can increase the security of a wireless network. WEP is older and should not be used. WPA was an interim replacement for WEP and was compatible with existing hardware. WPA2 is the permanent replacement and is formally defined by 802.11i. WPA originally used TKIP, but many WPA systems also support AES. WPA2 uses AES-based CCMP. Both WPA and WPA2 can use Personal mode (with a preshared key) or Enterprise mode. Enterprise mode requires an 802.1x authentication server. Smaller wireless devices use technologies such as Bluetooth, NFC, GSM, 3G, LTE, 4G, and WiMAX. Several methods protect these devices if they are lost. Methods include password-protecting the devices, encrypting data on them, using remote wipe to delete data on lost devices, and enabling GPS to locate lost devices.
Join 4M+ learners. Unlock unlimited quizzes, wrong-answer tracking, flashcards + reminders, study guides, and 1-on-1 challenges.