Network reference Models and Protocols.
OSI Model (Open system Interconnect Model).
The OSI Model contains seven different layers.
Technically this OSI Model is the ISO OSI Model (ISO + International Standards Organization) and they defined this OSI model.
Layer 1 Physical: Is the physical layer, and the physical layer is concerned about how to get data on the wire. We're talking about the individual bits, the ones and zeros. How do we electrically represent them or how do we optically represent them, if we're using fiber optics.
Layer 2 Data Link: Forwarding decisions based on an address that's burned in to the network interface card in a PC.
Layer 3 Network: Forwarding decision based on a logical address, such as an IP address.
Layer 4 Transport: TCP and UDP.
Layer 5 Session: Is responsible for setting up, maintaining, and then tearing down sessions.
Layer 6 Presentation: Concerned about how data is represented on the network.
Layer 7 Aplication: Is some sort of a network service that allows other desktop applications to take advantage of that service.
TCP/IP Model (DOD model / TCP/IP stack)
DOD = Department of Defense model
It's more IP-centric, the layers of the DoD Model can be mapped directly to one or more layers of the OSI Model.
Layer 1 Network Access: This encompasses both the Physical and the Data Link layers of the OSI Model.
Layer 2 Internet: Which is a direct correlation to the OSI Model's Network layer.
Layer 3 Transport: It's named the same as its corresponding layer over in the OSI Model.
Layer 4 Application: The Session, the Presentation, the Application were group together into this layer.
IP, ICMP, UDP, and TCP
IP: Internet Protocol (layer 3)
ICMP: Internet Control Message Protocol (layer 3), A really common use for ICMP is to do something called a ping, a ping can allow us to determine if our network device has reachability to another network device
UDP: User Data-ground protocol (Layer 4 of OSI model).
Is not considered to be reliable, a unit of data at layer four, it's called a segment, we send a UDP segment, and we hope it gets to its destination, but we have no guarantee that it got to its destination. There's no acknowledgement coming back from the far side.
TCP: Transmission Control Protocol (Layer 4 of OSI model)
Is reliable, it's called connection-oriented because we set up a connection and it can detect if we drop a segment.
A TCP session is set up using something called a three-way handshake:
step one : Send an asynchronization message (SY) to set up a session.
step two: The receiver need to send back an acknowledge message that it was received the SY message, and also a SY message is required from the receiver.
step three: An acknowledgement message for the SY
(2) SYN + ACK
TCP windowing : Once a TCP session is set up we can send varying amounts of data before expecting an acknowledgement.
Domain Name System (DNS)
Resolves a Fully-Qualified Domain Name (FQDN) to an IP address.
A DNS server can take a well-known name, which we call a fully qualified domain name, and map it to a corresponding IP address. A DNS server can take a well-known name, which we call a fully qualified domain name, and map it to a corresponding IP address.
well-known port for DNS is port 53 well-known port for DNS is port 53
Ports and Protocols
The applications that we use are generally associated with a port number. In fact, there's quite a collection of what are called well-known port numbers. A well-known port number is in the range of 1023 or less. But we also have port numbers that are not necessarily well-known. Those are in the range of 1024 and greater.
The following list have some of the more popular protocols. Notice on this table I've listed a protocol, its description, and what TCP or UDP port or ports it might be using.
File Transfer Protocol: Transfers files with a remote host (typically requires authentication of user credentials)
20 and 21
Secure Shell: Securely connect to a remote host (typically via terminal emulator)
Secure FTP: Provides FTP file-transfer service over an SSH connection
Secure Copy: Provides a a secure file-transfer service over SSH connection and offers a file's original date and time information, which is not available with SFTP
Telnet: Used to connect to a remote host (typically via a terminal emulator)
Simple Mail Transfer Protocol: Used for sending e-mail
Domain Name System: Resolves domain names to corresponding IP address
Trivial File Transfer Protocol: Transfer files with a remote host (does not require authentication of user credentials)
Dynamic Host Configuration Protocol: Dynamically assigns IP address information (for example, IP address, subnet mask, DNS server's IP address, and default gateway's IP address) to a network device
Hypertext Transfer Protocol: Retrieves content from a web server
Post Office Protocol version 3: Retrieves e-mail from an e-mail server
Network News Transport Protocol: Supports the posting and reading of articles on Usenet news servers
Network Time Protocol: Used by a network device to synchronize its clock with a time server ( NTP server)
Simple Network Time Protocol: Supports time synchronization among the network devices, similar to NTP, although SNTP uses a less complex algorithm in its calculation and is slightly less accurate than NTP
Internet Message Access Protocol version 4: Retrieves e-mail from an e-mail server
Lightweight Directory Access Protocol: provides directory services (for example, a user directory - including username, password, e-mail, and phone number information) to network clients
Hypertext Transfer Protocol Secure: Used to securely retrieve content from a web server
Remote Shell: Allows commands to be executed on a computer from a remote user
Real Time Streaming Protocol: Communicates with a media server (for example, a video server) and controls the playback of the server's media files
Remote Desktop Protocol: A Microsoft protocol that allows a user to view and control the desktop of a remote computer.
Protocol Data Units (PDUs)
Transport ----- Segments
Network ----- Packet (or Datagramas)
Data Link ----- Frames
Physical ----- Bits
Common Network Infrastructure Devices
Router: A Layer 3 device that can make forwarding decisions based on logical addresses (e.g. IP addresses).
Wide Area Network (WAN) Connection: A network connection that interconnects geographically separate networks.
Virtual Private Network (VPN): Allows a secure connection to be setup over an untrusted network (e.g. the Internet).
Wireless Access Point : Communicates with wireless devices (e.g. smart phones, printers, or laptops) and interconnects those devices with a wired network.
Ethernet Switch: A layer 2 device that makes forwarding decisions based on physical addresses (e.g. MAC addresses).
Media Access Control (MAC) Address: A 48-bit addressed burned into a NIC, typically written in hexadecimal notation.
Intrusion Prevention System (IPS): A sensor that sits in-line with network traffic, can recognize the signature of well-known attacks, and can stop those attacks.
Intrusion Detection System (IDS): A sensor that receives a copy of network traffic, can recognize the signature of well-known attacks, and can stop those attacks.
Firewall: A network device that uses a set of rules to determine what traffic to permit or deny between different portions (e.g. zones) of a network.
Demilitarized Zone (DMZ): The term typically given to a portion of a network that should be accessible by external devices (e.g. devices on the internet).
Firewall Router: A router configured to perform firewall functions, in addition to router functions.
Multilayer Switch: An Ethernet switch that can make forwarding decisions based on layer 3 (and Higher) information (e.g. IP address), like a router, and can also make decisions based on Layer 2 information (e.g. MAC addresses), like a layer 2 Ethernet switch.
Cache Engine: Locally stores content retrieved from a remote network (typically the internet), and sends that content to local devices requesting that content, thus saving bandwidth.
Network-Attached Storage (NAS) Device: A network appliance that makes storage resources (e.g. large, redundant hard drives) available to network clients.
A network device (Or software) that can help prevent malicious traffic from spreading into a secured area a network, through the use of rule set.
Packet Filter- A type of firewall that can permit or deny traffic based on information such as source and/or destination IP address and port numbers.
Stateful Firewall- A type of firewall that, in addition to permitting or denying traffic based on IP address and/or port number information, can inspect sessions and recognize return traffic for a session that was initiate from a trusted network.
Application Layer Firewall- A type of firewall that, in addition to inspecting sessions and permitting or denying traffic based on IP address and/or port number information, understands the nature of an application (e.g. its use of different protocols).
Wireless Access Points
Wireless Ad Hoc Network: Allows wireless devices to communicate with the one another without using a network infrastructure.
Autonomous APs: Wireless access points that are individually managed.
Lightweight APs: Wireless access points that are managed by a wireless LAN controller
Lightweight Access Point Protocol (LWAPP): A protocol used by a wireless LAN controller to communicate with the lightweight APs it manages. Note that many LWAPP deployments are being replaced with the newer Control and Provisioning of Wireless Access Points (CAPWAP) protocol, which performs a similar function.