CISSP For Dummies

2017-07-07 02:10:07

In 1984, the International Standards Organization (ISO) adopted the Open Systems Interconnection (OSI) Reference Model (or simply, the OSI model) to facilitate interoperability between network devices independent of the manufacturer. The OSI model defines standard protocols for communication and interoperability by using a layered approach. This approach divides complex networking issues into simpler functional components that help the understanding, design, and development of networking solutions and provides the following specific advantages:

It clarifies the general functions of a communications process instead of focusing on specific issues.

It reduces complex networking processes into simpler sublayers and components.

It promotes interoperability by defining standard interfaces.

It aids development by allowing vendors to change individual features at a single layer rather than rebuilding the entire protocol stack.

It facilitates easier (and more logical) troubleshooting.

The OSI model consists of seven distinct layers that describe how data is communicated between systems and applications on a computer network. (See Figure 5-1.)

Figure 5-1: The seven layers of the OSI model.

In the OSI model, data is passed from the highest layer (Application; Layer 7) downward through each layer to the lowest layer (Physical; Layer 1) and is then transmitted across the network medium to the destination node, where it’s passed upward from the lowest layer to the highest layer. Each layer communicates only with the layer immediately above and below it (adjacent layers). This communication is achieved through a process known as data encapsulation. Data encapsulation wraps protocol information from the layer immediately above in the data section of the layer immediately below. Figure 5-2 illustrates this process.

Figure 5-2: Data encapsulation in the OSI model.

Tip Try creating a mnemonic to recall the layers of the OSI model, such as: Adult People Should Try New Dairy Products for Application, Presentation, Session, Transport, Network, Data Link, and Physical.

Physical Layer (Layer 1)

The Physical Layer sends and receives bits across the network.

It specifies the electrical, mechanical, and functional requirements of the network, including topology, cabling and connectors, and interface types, as well as the process for converting bits to electrical (or light) signals that can be transmitted across the physical medium. Various network topologies, made from wires, cables, hubs, and other physical materials comprise the Physical Layer.

Network topologies

The three basic network topologies in common use at the Physical Layer today are bus, star, and ring. Although many variations of the four basic types (meshed, Fiber Distributed Data Interface [FDDI], star-bus, star-ring) exist, we stick to the basics here.

Bus

In a bus (or linear bus) topology, all devices are connected to a single cable (the backbone) that’s terminated on both ends. Bus networks are ideal for smaller networks because they’re inexpensive and easy to install. However, in a larger environment, they’re impractical because the media have physical limitations, the backbone is a single point of failure (a break anywhere on the network affects the entire network), and tracing a fault in a large network can be extremely difficult.

Star

In a star topology, each individual node on the network is directly connected to a central hub or concentrator. All data communications must pass through the hub, which can become a bottleneck or single point of failure. Star topologies are more expensive than bus topologies because of the additional hardware (hubs) and cable lengths. However, a star topology is ideal for larger environments and is the most common basic topology in use today. A star topology is also easy to install and maintain, and network faults are easily isolated without affecting the rest of the network.

Ring

A ring topology is a closed loop connecting end devices in a continuous ring. Functionally, this is achieved by connecting individual devices to a Multistation Access Unit (MSAU or MAU). Physically, this gives the ring topology the appearance of a star topology. Ring topologies are common in token-ring and FDDI networks.

Instant Answer Analog and digital signaling

Analogsignaling conveys information through a continuous signal by using variations of wave amplitude, frequency, and phase.

Digital signaling conveys information in pulses through the presence or absence (on-off) of electrical signals.

Cable and connector types

Cables carry the electrical or light signals that represent data between devices on a network. Signaling over cable medium is classified as either baseband or broadband. Baseband signaling uses a single channel for transmission of digital signals and is common in LANs using twisted pair cabling. Broadband signaling uses many channels over a range of frequencies for transmission of analog signals including voice, video, and data. The three basic cable types used in networks are coaxial, twisted pair, and fiber optic.

Coaxial cable

Using coaxial (abbreviated as coax and pronounced koh-axe) cable was very common in the early days of LANs and is rebounding (sort of) with the emergence of broadband networks. Coax cable consists of a single, solid copper-wire core, surrounded by a plastic or Teflon insulator, braided-metal shielding, and (sometimes) a metal foil wrap, all covered with a plastic sheath. This construction makes the cable very durable and resistant to Electromagnetic Interference (EMI) and Radio Frequency Interference (RFI) signals.

Coax cable comes in two flavors, thick and thin:

Thick: Also known as RG8 or RG11 or thicknet. Thicknet cable uses a screw-type connector, known as an Attachment Unit Interface (AUI).

Thin: Also known as RG58 or thinnet. Thinnet cable is typically connected to network devices by using a bayonet-type connector, known as a BNC connector.

Twisted pair cable

Twisted pair cable is the most popular LAN cable in use today because it’s lightweight, flexible, inexpensive, and easy to install. One easily recognized example of twisted pair cable is common telephone wire. Twisted pair cable consists of copper-wire pairs that are twisted together to improve the transmission quality of the cable. Currently, seven classes of twisted pair cable are defined. However, only CAT-5, CAT-5e, and CAT-6 cable are typically used for networking. Read through Table 5-1 for the lowdown.

Table 5-1: Twisted Pair Cable Classes
Open table as spreadsheet
Classes	Use	Example
1	Voice only	Telephone
2	Data (up to 4 Mbps)	Token-ring at 4 Mbps
3	Data (up to 10 Mbps)	Ethernet
4	Data (up to 20 Mbps)	Token-ring at 16 Mbps
5	Data (up to 100 Mbps)	Fast Ethernet
5e	Data (up to 1000 Mbps @ 100 MHz)	Gigabit Ethernet
6	Data (up to 1000 Mbps @ 250 MHz)	Gigabit Ethernet

Twisted pair cable can be either unshielded (UTP) or shielded (STP). UTP cabling is more common because it’s easier to work with and less expensive than STP. STP is used when RFI or EMI is a major concern.

Twisted pair cable is terminated with an RJ-type terminator. The three common types of RJ-type connectors are RJ-11, RJ-45, and RJ-49. Although these connectors are all similar in appearance (particularly RJ-45 and RJ-49), only RJ-45 connectors are used for LANs. RJ-11 connectors are used for analog phone lines, and RJ-49 connectors are commonly used for Integrated Services Digital Network (ISDN) lines and WAN interfaces.

Fiber optic cable

Fiber optic cable, the most expensive type of network cabling - but also the most reliable - is typically used in backbone networks and high-availability (FDDI) networks. Fiber optic cable carries data as light signals rather than as electrical signals. Fiber optic cable consists of a glass core or bundle, a glass insulator (commonly known as cladding), Kevlar fiber strands (for strength) and a polyvinyl chloride (PVC) or Teflon outer sheath. Advantages of fiber optic cable include higher speeds, longer distances, and resistance to interception and interference. Fiber optic cable is terminated with an SC-type, ST-type, or LC-type connector.

See Table 5-2 for a comparison of the various cable types and their characteristics.

Table 5-2: Cable Types and Characteristics
Open table as spreadsheet
Cable Type	Ethernet Designation	Maximum Length	EMI/RFI Resistance
RG58 (Thinnet)	10Base2	185 meters	Good
RG8/11 (Thicknet)	10Base5	500 meters	Better
UTP	10/100/1000BaseT	100 meters	Poor
STP	10/100/1000BaseT	100 meters	Fair to good
Fiber optic	100BaseF	2,000 meters	Best (No effect)

Interface types

The interface between the Data Terminal Equipment (DTE) and Data Communications Equipment (DCE), which we discuss in the upcoming section “Networking equipment,” is specified at the Physical Layer.

Instant Answer Network topologies, cable and connector types, and interfaces are defined at the Physical Layer of the OSI model.

Common interface standards include

EIA/TIA-232: This standard supports unbalanced circuits at signal speeds of up to 64 Kbps (formerly known as RS-232).

EIA/TIA-449: A faster version of EIA/TIA-232, this standard supports longer cable runs and speeds of up to 2 Mbps.

V.24. CCITT: (Formerly ITU-T.) This standard is essentially the same as the EIA/TIA-232 standard.

V.35. CCITT: (Formerly ITU-T.) This standard describes a synchronous communications protocol between network access devices and a packet network with speeds of up to 48 Kbps.

X.21bis. CCITT: (Formerly ITU-T.) This standard defines the communications protocol between DCE and DTE in an X.25 network. It is essentially the same as the EIA/TIA-232 standard.

High-Speed Serial Interface (HSSI): This network standard was developed to address the need for high-speed (up to 52 Mbps) serial connections over WAN links.

Networking equipment

Networking devices that operate at the Physical Layer include Network Interface Cards (NICs), network media (cabling/connectors/interfaces, which we discuss in the earlier section “Cable and connector types”), repeaters, and hubs.

Network Interface Cards (NICs) are used to connect a computer to the network. NICs may be integrated on a computer motherboard or installed as an adapter card, such as an ISA, PCI, or PC card.

A repeater is a nonintelligent device that simply amplifies a signal to compensate for attenuation (signal loss) and extend the length of the cable segment.

A hub (or concentrator) is used to connect multiple LAN devices together, such as servers and workstations. The two basic types of hubs are

Passive: Data enters one port and exits all other ports without any signal amplification or regeneration.

Active: Combines the features of a passive hub and repeater. Also known as a multi-port repeater.

A switch is used to connect multiple LAN devices together. Unlike a hub, a switch does not send outgoing packets to all devices on the network, but instead sends packets only to actual destination devices.

Data Link Layer (Layer 2)

The Data Link Layer ensures that messages are delivered to the proper device across a physical network link. This layer also defines the networking protocol (for example, Ethernet and token-ring) used for sending and receiving data between individual devices. The Data Link Layer formats messages from layers above into frames for transmission, handles point-to-point synchronization and error control, and can perform link encryption.

Cross-Reference We go into detail about link encryption in Chapter 8.

The Data Link Layer consists of two sublayers: the Logical Link Control (LLC) and Media Access Control (MAC) sublayers.

Instant Answer The Data Link Layer is responsible for ensuring that messages are delivered to the proper device across a physical network link.

The Logical Link Control (LLC) sublayer is defined in Institute of Electrical and Electronic Engineers (IEEE) standards 802.1 (Internetworking) and 802.2 (Logical Link Control). See Table 5-3 for more information about the IEEE 802 standards. The LLC sublayer operates between the Network Layer above and the MAC sublayer below. The LLC sublayer performs the following three functions:

Provides an interface for the MAC sublayer by using Source Service Access Points (SSAPs) and Destination Service Access Points (DSAPs).

Manages the control, sequencing, and acknowledgement of frames being passed up to the Network Layer or down to the Physical Layer.

Bears responsibility for timing and flow control. Flow control monitors the flow of data between devices to ensure that a receiving device, which may not necessarily be operating at the same speed as the transmitting device, is not overwhelmed.

Table 5-3: The IEEE 802 Standards
Open table as spreadsheet
Standard	Description
802.1	Internetworking
802.2	Logical Link Control (LLC)
802.3	Ethernet
802.4	Physical Bus
802.5	Token Ring
802.6	Metropolitan Area Networks (MANs)
802.7	Broadband Technical Advisory Group
802.8	Fiber Optic Technical Advisory Group
802.9	Integrated Voice/Data Networks
802.10	Network Security
802.11	Wireless Networks
802.12	High-speed Networks

The Media Access Control (MAC) sublayer is defined in IEEE standards 802.3 (Ethernet), 802.4 (Physical Bus), 802.5 (Token Ring), and 802.12 (High-speed Networks).

Instant Answer The Logical Link Control (LLC) and Media Access Control (MAC) are sublayers of the Data Link Layer.

The MAC sublayer operates between the LLC sublayer above and the Physical Layer below. It is primarily responsible for framing and performs the following three functions:

Cross-Reference Performs error control: Error control is performed by using a cyclic redundancy check (CRC). A CRC is a simple mathematical calculation or checksum used to create a message profile (analogous to a simple message digest, which we discuss in Chapter 8). The CRC is re-calculated by the receiving device. If the calculated CRC doesn’t match the received CRC, the packet is dropped and a request to resend is transmitted.

Identifies hardware device (or MAC) addresses: A MAC address (also known as a hardware address or physical address) is a 48-bit address that is encoded on each device by its manufacturer. The first 24 bits identify the manufacturer or vendor. The second 24 bits uniquely identify the device.

Controls media access: The three basic types of media access are as follows:
- Contention: In contention-based networks, individual devices must vie for control of the physical network medium. This type of network is ideally suited for networks characterized by small bursts of traffic. Ethernet networks use a contention-based method, known as Carrier-Sense Multiple Access Collision Detect (CSMA/CD), in which all stations listen for traffic on the physical network medium. If the line is clear, any station can transmit data. However, if another station attempts to transmit data at the same time, a collision occurs, the traffic is dropped, and both stations must wait a random period of time before attempting to re-transmit. Another slight variation of the CSMA/CD method, used in Apple LocalTalk networks, is known as Carrier-Sense Multiple Access Collision Avoidance (CSMA/CA).
- Token passing: In token-passing networks, individual devices must wait for a special frame, known as a token, before transmitting data across the physical network medium. This type of network is considered deterministic (transmission delay can be reliably calculated and collisions don’t occur) and is ideally suited for networks with large, bandwidth-consuming applications that are delay sensitive. Token Ring, FDDI, and ARCnet networks all use various token-passing methods for media access control.
- Polling: In polling networks, individual devices (secondary hosts) are polled by a primary host to see whether they have data to be transmitted. Secondary hosts can’t transmit until permission is granted by the primary host. Polling is typically used in mainframe environments.

Instant Answer The Logical Link Control (LLC) and Media Access Control (MAC) are sub-layers of the Data Link Layer.

LAN protocols and transmission methods

Common LAN protocols are defined at the Data Link (and Physical) Layer. They include the following:

ARCnet: The ARCnet protocol is one of the earliest LAN technologies developed. It transports data to the physical LAN medium by using the token-passing media access method that we discuss in the preceding section. It is implemented in a star topology by using coaxial cable. ARCnet provides slow but predictable network performance.

Ethernet: The Ethernet protocol transports data to the physical LAN medium by using CSMA/CD (which we discuss in the preceding section) and is designed for networks characterized by sporadic, sometimes heavy traffic requirements. Ethernet is the most common LAN protocol used today and is implemented in a bus topology over coaxial or twisted pair cabling (which we also discuss in the preceding section). Ethernet operates at speeds up to 10 Mbps. Two recent enhancements to the Ethernet protocol include Fast Ethernet (speeds up to 100 Mbps over CAT-5 twisted pair or fiber optic cabling) and Gigabit Ethernet (speeds up to 1000 Mbps over CAT-5e or CAT-6 twisted pair or fiber optic cabling).

Token-Ring: The Token-Ring protocol transports data to the physical LAN medium by using the token-passing media access method that we discuss in the preceding section. Originally developed by IBM, token-ring refers to both IBM Token-Ring and IEEE 802.5. All nodes are attached to a Multistation Access Unit (MSAU) in a logical ring (physical star) topology. One node on the token-ring network is designated as the active monitor and ensures that no more than one token is on the network at any given time. (Variations permit more than one token on the network.) If the token is lost, the active monitor is responsible for ensuring that a replacement token is generated. Token-ring networks operate at speeds of 4 and 16 Mbps.

Fiber Distributed Data Interface (FDDI): The FDDI protocol transports data to the physical LAN medium by using the token-passing media access method that we discuss in the preceding section. It’s implemented as a dual counter-rotating ring over fiber optic cabling at speeds up to 100 Mbps. All stations on a FDDI network are connected to both rings. During normal operation, only one ring is active. In the event of a network break or fault, the ring wraps back through the nearest node onto the second ring. See Figure 5-3.

Figure 5-3: An FDDI network example.

LAN data transmissions are classified as

Unicast: Packets are sent from the source to a single destination device by using a specific destination IP address.

Multicast: Packets are copied and sent from the source to multiple destination devices by using a special multicast IP address that the destination stations have been specifically configured to use.

Broadcast: Packets are copied and sent from the source to every device on a destination network by using a broadcast IP address.

Instant Answer LAN data transmissions are classified as unicast, multicast, or broadcast.

WLAN technologies and protocols

WLAN (wireless LAN) technologies function at the lower layers of the OSI Reference Model. WLAN protocols define how frames are transmitted over the airlink. See Table 5-4 for standard WLAN protocols.

Table 5-4: Wireless LAN Protocols
Open table as spreadsheet
Type	Speed	Description
802.11	1 Mbit/s	Legacy protocol
802.11b	11 Mbit/s	First widely used protocol
802.11a	54 Mbit/s	Operated in 5 GHz band (less interference)
802.11g	54 Mbit/s
802.11n	540 Mbit/s

WLAN networks were first encrypted with the WEP (Wired Equivalent Privacy) protocol, which was soon proven to be unsafe. New standards of encryption include WPA (WiFi protected access) and WPA2.

WAN technologies and protocols

WAN technologies function at the lower three layers of the OSI Reference Model (the Physical, Data Link, and Network Layers), primarily at the Data Link Layer. WAN protocols define how frames are carried across a single data link between two devices. These include

Point-to-point links: Provide a single, preestablished WAN communications path from the customer’s network, across a carrier network (such as a Public Switched Telephone Network [PSTN]), to a remote network. These include

Leased lines: A transmission line reserved by a communications carrier for the exclusive use of a customer. See Table 5-5 for standard leased line characteristics.

Table 5-5: Standard Leased Lines
Open table as spreadsheet
Type	Speed	Description
DS0	64 Kbps	Digital Signal Level 0. Framing specification used in transmitting digital signals over a single channel at 64 Kbps on a T1 facility.
DS1	T1 or E1	Digital Signal Level 1. Framing specification used in transmitting digital signals at 1.544 Mbps on a T1 facility (U.S.) or 2.108 Mbps on an E1 facility (E.U.).
DS3	44.736 Mbps	Digital Signal Level 3. Framing specification used in transmitting digital signals at 44.736 Mbps on a T3 facility.
T1	1.544 Mbps	Digital WAN carrier facility. Transmits DS1-formatted data at 1.544 Mbps.
T3	44.736 Mbps	Digital WAN carrier facility. Transmits DS3-formatted data at 44.736 Mbps.
E1	2.048 Mbps	Wide-area digital transmission scheme used primarily in Europe that carries data at a rate of 2.048 Mbps.
E3	34.368 Mbps	Wide-area digital transmission scheme used primarily in Europe that carries data at a rate of 34.368 Mbps.
OC-1	51.84 Mbps	SONET (Synchronous Optical Networking) Optical Carrier WAN specification
OC-3	155.52 Mbps	SONET
OC-12	622.08 Mbps	SONET
OC-48	2498.32 Mbps	SONET
OC-192	9953.28 Mbps	SONET

Serial Line IP (SLIP): The predecessor of Point-to-Point Protocol (PPP), SLIP was originally developed to support TCP/IP networking over low-speed asynchronous serial lines (such as dial-up modems) for Berkeley UNIX computers.

Point-to-Point Protocol (PPP): The successor to SLIP, PPP provides router-to-router and host-to-network connections over synchronous and asynchronous circuits. It is a more robust protocol than SLIP and provides additional built-in security mechanisms. PPP is far more common than SLIP in modern networking environments.

Circuit-switched networks: In a circuit-switched network, a dedicated physical circuit path is established, maintained, and terminated between the sender and receiver across a carrier network for each communications session (the call). This network type is used extensively in telephone company networks and functions similarly to a regular telephone call. Examples include

Integrated Services Digital Network (ISDN): ISDN is a communications protocol that operates over analog phone lines that have been converted to use digital signaling. ISDN lines are capable of transmitting both voice and data traffic. ISDN defines a B-channel for data, voice, and other services, and a D-channel for control and signaling information. Table 5-6 describes the two levels of ISDN service that are currently available.

Table 5-6: ISDN Service Levels
Open table as spreadsheet
Level	Description
Basic Rate Interface (BRI)	Two 64 Kbps B-channels and one 16 Kbps D-channel (maximum data rate of 128 Kbps)
Primary Rate Interface (PRI)	23 64 Kbps B-channels (U.S.) or 30 64 Kbps
	B-channels (E.U.) and 1 64 Kbps D-channel with a maximum data rate of 1.544 Mbps (U.S.) or 2.048 Mbps (E.U.)

With the introduction and widespread adoption of DSL, ISDN has largely fallen out of favor in the United States and is no longer available in many areas.

Digital Subscriber Lines (xDSL): xDSL uses existing analog phone lines to deliver high bandwidth connectivity to remote customers. Table 5-7 describes several types of xDSL lines that are currently available.

Table 5-7: xDSL Examples
Open table as spreadsheet
Type	Characteristics	Description
ADSL	Downstream rate: 1.5 to 9 Mbps Upstream rate: 16 to 640 Kbps Operating range: up to 14,400 feet	Asymmetric Digital Subscriber Line; designed to deliver higher bandwidth downstream (such as a central office to customer site) than upstream
SDSL	Downstream rate: 1.544 Mbps Upstream rate: 1.544 Mbps Operating range: up to 10,000 feet	Single-Line Digital Subscriber Line; designed to deliver high bandwidth both upstream and downstream over a single copper twisted pair
HDSL	Downstream rate: 1.544 Mbps Upstream rate: 1.544 Mbps Operating range: up to 12,000 feet	High-rate Digital Subscriber Line; designed to deliver high bandwidth both upstream and downstream over two copper twisted pairs; commonly used to provide local access to T1 services
VDSL	Downstream rate: 13 to 52 Mbps Upstream rate: 1.5 to 2.3 Mbps Operating range: 1,000 to 4,500 feet	Very-high Data-rate Digital Subscriber Line; designed to deliver extremely high bandwidth over a single copper twisted pair

Instant Answer Circuit-switched networks are ideally suited for always-on connections with constant traffic.

Packet-switched networks: In a packet-switched network, devices share bandwidth (by using statistical multiplexing) on communications links to transport packets between a sender and receiver across a carrier network. This type of network is more resilient to error and congestion than circuit-switched networks. We compare packet-switched and circuit-switched networks in Table 5-8. Examples of packet-switched networks include:

Table 5-8: Circuit Switching versus Packet Switching
Open table as spreadsheet
Circuit Switching	Packet Switching
Ideal for always-on connections, constant traffic, and voice communications	Ideal for bursty traffic and data communications
Connection-oriented	Connectionless-oriented
Fixed delays	Variable delays

X.25: The first packet-switching network, X.25 is a CCITT (formerly ITU-T) standard that defines how point-to-point connections between a DTE and DCE (which we discuss in the next section) are established and maintained. X.25 specifies the Link Access Procedure, Balanced (LAPB) protocol at the Data Link Layer and the Packet Level Protocol (PLP; also known as X.25 Level 3) at the Network Layer. X.25 is more common outside of the United States but is being superseded by Frame Relay.

Frame Relay: Frame Relay is a packet-switched, standard protocol that handles multiple virtual circuits by using High-level Data Link Control (HDLC) encapsulation (which we discuss later in this section) between connected devices. Frame Relay utilizes a simplified framing approach with no error correction and Data Link Connection Identifiers (DLCI) addressing to achieve high speeds across the WAN. Frame Relay can be used on Switched Virtual Circuits (SVCs) or Permanent Virtual Circuits (PVCs). An SVC is a temporary connection that’s dynamically created (circuit establishment phase) to transmit data (data transfer phase) and then disconnected (circuit termination phase). PVCs are permanently established connections. Because the connection is permanent, a PVC doesn’t require the bandwidth overhead associated with circuit establishment and termination.

Switched Multimegabit Data Service (SMDS): SMDS is a high-speed, packet-switched, connectionless-oriented, datagram-based technology available over public switched networks. Typically, companies that exchange large amounts of data bursts with other remote networks use it.

Asynchronous Transfer Mode (ATM): ATM is a very high-speed, low-delay technology that uses switching and multiplexing techniques to rapidly relay fixed-length (53-byte) cells containing voice, video, or data. Cell processing occurs in hardware that reduces transit delays. ATM is ideally suited for fiber optic networks with bursty applications.

Instant Answer Packet-switched networks are ideally suited for on-demand connections with bursty traffic.

Other WAN protocols: Two other important WAN protocols defined at the Data Link Layer include
- Synchronous Data Link Control (SDLC): The SDLC protocol is a bit-oriented, full-duplex serial protocol that was developed by IBM to facilitate communications between mainframes and remote offices. It defines and implements a polling media-access method, in which the primary (front-end) polls the secondaries (remote stations) to determine whether communication is required.
- High-level Data Link Control (HDLC): The HDLC protocol is a bit-oriented, synchronous protocol that was created by the ISO to support point-to-point and multipoint configurations. Derived from SDLC, it specifies a data encapsulation method for synchronous serial links and is the default for serial links on Cisco routers. Unfortunately, various vendor implementations of the HDLC protocol are incompatible.

Networking equipment at the Data Link Layer

Networking devices that operate at the Data Link Layer include bridges, switches, DTEs, and DCEs.

A bridge is a semi-intelligent repeater used to connect two or more (similar or dissimilar) network segments. A bridge maintains an Address Resolution Protocol (ARP) cache containing the MAC addresses of individual devices on connected network segments. When a bridge receives a data signal, it checks its ARP cache to determine whether the destination MAC address is on the local network segment. If it’s determined to be local, the data signal isn’t forwarded. However, if the MAC address isn’t local, the bridge forwards (and amplifies) the data signal to all other connected network segments. A serious networking problem associated with bridges is a broadcast storm, in which broadcast traffic is automatically forwarded by a bridge, thus effectively flooding a network.

A switch is essentially an intelligent hub that uses MAC addresses to route traffic. Unlike a hub, a switch transmits data only to the port connected to the destination MAC address. This transmission method creates separate collision domains (called network segments) and effectively increases the data transmission rates available on the individual network segments. Additionally, a switch can be used to implement Virtual LANs (VLANs) to logically segregate a network and limit broadcast domains. Switches are traditionally considered to be Layer 2 (or Data Link Layer) devices, although newer technologies allow switches to function at the upper layers including Layer 3 (the Network Layer) and Layer 7 (the Application Layer).

Asynchronous and synchronous communications

Asynchronous communication transmits data in a serial stream with control data (start and stop bits) embedded in the stream to indicate the beginning and end of characters. Asynchronous devices must communicate at the same speed, which is controlled by the slower of the two communicating devices. Because no internal clocking signal is used, parity bits are used to reduce transmission errors.

Synchronous communications utilize an internal clocking signal to transmit large blocks of data, known as frames. Synchronous communication is characterized by very high-speed transmission rates.

Data Terminal Equipment (DTE) is a general term used to classify devices at the user end of a user-to-network interface (such as computers). A DTE connects to Data Communications Equipment (DCE; also know as a Data Circuit-Terminating Equipment), which consists of devices at the network end of a user-to-network interface. The DCE provides the physical connection to the network, forwards network traffic, and provides a clocking signal to synchronize transmissions between the DCE and DTE. Examples of DCEs include NICs (Network Interface Cards), modems, and CSU/DSUs (Channel Service Unit/Data Service Unit).

Network Layer (Layer 3)

The Network Layer (Layer 3) provides routing and related functions that enable data to be transported between systems on the same network or on interconnected networks or internetworks. Routing protocols, such as the Routing Information Protocol (RIP), Open Shortest Path First (OSPF), and Border Gateway Protocol (BGP) are defined at this layer. Logical addressing of devices on the network is accomplished at this layer by using routed protocols, including the Internet Protocol (IP) and Internetwork Packet Exchange (IPX).

Instant Answer The Network Layer is primarily responsible for routing.

Internet Protocol (IP)

Internet Protocol (IP) contains addressing information that enables packets to be routed. IP is documented in RFC 791 and is part of the TCP/IP protocol suite, which is the language of the Internet. IP has two primary responsibilities:

Connectionless, best-effort delivery of datagrams

Fragmentation and reassembly of datagrams

IP Version 4 (IPv4), which is currently the most commonly used, uses a 32-bit logical IP address that’s divided into four 8-bit sections (octets) and consists of two main parts: the network number and the host number.

IP addressing supports five different address classes indicated by the high-order (left-most) bits in the IP address, as listed in Table 5-9.

Table 5-9: IP Address Classes
Open table as spreadsheet
Class	Purpose	High-Order Bits	Address Range	Maximum Hosts
A	Large networks	0	1 to 126	16,777,214 (224-2)
B	Medium networks	10	128 to 191	65,534 (216-2)
C	Small networks	110	192 to 223	254 (28-2)
D	Multicast	1110	224 to 239	N/A
E	Experimental	1111	240 to 254	N/A

Several IP address ranges are also reserved for use in private networks (for example, 10.x.x.x, 172.16.x.x to 172.31.x.x, and 192.168.x.x). These addresses aren’t routable on the Internet and are thus often implemented on firewalls and gateways by using Network Address Translation (NAT) to conserve IP addresses, mask the network architecture, and enhance security. NAT translates private, non-routable addresses on internal network devices to registered IP addresses when communication across the Internet is required.

IP Version 6 (IPv6) uses a 128-bit logical IP address and incorporates additional functionality to provide security, multimedia support, plug-and-play compatibility, and backward compatibility with IPv4. IPv6 hasn’t yet been widely implemented on the Internet.

Internetwork Packet Exchange (IPX)

Internetwork Packet Exchange (IPX) is a connectionless protocol used primarily in NetWare networks for routing packets across the network. It’s part of the IPX/SPX (Internetwork Packet Exchange/Sequenced Packet Exchange) protocol suite, which is analogous to the TCP/IP protocol suite.

The Network layer is also responsible for converting logical addresses into physical addresses.The Address Resolution Protocol (ARP) and Reverse Address Resolution Protocol (RARP) accomplish this.

Address Resolution Protocol (ARP)

The Address Resolution Protocol (ARP), defined in RFC 826, maps Network Layer IP addresses to MAC addresses. ARP discovers physical addresses of attached devices by broadcasting ARP query messages on the network segment. IP address to MAC address translations are then maintained in a dynamic table that is cached on the system.

Reverse Address Resolution Protocol (RARP)

The Reverse Address Resolution Protocol (RARP) maps MAC addresses to IP addresses. This is necessary when a system, such as a diskless machine, needs to discover its IP address. The system broadcasts a RARP message providing its MAC address and requests to be informed of its IP address. A RARP server replies with the requested information.

The Network Layer also defines a management protocol for IP known as the Internet Control Message Protocol (ICMP).

Internet Control Message Protocol (ICMP)

The Internet Control Message Protocol (ICMP) reports errors and other information back to the source regarding the processing of transmitted IP packets. ICMP is documented in RFC 792.

Common ICMP messages include Destination Unreachable, Echo Request and Reply, Redirect, and Time Exceeded. The Packet Internet Groper (PING) is a popular utility that uses ICMP messages to test the reachability of network device.

Networking equipment at the Network Layer

The primary networking equipment defined at Layer 3 are routers and gateways.

Routers

Routers are intelligent devices that link dissimilar networks and forward data packets based on logical or physical addresses to the destination network only (or along the network path). Routers consist of both hardware and software components and employ various routing algorithms (for example, RIP, OSPF, and BGP) to determine the best path to a destination based on different variables including bandwidth, cost, delay, and distance.

Gateways

Gateways are created with software running on a PC (workstation or server) or router. Gateways link dissimilar programs and protocols by examining the entire data packet to translate incompatibilities. For example, a gateway can be used to link an IP network to an IPX network or a Microsoft Exchange mail server to a Lotus Notes server (a mail gateway).

Transport Layer (Layer 4)

The Transport Layer (Layer 4) provides transparent, reliable data transport and end-to-end transmission control. The Transport Layer hides the details of the lower layer functions from the upper layers.

Specific Transport Layer functions include

Flow control: Manages data transmission between devices, ensuring that the transmitting device doesn’t send more data than the receiving device can process.

Multiplexing: Enables data from multiple applications to be transmitted over a single physical link.

Virtual circuit management: Establishes, maintains, and terminates virtual circuits.

Error checking and recovery: Implements various mechanisms for detecting transmission errors and taking action to resolve any errors that occur, such as requesting that data be retransmitted.

Instant Answer The Transport Layer is responsible for providing transparent, reliable data transport and end-to-end transmission control.

Two important host-to-host protocols defined at the Transport Layer include

Transmission Control Protocol (TCP): TCP is a full-duplex, connection-oriented protocol that provides reliable delivery of packets across a network. A connection-oriented protocol requires a direct connection between two communicating devices before any data transfer occurs. In TCP, this is accomplished via a three-way handshake. The receiving device acknowledges packets, and packets are retransmitted if an error occurs. The following characteristics and features are associated with TCP:
- Connection-oriented: Establishes and manages a direct virtual connection to the remote device.
- Reliable: Guarantees delivery by acknowledging received packets and requesting retransmission of missing or corrupted packets.
- Slow: Because of the additional overhead associated with initial handshaking, acknowledging packets, and error correction, TCP is generally slower than other connectionless protocols such as User Datagram Protocol (UDP).
Instant Answer TCP is a connection-oriented protocol.

User Datagram Protocol (UDP): User Datagram Protocol is a connectionless protocol that provides fast best-effort delivery of datagrams across a network. A connectionless protocol doesn’t guarantee delivery of transmitted packets (datagrams) and is thus considered unreliable. It doesn’t attempt to establish a connection with the destination network prior to transmitting data, acknowledge received datagrams, perform resequencing, and perform error checking or recovery. UDP is ideally suited for data requiring fast delivery, which is not sensitive to packet loss and doesn’t need to be fragmented. Examples of applications using UDP include Domain Name System (DNS), Simple Network Management Protocol (SNMP), and streaming audio or video. The following characteristics and features are associated with UDP:
- Connectionless: Doesn’t preestablish a communication circuit with the destination network.
- Best effort: Doesn’t guarantee delivery and is thus considered unreliable.
- Fast: Has no overhead associated with circuit establishment, acknowledgement, sequencing, or error checking and recovery.

Instant Answer UDP is a connectionless protocol.

Several examples of connection-oriented and connectionless protocols are identified in Table 5-10.

Table 5-10: Connection-oriented and Connectionless Protocols
Open table as spreadsheet
Protocol	Layer	Type
TCP (Transmission Control Protocol)	4 (Transport)	Connection-oriented
UDP (User Datagram Protocol)	4 (Transport)	Connectionless
IP (Internet Protocol)	3 (Network)	Connectionless
IPX (Internetwork Packet Exchange)	3 (Network)	Connectionless
SPX (Sequenced Packet Exchange)	4 (Transport)	Connection-oriented

Transport Layer security protocols include the following:

Cross-Reference Secure Shell (SSH and SSH-2): SSH provides a secure alternative to Telnet for remote access. SSH establishes an encrypted tunnel between the client and server and can also authenticate the client to the server. (For more on this and other encryption-related topics, read Chapter 8.)

Cross-Reference Secure Sockets Layer/Transport Layer Security (SSL/TLS): The SSL protocol, developed by Netscape in 1994, provides session-based encryption and authentication for secure communication between clients and servers on the Internet. SSL provides server authentication with optional client authentication, which we discuss further in Chapter 8.

Simple Key Management for Internet Protocols (SKIP): SKIP is similar to SSL but doesn’t require prior communication to establish a connection or exchange keys.

Session Layer (Layer 5)

The Session Layer (Layer 5) establishes, coordinates, and terminates communication sessions (service requests and service responses) between networked systems.

Instant Answer The Session Layer is responsible for establishing, coordinating, and terminating communication sessions.

A communication session is divided into three distinct phases, as follows:

Connection establishment: Initial contact between communicating systems is made, and the end devices agree upon communications parameters and protocols to be used, including the mode of operation:
- Simplex mode: In simplex mode, a one-way communications path is established with a transmitter at one end of the connection and a receiver at the other end. An analogy is an AM radio on which a radio station broadcasts music and the radio receiver can only receive the broadcast.
- Half-duplex mode: In half-duplex mode, both communicating devices are capable of transmitting and receiving but not at the same time. An analogy is a two-way radio in which a button must be pressed to transmit and then released to receive a signal.
- Full-duplex mode: In full-duplex mode, both communicating devices are capable of transmitting and receiving simultaneously. An analogy is a telephone with which you can transmit and receive signals (but not necessarily communicate) at the same time.

Data transfer: Information is exchanged between end devices.

Connection release: After data transfer is completed, end devices systematically end the session.

Some examples of Session Layer protocols include

Network File System (NFS): Developed by Sun Microsystems to facilitate transparent user access to remote resources on a UNIX-based network by using TCP/IP.

File transfer protocol (FTP): A program used to copy files from one system to another over a network.

Structured Query Language (SQL): Developed by IBM to provide users with a simplified method for defining its data requirements on both local and remote database systems.

Voice over IP (VoIP): VoIP transports various data types (such as voice, telephony, audio, and video) in IP packets providing major cost, interoperability, and performance benefits.

Remote Procedure Call (RPC): A client/server network redirection tool.

Procedures are created on clients and performed on servers.

Presentation Layer (Layer 6)

The Presentation Layer (Layer 6) provides coding and conversion functions that are applied to data being presented to the Application Layer (Layer 7). These functions ensure that data sent from the Application Layer of one system are compatible with the Application Layer of the receiving system.

Instant Answer The Presentation Layer is responsible for coding and conversion functions.

Tasks associated with this layer include:

Data representation: Use of common data representation formats (standard image, sound, and video formats) enable application data to be exchanged between different types of computer systems. Some examples include Graphics Interchange Format (GIF), Musical Instrument Data Interface (MIDI), and Motion Picture Experts Group (MPEG).

Character conversion: Information is exchanged between different systems by using common character conversion schemes, such as Extended Binary-Coded Decimal Interchange Mode (EBCDIC) or American Standard Code for Information Interchange (ASCII).

Data compression: Common data compression schemes enable compressed data to be properly decompressed at the destination.

Data encryption: Common data encryption schemes enable encrypted data to be properly decrypted at the destination.

Application Layer (Layer 7)

The Application Layer (Layer 7) is the highest layer of the OSI model. It supports the components that deal with the communication aspects of an application requiring network access and provides an interface to the user. That is, both the Application Layer and end user interact directly with the application.

The Application Layer is responsible for the following:

Identifying and establishing availability of communication partners

Determining resource availability

Synchronizing communication

Instant Answer The Application Layer is responsible for identifying and establishing availability of communication partners, determining resource availability, and synchronizing communication.

Don’t confuse the Application Layer with software applications such as Microsoft Word or WordPerfect. Applications that function at the Application Layer include operating systems (such as Windows and NetWare), OSI applications, such as File Transfer, Access, and Management (FTAM) and Virtual Terminal Protocol (VTP), and TCP/IP applications, including:

HyperText Transfer Protocol (HTTP): The language of the World Wide Web (WWW). Attacks typically exploit vulnerabilities in Web browsers or programming languages such as CGI, Java, and ActiveX. HTTP operates on TCP port 80.

Trivial File Transfer Protocol (TFTP): A lean, mean version of FTP without directory browsing capabilities or user authentication. Generally considered less secure than FTP, TFTP operates on UDP port 69.

Simple Mail Transfer Protocol (SMTP): Used to send and receive e-mail across the Internet. This protocol has several well-known vulnerabilities that make it inherently insecure. SMTP operates on TCP/UDP port 25.

Simple Network Management Protocol (SNMP): Used to collect network information by polling stations and sending traps (or alerts) to a management station. SNMP has many well-known vulnerabilities, including default clear-text community strings (passwords). SNMP operates on TCP/UDP port 161.

Telnet: Provides terminal emulation for remote access to system resources. Passwords are sent in clear text. Telnet operates on TCP/UDP port 23.

Application Layer security protocols include the following:

Cross-Reference Secure Multipurpose Internet Mail Extensions (S/MIME): S/MIME is a secure method of sending e-mail incorporated into several popular browsers and e-mail applications. We discuss this further in Chapter 8.

Privacy Enhanced Mail (PEM): PEM is a proposed IETF (Internet Engineering Task Force) standard for providing e-mail confidentiality and authentication. Read more about this in Chapter 8.

Secure Electronic Transaction (SET): The SET specification was developed by MasterCard and Visa to provide secure e-commerce transactions by implementing authentication mechanisms while protecting the confidentiality and integrity of cardholder data. Find more information on this in Chapter 8.

Secure HyperText Transfer Protocol (S-HTTP): S-HTTP is an Internet protocol that provides a method for secure communications with a Web server. S-HTTP is a connectionless-oriented protocol that encapsulates data after security properties for the session have been successfully negotiated. We discuss this further in Chapter 8.

Secure Remote Procedure Call (S-RPC): S-RPC is a secure client-server protocol that’s defined at the upper layers of the OSI model, including the Application Layer. RPC is used to request services from another computer on the network. S-RPC provides public and private keys to clients and servers by using Diffie-Hellman. (Read more about this in Chapter 8.) After initially authenticating, S-RPC operations are transparent to the end user.