Nama : Marlinda

Nim :D0219029
Kelas : Informatika C
Matkul : Keamanan jaringan

Tugas revew
Summary
 Views of the network: Small home network, SOHO (Small Office/Home Office),
Medium to large networks, World-widenetworks.
 Client-Server communications: Server stores corporate and user files, Client
devices access these files or services with clientsoftware.
 Web Client Server runs web server software and client uses browsersoftware.
 Email Client Server runs email serversoftware.
 Cybersecurity analysts must be able to determine the origin of traffic that enters
the network, and the destination of traffic that leaves it. Understanding the path
that network traffic takes is essential tothis.
 Protocol are the rules of communications. Network protocols provide the means
for computers to communicate onnetworks.
 TCP/IP protocol model (four layers): Application, Transport, Internet, and
Network AccessLayers.
 OSI model (seven layer model): Physical, Data Link, Network, Transport,
Session, Presentation,Application.
 Three important addresses are: Protocol address, Network host address and the
physicaladdress.
 Encapsulation includes Segmentation andMultiplexing.
 Ethernet Protocol operates at Layer 1 and 2 (Physical and Data) and is
responsible for data encapsulation, media access control and puts bits on the
medium.
 The Ethernet frame has 2 unique identifiers: Destination MAC address and
Source MACaddress.
 IPv4 characteristics include: connectionless, unreliable (best effort) and media
independent.
 IPv4 addresses are 32-bit and commonlysubnetted.
 Subnetting takes a network space and divides it into smaller spaces calledsubnets.
 The IPv4 Packet consists of fields containing important information about the
packet, including binary numbers examined by the Layer 3process.
 IP address is logically ANDed, bit by bit with subnetmask.
 IPv4 Address Classes are: Class A, Class B, Class C, Class D, ClassE.
 Private addresses are reserved and mostly used by organizations to assign IPv4 to
internalhosts.
 Host forwarding decision allows packet to be sent to 3 types of destinations: Itself,
Local Host and Remote Host.
 Three dotted decimal IPv4 addresses must be configured when assigning an IPv4
configuration to host: IPv4 address (unique IPv4 address of the host), subnet
mask (used to identify the network/host portion of the IPv4 address) and default
gateway (Identifies the local gateway to reach remotenetworks).
 IP Addressing can be configured manually or obtained automatically(DHCP).
 Depletion of IPv4 addresses has been a motivating factor to move to the IPv6
address (128 bitspace).
 ICMPv4 messages are used to provide feedback and troubleshoot network
problems.
 4 new protocols as part of the Neighbor Discovery Protocol (ND or NDP) are :
RS, RA, NS andNA.
 Ping is a testing utility that uses ICMP echo request and echo reply messages to
test connectivity between hosts to a LAN or to a remotehost.
 Traceroute provides information about the details of devices between the hosts
and generates a list of hops that were successfully reached along thepath.
 Two addresses assigned to an Ethernet device: MAC address (Layer 2 physical
address) and an IP address (Layer 3 logical address).
 When a device sends an Ethernet frame, it contains these two addresses:
destination MAC address and the source MACaddress.
 ARP function is used to resolve IPv4 addresses to MACaddresses.
 ARP messages are encapsulated within an Ethernet frame.
 Network hosts keep ARP tables that are held in memory called ARP cache and
age out of the table or are manuallyremoved.
 ARP Spoofing is a security risk, as it is a technique used by a hacker to reply to
an ARP request for an IPv4 address belonging to anotherdevice.
 The Transport Layer Protocol role in network communications is to track
individual conversations, move data between applications on the network devices,
segment and reassemble data, and identify applications using a portnumber.
 Socket Pairs are a combination of the source IP address and source port number
or combination of the destination IP address and destination portnumber.
 TCP/IP provides two transport layer protocols: Transmission Control Protocol
(TCP) and User Datagram Protocol(UDP).
 TCP and UDP manage multiple simultaneous conversations by using header
fields that can uniquely identify these applications. These unique identifiers are
the portnumbers.
 The combination of the source IP address and source port number, or the
destination IP address and destination port number is known as asocket.
 TCP connections are established using threesteps.
 UDP session reassembles the data in the order it was received and is assigned a
well-known portnumber.
 Dynamic Host Configuration Protocol (DHCP) provides IP addressing
information such as IP address, subnet mask, default gateway, DNS IP address
and domainname.
 Dynamic Name System (DNS) manages and provides domain names and
associated IPaddresses.
 The DNS consists of a hierarchy of generic top level domains (gTLD) which
consist of .com, .net, .org, .gov, .edu, and numerous country-level domains, such
as .br (Brazil), .es (Spain),.uk (UnitedKingdom)
 When the IP address of the mapping changes, the new mapping can be
propagated through the DNS almost instantaneously using DynamicDNS.
 WHOIS is a TCP-based protocol that is used to identify the owners of Internet
domains through the DNSsystem.
 Network Address Translation (NAT) is used within an organization or site and
allows the devices to communicate locally but needs to be translated by a NAT-
Enabled router to route to theInternet.
 File Transfer Protocol (FTP) is TCP-based and is more reliable thanTFTP.
 Trivial File Transfer Protocol (TFTP) is UDP-based and is fast butunreliable.
 Server Message Block (SMB) can start, authenticate, and terminate sessions,
control file and printer access, and allow an application to send or receive
messages to or from another device.
 Email supports three separate protocols for operation: Simple Mail Transfer
Protocol (SMTP), Post Office Protocol version 3 (POP3) andIMAP.
 Hypertext Transfer Protocol (HTTP) involves 3 steps: Client initiates HTTP
request to server, HTTP returns code for a webpage, and the browser interprets
HTML code and displays onwebpage.
 HTTP URLs can also specify the port on the server that should handle the HTTP
methods.
 When a client, typically a web browser, sends a request to a web server, it will
use one of six methods that are specified by the HTTP protocol: GET, POST,
PUT, DELETE, OPTIONS, andCONNECT.

New Terms
 Address Resolution Protocol(ARP)
 Applicationlayer
 ARP spoofing
 AuthoritativeServer
 Bootstrap Protocol(BOOTP)
 broadcast
 connectionless
 Data Linklayer
 defaultgateway
 destinationport
 DNS Zone
 Domain Name System(DNS)
 dotted-decimal
 Duplicate Address Detection(DAD)
 Dynamic DNS(DDNS)
 Dynamic Host Configuration Protocol(DHCP)
 Enhanced Interior Gateway Routing Protocol(EIGRP)
 Ethernet
 File Transfer Protocol(FTP)
 flowcontrol
 Fully Qualified Domain Name(FQDN)
 hextet
 Hypertext Transfer Protocol(HTTP)
 Internet Control Message Protocol(ICMP)
 Internet Message Access Protocol(IMAP)
 Internet Protocol(IP)
 Logical Link Control (LLC) sublayer
 maximum transmission unit(MTU)
 Media Access Control (MAC)sublayer
 multicast
 Multiplexing
 Neighbor Advertisement(NA)
 Neighbor Discovery Protocol (ND orNDP)
 Neighbor Solicitation(NS)
 Network Address Translation(NAT)
 Networklayer
 networkprotocol
 octet
 Open Shortest Path First(OSPF)
 Open Systems Interconnection (OSI) model
 Physicallayer
 ping
 Point-to-Point Protocol(PPP)
 Port Address Translation(PAT)
 Post Office Protocol version 3(POP3)
 Presentationlayer
 private IPv4 address
 protocol dataunit
 protocolsuite
 public IPv4 address
 Recursion
 RecursiveResolver
 Resolver
 Resource Record(RR)
 Round Trip Time(RTT)
 Router Advertisement(RA)
 Router Solicitation (RS)multicast
 Segmentation
 Server Message Block(SMB)
 Sessionlayer
 Simple Mail Transfer Protocol(SMTP)
 socket
 sourceport
 Stateless Address Autoconfiguration(SLAAC)
 subnetmask
 subnetting
 TCP/IP protocolsuite
 Time to Live(TTL)
 traceroute
 Transmission Control Protocol(TCP)
 Transportlayer
 Trivial File Transfer Protocol(TFTP)
 unicast
 Unreliable
 User Datagram Protocol (UDP)
 WHOIS
 windowsize

Cybersecurity Operations Certification

This chapter covers the following areas in the Cybersecurity Operations Certification:
From 210-250 SECFND - Understanding Cisco Cybersecurity Fundamentals:
 Domain 1: NetworkConcepts
1.1 Describe the function of the network layers as specified by the OSI and the
TCP/IP network models
 1.2 Describe the operation of the following protocols: IP TCP UDPICMP

1.3 Describe the operation of the following network services: ARP DNS
DHCP

1.4 Describe IP subnets and communication within an IP subnet and between

IPsubnets
1.5 Describe the following concepts as they relate to security monitoring:
Access Control List, NAT/PAT, Tunneling, TOR Encryption, P2P,
Encapsulation, LoadBalancing
 Domain 2: Network IntrusionAnalysis
2.1 Describe the fields in the following protocol headers as they relate to
intrusion analysis: IPv4, IPv6, UDP