Module 2: Basics of IP Addressing and the OSI Model 

by
Contents hide
1 INTRODUCTION – BASICS OF IP ADDRESSING AND THE OSI MODEL
2 BASICS OF IP ADDRESSING
3 TCP/IP LAYER 4, TRANSPORT LAYER OVERVIEW
4 TCP/IP LAYER 5, APPLICATION LAYER OVERVIEW
5 FIREWALLS, INTRUSION DETECTION AND INTRUSION PREVENTION SYSTEMS
6 CLUSTERING AND HIGH AVAILABILITY SYSTEMS
7 BASICS OF IP ADDRESSING AND THE OSI MODEL
8 CONCLUSION – Basics of IP Addressing and the OSI Model
Spread the love

INTRODUCTION – BASICS OF IP ADDRESSING AND THE OSI MODEL

A knowledge introduction to IP addressing and how it affects network traffic routing will be provided. Application and transport protocols will also be explored for a fuller understanding of their roles in network communication.

Gradually, more information will be acquired concerning firewalls and advanced concepts regarding Intrusion Detection and Intrusion Prevention Systems (IDS and IPS). Along with them would also be the concepts of high availability and clustering, which will help one establish a steady and sound network infrastructure.

Learning Objectives

  • Articulate how to achieve high availability through clustering.
  • Describe high availability in IT.
  • Describe the flow of packets through a next-generation firewall (NGFW).
  • Describe how NGFWs examine and deny intrusion compared with traditional firewalls.
  • Differentiate next-generation firewalls (NGFWs) from regular firewalls.
  • Determine valid and malicious uses of port mirroring.
  • Gather and visualize traffic flow statistics on routing devices with flow utilities including NetFlow.
  • Define Syslog protocol.
    Describe Dynamic Host Configuration Protocol (DHCP) and services it provides.
  • Describe the domain name system (DNS) and the services it provides.
  • Differentiate between the TCP and UDP transport layer protocols.
  • Contrast addresses of IPv4 and IPv6.
  • Explain the subnet mask and gateway.
  • Do IP addresses operate.
  • Explain the four-octet format of IPv4 and the five ranges defined in the classful addressing schema of IPv4.
  • Voltar numbers between binary, octal, decimal and hexadecimal number systems.

BASICS OF IP ADDRESSING

1. The binary (base 2) number “0101” is how much in decimal (base 10)?

  • 3
  • 5 (CORRECT)
  • 9
  • 1

Correct, 5

2. The IP address range goes from 0.0.0.0 to 255.255.255.255 and is known as the “four octets”. Why are these 4 numbers called octets?

  • They form a total of 8 subranges.
  • This was the eighth version of the IP address range to be adopted by the Internet Standards Committee (and the first to gain widespread acceptance.)
  • The inventor noted the similarity to the “octives” in piano music.
  • The number 255 in decimal takes up 8 digits in binary. (CORRECT)

Correct, it takes up 8 digits in binary.

3. How many octets are used to define the network portion of the IP address in a Class C network?

  • 0
  • 1
  • 2
  • 3 (CORRECT)

Correct, 3 octets.

4. True or False: A routable protocol is a protocol whose packets may leave your network, pass through your router, and be delivered to a remote network.

  • True (CORRECT)
  • False

Correct, A routable protocol is the kind that allows packets to cross routers and reach other networks beyond your own.

5. True or False: The destination address is defined in the packet header but the source address is in the packet footer.

  • True
  • False (CORRECT)

Correct, True or False: The header of the packet is not given the destination address, but in the packet footer, the source address is included.

6. Which network mask belongs to a Class A network?

  • 255.255.255.0
  • 255.0.0.0 (CORRECT)
  • 255.255.255.255
  • 0.0.0.0

Correct, network mask of a Class A network

7. IPv6 changes the IP address from a 32 bit address used in IPv4 to a 128 bit address. This results in which of the following?

  • Unicast
  • Broadcast
  • Simulcast
  • Multicast (CORRECT)

8. Which IPv4 addressing schema would you use to send a message to select group systems on the network?

  • Unicast
  • Broadcast
  • Simulcast
  • Multicast (CORRECT)

TCP/IP LAYER 4, TRANSPORT LAYER OVERVIEW

1. True or False: Utilities such as TFTP, DNS and SNMP utilize the UDP transport protocol.

  • True (CORRECT)
  • False

Correct, UDP is faster than TCP transport protocol performance.

2. True or False: The UDP transport protocol is faster than the TCP transport protocol.

    • True (CORRECT)
    • False

    Correct, The UDP transport protocol is faster than the TCP transport protocol.

3. Which four (4) of these are characteristic of the UDP transport protocol?

  • Ordered data; duplicate detection
  • Unreliable (CORRECT)
  • Connection-oriented
  • Flow control
  • Unordered data; duplicates possible (CORRECT)
  • Reliable
  • Connectionless (CORRECT)
  • No flow control (CORRECT)

Correct, you have 3 more to complete this question

TCP/IP LAYER 5, APPLICATION LAYER OVERVIEW

1. What is the primary function of DNS?

  • To convert MAC addresses to domain names and vice versa.
  • To translate domain names to IP addresses and vice versa. (CORRECT)
  • To filter out domains not authorized access to the local network.
  • To assign domain names to new endpoints.

Correct, To translate domain names to IP addresses and vice versa.

2. How does a new endpoint know the address of the DHCP server?

  • The endpoint sends an inquiry to the gateway and the gateway responds with the address of the DHCP server.
  • The DHCP server is always located on the gateway.
  • The endpoint sends a DHCP Discover broadcast request to all endpoints on the local network. (CORRECT)
  • The administrator must input the IP address of the DHCP server in the endpoint’s network configuration.

Correct, The DHCP Discover broadcast request which is sent by the endpoint is thus addressed to every device connected physically onto the local network.

3. Which Syslog layer contains the actual message contents?

  • Syslog Application
  • Syslog Content (CORRECT)
  • Syslog Message
  • Syslog Transport

Correct, Syslog Content

4. True or False: Setting the correct Syslog Severity Level on systems helps keep the Syslog server from being flooded by the millions of messages that could be generated by these systems.

  • True (CORRECT)
  • False

Correct, Therefore, correctly configuring the Syslog Severity Level prevents flooding the Syslog server with unnecessary messages from all connected systems.

5. True or False: The Syslog message typically includes the severity level, facility code, originator process ID, a time stamp, and the hostname or IP address of the originator device.

  • True (CORRECT)
  • False

Correct, Error Severity Level Codes Destination Facility Code Process ID Timestamp Hostname or IP Address of Source Device.

6. Why is port mirroring used?

  • To provide a stream of all data entering or leaving a specific port for debugging or analysis work. (CORRECT)
  • To make the network faster by providing two parallel ports through which data can flow.
  • To make the network more reliable by providing a redundant path for all traffic destined for a specific port.
  • To provide an independent data stream for when two processes must operate on the same incoming data.

Correct, To enable the jarring of incoming and outgoing data traffic at a particular port for debugging and analysis.

FIREWALLS, INTRUSION DETECTION AND INTRUSION PREVENTION SYSTEMS

1. What is the main difference between a Next Generation Firewall (NGFW) and a traditional firewall?

  • NGFW do essentially the same thing as traditional firewalls but can handle substantially more network traffic per firewall.
  • NGFW use sessions.
  • NGFW inspect both TCP and UDP traffic while traditional firewalls inspect TCP traffic only. (CORRECT)
  • NGFW inspect all 7 network layers.

Correct, NGFW use sessions.

2. True or False: Unlike traditional stateful firewalls, next-generation firewalls drill into traffic to identify the applications traversing the network.

  • True (CORRECT)
  • False

Correct, Next-generation firewalls do not only act as firewalls that would block or allow traffic according to pre-defined rules. In addition, they deep packet-inspect the payload that these packets carry, and in this way can identify applications passing through the network as of now.

3. What are the two (2) primary methods used by Intrusion Prevention Systems (IPS) to discover an exploit?

  • Layer interleave-based detection.
  • Signature-based detection. (CORRECT)
  • Statistical anomaly-based detection. (CORRECT)
  • Transport layer variance detection.

Partially correct, you need to select one more correct answer.

4. If your nontechnical manager told you that you must configure your traditional second-generation firewalls to block all users on your network from posting messages on Facebook from their office computers, how would you carry out this request?

  • You would have to block all social media access from your network.
  • You would have to block any IP addresses used by Facebook. (CORRECT)
  • You would have to block all HTTP traffic from entering or leaving your network.
  • Specific sites cannot be blocked using a traditional firewall.

CLUSTERING AND HIGH AVAILABILITY SYSTEMS

1. Which condition should apply in order to achieve effective clustering and failover among your firewalls?

  • The firewall hardware should be identical.
  • The firewall operating systems should be identical.
  • There should be direct connections between the primary and secondary nodes.
  • All of the above. (CORRECT)

Correct, all answers are valid.

BASICS OF IP ADDRESSING AND THE OSI MODEL

1. How would you express 15 in binary (base 2)?

  • 10000
  • 01010
  • 01111 (CORRECT)
  • 01001

2. How many octets are used to define the network portion of the IP address in a Class A network?

  • 0
  • 3
  • 2
  • 1 (CORRECT)

3. The device used to separate the network portion of an IP address from the host portion is called what?

  • The host mask.
  • The network separation filter.
  • The address filter.
  • The subnet mask. (CORRECT)

4. The IP header contains a time-to-live (TTL) value. How is this value expressed?

  • The number of delivery attempts that may be made before the packet is returned to the source address as undeliverable.
  • The number of seconds a packet may live if not delivered.
  • The number of minutes a packet may live if it is not delivered.
  • The number of Layer 3 devices (hubs, routers, etc.) the packet is allowed to pass through before it is dropped. (CORRECT)

5. Which is the host portion of this IP address 192.168.52.3/24?

  • 192.168.52
  • 24
  • 168.52.3
  • 3 (CORRECT)

6. Which network mask belongs to a Class C network?

  • 255.255.255.255
  • 255.0.0.0
  • 0.0.0.0
  • 255.255.255.0 (CORRECT)

7. Which IPv4 addressing schema would you use to send a message to all systems on the network?

  • Unicast
  • Multicast
  • Simulcast
  • Broadcast (CORRECT)

8. Which three (3) of the following are legitimate IPv6 addressing schemas?

  • Broadcast
  • Multicast (CORRECT)
  • Unicast (CORRECT)
  • Anycast (CORRECT)

Partially correct!

9. True or False: Utilities such as TFTP, DNS and SNMP utilize the TCP transport protocol.

  • True
  • False (CORRECT)

10. Which two (2) of these fields are included in a UDP header?

  • Source Port (CORRECT)
  • Source IP Address
  • Destination IP Address
  • Destination Port (CORRECT)

Partially correct!

11. Which four (4) of these are characteristic of the TCP transport protocol?

  • Unreliable
  • Connection-oriented (CORRECT)
  • Connectionless
  • Ordered data; duplicate detection (CORRECT)
  • Flow control (CORRECT)
  • Reliable (CORRECT)

Partially correct!

12. How does an endpoint know the address of the DNS server?

  • The endpoint sends out a DNS Discover broadcast request to all endpoints on the local network.
  • The endpoint sends an inquiry to the gateway and the gateway responds with the address of the DNS server.
  • It is manually configured in the network settings by the administrator or obtained from the DHCP server. (CORRECT)
  • The DNS server is always located on the gateway.

13. What is the primary function of DHCP?

  • To translate domain names to IP addresses and vice versa.
  • To collect host names present on a local network segment.
  • To automatically assign IP addresses to systems. (CORRECT)
  • To automatically assign MAC addresses to systems.

14. Which Syslog layer handles the routing and storage of a Syslog message?

  • Syslog Application (CORRECT)
  • Syslog Content
  • Syslog Message
  • Syslog Transport

15. Which of the following flow data are gathered by utilities such as NetFlow?

  • Packet count and byte count.
  • Source and destination TCP/UDP ports.
  • Source and destination IP addresses.
  • Routing and peering data such as TCP flags and protocol.
  • All of the above. (CORRECT)

16. When a network interface card in operating in promiscuous mode, what action does it take?

  • The NIC sends out one false, or “promiscuous” packet for every legitimate packet it sends to interfere with eavesdropping operations.
  • The NIC forwards promiscuous packets to the Promiscuous Server.
  • The NIC sends all packets to the CPU for processing instead of only those packets indicated for its MAC address. (CORRECT)
  • The NIC filters out dangerous or “promiscuous” packets.

17. If a packet is allowed to pass through a NGFW based upon the established firewall rules and a new session is established, how does the NGFW treat the next packet it encounters from the same session?

  • Subsequent packets of the same session are automatically allowed. (CORRECT)
  • Subsequent packets that arrive within the Session Interval configured for that firewall will be allowed to pass without inspection. The first packet that arrives after the session interval expires will trigger the creation of a new session.
  • Every packet is inspected and allowed or denied based upon the same firewall rules that applied to the first packet.
  • The subsequent packets are inspected based on session-specific rules, not the packet-specific rules that were used to inspect the first packet in the session.

18. If your nontechnical manager told you that you must configure your next generation firewalls (NGFW) to block all users on your network from posting messages on Facebook from their office computers, what would be the consequence of carrying out his order?

  • No serious consequence, application-level inspection and blocking can be configured. (CORRECT)
  • You would have to block all social media access from your network.
  • You would have to block all access to Facebook from your network.
  • You would have to block all HTTP traffic from entering or leaving your network.

19. Monitoring network traffic and comparing it against an established baseline for normal use is an example of which form of intrusion detection?

  • Signature-based detection
  • Statistical anomaly-based detection (CORRECT)
  • Traffic Variance Analysis
  • Traffic Impact Analysis

20. Which are three (3) characteristics of a highly available system?

  • Redundancy (CORRECT)
  • Independence
  • Failover (CORRECT)
  • Geographically dispersed
  • Monitoring (CORRECT)

Partially correct!

CONCLUSION – Basics of IP Addressing and the OSI Model

Thus, it provides an extensive overview of all the essentials involved in networking, including how IP addressing has an impact on routing traffic, and an introduction to application and transport protocols.

What you have also learned are some basics about firewalls, Intrusion Detection and Prevention Systems, as well as fundamental concepts concerning high availability and clustering, which are a very important part of building strong and resilient network infrastructures.

Leave a Comment