OSI Layer 4-7

• Layer 7 Application
  • HTTP
    • Cookie
      • v1st
  • FTP
    • TFTP
  • LDAP
  • SNMP
  • DNS
  • DHCP
  • NFS
  • SSH
  • WebSocket
• Layer 6 Presentation
• Layer 5 Session
• Layer 4 Transport
  • TCP
  • UDP
  • BGP
  • TLS

Layer 7 Application

Topmost layer Provides users a means to access network resource (only level seen by end user)

common web services

Single Authority: CA at top, trusted based on CA itself

Hierarchical: CA at top, registration authority (RA) under to manage certs

subdomain

Why would anyone do -s with tty? What does pts stand for?

Pseudo-TeletYpe

any non-physical console gets a PTY/PTS device PTY are your system’s virtual consoles (tty1 - ttyX) anything in X gets a PTS

HTTP

https://http.cat

HTTP/0.9 HTTP/1.1 HTTP/2 HTTP/3

302

307

200 series - OK

400 series - could not provide request

500 series - could not process request

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-For

Cookie

v1st

https://experienceleague.adobe.com/docs/data-workbench/using/page-tagging/implement-ref-page-tags/c-undst-v1st-ck.html?lang=en

v1st is a unique cookie when you open a browser or mobile app, it stays when you refresh your cache

FTP

File transferring protocol which lets you transfer files.

You can’t access resource with FTP (like run or execute a program).

TFTP

Trivial file transfer protocol is the stripped down and stock version of FTP. Basically, if I understand, the bare form of FTP. It does nothing but send and receive files.

LDAP

https://docs.craftercms.org/en/3.0/developers/cook-books/how-tos/setting-up-an-ldap-server-for-dev.html

X.500 CN = Common Name OU = Organizational Unit DC = Domain Component

grant type “Application grant types (or flows) are methods through which applications can gain Access Tokens and by which you grant limited access to your resources to another entity without exposing credentials.”

Microsoft Active Directory Active Directory Federation Services (ADFS)

ForgeRock Directory Services

SNMP

DNS

FQDN - Fully qualified domain name

• If BGP tells a computer how to get to places, then DNS is the address book. Just because you have the address doesn’t mean you know how to get there.
• DNS was created without security in mind. DNSSEC attempts to rectify that.
• DNSSEC tries to protect against: packet interception (such as man-in-the-middle attacks), ID guessing / query prediction, name chaining attack, trusted server betrayal, DoS
• DNSSEC also has weaknesses. It’s hard and complex to setup. It’s easy to setup incorrectly. Because it increases packet size, it is possible to amplify DoS attacks with this.
• ID guessing / query prediction deals with attacks on BIND record. A BIND record is a DNS file. Also known as zone files.
• All of this implies trust model.
• By having a clean DNS file, you can trust that the site you’re going to is the site it claims to be.
• It uses what’s called PKI (public key infrastructure)
• Switch DNS

DNS lookup generally use UDP port 53

Zone transfer generally use TCP 53

dns zone transfer

DNS records are as follow:

• SRV (Service)
• SOA (Start of Authority)
• PTR (Pointer)
• NS (Name Server)
• MX (Mail Exchange)
• CNAME (Canonical Name)
• A (Address)

RH9 BIND Zone Files How unforgiving…

MX priority column

DHCP

• Client – Discover -> Server
• Client <- Offers – Server
• Client – Request -> Server
• Client <- ACK – Server
• IP is removed from pool

NFS

Network file system allows file sharing. It allows different operating system users to share the same files.

SSH

How to connect to a Linux server remotely without a password and why? This is likely a trick question, as it implies either ignorance or asymmetric crypto So the private key acts as the password This is also generally more secure than password because usually the keys are much longer in length

WebSocket

WebSocket WS WebSocket Secure WSS

Layer 6 Presentation

Transforms data received into a format that is readable by the application layer Handles encryption/decryption for secure data

Layer 5 Session

Manages communication sessions between computers Manages connections with other devices Half duplex or full duplex

NetBIOS (Network Basic Input/Output System)

Layer 4 Transport

Provides reliable data transport services to lower layers

Ports

• 0-1023: well-known
• 1024-49151: registered
• 49152-65535: dynamic

• Internet Printing Protocol 631
• BGP 179
• syslog 514
• Telnet 23
• NTP 123

3-way handshake:

• SYN
• SYN/ACK
• ACK

sequence number is a pseudorandom number that helps maintain the legitimacy and uniqueness of the session

CLOSE_WAIT indicates that the remote endpoint (other side of the connection) has closed the connection. TIME_WAIT indicates that local endpoint (this side) has closed the connection.

Network Load Balancer (NLB) operates at this level

TCP

TCP flags:

• SYN (Synchronize)
• ACK (Acknowledgement)
• RST (Reset)
• FIN (Finish)
• PSH (Push)
• URG (Urgent)

UDP

BGP

• BGP is used in AS (autonomous systems).
• BGP is a routing protocol. There are around 60,000 AS in 2018.
• The risk of a BGP is that, if taken down, a big part of the internet can be taken down. Example: https://www.telegraph.co.uk/news/worldnews/africaandindianocean/egypt/8288163/How-Egypt-shut-down-the-internet.html
• AS has to announce to make itself known.
• Some people think of BGP as street signs.
• A control plane is anything that is needed to get the routing to work. The router can be thought of as the control plane.
• A data plane is thought of as something that needs to get data //through// the router.

TLS

Successor to SSL

1.2 only

ideally >1.3

1.0 and 1.1 deprecated