For a limited time, we are showing a sneak peek into the Cisco CCNA Cheat Sheet & Study Guide
CCNA Cheat Sheet Section 1
1.0 Network Fundamentals
CCNA Cheat Sheet Section 1.1
1.1 Compare and contrast OSI and TCP/IP models
OSI and TCP/IP models were both created to establish standards so applications could be developed at different layers of the stack without affecting or having to redevelop other layers.
OSI and TCP models were created to ease and foster the interoperability of different vendor’s protocols which operate at different conceptual layers of the OSI and TCP/IP stack.
These reference models leverage a layered approach where each layer clearly understands the format of what it will receive from its adjacent layers.
Benefits:
– Multi-vendor environments can fully interoperate
– Hardware and software can interoperate
Changes can be made at one layer without impacting and other layers, provided the standards are still conformed to.
Both are Hierarchical
Clearly defines which functions are performed at each layer
OSI model has 7 layers
– Top 3 layers focus on how applications interact with each other
o Application – layer 7
User Interface
o Presentation – layer 6
Handling of data, including encryption
o Session – layer 5
Allows multiple data transmissions to occur simultaneously without interfering or disrupting one another
– Bottom 4 layers focus on data transmission
o Transport – layer 4
o Network – layer 3
o Data Link – layer 2
o Physical – layer 1
Easy way to remember: All People Seem To Need Data Processing
TCP/IP maps directly to the OSI model but layers are streamlined:
– Process/Application (maps to layers 5-7)
– Host-to-Host (maps to layer 4)
– Internet (maps to layer 3)
– Network Access (maps to layers 1-2)
Since the layers map evenly, we’ll simply reference the TCP/IP (DOD) layers in terms of functionality, knowing how they map to the OSI model.
The Application layer defines the end-user interface and the high-level device-to-device communications.
The Host-to-Host layer handles the transmission of services at a high-level for the upper-layer applications. This layer is responsible for ensuring communications is reliable and all data gets from point A to point B. Sequencing of packets and integrity of data are also done at this layer.
The Internet layer is where packets are created, sent, received and processed. IP addressing exists at this layer, as well as the routing of packets.
The lowest layer, Network Access, is where data is actually transferred between the network and the host itself. MAC (hardware) addressing happens at this layer.
CCNA Cheat Sheet Section 1.2
1.2 Compare and contrast TCP and UDP protocols
TCP is Connection Oriented
– Establishes handshake
– Confirms receipt of packets via “ack” (acknowledgment)
UDP is Connectionless
– No handshake
– No confirmation packets got there
TCP is more appropriate for packets that you need to be sure they got there (ie. Email, file transfers, etc).
UDP is more appropriate for transmission where if it’s not received on time, it’s not worth receiving any more (ie. Realtime traffic, such as voice conversation, video streaming, etc).
Know the TCP segment format for the exam!
– Source port (16 bits)
– Destination port (16 bits)
– Sequence number (32 bits)
– Acknowledgement number (32 bits)
– Header Length (4 bits)
– Window size (16 bits)
– TCP checksum (16 bits)
– Urgent pointer (16 bits)
There are also some reserved bits and flags, making total TCP header 160 bits (20 bytes) long.
– An additional 4 bytes (maximum) can be added for optional headers
Also know the UDP segment format for the exam!
– Source port (16 bits)
– Destination port (16 bits)
– Length (16 bits)
– Checksum (16 bits)
UDP header does not have any reserved bits and flags, so UDP header is always 64 bits (8 bytes) long.
TCP cares about sequencing (reordering packets in correct order before processing).
UDP does not care about sequencing – packets are processed as they arrive.
CCNA Cheat Sheet Section 1.3
1.3 Describe the impact of infrastructure components in an enterprise network
As data is prepared to be put onto the wire, it is encapsulated with various protocol headers (at each layer of the OSI model).
The encapsulation method is as follows:
Datasegmentspacketsframesbits
It’s also important to understand that all communications between hosts happens through “ports”. Each port has a number, which is unique to the protocol.
For example, TCP and UDP use ports in the 0 through 65535 range (2^16 possibilities). Ports 0 through 1023 are referred to as “well-known” ports, while ports 1024 through 65535 are considered “random” ports and can be used by any host at any given time for any reason.
CCNA Cheat Sheet Section 1.3.a
1.3.a Firewalls
Firewalls are used to block certain kinds of traffic from getting from one part of a network to another part of the network.
This “filtering” of traffic policy can be based off many different indicators, the most common of which are:
– Source IP address
– Source port
– Destination IP address
– Destination port
– Protocol type
Firewalls perform many additional functions, such as
– Intrusion Detection/Prevention Services (IDS/IPS)
– Deep packet inspection
o Application Visibility and Control
– URL filtering
Cisco IOS Firewall is based on Context-Based Access Control (CBAC)
CBAC has a deeper understand of the traffic traversing the network and can make security decisions based on the context of the traffic.
For example, external, untrusted web servers may not be able to send traffic directly into your organization. However, when you open your web browser and request a URL through your browser, the IOS Firewall can see this request and temporarily allow the external, untrusted web server to send you the data you requested through the firewall.
CBAC supports a number of protocols in this fashion (both UDP and TCP traffic).
Since UDP is connectionless, CBAC has a harder time determining which return traffic is tied with an initial request. It makes its best attempt by analyzing the protocol port number logic as well as considering the general timing between events in order to make its decisions.
Cisco’s acquisition of SourceFire have extended these services and expanded the next-generation firewalling capabilities offered on traditional firewalls.
Cisco IOS Intrusion Prevention System (IPS) is used to perform Deep Packet Inspection (DPI) on traffic passing through the Cisco router.
– Router functions as an inline IPS
Can be configured using GUI interface (Security Device Manager – or SDM), or via the traditional Command Line Interface.
Process to configure:
– Select within flash memory a directory to contain your IPS configuration lines
– Configure the IOS rule you want to enforce, including the directory referenced selected above
– Configure the rule you created to be applied either outbound and/or inbound to an interfaces or a subset of interfaces
Once these procedures above are completed, the router takes care of loading the signatures and enabling the IPS functionality.
Commands to know:
– Crypto key pubkey-chain rsa
– – named-key realm-cisco.pub signature
– Key-string [key on next line(s)]
– Ip ips signature-category
– – category all
– – retired true
– – category ios_ips basic
– – retired false
– (interface) ip ips name [name_of_ips]
There are many things to know about security today, that are changing each and every day. It’s important to stay on top of the latest security trends and protection strategies.
Most networks will include an array of firewalls, VPNs, IDS/IPS systems (network-based and host-based), as well as the extremely fast emergence of cloud-based security solutions.
Security policies are also an essential component of protecting your assets. These include acceptable use policies for your users, as well as incident handling procedures, disaster recovery procedures, etc.
The most important thing to know today is in regard to Denial of Service (DoS) attacks. DoS attacks are more common today than ever before and are becoming increasingly more difficult for organizations to protect against.
The exam may ask you about different types of DoS attacks on a networked environment. If so, these are the most important kinds for you to remember:
– Tribe Flood Network attack
– Ping of Death attack
– Stacheldraht attack
– TCP SYN flood attack
Tribe Flood Network attacks rely on faking (spoofing) the source IP address of a packet in an effort to simulate a massive attack using multiple source devices and targeting multiple destination devices.
A Ping of Death attack is a very simple attack that involves oversized pings that the destination host doesn’t know how to deal with, causing reboots or other seemingly erratic behavior.
A Stacheldraht attack is one that involves many different attack techniques and vectors, including encryption and root-level device access.
A TCP SYN flood attack is perhaps the most basic form of a network-based DoS attack. This type of attack involves a host (or multiple hosts) sending TCP SYNs to a target destination. When the target destination responds, offering to host the connection that was requested, the attacking machine simply never responds. The target machine keeps all of the resources reserved to host the connection requested for a set period of time. Those resources (connections) cannot be used for legitimate purposes while waiting for the attacking machine to respond. If the attacking machine can maliciously tie up enough resources on the target machine, this effectively causes a DoS for legitimate users. This is such a simple attack technique but has been very effective for quite a long period of time.
Important Note: To protect against these attacks, you must ensure your operating systems are current and contain the latest service packs and patches!
For the scope of this exam, it’s important to understand the security capabilities built into IOS. Dedicated security appliances are outside of the scope of this exam and will not be tested.
Cisco’s IOS firewall is the kid sister of a dedicated firewall. Since it runs on a device itself (like a router), it consumes system resources so you need to be careful which options you enable.
The most common features/functions of IOS Firewall are the following:
– Intrusion Detection
– Stateful firewall protection
– ICMP inspection
– DoS Detection and Prevention
– Blocking of Java Applets
There are other methods that can be used to filter potentially malicious traffic:
– Network Address Translation (NAT)
– Policy-based enforcement (based on a variety of factors)
– ACLs (basic as well as time-based)
The most common Cisco security appliance is by far and away the Adaptive Security Appliance (ASA). These are dedicated appliances that primarily perform firewall functionality, but can provide a plethora of additional services with current versions of hardware and software on the ASAs.
Intrusion Detection Systems (IDS), and more recently, Intrusion Prevention Systems (IPS), are used to find anomalous behavior in the environment and detect (or prevent it from happening in the first place) and report it.
Dynamic Access Control Lists (Dynamic ACLs) are also known as “lock and key” security. A certain packet transfer pattern can trigger an Access List to be created and enforced on a particular interface. This effectively can allow you to “open” access to some service or port dynamically by performing some traffic pattern.
Reflexive Access Control Lists (Reflexive ACLs) are ACLs that are created automatically in the opposite direction of traffic that is observed to allow return traffic to re-enter the network based on the specific requests (outbound traffic) that passes through a security device.
As mentioned earlier, ACLs (standard or enhanced) can also be enforced or changed during certain time ranges (e.g. during business hours, during lunch time, after business hours, weekends, etc).
Authentication proxy is another function included in Cisco security devices
There are some general “boilerplate” best practices that you should employ whenever deploying any new infrastructure or security devices.
Some of the “standard” configurations that should be used on Cisco equipment are as follows:
– Block the following addresses/directions:
– Block internal addresses from being sourced outside your organization
– Block all private IP addresses from being sourced outside your organization
– Block any packets sourced with invalid, multicast or loopback addresses
This is the end of the 5-page sample. The complete 130+ page CCNA cheat sheet and study guide is available at Amazon.
