Software Designer Exam - Notes from the Computer Networking and Network Security Section

1. OSI/RM seven-layer model

Example:

Answer: B

2. Network technical standards and protocols

CSMA/CD: Carrier Sense and Multiple Access
TokingRing: Token Ring

(1) POP3 protocol
POP3: Post Office Protocol version 3,POP3 is the protocol for receiving mail (SMTP is the protocol for sending mail), is a member of the TCP/IP protocol family. This protocol is mainly used forTo support remote management of email on the server using the client. The POP3 protocol that provides SSL encryption is called POP3S.

POP3 protocol features:

• POP3 protocol default port: 110;
• POP3 protocol default transmission protocol: TCP;
• Applicable architecture of POP3 protocol: C/S
• Access mode of POP3 protocol: offline access

SMTP protocol: The ASCII code used for mail messages transmitted by SMTP. ASCII encoding is the American Standard Code for Information Interchange, which is a computer encoding system based on the Latin alphabet.

(2) DHCP protocol
The DHCP client can obtain the local IP address, DNS server address, DHCP server address, default gateway address, etc. from the DHCP server, but there is no Web server or mail server address.

2.1 TCP protocol

Transmission Control Protocol (TCP, Transmission Control Protocol) is a connection-oriented, reliable, byte stream-based transport layer communication protocol.
TCP is designed to accommodate a layered protocol hierarchy that supports multiple network applications. Reliable communication services are provided between pairs of processes in host computers connected to different but interconnected computer communication networks relying on TCP. TCP assumes that it can get simple, possibly unreliable, datagram service from lower-level protocols. In principle, TCP should be able to operate over a wide variety of communication systems from hardwired to packet-switched or circuit-switched networks.

2.2 DHCP protocol

DHCP (Dynamic Host Configuration Protocol) is a network protocol for a local area network. Refers to a range of IP addresses controlled by the server, and the client can automatically obtain the IP address and subnet mask assigned by the server when logging in to the server. By default, DHCP, as a service component of Windows Server, will not be installed automatically by the system, and an administrator needs to manually install and configure it.

2.3 DNS Protocol

topic:

Answer: A

2.4 FTP and TFTP

• FTP Protocol
  File Transfer Protocol FTP (File Transfer Protocol) is a widely used file transfer protocol on the Internet. FTP providesinteractiveaccess, allowing the client to specify the type and format of the file and allowing the file to haveaccess rights. FTP shields the details of various computer systems, so it is suitable for transferring files between any computer in a heterogeneous network.Its basic application is to copy files from one computer to another. To access a file, it must first obtain a copy of the local file. If the file is modified, it can only modify the copy of the file, and then transmit the modified copy of the file back to the original node.

• TFTP Protocol
  Trivial File Transfer Protocol TFTP (Trivial File Transfer Protocol) is a small and easy-to-implement file transfer protocol. TFTP is based on UDP datagrams and requires its own error correction measures. TFTP only supports file transfer, does not support interaction, and does not have a huge command set. There is also no directory listing function, and no authentication of users. But its code occupies less memory, and can cure TFTP code without hard disk, which is very suitable for smaller computers and special-purpose equipment.

A major difference between TFTP and FTP is that it is not interactive and does not authenticate.

The difference between FTP protocol and TFTP protocol:

1. FTP is a full, session-oriented, general-purpose file transfer protocol; while TFTP is used as a bones bare-special-purpose file transfer protocol.
2. Windows NT FTP server does not support TFTP because TFTP does not support authentication
3. FTP can be used interactively; TFTP allows files to be transferred in one direction only.
4. FTP provides user authentication; TFTP does not.
5. FTP relies on TCP to be connection-oriented and provides reliable controls; TFTP relies on UDP, needs to reduce overhead, and provides little control.
6. FTP uses well-known TCP port numbers: 21-20 for the Data and Connection dialog; TFTP uses UDP port number 69 for its file transfer activity.
7. FTP uses TCP port 21, while TFTP uses UDP port 69; generally firewalls will block TCP ports but not UDP, so TFTP is sometimes easier to use than FTP, but the files transferred by TFTP are generally smaller, and you have to upload Use FTP for large files

2.5 MIME

MIME (Multipurpose Internet Mail Extensions, is an Internet standard that describes the content type of information (non-security related). MIME messages can contain text, images, audio, video, and other application-specific data.)

It is a way of setting a file with a certain extension to be opened with an application. When the extension file is accessed, the browser will automatically use the specified application to open. It is mostly used to specify some client-defined file names, as well as some media file opening methods.

2.6 SSH

SSH is the abbreviation of Secure Shell, which is formulated by the network group of the IETF. SSH is a security protocol based on the application layer. SSH is currently the most reliable protocol for providing security for remote login sessions and other network services. Using the SSH protocol can effectively solve the problem of information leakage in the remote management process.

2.7 HTTP and HTTPS

HTTPS Secure Hypertext Transfer Protocol, which is a secure communication channel developed based on HTTP for exchanging information between client computers and servers. HTTPS uses Secure Sockets Layer (SSL) for information exchange, which in simple terms is a secure version of HTTP.

The difference between HTTPS and HTTP:

• The https protocol needs to go to ca to apply for a certificate. Generally, there are very few free certificates and you need to pay a fee.
• http is a hypertext transfer protocol, information is transmitted in clear text, and https is a secure ssl encrypted transfer protocol
• http and https use a completely different connection method, and the ports used are also different, the former is 80, the latter is 443
• HTTP connections are simple and stateless.

3. Network type and topology

The network type is divided into local area network, metropolitan area network, wide area network, and Internet according to the distribution range.

3.1 Bus type

The bus topology means that a single transmission line is used as the bus, and all workstations share one bus.
The advantages of the bus topology are that the cable length is short, the wiring and maintenance are easy, and it is easy to expand. The failure of any node in the bus will not cause the paralysis of the entire network, and the reliability is high; powerful.

3.2 Star

A star network is a computer network interconnected by a large central computer and a number of smaller computers scattered around through communication lines.
The central computer, as the main computer, controls information exchange and information processing. Communication between any two remote computers must go through the central processing unit.

3.3 Ring

A ring network uses a continuous ring to connect each device together. It ensures that the signal sent by one device can be seen by all other devices on the ring. In a simple ring network, damage to any component in the network will cause the system to fail, preventing the entire system from working properly. The ring network with advanced structure improves this defect to a great extent. The network form of this structure is mainly used in the token network. In this network structure, each device is directly connected in series through a cable, and finally a closed loop is formed. The information sent by the entire network is transmitted in this loop. Usually, the Such networks are called "Token Ring Networks".

4. Network planning and design

4.1 Logic Network Design

4.2 Physical Network Design

4.3 Hierarchical Network Design

5. IP address and subnetting

IPV4 uses 32 bits to represent ip addresses.
Class A: The beginning is limited to 0, 8-bit network number, 24-bit host number.
Class B: The beginning is limited to 10, 16-bit network number, and 16-bit host number.
Class C: The beginning is limited to 110, 24-bit network number, 8-bit host number

The subnet mask network number is all 1, and the host number is all 0.

27 subnets, you need to borrow 5 bits of the host number as the network number to get the subnet mask 255.255.248.0

Class B address has 16-bit host number and 16-bit network number, each subnet has 700 units, and the host number needs to have ten digits to represent. The remaining 6 digits of the host number are used as the network number.

Specific explanation: https://www.bilibili.com/video/BV1rW411j7e7?p=64

IP addresses with special meaning are as follows:

6. HTML

7. Wi-Fi

Bluetooth has the shortest communication distance

8. Network access technology

9. IPV6

IPV6 is 2^96 times of IPV4.

Because the address of IPV4 is 32 bits, the address space is 2^32, and the address of IPV6 is 128 bits, the address space is 2^128.

10. Common commands related to network

ipconfig: display brief information
ipconfig/all: display detailed information to see if the DHCP service has been started
ipconfig/renew: update all adapters
ipconfig/release: release all matching connections.

11. Cybersecurity

11.1 Information system security attributes

11.2 Symmetric encryption technology

Common symmetric encryption algorithms are: DES, 3DES, RC-5, IDEA, AES.

11.3 Asymmetric encryption technology

Asymmetric encryption algorithms also become public key encryption algorithms, which means that the encryption key and the decryption key are completely different, one of which is the public key and the other is the private key, and it is impossible to derive the other from any one. Common asymmetric Encryption algorithms are: ECC, DSA, RSA.

When sender A sends information to receiver B, it needs to use the public key Pb of the receiver b for encryption, and the receiver B uses the private key Sb to decrypt it after receiving it. Conversely, when receiver B sends information to sender A, it needs to use sender A's public key Pa for encryption, and sender A uses the private key Sa to decrypt after receiving the content.

11.4 Summary of Information

• MD5
  MD5 message digest algorithm, a widely used cryptographic hash function, can generate a 128-bit (16-byte) hash value (hash value) to ensure complete and consistent information transmission. MD5 was designed by the American cryptographer Ronald Linn Rivest and made public in 1992 to replace the MD4 algorithm.

The procedure for this algorithm is specified in the RFC 1321 standard. After 1996, the algorithm proved to have weaknesses,It can be cracked, and for data that requires a high degree of security, experts generally recommend switching to other algorithms, such as SHA-2In 2004, it was confirmed that the MD5 algorithm cannot prevent collisions, soNot suitable for security authentication, such as SSL public key authentication or digital signature.

• SHA
  Secure Hash Algorithm (English: Secure Hash Algorithm, abbreviated as SHA) is a family of cryptographic hash functions and is a FIPS-certified secure hash algorithm. An algorithm that can calculate the fixed-length string (also called message digest) corresponding to a digital message. And if the input messages are different, there is a high probability that they correspond to different strings.

11.5 Digital Signatures

A digital signature (also known as a public key digital signature) is a digital string that can only be generated by the sender of the information and cannot be forged by others. This digital string is also an effective proof of the authenticity of the information sent by the sender of the information. It is a method for authenticating digital information similar to the ordinary physical signature written on paper, but implemented using technology in the field of public key encryption. A set of digital signatures usually defines two complementary operations, one for signing and the other for verification. Digital signature is the application of asymmetric key encryption technology and digital digest technology

11.6 Data Envelopes and PGP

11.7 Digital Certificates

The website applies for a digital certificate from the CA, and the user verifies the legitimacy of the website by verifying the digital certificate. It can use the public key of the CA to verify the CA signature on the certificate. If it passes the verification, it means that the certificate is issued by the CA. .

11.8 Security assurance at each network level

11.9 Cyber ​​Threats and Offenses

replay attack

The so-called replay attack is that the attacker sends a packet that has been accepted by the destination host to achieve the purpose of deceiving the system, which is mainly used in the identity authentication process.

In order to resist replay attacks, you can usetimestampThe way.

Active and passive aggression

Active attacks include denial of service tools, session interception, and data modification commands.

Passive Attack: System Interference

DoS Denial of Service and DDoS Distributed Denial of Service

• DoS, Denial of Service, a denial of service, a network attack method commonly used to bring down a server or network.

• DDoS, Distributed Denial of Service, Distributed Denial of Service attack, also known as flood attack.
  As the name implies, it uses the compromised computer on the network as a "zombie" to launch intensive "denial of service" requests to a specific target computer, in order to exhaust the network resources and system resources of the target computer and make it Unable to serve users who are actually requesting normally. Hackers can launch large-scale DDoS or SYN flood network attacks by grouping "zombies" or "broilers" into a botnet (ie Botnet), or group "zombies" together to browse websites with interests Traffic, Email spam, paralyze the intended target, and enable employers to achieve business activities for the purpose of attacking competitors.

Vulnerability Scan

Vulnerability scanning is based on the vulnerability database, through scanning and other means to detect the security vulnerability of the remote or local computer system, and find the security detection (penetration attack) behavior of exploitable vulnerabilities. Vulnerability scanning technology is an important network security technology. It cooperates with firewalls and intrusion detection systems to effectively improve network security.

11.10 Firewall and Common Viruses

The most basic function of a firewall is to control the data flow transmitted between areas with different trust levels in a computer network. The firewall scans the network communication flowing through it, so that some attacks can be filtered out, so as not to be executed on the target computer.

Firewalls can also close unused ports and hide internal details. All accesses go through the firewall, and the firewall can record and log these accesses, as well as provide statistics on network usage.

• Packet Filtering Firewall: By inspecting each packet'ssource address, source port, destination address, destination port, and protocol statusand other factors to determine whether to allow the data sheet to pass

• Application-level firewall: implements protocol filtering and forwarding functions at the application layer, and formulates data filtering rules for special network application protocols.

• Database firewall: A database security active defense technology that emerges as the times require for relational database protection. The database firewall is deployed between the application server and the database.

• Web Firewall: Web Application Firewall is an intrusion detection system, and Web Application Firewall is a comprehensive solution for application-level website security.

Summary of notes from: Software Designer Exam Tutorial