The 3-2-1-1 Backup Rulex

(3) — Keep at least three copies of the data

(2) — Save backups on at least two different media types
(1) — Store at least one backup copy offsite
(1) — Ensure that at least one backup copy is stored offline

Factors Affecting Contingency Plan and Backu Choices

● RTO (Recovery Time Objective)

The amount of time your network can reasonably tolerate an outage

● RPO (Recovery Point Objective)

The amount of historical data you’ll need to be able to restore from backup in response to an outage

Additional Notes – Net Security & Recovery

RADIUS (Remote Authentication Dial-In User

Service)
● A cross-platform, open-source standard
● Runs on the application layer (layer 7)
● Uses either TCP or UDP at the transport layer (layer 4)
● Highly scalable
● Can be used for authentication on wireless, mobile, and
remote users
● Often combined with other network services on one
machine

RADIUS Server
● Runs on TLS
● Can be configured to authenticate users with…
○ EAP-TLS

○ PEAP-MSCHAPv2 (Protected Extensible Authentication Protocol, Microsoft Challenge

Handshake Protocol v2)
 - Security protocol designed to increase authentication security associated with WiFi
networks

RADIUS Port Numbers

● 1812
● 1813

TACACS+ (Terminal Access Controller Access

Control System)
● Offers the option to separate authentication, authorizaton and auditing capabilities
● Different from RADIUS in the following ways…
○ Uses TCP, instead of UDP at the transport layer (layer 4)
○ Proprietary protocol developed by Cisco
○ Used to authenticate network devices (switches, routers) instead of workstations or servers
○ Mostly used for device administration access control for technicians
○ Enctypts all information transmitted for AAA

SNMP (Simple Network Managment Protocol)

SNMP Port Numbers
● 161 — to communicate with SNM agents
● 162 — to send traps (messages) to the server

MIB (Management Information Base)

Stores all SNMP messages in its repository

VLANs (Virtual Local Area Networks)

Types of VLANs

● Default VLAN : Typically preconfigured on a switch and initially includes all switch ports
● Native VLAN: Receives all untagged frames from untagged ports
● Data VLAN: Carries user-generated traffic, such as email, web browsing, or database updates
● Management VLAN: Can be used to provide administrative access to a switch
● Voice VLAN:
Supports VoIP traffic , when integrated with DTLS (Datagram Transport Layer Security) offers the best
security solution for VoIP communication between a selected group of users.
 VLAN Security
● VLAN Hopping
○ When an attacker generates transmissions that pretend to belong to a protected VLAN
○ Crosses VLANs to access sensitive data or inject harmful software
○ Two types of VLAN hopping

● Double Tagging: hacker stacks VLAN tags in Ethernet frames

➢ The switch removes the first legitimate tag
➢ Then the illegitimate tag is revealed and the switch is tricked into forwarding the
transmission to a restricted VLAN

● Switch Spoofing: hacker connects to a switch and makes the connection look like a
trunk line from the switch’s perspective
➢ The attacker then feeds his own VLAN traffic into that port and access VLANs
throughout the network

Types of RAID Systems

RAID (redundant array of independent disks)

a data storage technology that combines multiple physical hard drives into a single logical unit to…
● provide redundancy for data protection
● improve performance
● increase storage capacity

RAID mode Description Operation Pros Cons Recovery

RAID 0 Striped disks Data is split Large size, No redundancy Array failure
evenly between fastest speed for data occurs if one or
two or more disks protection more drives fails

RAID 1 Mirrored disks 2+ drives with The failure of one Speed and size is Only one drive is
identical data on drive will not limited by the needed for
them cause a data loss slowest and recovery
smallest disk

RAID 3 Striped set with Data is split event High speeds for Poor performance One single drive
dedicated parity between 2+ disks sequential for multiple failure will rebuild
(uniformity) PLUS a read/write simultaneous
dedicated drive operations instructions
for parity storage

RAID 5 Striped disks with Data is split Large size, fast The total array A single drive
distributed parity evenly between speed, size is reduced by failure will rebuild
3+ disks redundancy parity

Parit is split
between disks
RAID 1 0 1 + 0; 4+ drives are Larger size, highr No parity Only one drive in
made into two speed than a mirrored set
Striped set of mirrors that are RAID-1, more can fail
Mirrored subset striped redundancy than
RAID-0

Types of Disk Backup

● Full Backup
All data is backed up and sent to another location
○ Most basic and comprehensive

● Incremental Backup
Only back up files that have changed since the last full OR incremental backup

● Differential Backup
Back up only copies of files that have changed since the last full backup

Secure Hash Algorithm (SHA)

● A hash function produces a “fingerprint” of the transmitted data for authentication purposes.
● Transforms data through an algorithm that is mathematically irreversible.
● A text, message or password converted to SHA code can not be recovered even with the SHA
hexadecimal code
★ SHA2 and SHA3 are the foundation of blockchain technology

Tamper Resistance
● Users' passwords are stored by an operating system or domain authentication servers in SHA rather
than the password itself.
● Thus, a hacker who gains access to the password file (Hash code), still cannot retrieve the actual
password (tamper resistant).
● when a user enters a password, the hash of that password is compared to the stored hash value for
verification

SHA1
● weak authentication

SHA2
● Strong authentication
● Tamper resistant
● SHA-256
● SHA-384
● SHA-512
SHA3
● Strong authentication
 ● Tamper resistant

Lecture 3 – Addressing Methods

OSI Layers
“Please Do Not Throw Sausage Pizza Away!”
1. 2. 3. 4. 5. 6. 7.

Physical Data Link Network Transport Session Presentation Application

Addressing Methods
There are four addressing methods in the OSI model

1. MAC Address (Media Access Control) ⸻ Data Link Layer (Layer 2)

○ 48-bits
○ Six pairs of hexadecimal numbers separated by colons
○ Embeded on every NIC (Network Interface Card) → unique identifier for network interfaces
○ Also called the physical address

Data Link Layer — Sublayers

● LLC (logical link control) sublayer: The upper portion of the data link layer that identifies the type
of mes- sage (the only LLC sublayer function in an Ethernet II frame) and handles multiplexing, flow
and error control, and reliability (requires other types of Ethernet frames).

● MAC sublayer: The lower portion of the data link layer that identifies the destination and source
MAC addresses, includes the message, and provides the checksum in the frame’s trailer.

2. IP Address (Internet Protocol) ⸻ Network Layer (Layer 3)

○ Used to locate any computer in the world
○ Used by gateway devices (routers) to communicate outside the local network
○ IPv4 (32 bits)
○ IPv6 (128 bits)
 3. Port Numbers ⸻ Transport Layer (Layer 4)
- Used to find applications on devices

4. FQDNs (Fully Qualified Domain Name) ⸻ Application Layer (Layer 7)

○ provide a unique character-based name for a device or resource on a netwok
○ specifies the device's exact location within the Domain Name System (DNS) hierarchy
○ Computer Names & Host Names ⸻ Application Layer (Layer 7)

MAC Addresses (Layer 2)

Media Access Control addresses
● 48-bits
● Six pairs of hexadecimal numbers separated by colons
● Embeded on every NIC (Network Interface Card) → unique identifier for network interfaces
● Also called the physical address
● Switches use MAC addresses to identify devices within the local area network

Structure of MAC Addresses

Made up of wo parts…
(Ex. 00:60:8C:00:54:99) **organization ID, **device ID

(1) OUI (Organizationally Unique Identifier) /

Manufacturer ID
● First 24 bits / first 3 hex numbers
● Assigned by the IEEE
● (Ex. 00:60:8C:x:x:x)

(2) Expression Identifier / Device ID

● Last 24 bits / last 3 hex numbers
● Each device has a unique device ID
● (Ex. x:x:x:00:54:99)

IP Addresses (Layer 3)
There are two types of IP addresses, IPv4 and IPv6. These addresses can be assigned in two different ways…

IP Address Assignments

● Static IP address: manually assigned by the network administrator

● Dynamic IP address: automatically assigned by a DHCP server (Dynamic Host Configuration

Protocol)
IPv4 Addresses
A 32-bit IP address that is organized into octets → four groups of 8 bits each
● Each octet can range from 0—255 bits
● Ex. 72.56.105.12

Subnet Mask
● 32-bit number that identifies the network and host ID of an IPv4 address
○ Network ID:
bits on the IPv4 address that correspond to the network; represented by values of 255
○ Host ID:
bits on the IP address that correspond to the host device; represented by values of 0

Classful Addressing (IPv4)

● The dividing line between the network portion and the host portion is determined by the numerical
range that the IP address falls in
● Class A, B, and C are public IP addresses → available for use on the internet

Class A
● public IP address:
available for use on the
internet

● (1 – 126) . x . y . z

Class B
● public IP address:
available for use on the
internet

● (128 – 191) . (0 – 225) . y . z

Class C

● public IP address: available

for use on the internet

● (192 – 223) . (0 – 225) . (0 – 225) . z

Class D - multimedia class, no subnet mask

- multicast transmissions: one host sends messages to multiple hosts (ex. Host transmits a
videoconference over internet to multiple participants)
 - addresses begin with octets 224 through 239

Class E - experimental class (research purposes), no subnet mask

- addresses begin with octets 240 through 254

Private IP Addresses (IPv4)

Devices do not connect directly to the internet. Instead, they communicate through a representative device (Ex.
router) and are not publicly routable on the Internet. The following private IP addresses are set aside by
IANA…

Class A 10.0.0.0 through 10.255.255.255

Class B 172.16.0.0 through 172.31.255.255

Class C 192.168.0.0 through 192.168.255.255

APIP (Automatic Private IP) 168.254.0.0 through 168.254.255.255

Reserved IP Addresses (IPv4)

255.255.255.255 - used for broadcast messages by TCP/IP background processes

● broadcast message: read by every node on the network

(LAN broadcast domain)

0.0.0.0 currently unassigned by DHCP server

127.0.0.1 ⸺ 127.255.255.254 - research use

- loopback address

169.254.0.1 ⸺ 169.254.255.254 - used to create a APIPA (Automatic Private IP Addressing)

address
● created when a computer configured for DHCP first connect
to the network and is not able to lease an IPv4 address from
the DHCP server

✶ nearly any IP address starting with 164.254 is an APIPA address

Classless Addressing (IPv4)

Allows the dividing line between the network and host portions to fall anywhere along the string of bits in an IP
address → allows for the creation of subnets

● CIDR (Classless Interdomain Routing) Notation

Takes the network ID of a host’s IP address and follows it with a forward slash (/), followed by the
number of bits that are used for the network ID
○ AKA slash notation
 ○ (Ex. 192.168.89.127/24 → 24 represents number of bits in network ID)

Network Address Translation (NAT)

A technique that hides the private IP addresses needed by a network

● Public-facing gateways (firewalls, routers) substitute the private IP address of a device trying to access
external networks/ the internet
● Requires only one public IP address for the entire network
● Gateway hides the private network’s addresses behind the public IP address
● Two types of NAT

○ SNAT (Source Network Address Translation)

The gateway assigns the same public address to a host each time it makes a request to access
the internet

○ DNAT (Dynamic Network Address Translation)

The gateway has a pool of public addresses that it is free to assign to a local host when it
makes a request to access the internet

Port Address Translation (PAT)

Process of assigning a separate TCP port to each ongoing session between a local host and the internet host

Allows the gateway to keep track of which local host should receive which response from the external network/
internet

IPv6 Addresses
128-bit IP address that is organized into blocks → eight blocks of 1 hex number each (16 bits each)
● Ex. 2001:0000:0B80:0000:0000:00D3:9C5A:00CC

IPv6 Shorthand
A way to shorten IPv6 addresses by doing both of the following techniques…
● Remove leading zeroes in any four-hex-character block
● Remove blocks containing only zeroes → replace with double colons (::)
 ↳ can only remove one zero block or two adjacent zero blocks in the IP address (you can choose which
one)
IPv6 Terminology

● Link / Local Link: any LAN bounded by routers

● Neighbours: two or more nodes on the same link

● Dual stacked network: network configured to use both IPv4 and IPv6 protocols

● Tunneling: method of transporting IPv6 packets over a IPv4 network when packets attempt to traverse
a network that is not dual stacked

● Interface ID: the last 64 bits (4 blocks) uniquey identify the interface

Types of IPv6 Addresses

Unicast Address (IPv6)
Specifies a single node on a network. There are three types…

Global address Can be routed on the internet

● /3 → first 3 bits are fixed to always be 001

Link Local address Used for communicating with nodes in the same link
● /10 → first 10 bits are fixed to always be 1111 1110 10

Loopback address Used to test than an interface and supporting protocol stack are functioning
properly
● 127 zeroes followed by a 1 → ::1/128
Multicast Address (IPv6)
Delivers packers to all nodes in a targeted, multicast group

● IGMP (Internet Group Management Protocol):

○ must be enabled on a switch in order to handle multicast traffic
○ network layer protocol used to manage multicast group memberships
and direct multicast traffic to the correct device

Anycast Address (IPv6)

An anycast address can identify multiple destinations on a network, and packets are
delivered to the closest destination

IPv6 Autoconfiguration
IPv6 is designed so that a computer can autoconfigure its own link local IP address, using a process called
SLAAC…

SLAAC (Stateless Address Autoconfiguration)

Allows devices to automatically configure their own link-local IP addresses, in the following steps…

1. Ggenerate an IPv6 address

● Prefix ⸻ FE80::/64 (by default)
● Last 64 bits ⸺ generated from the MAC address of the network adapter

2. Check if IP address is unique on the network

3. Send a router solicitation (RS) message to request configuration information.

Transmission Protocols (Layer 4 Transport)

UDP (User Datagram Protocol)
Does not guarantee delivery because it doesn’t maintain a connection to check whether data is received
● UDP is a connectionless protocol or best-effort protocol
● Used for broadcasting, such as streaming video or audio over the web, where guaranteed delivery is
not as important as fast transmission
● UDP is also used to monitor network traffic.

TCP (Transmission Control Protocol)

Makes a connection with the end host, checks whether the data is received, and resends it if it is not.
● TCP is a connection-oriented protocol because, it checks to make sure a connection is established
before sending
 ● Guaranteed delivery takes longer and is used when it is important to know that the data reached its
destination.
● Used by applications like web browsers and email

ICMP (Internet Control Message Protocol)

Protocol used by a computer to send an echo request or reply to a ping ( a ping sends out an echo request to
another device for information, and the device sends back an echo reply)