50 Chapter 2 ■ System Fundamentals
The OSI model is an industry standard for data communication. It is broken into seven
layers: application, presentation, session, transport, network, data link, and physical. The
OSI model is linear in design; data travels from one end to the other, and each layer com-
municates with the next. The TCP/IP protocol suite is an updated and more applicable
framework. Protocols operate as either connection oriented or connectionless; TCP is a
connection-oriented protocol and uses the three-way-handshake (SYN, SYN-ACK, ACK)
in an effort to guarantee delivery.
Knowledge of subnetting—a sequential breakdown of IP addresses based on desired net-
work size and host quantity—and of common TCP/IP port numbers can aid you in deter-
mining where to search first.
Routers work at layer 3 by directing packets and connecting different networks.
Switches create a collision domain for each port; broadcast domains allow traffic to be
broadcast to all connected nodes. Proxies work at the application layer and can be used for
caching and filtering of web content. Proxy firewalls can be detailed in what they filter. A
packet filtering firewall looks only at the header of the packet; a stateful firewall verifies a
legitimate connection between client and host to prove that traffic is legitimate. IPSs are
active and work to prevent further damage when unauthorized activity is sensed on the net-
work. IDSs simply detect and report.
The main operating systems to be considered are Windows (easily the largest attack
surface), Mac OS, and Linux. Backups and archiving are both critical and detrimental
to a company’s operations. The three kinds of backup schemes are full, differential, and
incremental.Exam Essentials
Know the OSI model. Ensure that you have a good understanding of the OSI model and
what actions take place at each layer. It is also a good idea to have a general idea of which
protocols operate at which layers.Know the TCP/IP three-way handshake. Know what each flag does within the hand-
shake process: SYN (start), SYN-ACK (acknowledge start), ACK (acknowledge the
acknowledgment).Memorize the ports. Absolutely know your ports! This is where memory does come
into play. Ports are important for the exam and especially for scanning and enumeration.
Remember that Windows systems respond to scans whereas Linux systems don’t.Understand how switches work. Be sure to understand switch operation, and know their
limitations in terms of sniffing. Be familiar with ARP and what it accomplishes.Know the purpose of firewalls, IDSs, and IPSs. Remember that IDSs are passive and IPSs
are active.Remember the benefits and weaknesses of backup schemes. Focus on the end result of
each type of backup, not on the details of how to perform one.