CISSP考试指南笔记：4.16 快速提示

A protocol is a set of rules that dictates how computers communicate over networks.
The application layer, layer 7, has services and protocols required by the user’s applications for networking functionality.
The presentation layer, layer 6, formats data into a standardized format and deals with the syntax of the data, not the meaning.
The session layer, layer 5, sets up, maintains, and breaks down the dialog (session) between two applications. It controls the dialog organization and synchronization.
The transport layer, layer 4, provides end-to-end transmissions.
The network layer, layer 3, provides routing, addressing, and fragmentation of packets. This layer can determine alternative routes to avoid network congestion.
Routers work at the network layer, layer 3.
The data link layer, layer 2, prepares data for the network medium by framing it. This is where the different LAN and WAN technologies work.
The physical layer, layer 1, provides physical connections for transmission and performs the electrical encoding of data. This layer transforms bits to electrical signals.
TCP/IP is a suite of protocols that is the de facto standard for transmitting data across the Internet. TCP is a reliable, connection-oriented protocol, while IP is an unreliable, connectionless protocol.
Data is encapsulated as it travels down the network stack on the source computer, and the process is reversed on the destination computer. During encapsulation, each layer adds its own information so the corresponding layer on the destination computer knows how to process the data.
Two main protocols at the transport layer are TCP and UDP.
UDP is a connectionless protocol that does not send or receive acknowledgments when a datagram is received. It does not ensure data arrives at its destination. It provides “besteffort” delivery.
TCP is a connection-oriented protocol that sends and receives acknowledgments. It ensures data arrives at the destination.
ARP translates the IP address into a MAC address (physical Ethernet address), while RARP translates a MAC address into an IP address.
ICMP works at the network layer and informs hosts, routers, and devices of network or computer problems. It is the major component of the ping utility.
DNS resolves hostnames into IP addresses and has distributed databases all over the Internet to provide name resolution.
Altering an ARP table so an IP address is mapped to a different MAC address is called ARP poisoning and can redirect traffic to an attacker’s computer or an unattended system.
Packet filtering (screening routers) is accomplished by ACLs and is a first-generation firewall. Traffic can be filtered by addresses, ports, and protocol types.
Tunneling protocols move frames from one network to another by placing them inside of routable encapsulated frames.