CompTIA Security_ Deluxe Study Guide_ SY0-201 - Emmett Dulaney [47]
Understanding Encapsulation
One of the key points in understanding this layering process is the concept of encapsulation . Encapsulation allows a transport protocol to be sent across the network and utilized by the equivalent service or protocol at the receiving host. Figure 2.7 shows how e-mail is encapsulated as it moves from the application protocols through the transport and Internet protocols. Each layer adds header information as the e-mail moves down the layers.
Transmission of the packet between the two hosts occurs through the physical connection in the network adapter. Figure 2.8 illustrates this process between two hosts. What’s shown in the figure isn’t comprehensive but illustrates the process of message transmission.
After it is encapsulated, the message is sent to the server. Notice that in Figure 2.8 the message is sent via the Internet; it could have just as easily been sent locally. The e-mail client doesn’t know how the message is delivered, and the server application doesn’t care how the message got there. This makes designing and implementing services such as e-mail possible in a global or Internet environment.
FIGURE 2.7 The encapsulation process of an e-mail message
FIGURE 2.8 An e-mail message that an e-mail client sent to an e-mail server across the Internet
Working with Protocols and Services
It’s imperative that you have a basic understanding of protocols and services to pass this exam. Although it isn’t a requirement, CompTIA recommends that you already hold the Network+ certification before undertaking this exam. In case you’re weak in some areas, the following sections will discuss in more detail how TCP/IP hosts communicate with each other. I’ll discuss the concepts of ports, handshakes, and application interfaces. The objective isn’t to make you an expert on this subject, but to help you understand what you’re dealing with when attempting to secure a TCP/IP network.
Well-Known Ports
Simply stated, ports identify how a communication process occurs. Ports are special addresses that allow communication between hosts. A port number is added from the originator, indicating which port to communicate with on a server. If a server has this port defined and available for use, it will send back a message accepting the request. If the port isn’t valid, the server will refuse the connection. The Internet Assigned Numbers Authority (IANA) has defined a list of ports called well-known ports.
You can see the full description of the ports defined by IANA on the following website: www.iana.org. Many thousands of ports are available for use by servers and clients.
A port is nothing more than a bit of additional information added to either the TCP or UDP message. This information is added in the header of the packet. The layer below it encapsulates the message with its header.
Many of the services you’ll use in the normal course of utilizing the Internet use the TCP port numbers identified in Table 2.1. Table 2.2 identifies some of the more common, well-known UDP ports.
TABLE 2.1 Well-Known TCP Ports
TABLE 2.2 Well-Known UDP Ports
The early documentation for these ports specified that ports below 1024 were restricted to administrative uses. However, enforcement of this restriction has been voluntary and is creating problems for computer security professionals. As you can see, each of these ports potentially requires different security considerations, depending on the application they’re assigned for. All the ports allow access to your network; even if you establish a firewall, you must have these ports open if you want to provide e-mail or web services.
TCP Three-Way