DHCP for IPv4 Address Assignment

(1)

/ Network Services / Network Services Summary



Network Services Summary

10.7.1

What Did I Learn in this Module?

DHCP

Dynamic Host Conguration Protocol (DHCP) for IPv4 automates the assignment of IPv4 addresses. This is referred to as dynamic addressing and is the alternative to static addressing. On larger networks, or where the user population changes frequently, dynamic addressing is often the preferred method for address assignments. Many networks use both methods. DHCP is used for general purpose hosts, such as user end devices. Static addressing is used for network devices, such as gateway routers, switches, servers, and printers.

When an IPv4 DHCP congured device boots up or connects to the network, the client broadcasts a DHCP discover (DHCPDISCOVER) message to identify any DCHP servers that are available on the network. A DHCP server replies with a DCHP oer (DHCPOFFER) message, which oers a lease to the client. The oer message contains the IPv4 address and subnet mask to be assigned, the IPv4 address of the DNS server, and the IPv4 address of the default gateway. The client may receive multiple

DHCPOFFER messages if there is more than one DCHP server on the local network. It must choose between them and sends a DCHPREQUEST message that identies the explicit server and lease oer that the client is accepting. If the IPv4 address is still available, the server returns a DHCPACK message.

If the oer is no longer valid it will return a DCHPNACK message. The DHCPv4 message format is used for all DHCPv4 transactions. DHCPv4 messages are encapsulated within the UDP transport protocol.

DNS Overview

The Domain Name System (DNS) was developed to provide a reliable means of managing and providing domain names and their associated IP addresses. The DNS system consists of a global hierarchy of distributed servers that contain databases of name to IP address mappings. Cybersecurity analysts should have a thorough understanding of DNS because a recent analysis of network security threats discovered that over 90% of the malicious software that is used to attack networks uses the DNS system to carry out attack campaigns.

The following are the steps involved in DNS resolution:

The user types an FQDN into a browser address eld.

A DNS query is sent to the designated DNS server.

The DNS server matches the FQDN with its IP address.

The DNS query response is sent back to the client with the IP address for the FDQN.

The client computer uses the IP address to send requests to the server.

DNS uses UDP port 53 for DNS queries and responses. The DNS server stores dierent types of RRs used to resolve names. These records contain the name, address, and type of record. DNS uses the same message format between servers, consisting of a question, answer, authority, and additional information for all types of client queries and server responses, error messages, and transfer of resource record information. Dynamic DNS (DDNS) allows a user or organization to register an IP address with a domain name as in DNS. However, when the IP address of the mapping changes, the new mapping can be propagated throughout the DNS almost instantaneously. DDNS can be abused by threat actors in various ways and URLs that use DDNS should be suspect. WHOIS is a TCP-based protocol that is used to identify owners of internet domains through the DNS system. WHOIS has limitations, and hackers have ways of hiding their identities.



10.6 HTTP 

10.7 Network Services Summary 

10.7.1 What Did I Learn in this Module?

10.7.2 Module 10: Network Services Quiz

11.0

11.1

11.2

Introduction 

Network Devices 

Wireless Communications 

11.3 Network Communication

Devices Summary 

11.3.2 Module 11: Network

Communication Devices Quiz

10

Network Services 

11

Network Communication

Devices 

12

Network Security

Infrastructure 

13

Attackers and Their Tools 

14

Common Threats and

Attacks 

15

Network Monitoring and

Tools 

16

Attacking the Foundation 

17

Attacking What We Do 

18

Understanding Defense 

19

Access Control 

20

Threat Intelligence 

21

Cryptography 

(2)

performs the NAT process, by translating the internal private address of the device to the public, outside, routable address. Port Address Translation (PAT), also known as NAT overload, maps multiple private IPv4 addresses to a single public IPv4 address or a few addresses.

File Transfer and Sharing Services

File Transfer Protocol (FTP) is another commonly used application layer protocol. It was developed to allow for le transfers between a client and a server. To successfully transfer les, FTP requires two connections between the client and the server: one for commands and replies, and one for the actual le transfer. SSH File Transfer Protocol is a secure form of FTP that uses Secure Shell to provide a secure channel. Trivial File Transfer Protocol (TFTP) is a simplied le transfer protocol that uses UDP port number 69. TFTP is fundamentally insecure. Server Message Block (SMB) is a client/server le sharing protocol that describes the structure of shared network resources such as directories, les, printers, and serial ports. SMB le sharing and print services have become the mainstay of Microsoft networking.

Email

Email clients communicate with mail servers to send and receive email. Mail servers communicate with other mail servers to transport messages from one domain to a another. Email supports three separate protocols for operation: SMTP, POP, and IMAP. The application layer process that sends mail from a client to an email server uses SMTP. A client retrieves email from a mail server by using either POP3 or IMAP.

HTTP

Web browsers and web servers interact using the following steps:

1. The browser interprets the three parts of the URL.

2. The browser checks with a name server to convert an address into a numeric IP address. The client initiates an HTTP request to a server by sending a GET request to the server.

3. In response to the request, the server sends the html for this web page to the browser.

4. The browser deciphers the HTML and renders the page for the browser window.

HTTP URLS can also specify the port on the server that should handle the HTTP methods. In addition, it can specify a query string and fragment. HTTP is a request/response protocol that uses TCP port 80, although other ports can be used. When a client sends a request to a web server, it will use one of six methods that are specied by the HTTP protocol: GET, POST, PUT, DELETE, OPTIONS, and CONNECT.

HTTP is exible but not secure. HTTP server responses are identied with status codes which are organized in ve code groups: 1xx, 2xx, 3xx, 4xx, and 5xx. HTTP/2 is a major revision to the HTTP protocol specication that is designed to improve HTTP performance by addressing latency issues. For secure communication across the internet, HTTP Secure (HTTPS) is used. HTTPS uses authentication and encryption to secure data as it travels between the client and the server.

10.7.2

Module 10: Network Services Quiz

^

10.6 HTTP 

11.0

11.1

11.2

Introduction 

Network Devices 

Devices Summary 

10

11

Devices 

12

Network Security

Infrastructure 

13

14

Common Threats and

Attacks 

15

Tools 

16

17

18

19

Access Control 

20

21

Cryptography 

22

Endpoint Protection 

23

Endpoint Vulnerability

Assessment 

24

Technologies and Protocols 

25

Network Security Data 

(3)

1.

2.

3.

4.

Which message does an IPv4 host use to reply when it receives a DHCPOFFER message from a DHCP server?

 Topic 10.1.0 - When the client receives the DHCPOFFER from the server, it sends back a DHCPREQUEST broadcast message. On receiving the DHCPREQUEST message, the server replies with a unicast DHCPACK message.

DHCPDISCOVER DHCPOFFER DHCPREQUEST DHCPACK

On a home network, which device is most likely to provide dynamic IP addressing to clients on the home network?

 Topic 10.1.0 - On a home network, a home router usually serves as the DHCP server. The home router is responsible for dynamically assigning IP addresses to clients on the home network. ISPs also use DHCP, but it usually assigns an IP address to the Internet interface of the home router, not the clients on the home network. In businesses, it is common to have a

le or other dedicated server provide DHCP services to the network. Finally, a DNS server is responsible for nding the IP address for a URL, not for providing dynamic addressing to network clients.

a dedicated le server an ISP DHCP server a DNS server a home router

Which protocol automates assignment of IP addresses on a network, and which port number does it use? (Choose two.)

 Topic 10.1.0 - DNS uses port 53 and translates URLs to IP addresses. SMB provides shared access to les and printers and uses port 445. Port 80 is used by HTTP. HTTP is a protocol used to

communicate between a web browser and a server.

53 80

 67 SMB

 DHCP DNS

A particular website does not appear to be responding on a Windows 7 computer. What command could the technician use to show any cached DNS entries for this web page?

 Topic 10.2.0 -

ipcong /all

ipcong /displaydns

10.6 HTTP 

11.0

11.1

11.2

Introduction 

Network Devices 

Devices Summary 

10

11

Devices 

12

Network Security

Infrastructure 

13

14

Common Threats and

Attacks 

15

Tools 

16

17

18

19

Access Control 

20

21

Cryptography 

24

25

(4)

5.

6.

7.

8.

What type of server would use IMAP?

 Topic 10.5.0 - SMTP, IMAP, and POP are three application layer protocols for email applications.

DNS FTP Telnet DHCP email

What is a benet of using DDNS?

 Topic 10.2.0 - Dynamic DNS (DDNS) allows a user or organization to register an IP address with a domain name as in DNS. However, when the IP address of the mapping changes, the new mapping can be propagated through the DNS almost

instantaneously.

DDNS is a more secure version of DNS and has a robust security prole.

DDNS is a starting point for identifying potentially

dangerous internet locations that may have been reached through the network.

The DDNS provider detects a change to the client IP address and immediately updates the mapping change.

DDNS has a service called ICANN Lookup used to obtain the registration record of a URL.

What application layer protocol describes the services that are used for le sharing in Microsoft networks?

 Topic 10.4.0 - SMB le sharing and print services are used for le sharing in Microsoft networking.

DHCP SMTP DNS SMB Telnet

Which application layer protocol uses message types such as GET, PUT, and POST?

 Topic 10.6.0 - The GET command is a client request for data from a web server. A PUT command uploads resources and content, such as images, to a web server. A POST command uploads data les to a web server.

HTTP SMTP POP3 DNS DHCP

10.6 HTTP 

11.0

11.1

11.2

Introduction 

Network Devices 

Devices Summary 

10

11

Devices 

12

Network Security

Infrastructure 

13

14

Common Threats and

Attacks 

15

Tools 

16

17

18

19

Access Control 

20

21

Cryptography 

22

23

Assessment 

24

25

  CyberOps Associate

^v1.0

    

(5)

9.

10.

11.

Which protocol enables mail to be downloaded from an email server to a client and then deletes the email from the server?

 Topic 10.5.0 -

With POP, mail is downloaded from the server to the client and then deleted on the server.

SMTP is used for sending or forwarding email.

Unlike POP, when a user connects via IMAP, copies of the messages are downloaded to the client application and the original messages are kept on the server until manually deleted.

HTTP is used for web trac data and is considered insecure.

SMTP IMAP POP3 HTTP

Which website is considered secure because it encrypts the communication between the website and visitors?

 Topic 10.6.0 - Curriculum reference: Module 1.1 A typical URL is of the format

protocol://hostname_or_address[:port]/. The protocol HTTPS stands for Hypertext Transfer

Protocol over SSL (Secure Socket Layer). Using this protocol, the data transferred between the website and the user is encrypted. The format

https://website is used by web servers to transfer and display content securely. HTTP and FTP do not provide encryption during data transfers.

http://ww w.thebanks.com/

http://ww w.secureaccess.com:8080/

ftp://download.openproject.net/

https://w ww.ourblogs.info/

Refer to the exhibit. NAT is congured on Remote and Main.

The PC is sending a request to the web server. What IPv4 address is the source IP address in the packet between Main and the web server?

10.6 HTTP 

11.0

11.1

11.2

Introduction 

Network Devices 

Devices Summary 

10

11

Devices 

12

Network Security

Infrastructure 

13

14

Common Threats and

Attacks 

15

Tools 

16

17

18

19

Access Control 

20

21

Cryptography 

24

25

(6)

12.

13.

14.

10.130.5.76 172.16.1.10 209.165.200.226

Which statement best describes the operation of the File Transfer Protocol?

 Topic 10.4.0 - When using the File Transfer Protocol, an FTP client uses a randomly generated source port number, but targets a destination port number of 20 or 21 on the FTP server. The

destination port numbers depend on whether it is the

rst connection for control trac on port 21 or the second connection for data trac on port 20.

An FTP client uses a source port number of 20 and a randomly generated destination port number during the establishment of data trac with an FTP Server.

An FTP server uses a source port number of 20 and a randomly generated destination port number during the establishment of control trac with an FTP client.

An FTP client uses a source port number of 21 and a randomly generated destination port number during the establishment of control trac with an FTP Server.

An FTP server uses a source port number of 21 and a randomly generated destination port number during the establishment of control trac with an FTP client.

In NAT translation for internal hosts, what address would be used by external users to reach internal hosts?

 Topic 10.3.0 - From the perspective of a NAT device, inside global addresses are used by external users to reach internal hosts. Inside local addresses are the addresses assigned to internal hosts. Outside global addresses are the addresses of destinations on the external network. Outside local addresses are the actual private addresses of destination hosts behind other NAT devices.

inside global outside global outside local inside local

What is an example of a top-level domain?

 Topic 10.2.0 - Top-level domains represent a country or type of organization, such as .com or .edu.

cisco.com .com

ww w.cisco.com root.cisco.com

Reset Check Show Me



HTTP^10.6 Introduction

11.0



10.6 HTTP 

11.0

11.1

11.2

Introduction 

Network Devices 

Devices Summary 

10

11

Devices 

12

Network Security

Infrastructure 

13

14

Common Threats and

Attacks 

15

Tools 

16

17

18

19

Access Control 

20

21

Cryptography 

22

23

Assessment 

24

25