Chapter 2. System Fundamentals

• I. Background
  • A. Networking technologies
  • C. System technologies
  • D. Transport protocols
  • G. Telecommunications technologies
  • H. Backup and restore
• III. Security
  • A. Systems security controls
  • B. Application/fileserver
  • C. Firewalls
  • E. Network security
  • O. Trusted networks
  • P. Vulnerabilities
• IV. Tools/Systems/Programs
  • G. Boundary protection appliances
  • H. Network topologies
  • I. Subnetting
  • K. Domain Name System (DNS)
  • L. Routers/modems/switches
  • O. Operating environments
• V. Procedures/Methodology
  • G. TCP/IP networking

Exploring Network Topologies

Whether you are a veteran or a novice—or just have a bad memory—a review of networking technologies is helpful and an important part of understanding the attacks and defenses that we’ll explore later on.

Network topologies represent the physical side of the network, and they form part of the foundation of our overall system. Before we explore too far, the first thing you need to understand is that you must consider two opposing yet related concepts in this section: the physical layout of the network and the logical layout of the network. The physical layout of a network relates directly to the wiring and cabling that connects devices. Some of the common layouts we’ll cover are the bus, ring, star, mesh, and hybrid topologies. The logical layout of the network equates to the methodology of access to the network, the stuff you can’t readily see or touch, or the flow of information and other data. We’ll get to the logical side, but first let’s break down each physical design.

Bus The bus topology (Figure 2.1) lays out all connecting nodes in a single run that acts as the common backbone connection for all connected devices. As with the public transport of the same name, signals get on, travel to their destination, and get off. The bus is the common link to all devices and cables. The downside to its simplicity is its vulnerability; all connectivity is lost if the bus backbone is damaged. The best way to envision this vulnerability is to think of those strings of Christmas lights that go completely out when one light burns out or is removed. Although not seen in its purest form in today’s networks, the concept still applies to particular segments.

Ring Ring topologies (Figure 2.2) are as true to their names as bus layouts. Essentially the backbone, or common connector of the network, is looped into a ring; some ring layouts use a concentric circle design to provide redundancy if one ring fails. Each client or node attaches to the ring and delivers packets according to its designated turn or the availability of the token. As you can see in Figure 2.2, a concentric circle design provides redundancy; though a good idea, a redundant second ring is not required for the network to function properly. The redundant ring architecture is typically seen in setups that use Fiber Distributed Data Interface (FDDI).

Star The star layout (Figure 2.3) is one of the most common because of its ease of setup and isolation of connectivity problems should an issue arise. A star topology attaches multiple nodes to a centralized network device that ties the network together. Think of it as looking like an old-style wagon wheel or the wheels on a bike. The hub is the centerpiece of the wheel, and the spokes of the wheel are the legs of the star. The center could be a hub or a switch; as long as it acts as a central point of connection, you have a star topology. Stars are popular for numerous reasons, but the biggest reason has long been its resistance to outages. Unlike nodes in bus and ring topologies, a single node of a star can go offline without affecting other nodes. However, if the hub or switch joining everything together fails, then the network will fail.

Mesh A mesh topology (Figure 2.4) is essentially a web of cabling that attaches a group of clients or nodes to each other. It can look a little messy and convoluted, and it can also make troubleshooting a bear. However, this setup is often used for mission-critical services because of its high level of redundancy and resistance to outages. The largest network in the world, the Internet, which was designed to survive nuclear attack, is built as one large mesh network.

Hybrid Hybrid topologies are by far the most common layout in use today. Rarely will you encounter a pure setup that strictly follows the topologies previously listed. Our networks of today are complex and multifaceted. More often than not, current networks are the offspring of many additions and alterations over many years of expansion or logistical changes. A hybrid layout combines different topologies into one mixed topology; it takes the best of other layouts and uses them to its advantage. Figure 2.5 shows one possibility.

Gone are the days when an attacker could gain access to the flow of data
on a network only through the use of vampire taps and bus or other layouts. Today, rogue wireless access points, a lost smartphone, and a little social engineering can logically put any hacker right through the front door without actually obtaining physical access.

Working with the Open Systems Interconnection Model

No network discussion or network device explanation would be complete without a brief overview of the Open Systems Interconnection (OSI) model. Although this model may seem overly complex, it does have value in our later discussions of attacks, defenses, and infrastructure, as you will see. The OSI model is a general framework that enables network protocols, software, and systems to be designed around a general set of guidelines. Common guidelines allow higher probability of system compatibility and logical traffic flow. In other words, if we all play by the same rules, everyone will get along with as few errors as possible.

The OSI model, shown in the left side of Figure 2.6, has seven layers. As you read through each layer’s function, keep in mind that we are working our way through how data flows. Each layer is connected to the next; this concept will prove valuable as a reference for more advanced data analysis.

You may already have some experience with the OSI model or none at all.
If you are in the latter group, you may have avoided learning the model because it seems non-applicable to your day-to-day operations. But you must learn it, because it is essential to furthering your career—and to passing the exam.

The CEH exam will focus on your understanding of the OSI model as it
applies to specific attacks. General knowledge of the model and the stages of traffic flow within it will help you figure out what each question is asking. Using the OSI model as a reference when answering questions can help categorize the topic and help determine what technologies you are dealing with.

Layer 1: Physical The Physical layer consists of the physical media and dumb devices that make up the infrastructure of our networks. This pertains to the cabling and connections such as Category 5e and RJ-45 connectors. Note that this layer also includes light and rays, which pertain to media such as fiber optics and microwave transmission equipment. Attack considerations are aligned with the physical security of site resources. Although not flashy, physical security still bears much fruit in penetration (pen) testing and real-world scenarios.