Security+: Common Network Protocols and Services (SY0-401) [DECOMMISSIONED ARTICLE]
NOTE: This article reflects an older version of the Security+ Exam – please see the current Security+ Certification page for the most up-to-date information.
Communications and network security have become a crucial component of IT work, and IT professionals are now on the frontlines of cyber security. Network communication is a constantly evolving system, and IT professionals must maintain proficiency with the vast array of protocols that make up network architecture to ensure network security. The CompTIA Security+ Certification has become a worldwide standard for recognizing competency in IT security, and network protocols are a crucial component of this exam.
What protocols do I need to know for the Security+ exam?
There are so many protocols for network systems that studying this subject can seem overwhelming. However, the Security+ exam focuses on the most common network architectures: TCP/IP and OSI. In addition to these models, relevant topics to consider are the use of SAN (Storage Area Network) protocols and the various TCP and UDP ports.
TCP/IP Protocol Suite
TCP/IP stands for Transmission Control Protocol/Internet Protocol. TCP/IP is a network communication model comprised of layered protocols that govern communication within the network. There is no standard list of layers, but the three core layers are Application, Transport and Internet, which together make up the TCP/IP Protocol Suite.
- Application Layer Protocols: The Application Layer oversees application access to other network layers and sets the parameters for applications to exchange data on the network. There are several common Application Layer protocols:
- HTTP (Hypertext Transfer Protocol) is the backbone of data communication on the web and utilizes hypertext to enable communication between clients and servers. This protocol is a set of request/response rules for data transfer.
- FTP (File Transfer Protocol) is the established protocol for transferring files between hosts using the client-server model. FTP uses separate TCP connections for information and data transfers, which ensures that files are transferred reliably and efficiently.
- SMTP (Simple Mail Transfer Protocol) is an electronic mail transfer service based on FTP. Email servers use SMTP to send and receive messages and it can relay mail across networks.
- Telnet is another client-server protocol that utilizes terminal emulation for remote access to network hosts.
- DNS (Domain Name System) is a distributed directory service for network device names. It is used to translate domain names into IP addresses.
- Transport Layer Protocols: The Transport Layer allows for host-to-host communication over the network. It provides the Application Layer with session and datagram communication services. The Transport Layer relies on two core protocols:
- TCP (Transmission Control Protocol) is a connection-oriented communication service, and it sends data packets as segments. TCP keeps track of bytes sent versus bytes received to enable automatic retransmission of missing packets, which means TCP offers efficient flow control and full-duplex operation.
- UDP (User Datagram Protocol) is a simpler and less reliable protocol than TCP. UDP is typically used when only small amounts of data are being transferred or when the applications or other layers provide reliable delivery. UDP uses datagrams rather than segments to send data packets, which contain fewer bytes and consume less network overhead than TCP, so UDP does not offer flow control or error recovery functions.
- Internet Layer Protocols: The Internet Layer transports IP-based packets from host to host by forming an internet that utilizes gateways. This layer accepts data from the Transport Layer and either passes it to the end destination or the next layer. The Internet Layer has four core protocols:
- IP (Internet Protocol) is connectionless and is the primary communications protocol for transmitting datagrams across networks. It facilitates internetworking through gateway routing of packets. This protocol assigns IP addresses to host interfaces and runs the packets through the process of fragmentation and reassembly.
- ICMP (Internet Control Message Protocol) provides diagnostic and error reporting for network devices. ICMP messages are sent to announce network errors, such as unreachable hosts, and network congestion as well as timeouts. It can also assist with troubleshooting via Echo requests.
- IGMP (Internet Group Management Protocol) is a communications protocol used by IP hosts to report multicast group memberships. There are three different versions of IGMP, and the version determines the type of messages that are sent as IP datagrams. Membership Queries and Reports, as well as Leave Group messages, are the main components of this protocol.
- IPsec (Internet Protocol Security) is used to provide authentication and encryption for data packets sent over the network. This enables end-to-end security of all IP network application traffic.
A Storage Area Network (SAN) is a local network that transfers data between devices using block-level operations. The SAN allows storage devices to be visible on the operating system as locally attached devices. A SAN has a communication infrastructure that provides physical connections to the storage devices, as well as a management layer to organize the connections, storage elements and computer systems so data can be transferred securely and reliably.
There are many different SAN protocols, but some are more common, and they’re a good place to start for the Security+ exam:
- SCSI (Small Computer System Interface): Used to connect peripheral devices to computers, the SCSI is a parallel interface of electronic standards that allow for communication between devices and computers. These peripheral devices might be printers, disk drives, CD-ROM drives, or scanners among other things. SCSI provides faster data transfer than standard serial and parallel ports.
- ISCSI (Internet Small Computer Systems Interface): This protocol creates a SAN by using the SCSI protocol over a TCP/IP network to establish and manage connections between the IP storage devices, hosts, and clients. iSCSI allows for remote access by using the existing network structure.
- FCP (Fibre Channel Protocol): The Fibre Channel is a set of standards that outline a mechanism used to connect peripheral devices such as workstations, supercomputers, storage devices, mainframes and displays for high-speed, large-volume data transfers. The FCP is the interface protocol of SCSI using the Fibre Channel and is the most prominent SAN protocol.
- FCIP (Fibre Channel Over TCP/IP): This protocol defines mechanisms that allow individual SANs to create an integrated SAN group over IP-based networks. The FCIP entity encapsulates the Fibre Channel Frames and forwards them using TCP/IP. FCIP is not limited by distance like FCP because it uses the existing IP framework, and it keeps the Fibre Channel Fabric intact.
- iFCP (Internet Fibre Channel Protocol): Unlike FCIP, iFCP uses transparent gateway-to-gateway transmission of Fibre Channel Fabric functionalities over a TCP/IP network. Using TCP allows for error detection and recovery, as well as congestion control. The goal of iFCP is to have current Fibre Channel devices connected at wired speeds using an IP-based network.
- AoE (Advanced Technology Attachment over Ethernet): This is a low-cost protocol for building SANs over an Ethernet network. It is similar to iSCSI in that it provides reliable access to block storage devices; however, AoE is only accessible using Ethernet, not the Internet or IP-based networks. This makes it a much simpler and faster protocol than iSCSI.
What do I need to know about ports for the Security+ exam?
There are over 1,000 TCP and UDP ports, both logical and physical, but not all of them need to be memorized for the Security+ exam. Listed below are some of the more common ports and their purposes:
File Transfer Ports
- 20 – FTP: A TCP port that acts as the FTP server data port.
- 21 – FTP: A TCP port that acts as the FTP server command port.
- 443 – FTPS: A TCP port that uses SSL for secure FTP file transfer.
- 25 – SMTP: A TCP port for communication between mail servers.
- 110 – POP3: A TCP port used for retrieving email from a server.
- 143 – IMAP4: A TCP port used for retrieving email from a remote server.
- 53 – DNS: When serving requests, DNS uses UDP. DNS uses TCP on port 53 when making transfers or when the response is greater than 512 bytes.
- 80 – HTTP: A TCP port for HTTP client requests and the server’s response.
- 443 – HTTPS: A TCP port for secure HTTP client requests and the server’s response.
How does the OSI Model relate to the above?
In contrast to the more loosely structured TCP/IP Model, the OSI Model has a strict hierarchy of seven layers. The Open Systems Interconnection (OSI) Model is a top-down network model in which layers 7 through 4 are responsible for end-to-end communication, and layers 3 through 1 handle communication between network devices. Most network protocols are based on OSI standards, so it is very important to study this model and its structure for the exam.
- Layer 7 – Application Layer: This is the highest level in the OSI Model because it is closest to the end user. It is responsible for displaying received information to the user. It is similar to the TCP/IP Model, but the OSI defines specific standards for formatting and presenting data where the TCP/IP does not.
- Layer 6 – Presentation Layer: This layer is in charge of delivering and formatting data to the Application Layer to either be processed or displayed to the end user. This layer is not defined in TCP/IP. Protocols used in this layer include Telnet, NDR (Network Data Representation) and NCP (NetWare Core Protocol).
- Layer 5 – Session Layer: This layer is primarily responsible for session checkpointing and recovery. The Session Layer receives service requests from the Presentation Layer and sends services requests to the Transport Layer. TCP/IP manages sessions in the Transport Layer.
- Layer 4 – Transport Layer: The Transport Layer in the OSI Model functions similarly to the TCP/IP Model, but the latter takes on the work of the OSI Session Layer as well. Protocols used in this layer include FCP, SCTP (Stream Control Transmission Protocol) and DCCP (Datagram Congestion Control Protocol).
- Layer 3 – Network Layer: The Internet Layer of the TCP/IP is closely related and often equated to the OSI Network Layer. This layer determines how information is communicated between devices, but the TCP/IP Internet Layer only describes Internet architecture, whereas the OSI Network Layer applies to multiple types of network architecture. Protocols in this layer include ICMP, IGMP, IPsec, and DDP (Datagram Delivery Protocol).
- Layer 2 – Data Link Layer: As one of the lowest levels in the OSI Model, the Data Link Layer is in charge of framing and transferring data between network devices, but not across networks. This layer can also detect packet transmission errors that might occur at the lowest level. The TCP/IP Model often includes a Link Layer that is used to connect local hosts on the network, which is a combination of OSI Layer 1 and 2.
- Layer 1 – Physical Layer: This is the lowest, but also the most complex, OSI layer because it deals with hardware transmission technologies, which vary between networks. This layer prescribes the process of transmitting raw bits instead of logical units of data over a physical connection. The TCP/IP Model does not supervise physical interfaces, so there is no equivalent to the Physical Layer of OSI.
An easy way to remember the different layers of the OSI model is to come up with a mnemonic. A popular one is “Please Do Not Touch Steve’s Pet Alligator,” with each first letter standing for the name of the layers as seen above (Layer 1 – Layer 7).
There is much to learn when it comes to network protocols and services, but the information here provides a solid introduction to the materials likely to be on the Security+ exam. For additional Security+ preparation, check out the InfoSec Institute's official comptia security+ training.
Network protocols handbook. [electronic resource]. (2007). Saratoga, CA.: Javvin Technologies., c2007.