DNS, DHCP, Web, Email, Management, and VPN Basics

Tie Services to Symptoms

Network services are easiest to recall when linked to user complaints. "I reach 10.20.30.40 but not portal.company.test" — think DNS. "Connected to Wi-Fi but no valid address" — think DHCP. "The app works but browsers warn users" — think HTTPS certificate. "An internet address is hitting TCP 3389" — think RDP exposure.

DNS

The Domain Name System (DNS) resolves names to addresses. Know the record types:

DNS uses UDP 53 for ordinary queries and TCP 53 for zone transfers or large responses. Threats include spoofed responses (cache poisoning), unauthorized zone transfers, typosquatting, and malware command-and-control lookups. Troubleshooting rule: when direct IP access works but name access fails, DNS is the prime suspect.

DHCP

Dynamic Host Configuration Protocol (DHCP) automatically assigns an IP address, subnet mask, default gateway, DNS server, and a lease time. The four-step flow is Discover, Offer, Request, Acknowledge (DORA). DHCP cuts manual errors but introduces risk: a rogue DHCP server can hand clients a malicious gateway or DNS server, silently redirecting traffic. If one VLAN gets leases and another does not, check the DHCP relay (IP helper), scope configuration, VLAN tagging, or an access rule blocking UDP 67/68.

Web and Email

HTTP carries web traffic with no built-in encryption. HTTPS wraps it in TLS for confidentiality, integrity, and server authentication via certificates. A certificate warning signals expiration, a name mismatch, an untrusted issuer, or interception (a possible man-in-the-middle). Simple Mail Transfer Protocol (SMTP) moves mail between servers; email security usually hinges on phishing, spoofed sender domains, malicious attachments, and links rather than SMTP mechanics. The mail-authentication trio lives in DNS TXT records: SPF (authorized senders), DKIM (cryptographic signing), and DMARC (policy and reporting).

Administration and Monitoring

SSH is for secure command-line administration. RDP gives graphical remote desktop access and must be restricted because exposed RDP is a top intrusion path. SNMP monitors devices; legacy versions use cleartext community strings, while SNMPv3 adds authentication and encryption. FTP transfers files but is unsuitable for sensitive data without a secure replacement. Expect "choose the safer protocol" items: SSH over Telnet, HTTPS over HTTP, SFTP over FTP, SNMPv3 over SNMPv2c.

VPN Basics

A Virtual Private Network (VPN) builds an encrypted tunnel across an untrusted network. Remote-access VPNs connect individual users to organizational resources; site-to-site VPNs connect whole networks (branch to headquarters, or cloud to data center). A tunnel does not make everything safe — the user still needs authentication (ideally MFA), the endpoint may need posture checks, and routing and internal DNS must be correct. Split tunneling sends only selected traffic through the VPN (saves bandwidth, raises risk if the endpoint is compromised); full tunneling sends all traffic through it (more inspection, more load).

Scenario: Remote Worker Triage

A remote worker logs into the VPN, browses public sites, and reaches an internal server by IP, but cannot open the intranet by name. The tunnel is up, general internet works, and IP reachability works — so the clue is name resolution across the VPN. Check whether the VPN client receives the correct internal DNS server, whether the internal domain suffix is applied, and whether split DNS is configured. A second scenario: inbound attempts from many countries hit TCP 3389. The fix is not faster hardware — block RDP from the internet, restrict it to a VPN or management subnet, enforce MFA, and monitor failed logons.

The core CC skill is connecting service purpose to exposure risk.

Service-to-Symptom-to-Action Cheat Sheet

When time is short, match the clue to the fix:

DNS as an Attack Surface

DNS deserves extra attention because it is both essential and frequently abused. Cache poisoning plants a forged answer so users are sent to an attacker's address. DNS tunneling smuggles data or command-and-control traffic inside DNS queries to evade weak egress filtering. Domain Name System Security Extensions (DNSSEC) add cryptographic signatures so resolvers can verify that an answer is authentic and unmodified, mitigating spoofing. On the exam, "users are redirected to a fake bank site even though they typed the correct address" points to DNS poisoning or a malicious resolver, not a browser flaw.

VPN Protocols and Posture in Brief

Common VPN technologies include IPsec (often paired with IKEv2 for site-to-site and remote access) and TLS-based VPNs (such as SSL/TLS VPN portals). The transport varies, so do not anchor a VPN to a single port. What matters for CC is the chain of trust: strong authentication (preferably MFA), an endpoint posture check that confirms patch level and anti-malware before granting access, correct internal DNS delivery, and a deliberate split-versus-full tunnel decision.

A tunnel that is encrypted but lets a compromised, unpatched laptop bridge straight into the internal network has merely moved the risk inside the perimeter.