CompTIA Network+ Study Notes - Coming soon...€¦ · · 2016-12-31CompTIA Network+ Study Notes...
Transcript of CompTIA Network+ Study Notes - Coming soon...€¦ · · 2016-12-31CompTIA Network+ Study Notes...
1
Contents Introduction .............................................................................................................................................. 2
OSI and TCP/IP Models and Network Protocols ....................................................................................... 3
Addressing and Routing ............................................................................................................................ 5
Components and Devices ....................................................................................................................... 12
Installation and Configuration ................................................................................................................ 15
Cabling and Wiring .................................................................................................................................. 21
Wireless ................................................................................................................................................... 28
Network Management ............................................................................................................................ 33
Network Optimization ............................................................................................................................ 38
Network Security .................................................................................................................................... 42
Network Troubleshooting ....................................................................................................................... 52
2
Introduction
Everything in this document was created with the intention of aiding a person pass the CompTIA
Network+ N10-005 Exam. All information was generated from the following sources:
Personal knowledge and experience
Wikipedia
www.techexams.net
CompTIA Network+ N10-005 Authorized Exam Cram (4th Edition)
o Author: Emmett Dulaney & Michael Harwood
o Publication Date Dec 29 201
o ISBN-10: 078974905X
o ISBN-13: 978-0789749055
3
OSI and TCP/IP Models and Network Protocols King Model
King Layer OSI DoD/TCP Encapsulation Decapsulation PDU
Scribe 7 Application Application ↓ ↑
Translator 6 Presentation - ↓ ↑
Lawyer 5 Session - ↓ ↑
Middle Manager 4 Transport Transport ↓ ↑ Segment Port, Seg
Mail Rom 3 Network Internet ↓ ↑ Packet Src/Dst IP
Envelope Stuffer 2 Data Link Network ↓ ↑ Frame Src/Dst MAC
PnD 1 Physical - ↓ ↑ Bit 1010101
Scribe Writes message and provides a service
Translator Correctly formats, may encrypt
Lawyer Negotiates the conversation between king and others and sets up the deal.
Mid Manager Uses reliable or unreliable method for sending message (regular mail vs register)
Mail Room Adds a label with street and house numbers (logical addressing)
Envelope Stuffer Adds a label for mailbox # (physical address), puts message in correct envelope
P’n’D Actual message begins to be sent over the road
Each Layer of OSI adds headers
o Network Adds IP Information
o Data Link adds Physical Address
TCP/IP is the dominant Protocol Suite for OSI
Transport layer will segment messages if required
HUB is a Reaper of Bits
Switches memorize source MAC Address, builds MAC address table
o If it doesn’t recognize source MAC, will forward to all active ports (vulnerability)
Multi Layer Switch makes forwarding decisions based on L2 or L3, MAC or IP
EUI-64 - Way of creating a 64 bit host in IPv6 L2 Address with bits available from MAC Address
Encryption is presentation layer in OSI or application in TCP. Can also have L2, L3 or L4 encryption
DNS
HOSTS is the system used before DNS. Reserved host names to IP. Still in use.
o Commonly began with #
Resolver a system that asks DNS servers or DNS client for a hostname-to-IP address mapping.
DNS vs DDNS (Dynamic DNS)
o DNS requires manual changes to entries
o DDNS is newer, enables to be dynamically registered with the DNS server
4
Top Level Domain Name Purpose
.COM Commercial Organizations
.EDU Educational Organizations
.GOV U.S Government
.NET Network Providers / Centers
.ORG Not for Profit Organizations
.MIL Military
.ARPA Reserve DNS look up
.DE Country Specific
DNS primary function is to resolve hostnames to IP. You can also have DNS resolve IP to hostnames
through a reverse look up, this uses PTR
Start of Authority (SoA) is a record of information containing data on DNS zones and other DNS
records. A DNS zone is a part of a domain for which an individual server is responsible. Each zone
contains a single SoA record
Name Server (NS) maintains a list of hostnames that match IP addresses
Canonical Name (CNAME) stores additional host names or aliases for hosts in the domain
Pointer (PTR) is a pointer to the canonical name, which is used to perform a reverse DNS lookup,
which case the name is returned when the query originates with an IP address
IPv6 (AAAA) stores information for IPv6 (128 bit) addresses. Used to map hostnames to an IP
address for a host
Mail Exchange (MX) stores information about where mail for the domain should be delivered
SNMP
Involves central device for monitoring and management
o Agents on devices allow it to work
Messages sent to central manager are called Traps
3 commands in SNMP: Get, Get Next, Set
Management Information Bases (MIB)
o Databases of information to define what parameters are accessible and which are
read only
o MIB creation controlled by ISO
SNMP Community is a logical grouping of systems
o When part of a community, a system only communicates with other devices that
have that community name
Typically 2 communities by default; Public (read only) and Private (read & write)
SNMPv3 now supports authentication and encryption
DHCP
PC with DHCP sends out DHCPDISCOvER packet. Server picks it up and sends back a DHCPOFFER
o Both of these are sent by broadcast
PC accepts by packet DHCPREQUEST. Server sends back DHCPACK. PC receives and starts up TCP/IP
5
In DNS suffixes define the DNS servers to be used and in which order. DHCP can push a domain
suffix search list to DNS clients. When this occurs, only that list is used for name resolution
Linux clients, this can occur by specifying entries in the resolve.conf file
DHCP - "DORA" o Discovery o Offering o Request o Acknowledge
DHCP Provides IP, subnet, gateway, DNS and advanced options o Discovery: Client PC broadcasts out into the network in order to find a DHCP server o Offering: DHCP server sends out a unicast "offering" of an IP address to the client PC o Request: Client PC broadcasts to all servers that it has accepted the offer o Acknowledge: DHCP Server sends out a final unicast to the client that includes IP
information the client will use
Renewing a lease requires only Request and Acknowledge
Addressing and Routing Public IP
Class IP Range (1st Octect)Default Subnet Mask Network/Node Total # of NetworksTotal # of Useable Addr.
A 0-127 255.0.0.0 Net.Node.Node.Node 2^7 or 128 2^24-2 or 16,777,214
B 128-191 255.255.0.0 Net.Net.Node.Node 2^14 or 16,384 2^14-2 or 65,534
C 192-223 255.255.255.0 Net.Net.Net.Node 2^21 or 2,097,11512^8-2 or 254
D 224-239 N/A N/A N/A N/A
E 240-255 N/A N/A N/A N/A
Private IP
Class Start of Range End of Range
A 10.0.0.0 10.255.255.255
B 172.16.0.0 172.31.255.255
C 192.168.0.0 192.168.255.255
Class A only has one private network. Class B & C have multiple
APIPA - Class B 169.254.0.0
IPv4-mapped addresses look like ::ffff:192.168.1.1 o First 80 bits set to 0, next 16 set to ffff, last 32 bits done in IPv4 fashion
IPv6 o 128 Bit divided into 16 bit blocks, each shown by a four digital hex number o Protocols - ISATAP, Teredo, 6to4 o Loopback
0:0:0:0:0:0:0:0 or 0:0:0:0:0:0:0:1 o leading zeroes in an address can be omitted
2001:0db8:85a3:0000:0000:8a2e:0370:7334 2001:db8:85a3:0:0:8a2e:370:7334
6
o One or more consecutive groups of zero value may be replaced with a single empty group using two consecutive colons (::) - ONCE -
2001:db8:85a3::8a2e:370:7334 o How to tell how many bits are being truncated?
Count the visible blocks – 2001:4000::3 – there are 3 visible blocks (2001,4000,3)
Subtract visible blocks from 8 and multiply by 16
(8-3) * 16 = 80 bits are being truncated in 2001:4000::3
Stateful vs Stateless o Stateful refers to IP auto configuration in which the admin do not need to manually input IP
information o Stateless refers to devices that obtain address information from a server
0.0.0.0 o If a system does not support APIPA and cannot get an IP from a DHCP server it will assign
itself 0.0.0.0
TCP/IP minimum is IP address and subnet mask
MAC Addresses o 48 Bit or 6 Bytes
First 3 bytes identify the manufacturer of the card, the OUI Last 3 bytes are called the Universal LAN MAC address, making the interface unique
o Methods of Viewing the MAC Addresses of NICS
Platform Method
Windows 2003/2008/XP/Vista/7 Enter ipconfig /all at a command prompt
Linux/some Unix Enter the ifconfig -a command
Novell Netware Enter the config command
Cisco Router Enter the sh int interface name command NAT & PAT
PAT o Variation of NAT, all systems on the LAN are translated to the same IP address but with a
different port number assignment o Used when multiple clients want internet access and not enough public IP addresses are
available o Enables nodes on a LAN to communicate with the internet without revealing their IP
Address. All outbound IP communications are translated to the router’s external IP address. Replies come back to the router that then translates them back into the private IP address of the original host for final delivery
NAT o Static NAT (SNAT) direct maps a private IP address to a static unchanging public IP address o Eg; Mail server – 10.0.0.2 to 206.186.131.3
Comparing IPv4 and IPv6 Addressing
7
Address Feature IPv4 Address IPv6 Address
Loopback address 127.0.0.1 0:0:0:0:0:0:0:1 (::1)
Network-wide addresses IPv4 public address ranges Global unicast IPv6 addresses
Private network addresses 10.0.0.0 Site-local address ranges (FEC0::)
172.16.0.0
192.168.0.0
Autoconfigured addresses IPv4 APIPA (169.254.0.0) Link-local addresses of the FE80:: prefix
IPv6 Address Types
Unicast IPv6 Addresses o Global Unicast Addresses
Equivalent of IPv4 Public Addresses. These addresses are routable and travel throughout the network
o Link-local Addresses Designated for use in a single local network Automatically configured on all interfaces Comparable to APIPA Prefix is Fe80::/64
Fe80:: is a private link-local On a single-link IPv6 networks with no routers, link-local addresses are used to
communicate between devices on the link o Site-local Addresses
Equal to IPv4 Private IP space Routers do not forward site-local transmissions Not auto assigned Prefix is FEC0::/10
Multicast IPv6 Addresses o Similar to IPv4 Addresses, multicasting sends and receives data between the groups of
nodes. Sends IP messages to that group rather than to every node on the LAN (Broadcast) or just one node (unicast)
Anycast Addresses o Represent the middle group between unicast and multicast addresses, Anycast can deliver
messages to any one node in the multicast group
The network address is where all of the host bits are set to 0
First octet always determines the class of address, despite what subnet is assigned
Number of Assignable IP Addresses in a subnet: (2^h - 2) o Where h is the number of host bits in a subnet mask
Number of created Subnets formula: (2^s) o Where s is the number of borrowed bits o Check first octet to determine class, any subnet # higher than classful (8 A,16 B,24 C) are
borrowed bit
Multiple subnets create more broadcast domains which in turn reduces network wide broadcast
traffic
8
Subnetting does not increase the number of IP addresses available. It increases the number of
network IDs and, as a result, decreases the number of node IDs per network. It also creates more
broadcast domains. Broadcasts are not forwarded by routers, so they are limited to the network on
which they originate
Address Types
Unicast
o Point to Point address link
o A single address is specified
Broadcast
o Goes to all devices on the network
o IP address used to target all systems on a subnet or network
Multicast
o Mechanism by which groups of devices can send and receive data between the members of
the group at one time
o Grouped by configuring each device with the same multicast IP address
Ports
Range Category Type Description
0-1023 Well Known Ports Common Protocols
1024-49,151 Registered Ports Vendor for Proprietary Apps
49,151-65,535 Dynamic & Private Ports Apps can use but can't register
9
Port # Protocol Full Name
TCP Ports
21 FTP File Transfer Protocol
22 SSH Secure Shell
23 Telnet Terminal Network
25 SMTP Simple Mail Transfer Protocol
80 HTTP Hyper Text Transfer Protocol
88 Kerberos Kerberos
110 POP3 Post Office Protocol V3
119 NNTP Network News Transfer Protocol
137-139 NetBios NetBios Name Datagram
143 IMAP Interet Message Access Protocol
389 LDAP Lightweight Directory Access Protocol
443 HTTPS HTTP Secure (SSL/TLS)
445 SMB Server Message Block
1701 L2TP Layer 2 Tunneling Protocol
1723 PPTP Point to Point Tunneling Protocol
UDP Ports
53 DNS Domain Name System
67 DHCP Client
68 DHCP Server
69 TFTP Trivial File Transfer Protocol
161 SNMP Simple Network Management Protocol
3389 RDP Remote Desktop Protocol
Routing
Route print can be used to view the routing table on a client system
Route add adds a static route (gone after restart)
Route add –p adds a persistent static route (permanent)
Distance Vector
o Routing Information Protocol (RIP & RIPv2)
RIP
Limited to 15 hops
Request router updates every 30 seconds
No authentication
RIPv2
Added Authentication
Changed from a network wide broadcast discovery method to a multicast
method to reduce overall network traffic
Limited to 15 hops to maintain compatibility with RIP
o Enhanced Interior Gateway Routing Protocol (EIGRP)
10
Enables routers to exchange information more efficiently than earlier
network protocols
Uses neighbor routers to help determine routing information
Keep copies of neighbor router tables to help find best possible route
Uses Diffusing Update Algorithm (DUAL) to determine best route
o Border Gateway Protocol (BGP)
Often associated with the internet
Communicates between the routers using TCP
Examines routing table with routers and their paths and a cost metric
associated with the path to each router to find the best available route
Convergence
o The time it takes for routers to learn and accommodate a routing change
o Slow convergence can cause routing loops, combat with two techniques
Split Horizon
Prevents the router from advertising a route back to the router from which
it was learned
Poison Reverse
Dictates that the route is advertised back on the interference in which it was
learned but with a hop count of infinity, which tells the node that it is
unreachable
Three issues with Distance Vector Protocols
o The periodic update system can make the update process slow
o The periodic updates can create large amounts of network traffic – much of the time
unnecessarily, because of the network’s topology should rarely change
o Routers only know about the next hop, incorrect information can be propagated between
routers creating routing loops
Link-State Routing
o Router builds map of entire network and holds it in memory
o Routers send link-state advertisements (lists) that have information about the networks to
which they connect
o When a router map is complete, routers update each other – like the distance vector but
less frequently
o Also an update when there is a change in network topology, uses lists to detect and update
their routing
o Convergence is much quicker on a link-state network
o Distance Vector routers keep a small database of routes accessible by routers directly
connected – Link-state must maintain database of all routes in the entire network
o Link-state protocols
Open Shortest Path First (OSPF)
Protocol based on Shortest Path First (SPF) algorithm to find the least cost
path to any destination in the network
11
Intermediate System-to-Intermediate System (IS-IS)
Protocol discovers shortest path using SPF algorithm
Distribute topology information to other routers, enabling them to make
best path decisions
o OSPF is more often used in medium-large enterprise network because of tunnel features
o IS-IS more often used in large ISP networks because of stability features and it can support
more routes
IGP vs EGP
o IGP
Identifies protocol used to exchange routing information between routers within a
LAN or inter-connected LANs
IGPs fall into two categories: distance-vector protocls RIP, IGRP and link-state, OSPF,
IS-IS
o EGP
Used to route information outside the network
On the internet, EGP is required
EGP is a distance-vector protocol commonly used between hosts on the internet to
exchange routing table information
BGP is an example of EGP
Routing Metrics
o Hop Counts
The number of hops necessary to reach a node. A hop count of infinite means the
route is unreachable
o Maximum Transmission Unit (MTU)
Defines the largest data unit that can be passed without fragmentation
o Bandwidth
Specifies the maximum packet size permitted for internet transmission
o Costs
The numbers associated with traveling from point A to Point B, lower the cost the
more favorable the route is
o Latency
Amount of time it takes for a packet to travel from one location to another
Power over Ethernet
o Key Advantage: centralized management of power
Eg; remote device require its own UPS and power supply
Spanning Tree Protocol (STP)
o When multiple paths are available between devices on an Ethernet network, switching loops
can occur
Switching loop is the result of having more than one path between two switches
STP designed to prevent these loops
12
o STP used with network bridges and switches, with Spanning Tree Algorithm STP avoids or
eliminates loops on a L2 bridge
o STP refers to Layer 2
o STP uses bridge protocol data units (BPDUs) to identify the status of ports and bridges
across the network
BPDUs are simple data messages exchange between switches; BPDUs contain
information on ports and provide the status of those to other switches.
If BPDU message finds a loop in the network it is managed by shutting down a
particular port or bridge interface
Redundant paths and potential loops can be avoided within ports in several ways:
Blocking – A blocked port accepts BPDU messages but does not forward
them
Disabled – The port is offline and does not accept BPDU messages
Forwarding – The port is part of the active spanning tree topology and
forwards BPDU messages to other switches
Learning – In a learning state, the port is not part of the active spanning tree
topology but can take over if another port fails. Receive BDPUs and identify
changes top topology when made
Listening – Receives BPDU messages and monitors for changes to the
network topology
Trunking
o Use of multiple network cables or ports in parallel to increase link speed between switches
o Similar to link aggregation
o VLAN Trunking
The application of trunking to the VLAN
Provides simple and cheap way to offer nearly unlimited number of virtual network
connections
Requires that Switch, NIC and OS drivers support VLAN
VLAN Trunking Protocol (VTP) is proprietary to Cisco
Port Mirroring
o Admin set port to mirror all traffic on another port for analysis, monitor inbound/outbound
Components and Devices Hubs
o Passive hub forwards signals
o Active hub regenerates signal before forwarding
Firewall
o Can protect internal networks and control access between specific network segments
Media Converter
o Allows companies to use existing infrastructure while keeping pace with changing
technologies
13
NIC
o Consider: Driver, configuration utility, system resource, physical slot, built in/on board
Switch
o 3 switching methods
Cut-Through
Packet forwarded as soon as it arrives. Method is fast, but can pass on
errors because of no error checking
Store and Forward
Entire packet is received and error checked,
Upside is no errors are passed through the network
Downside is the process is considered slow
Fragment Free
Combines elements of both previous methods
Enough of packet is read to determine collision status, as soon as it’s
confirmed packet is moved on
o The ports on which a PC connect are called Medium Dependent Interface Crossed (MDI-X)
This allows a straight through patch cable to be used to the device
o Medium Dependent Interface ports are used to connect switches, if not available a cross-
over cable can be used from a regular port on one switch to one on another
AP
o An AP can operate as a bridge connecting a standard wired network to wireless devices on a
router passing data transmissions from one access point to another
o Can be a switch, DHCP server, router or firewall
o Works on Layer 2
Bridges
o Transparent Bridge
Block/forward based on MAC
o Source Route Bridge
Used in token ring networks
o Translational bridge
Convert one networking data format to another, such as from token ring to Ethernet
Bandwidth Shaper
o Can monitor traffic to find peak times
o Traffic shaping describes the mechanism to control bandwidth usage on the network
Content Filter
o Any software that controls what a user is allowed to pursue, most often associated with
websites
o Can be applied as software to clients(client-side filter), on a proxy server on the network
(server-side filter), at the ISP or even within the search engine itself
Load Balancer
o Can be hardware or software
14
o Technique to balance the workload between several servers
o Increases network performance, reliability and availability
Multilayer Switch
o Operates on Layer 2 and Layer 3
o Supports same routing protocols as routers
o Regular switch functionality and it can direct traffic within a LAN, it can forward between
subnets
o Can operate as switch or router
Content Switch
o Scans data and decides where the content is intended to go. Eg; SMTP -> Mail server
o Can distribute work load. Eg; several mail servers
o Often called Load-Balancing Switch
Proxy Server
o Greatest asset is Caching
o Reduces bandwidth
o Managed through Access Control Lists
VPN Concentrator
o Increases remote security
Network Device Summary
Device Description Key Points
Hub Connects devices on an Ethernet twisted-pair network
A hub does not perform any tasks besides signal regeneration
Switch Connect devices on a twisted-pair network
A switch forwards data to its destination by using the MAC address embedded in each packet
Bridge Connects LANs to reduce overall network traffic
A bridge enables data to pass through it or prevents data from passing through it by reading the MAC address
Router Connects networks A router uses the software-configured network address to make forwarding decisions
Gateway Translates from one data format into another
Gateways can be hardware or software based. Any device that translates data formats is called a gateway
CSU/DSU Translates digital signals used on a LAN into those used on a WAN
CSU/DSU functionality is sometimes incorporated into other devices, such as a router with a WAN connection
Modem Provides serial communication capabilities across phone lines
Modems modulate the digital signal into analog at the sending and perform the reverse function at the receiving
Network card Enables systems to connect to the network
Network interfaces can be add-in expansion cards, ExpressCards, or built-in interfaces
Media Converter
Interconnects older technology with new
A media converter is a hardware device that connects newer Gigabit Ethernet technologies with older 100BaseT networks or older copper standards with fiber
Firewall Provides controlled data access Firewalls can be hardware or software based. They are
15
between networks an essential part of a network’s security strategy
DHCP Server Automatically distributes IP information
DHCP assigns all IP information, including IP address, subnet mask, DNS, gateway and more
Multilayer Switch
Functions as a Switch or Router Operates on Layers 2 and 3 of OSI as a switch and can perform router functionality
Content Switch
Forwards data be application Content switches can identify and forward data by its port and application
Load Balancer
Distributes network load Load balancing increases redundancy by distributing load to multiple servers
Multifunction Devices
Combines network services These are hardware devices that combine multiple network services into a single device, reducing cost and easing administrative difficulty
DNS Server Provides name resolution from hostnames to IP addresses
A DNS server answers clients’ requests to translate hostnames into IP addresses
Bandwidth Shaper
Manages network bandwidth The bandwidth shaper monitors and controls bandwidth usage
Proxy Server Manages client internet requests Services two key network functions: increases network performance by caching and filters outgoing client requests
Virtual Desktops
o Often called Virtual Desktop Interface (VDI)
o VDI is the same as hosting an operating system within a virtual machine
Virtual Switches
o Regularly used with VLAN
o Can provide direct channel to the virtual Ethernet adapters for configuration information,
avoiding the need for unicast addresses or IGMP to learn multicast group membership
Virtual PBX
o “Cloud” Phone system that incorporates VOIP
Network as a Service (NaaS)
o Pay as you go network model
o OpenStack is an open source NaaS implementation
Installation and Configuration Demarcation Point
o Where the service providers responsibility ends and the SOHO responsibility begins
Cable Modem Lights
o 1. Power 2. Receive 3. Send 4. Online 5. Activity
o Many SOHO routers close ICMP by default
Switching Methods
o Packet Switching
Messages broken into packets, each assigned src/dst/intermediate node. Packets
require this because they don’t always all use the same route
16
This is called independent routing
o Advantage is going around high traffic areas
Most popular switching method, used on most WANs
Due to the ability to take multiple paths, receiving devices will sometimes have to
wait to resconstruct data
Two types of Packet Switching
Virtual Circuit Packet Switching
o Creates logical connection between source and destination device
o After sending process complete line can be closed
Datagram Packet Switching
o Does not create logical connection
o Packets sent independently
o Mainly used on the internet
o Circuit Switching
Requires dedicated physical connection between sending and receiving device
If either side disconnects the circuit is broken and data path lost
Advantage is it is well suited for PSTN & ISDN
Advantage of guaranteed connection means guaranteed rate of transfer
Disadvantage is it’s inefficient, can have one connection at a time and long delays
ISDN
o Alternate to slow modem WAN connections but at a higher cost
o Enables voice and data over same physical connection
o Basic rate ISDN (BRI) is 128 Kbps with two equal B channels of 64 Kbps and one 16 Kbps D channel for timing
o Primary rate ISDN (PRI) is 1.536 Mbps, runs on a T1 circuit. PRI has 23 equal 64Kbs B channels for data, one 64 Kbps D channel for timing
Characteristic BRI PRI
Speed 128Kbps 1.544Mbps
Channels 2B+D 23B+D
Transmission Carrier ISDN T1
T-Carrier Lines
o DS3 and T3 are the same thing
o Know T1 and T3 speeds for exam
o T3 are dedicated high capacity circuits, very expensive
Carrier System USA Japan Europe
Level 0-DS0 64 Kbps 64 Kbps 64 Kbps
Level 1-DS1 1.544 Mbps - T1 1.544 Mbps - J1 2.048 Mbps - E1
Level 3-DS3 44.736 Mbps - T3 32.064 Mbps - J3 34.368 Mbps - E3
Level 4-DS4 274.176 Mbps - T4 97.728 Mbps - J4 139.264 - E4
SONET/OCx
17
o Fiber optic WAN technology
o Synchronous Digital Hierarchy (SDH) is similar to SONET but European
o PON is a passive optical network
Uses unpowered optical splitters to split fiber so it can service different locations
Brings fiber to the curb, building or home
OLT optical line termination and ONU optical network units can be combined to be
known as wavelength division multiplexing (WDM-PON)
Dense wavelength division multiplexing (DWDM)
This method replaces SONET/SDH regenerations with erbium doped fiber
amplifiers (EDFAs)
Can amplify the signal to allow it to travel greater distance
Main Components are
o Terminal Multiplexer
o Line Repeater
o Terminal Demultiplexer
X.25
o Works well on many different kinds of networks and traffic
o Advantage it is a global standard
o Disadvantage is its maximum data rate of 64Kbps
o Uses packet switching technology
o PAD is required at both ends of a X.25 connection
Frame Relay
o WAN Protocol that operates at L1 and L2 of OSI
o Enables data transmission intermittent traffic between LANs and between endpoints in a
WAN
o Packet switching technology that uses variable length packets
o Less overhead than X.25
o Built on PVC for end to end communication
Therefore not dependent on best route
o Can implement on several WAN technologies including 56Kbps, T1, T3 and ISDN
o All devices in Frame Relay WAN fall into two primary categories
Data Terminal Equipment (DTE)
End-to-end systems, servers, routers, bridges and switches
Data Circuit-Terminating Equipment (DCE)
Equipment owned by carrier
Provides switching service for the network and therefore responsible for
actually transmitting data through the WAN
o Two types of virtual circuits
PVC – Permanent Dedicated virtual link shared in a Frame Relay network
SVC – Temporary virtual circuit, established and maintained only for duration of
data transfer
18
Asynchronous Transfer Mode (ATM)
o Commonly used as a backbone
o Packet-switching technology that can range from 1.544Mbps to 622Mbps
o Fixed-length packets or cell that are 53 bytes long, 48 for data 5 for header
o Uses PVC and SVC
o Can be used with Fiber
WAN Technologies Summary
WAN Technology Speed Supported Media Switching Method Key Characteristics
ISDN BRI: 64Kbps – 128Kbps PRI: 64Kbps – 1.5Mbps
Copper / Fiber Optic Can be used for circuit-switching or packet-switching connections
ISDN can be used to transmit all types of traffic; voice, video and data. BRI uses 2B+D channels; PRI uses 23B+D channels. B Channels are 64Kbps. ISDN uses the public network and requires dial-in access
T-carrier (T1,T3) T1: 1.544Mbps T3: 44.736Mbps
Copper / Fiber Optic Circuit Switching T-carrier is used to create point-to-point network connections for private networks
ATM 1.544Mbps to 622Mbps Copper / Fiber Optic Cell switching ATM uses fixed cells that are 53 bytes long
X.25 56Kbps/64Kbps Copper / Fiber Optic Packet Switching X.25 is limited to 56Kbps. X.25 provides a packet-switching network over standard phone lines
Frame Relay 56Kbps to 1.544Mbps Copper / Fiber Optic PVCs and SVCs Frame Relay is a packet-oriented protocol, and it uses variable length packets
SONET/OCx 51.8Mbps – 2.4Gbps
Fiber-Optic N/A SONET defines synchronous data transfer over optical cable
Asymmetrical DSL
o High data rate in any one direction down OR up (usually down)
o Uses Plain Old Telephone Service (POTS)
High Bit Rate DSL
o Identical data rates in both directions
o Does not allow line sharing with analog phones
Symmetric DSL (SDSL)
o Identical data rates in both directions
o More suitable for business applications, web hosting, intranets
o Not commonly found in SOHO
o Cannot share a phone line
ISDN DSL (IDSL)
19
o Symmetric DSL used in environments where SDSL and ADSL are unavailable
o Does not support analog phones
Rate-Adaptive DSL (RADSL)
o Variation of ADSL that can modify its transmission speed based on signal quality
o Supports line sharing
Very High Bit Rate DSL (VHDSL or VDSL)
o Asymmetric version of DSL
o Supports high bandwidth applications such as VoIP, HDTV
o Fastest available form of DSL
o Uses Fiber
o Can share a telephone line
*speeds will vary depending on technologies used and quality of connection
DSL Variation Upload Speed Download Speed
ADSL 1Mbps 3Mbps
SDSL 1.5Mbps 1.5Mbps
IDSL 144Kbps 144Kbps
RADSL 1Mbps 7Mbps
VHDSL 1.6Mbps 13Mbps
HDSL 768Kbps 768Kbps
DSL Troubleshooting Procedures (from first step (top) to last step (bottom))
Physical Connections
DSL Line, local network, Modem power
NIC
Check cable, LED
Drivers
Latest and most up to date driver
Protocol Configuration
Check IP, release and renew as needed
DSL LEDs
Cable Internet
Modem is equipped with MDI-X port, therefore straight through cable to Router or PC
Disadvantage can be the speed during peak periods due to shared bandwidth
Cable Troubleshooting Procedures (from first step (top) to last step (bottom))
Check the user’s end
All cables plugged in, check auxiliary equipment (hub / switch are functional)
Check the physical connections
Check all connections on the modem
Ensure that the protocol configuration on the system is valid
Check IP, release and renew as needed
Check the indicator lights on the modem
Cycle the power on the modem
Call the technical support line
20
Plain Old Telephone Service Troubleshooting Procedures
If the user can’t dial out:
Check physical connections
Check that the line has a dial tone
If the user can dial out but cannot connect to the network:
Make sure the user is dialing the correct number
Call the ISP
Check the modem speaker for busy signal
If the user can dial out and can get a connection but then is disconnected:
Make sure the modem configuration is correctly configured
Most common modem configuration is 8 data bits, 1 stop bit, no parity
(commonly called eight-one-none)
Check the username and password
Verify that the connection settings are correct
Make sure that the user has not exceeded a preset connection time
Try specifying a lower speed for the connection
If money is a major concern, the PSTN is method of choice for creating WAN
56Kbps with a modem
128Kbps with ISDN
Satellite
2048Kbps down and 512 Kbps up
Advantage is it’s portable and available anywhere
Disadvantage is high latency and cost
Two systems
One-way
Send outgoing requests on phone line and receive on satellite
Two-way
Provides up and downstream
Both use satellite card and dish
Are Asymmetrical
Satellite Troubleshooting Procedures
Rain Fade – Signal loss due to atmospheric interference
Latency
Line of Sight
Wireless Internet Access
Peak Upload Speed Peak Download Speed
LTE 50Mbit/s 100Mbit/s
WiMax 56Mbit/s 1Gbit/s
On exam associate HSPA+ with 3G and LTE/WiMax with 4G
21
Wireless Internet access provided by Wireless Internet Service Provider (WISP)
o WISP provides public wireless internet access known as hotspots
Cabling and Wiring Baseband Transmissions
o Use digital signaling over a single wire
o Bidirectional but not at the same time
o Uses Time Division Multiplexing (TDM) to send multiple signals on a signal cable, changes
how data is placed on the cable
o Most networks use baseband transmissions
Broadband Transmissions
o Analog
o To send and receive the medium must be split into two channels
o Multiple channels are created using Frequency Division Multiplexing (FDM)
o FDM allows broadband media to accommodate traffic going in different directions on a
single medium at the same time
Broadband over Power Lines (BPL)
o Typically reserved for home use
o HomePlug Powerline Alliance provides specified used for most implementations
Worked with IEEE to create
IEEE 1901 – For high-speed communication devices
IEEE 1905 – For hybrid home networks (blu ray players, top boxes etc)
o For exam, equate HomePlug with Broadband over Power lines
Simplex Mode
o Enables one-way communication of data through the network, with the full bandwidth of
the cable used for the transmitting signal
o Of little use on LANs, rarely used
Half-Duplex Mode
o Accommodates transmitting and receiving on the network but not at the same time
o Many networks configured with Half-Duplex
Full-Duplex Mode
o Preferred mode for network communication
o Devices configured for full-duplex can simultaneously transmit and receive
o 100Mbps network cards can theoretically transmit at 200Mbps
Media Interference
o Attenuation
Weakening of signal as it travels a medium
o Fiber Attenuation known as Chromatic Dispersion
o STP has more resistant EMI and attenuation
Bandwidth refers to the width of the range of electrical frequencies or the number of channels that
the medium can support
22
Twisted-Pair Cable Categories
Category Common Application
3 16Mbps
4 20Mbps
5 100Mbps
5e 1000Mbps
6 10/100/1000Mbps plus 10Gbps
6a 10Gbps and beyond networking
Coaxial Cables
o Thin coax much more likely to be seen than Thick
.25 inches in diameter
Thin Coax Categories
Cable Type Description
RG-59/U Used to generate low-power video connections. The RG-59 cable cannot be used over long distances because of its high-frequency power losses. In such cases, RG-6 cables are used instead.
RG-58/U Has a solid copper core. Used for radio communication and thin Ethernet (10Base2)
RG-48 A/U Has a solid copper core. Used for radio communication and thin Ethernet (10Base2)
RG-58 C/U Used for military specifications
RG-6 Often used for cable TV and cable modems
Fiber Optic Cables
o Immune to EMI, crosstalk, signal tampering
o Two modes
Multi
Bounces signal off cable walls, this weakens the signal, reducing speed and
length
Single
Single direct beam of light. Greater distance and speed
o Common types of fiber-optic cable
62.5-micron core/125-micron cladding multimode
50-micron core/125-micron cladding multimode
8.3-micron core/125-micron cladding single mode
Plenum Cables
o Plenum is space that resides between the false or drop ceiling and the true ceiling
o Cables run through plenum must be fire-resistant and they must not produce toxic fumes if
exposed to intense heat
Connectors
o BNC Connectors
Coax & 10Base2 Networks
23
Barrel connector, T-Connector and Terminators
o RJ-11 Connectors
“Registered Jack”, 6 pins
Small and plastic, phone uses 2 pins, DSL 4
o RJ-45
Used on Twisted Pair
8 Wires
o F-Type, RG-59 and RG-6
Screw on connection for coax
o Fiber
ST – Round, half-twist lock
SC – Square, push-pull
LC – ‘RJ-45’ of fiber (small plastic clip to hold it in)
MT-RJ – Two fibers in a small form factor
o RS-232
DB-25 or DB-9
Male Pin #1 is top left, female top right
Serial cables use 4-6 wires to attach to the connector
24
Standard max length of 50 feet and transfer of 20 kbps
o Universal Serial Bus
Type A & B, A being more popular
A is the regular flat USB
B is the square like a USB Printer cable
o Media Converter
SM Fiber to Ethernet
SM Fiber to MM Fiber
MM Fiber to Ethernet
Fiber to Coaxial
A Crossover cable can network two PCs because it performs the function of a switch
o Eg; Pin 1 -> 3 and 3 -> 1
Rollover Cable
o Cisco proprietary cable, connect PC to switch/router
Looks like RJ-45 UTP
Loopback Cable
o Also known as loopback plug, uses UTP and RJ-45 connectors
o Can activate network LEDs
o Troubleshooting tool
Network Cross-Connects
o Horizontal Cabling
Connects client systems to the network
o Vertical (backbone) cabling
Runs between floors to connect different locations on the network
o Each method have to be consolidated and distributed from a location, a wiring closet, 3
types of distribution
Vertical or main cross-connect
25
Location where outside cables enter the building for distribution, Eg;
internet and phone
Horizontal cross-connect
Location where the vertical and horizontal connections meet
Intermediate cross-connect
Typically used in larger networks, provides an intermediate cross-connect
between the main and horizontal cross-connects
“Cross-connect”, point where cables running throughout the network meet and are connected
Horizontal Cable
o Terminates at patch panel
o Runs within walls to outlets etc
o Everything from device to patch panel
o Horizontal cabling and patch cable should not exceed 100 meters
Vertical Cable
o Media used to connect server rooms, remote locations and offices
o Can be used to connect locations outside the local LAN that require highs peed
o Often fiber optic or high speed UTP
Good diagram on – 6.17 Page 234
Punch down tool places wire on Insulation Displacement Connector
Two types of punch down blocks are used; type 66 or type 110
o Type 66
Used for telephone networks and low-speed network systems
50 rows of IDC contacts to accommodate 25-pair TP cable
o Type 110
Supports higher frequency and less crosstalk
Two types of wiring closets
o Main Distribution Facility (MDF)
Holds just about everything
o Intermediate Distribution Facility (IDF)
When multiple closets are used and holds only Patch panel, switch etc
Demarcation
o Point where ISP responsibility ends and client begins
Smart Jack installed at Demarc, features:
Loopback feature for remote testing
Signal amplification
Surge protection
Remote Alarms to let admin know there is an issue at demark
Channel Service Unit (CSU), Data Service Unit (DSU)
o Translate between LAN and WAN formats
o Has physical connection for LAN equipment via serial and another for WAN
o Traditionally own box but slowly being added to routers
26
IEEE 802 Network Standards
Specification Name
802.1 Internetworking
802.2 The LCC (Logical Link Control) sublayer
802.3 CSMA/CD ( Carrier Sense Multiple Access with Collision Detection) for Ethernet Networks
802.4 A token-passing bus
802.5 Token ring networks
802.6 Metropolitan area network (MAN)
802.7 Broadband Technical Advisory Group
802.8 Fiber Optical Technical Advisory Group
802.9 Integrated voice and data networks
802.10 Standards for Interoperable LAN/MAN Security (SILS) (network security)
802.11 Wireless networks
802.12 100Mbps technologies, including 100BaseVG-AnyLAN
IEEE 802.2 – logical link control (LLC) manages data flow control and error control for other IEEE LAN
standards
IEEE 802.3 – Defines a range of networking systems on the original Ethernet standard
Node is any device on the network, Printer, Router etc
CSMA/CD
o Known as Contention Media Access
o Every node has equal access to network media
o Low overhead
CSMA/CA
o Uses broadcast to signal intent to send data
o Can cause network congestion
10BaseT
o Ethernet – UTP, STP
o Baseband, 100 meters in length
o 10Mbps on cat 3,4,5 or 6
o Can do full-duplex, max nodes – 1024
o Point to point network design
Characteristics Description
Transmission Method Baseband
Speed 10Mbps
Total distance/segment 100 meters
Cable type Category 3,4,,5 or 6 UTP or STP
Connector RJ-45
100BaseTX/100BaseFX
o Known as Fast Ethernet
802.3u
27
Characteristics 100BaseTX 100BaseFX
Transmission Method Baseband Baseband
Speed 100Mbps 100Mbps
Total distance/segment
100 meters 412 meters (MM, half duplex) 10,000 meters (SM, full duplex)
Cable type Category UTP, STP Fiber-Optic
Connector RJ-45 SC, ST
1000BaseX
o 802.3z
Characteristics 1000BaseSX 1000BaseLX 1000BaseCX Transmission Method Baseband Baseband Baseband
Speed 1000Mbps 1000Mbps 1000Mbps
Total distance/segment
Half duplex 275 (62.5-micron MM); half duplex 316 (50-micron MM); full duplex 276 (62.5-micron MM); full duplex 550 (50-micron MM)
Half duplex 316 (MM and SM); full duplex 550 (MM); full duplex 5000 (SM)
25 meters for both full-duplex and half-duplex operations
Cable type 62.5/125 and 50/125 multimode fiber
62.5/125 and 50/125 multimode fiber; two 10-micron single-mode optical fibers
Shielded copper cable
Connector Fiber connectors Fiber connectors Nine-pin shielded connector
1000BaseT
o Sometimes called 1000BaseTX
o Gigabit Ethernet standard – IEEE 802.3ab
Characteristics Description
Transmission Method Baseband
Speed 1000Mbps
Total distance/segment 75 meters
Cable type Category 5 or better
Connector RJ-45
10 Gigabit Ethernet – 10GBaseSR/SW/LR/LW/ER/EW
o Primarily designed as a WAN/MAN medium
o IEEE 802.3ae
Fiber 62.5-Micron MM Fiber 50-Micron MM Fiber SM Fiber
SR/SW Up to 33m 300 m Not used
LR/LW Not used Not Used 10KM
ER/EW Not used Not used 40KM
10GBaseT
o IEEE 802.3an
Characteristics Description
Transmission Method Baseband
Speed 10 gigabit
Total distance/segment 100 meters Category 6a cable; 55 meters Category 6
Cable type Category 6, 6a UTP or STP
28
Connector RJ-45
Wireless A wireless access point (AP) is both a transmitter and receiver (transceiver) device used fore wireless
LAN (WLAN) radio signals
o APs can operate as bridge or router
Service Set Identifier (SSID)
o 802.11 uses SSID to identify all systems belonging to the same network
o More secure to disable the broadcast of the SSID
Basic Service Set (BSS)
o Refers to a single AP with one or more clients
o This is an example of infrastructure wireless topology
Extended Service Set (ESS)
o Refers to two or more connected BSSs that use multiple Aps
o The ESS is used to create WLANs or larger wireless networks
o Connecting BSS systems enables clients to roam between areas and maintain connection
Extended Service Set Identifier (ESSID)
o Network name used with an ESS wireless network design
o With ESS not all APs necessarily use the same name
Basic Service Set Identifier (BSSID)
o The name address of the BSS AP
Basic Service Area (BSA)
o AP Coverage area
Troubleshoot AP Coverage
o From least expensive to most expensive
Increase Transmission Power
Decrease power to reduce dispersion of radio waves
Relocate the AP
Adjust or replace antennas
Signal Amplification
RF Amp adds signal distance, increases strength and readability
Use a repeater
Set to the same channel as the AP
Wireless Antennas
o Antenna strength referred to as Gain Value
o db is equal to decibels
o Every 3 db of gain doubles an antenna’s effective power output
o Antenna Coverage
Antenna can be omnidirectional or directional
Omnidirectional is 360 degrees
29
o Weaker, shorter distance and good with clear light of sight
o Wide coverage but weaker in any 1 direction in comparison
o Good for SOHO
Directional
o Focused direction, greater distance and signal between 2 points
o Good for connecting 2 offices
o Good for going through objects
o Less power for greater distance compared to omnidirectional
Characteristic Omnidirectional Directional Advantage/Disadvantage Wireless area coverage General coverage area Focused coverage area Omnidirectional allows 360-
degree coverage, giving it a wide coverage area. Directional provides a targeted path for signals to travel.
Wireless transmission range Limited Long point-to-point range Omnidirectional antennas provide a 360 degree coverage pattern and, as a result, far less range. Directional antennas focus the wireless transmission; this focus enables greater range
Wireless coverage shaping Restricted The directional wireless range can be increased or decreased
Omnidirectional antennas are limited to their circular pattern range. Directional antennas can be adjusted to define a specific pattern, wider or more focused.
Troubleshooting Wireless Signal quality
o Antenna
Change position
o Device Placement
Away from RF interference
o Network Location
Avoid physical obstacles
o Boost signal
Use a repeater
Wireless Radio Channels
o A channel is the band of RF used for the wireless communication
o Recommended that non overlapping channels be used
Eg 802.11b/g use 11 channels, 3 which are non-overlapping – 1, 6, 11
o Beware of two different APs close to each other having issues
Solution to move further away or changing to another non-overlapping channel
Recommend you start with 1, grow to 6 and add 11 if needed
Can use iwconfig in linux to see state of wireless network
Data rate refers to the theoretical maximum of a wireless standard
30
Throughput refers to the actual speeds achieved after all implementation and interference factors
Beacon Management Frame
o Wireless frame that announces APs
o Clients detect and try to establish a connection
o Beacon has several parts
Channel information
Supported data rates
SSID
Timestamp
o Transmitted every 10ms
Passive and Active scanning
o Passive scanning
Client listens for beacon from AP
o Active
Client transmits probe request frame which goes out to look for SSIDs
APs respond back with a probe response
Same information as beacon management frame
Spread-Spectrum Technology
o Refers to how data signals travel through a radio frequency
o Narrowband transmission refers to data that travels through a single RF band
o Spread spectrum requires data signals either alternate between carrier frequencies or
constantly change their data pattern
o Designed to trade bandwidth efficiency for reliability, integrity and security
o Uses more bandwidth than narrowband but data signal is clearer and easier to detect
o Two types of spread-spectrum radio
Frequency-Hopping Spread-Spectrum (FHSS)
Good for large geographical areas
More resistant to interference and environmental factors
Not the preferred method for today’s wireless
Direct-Sequence Spread-Spectrum (DSSS)
For every bit sent, redundant bit pattern is also sent
o 32 bit pattern is called a chip
Safe, reliable, minimizes interference and noise
Better security and signal than FHSS but sensitive to environmental factors
Orthogonal Frequency Division Multiplexing (OFDM)
o Transfers large amounts of data over 52 separate evenly spaced frequencies
o Reduces crosstalk interference
o Associated with 802.11a/g amendments and 802.11n standards
Infrared Wireless Networking
o Managed by Infrared Data Association (IrDA)
o 10 – 16 Mbps
31
o Low power, secure, proven, no RF or signal issues
o Eliminates cables for many devices
o Uses dispersed mode or a direct line-of-sight transmission
When a single AP is connected to the wired network and to a set of wireless stations it is called a
Basic Service Set. An Extended Service Set describes the use of multiple Basic Service Sets that form
a single sub network. Ad hoc mode is sometimes called an Independent Basic Service Set (IBSS)
Establishing Communication with Wireless Devices
o Before transmission, AP and client must talk
2 step process
Association
o Starts when adapter turned on
o Connects to SSID etc., if too weak it will look for another, called
Reassociation
Authentication
o AP be set to shared key or open
Open is WEP or free access
Shared requires a key
o After security requirements met, IP level communication is established, Ethernet networking
takes over – 802.11 -> 802.3
MAC address filter – allow access to only specifics hosts
Biggest development for 802.11n is multiple input multiple output MIMO
o MIMO uses multiplexing to increase speed and range
802.11 Wireless Standards
IEEE Standard Frequency / Medium
Speed Topology Transmission Range
Access Method
802.11 2.4GHz RF 1 to 2 Mbps Ad hoc / Infrastructure
20 feet indoors CSMA/CA
802.11a 5GHz Up to 54Mbps Ad hoc / Infrastructure
25-75 feet indoors CSMA/CA
802.11b 2.4GHz Up to 11Mbps Ad hoc / Infrastructure
Up to 150 feet indoors
CSMA/CA
802.11g 2.4GHz Up to 54Mbps Ad hoc / Infrastructure
Up to 150 feet indoors
CSMA/CA
802.11n 2.4GHz / 5GHz Up to 600Mbps Ad hoc / Infrastructure
175+ feet indoors CSMA/CA
Wireless Encryption Protocol Description Encryption Level
WEP Wired Equivalent Privacy 64 Bit
WPA2 Wifi Protected Access 256 Bit
TKIP Temporal Key Integral Protocol 128 Bit
AES Advanced Encryption Standard 128, 192, 256 Bit
Comparison of IEEE 802.11 Standards
IEEE Stanard RF Used Spread Spectrum Data Rate (in Mbps)
32
802.11 2.4GHz DSS 1 or 2
802.11 2.4GHz FHSS 1 or 1
802.11a 5GHz OFDM 54
802.11b 2.4GHz DSSS 11
802.11g 2.4GHz DSSS 54
802.11n 2.4/5GHz OFDM 60
Wireless Security
o WEP
Insecure; two types – Static and Dynamic
Dynamic changes keys periodically and static stores the same password
o WPA
Slightly more secure than WEP
Introduces TKIP and EAP
TKIP is better encryption
o WPA2
Uses Counter Mode with Cipher Block Chaining Message Authentication Code
Protocol(CCMP)
128-bit AES encryption
48 bit initialization vector, makes it harder to crack
o WPA Enterprise
Known as 802.1x
Port based access control
3 Components
Supplicant – System or node requesting access and authentication to a
network resource
Authenticator – A control mechanism that allows or denies traffic wants to
pass through a port
Authentication server – Validates the credentials of the supplicant that is
trying to access the network or resource
Wireless Encryption Protocol Description Encryption Level
WEP Wired Equivalent Privacy 64 Bit
WPA2 Wifi Protected Access 256 Bit
TKIP Temporal Key Integral Protocol 128 Bit
AES Advanced Encryption Standard 128, 192, 256 Bit
Wireless Troubleshooting Checklist
Wireless Enabled?
Auto transfer rate
Default is max speed, try a fixed lower rate, less speed is more distance
Router Placement
Antenna
Replace with upgraded Antenna
33
Building Obstructions
Conflicting Devices
Wireless Channels
Protocol Issues
Check SSID and IP information
SSID
SSID number used on the client system must match the one used on the AP
WEP
If enabled the encryption type must match what is set in the AP
Factors Affecting Wireless Signals
o Physical Objects
o RF interference
o Electrical Interference
o Environmental Factors
Wireless Obstacles Found Indoors
Obstruction Obstacle Severity Sample Use
Wood/wood paneling Low Inside a wall or hollow door
Drywall Low Inside walls
Furniture Low Couches or office partitions
Clear glass Low Windows
Tinted glass Medium Windows
People Medium High-volume traffic areas
Ceramic tile Medium Walls
Concrete blocks Medium/high Out wall construction
Mirrors High Mirror or reflective glass
Metals High Metal office partitions, doors, metal furniture
Water High Aquariums, rain, fountains
Network Management Administrators should document the following
o Wiring layout
o Server configuration
o Network equipment
o Key applications
o Detailed account of network services
o Network Procedures
Exam note – pay attention to wiring schematics, what cable is used where and if it’s correct
o Be familiar with MDF, IDF, Horizontal and Vertical cabling
34
Identifying Physical and Logical diagrams
o Physical
Cabling information, visual description of all physical communication links,
including all cabling, cable grades, cable lengths, WAN cabling
Servers, names and IP addresses, domain membership and type of server
Network Devices, location of devices on the network, includes printers, hubs,
switch, routers, gateways
WAN, location and devices of the WAN and components
User information, number of local and remote users
o Logical
Diagrams that focus on the direction which data flows within the physical
topology
Ethernet uses a physical star topology but a logical bus topology
Logical topology of a network identifies the logical paths that data signals travel
over the network
Baselines
o A measurement of network performance
o Should happen after setup and then every few months or after major changes
o System baseline is the entire network
o Component baseline is an individual segment
o Take baselines periodically under similar conditions, compare with past results
o Capturing is the process of collecting network statistics
Policies
o Network Usage
Who can use resources and what can be done with them
o Internet Usage
Enforce use for business related tasks
o Email Usage
All emails are property of the company and the company can access at any time
o Personal Software
No outside software allowed, no software can be copied or removed from site
o User Account
All users are responsible for keeping their password and account information
secret
All staff are required to log off and lock their systems
o Ownership
Company owns all data, including email, voice mail and internet log, they can
inspect at any time
Network Policies dictate network rules and provide guidelines for network conduct, they’re
often updated and reviewed and are changed to reflect changes to the network and perhaps
changes in the business requirements
35
Procedures
o Differ from policies in that they describe how tasks are to be performed
o Backup
Procedures specify when they are performed, how often, who does it, what is
backed up and how it will be stored
o Adding New User
Ensure new users have what they need but no more, this is called Principle of
Least Privilege
o Security
What should do if a security breach occurs, security monitoring, reporting and
updates to software to patch exploits
o Network Monitoring
Track logons, bandwidth, remote access, logs
o Software
Procedures for updating software when, how often why and for whom the
updates are required
o Report Violations
How to handle users who do not follow network policies
o Remote-Access
When users can access the network remotely, for how long and what they can
access
Configuration Documentation
o The act of documenting the configuration for both hardware and software
Regulations
o Regulation can be enforced by law
Monitoring Network Performance
o Fault Detection
Knowing what breaks or fails
o Performance monitoring
Monitor usage and trends
o Security monitoring
Knowing who is doing what and for how long
o Maintenance and Configuration
Ability to work remotely
Packet Sniffers
o 2 key defenses to prevent sniffers from being effective
Use a switched network over a hub network
Ensure all sensitive data is encrypted
Port Scanners
o Report back status on TCP/UDP ports
Open/Listening
36
Host sent a reply indicating that a service is listening on the port, there
was a response from the port
Closed or Denied or Not Listening
No process is listening on that port. Access to this port is likely denied
Filtered or Blocked
There was no reply from the host, meaning that the port is not listening
or the port is secured and filtered
Network Performance Testing
o Performance Tests
Perform network tests and compare them to past results
o Load Tests
Artificially place the network under a certain load to see how it reacts for the
purpose of future hardware or network changes
o Stress Tests
Push a network to its limits to understand where failures will occur and possibly
test recovery functions
Event Logs
o Security
Successful or Unsuccessful logons
Failed network resource access
Date, time, User, Computer, Event ID
o Application
Used by Third Party Windows
Applications not Windows
o System
Components, drivers
DHCP Errors, HW Device, Time System, Services
Most UNIX/Linux based systems including the capability to write messages to a log files via
syslog using the logger utility
History Logs
o Most often associated with internet browsing history
All users can view application and system logs but security logs require administrative rights
Networking Tools
o Punch down tools are used to attach twisted-pair network cable to connectors within a
patch panel, specifically they connected twisted-pair wires to the IDC
o Chip creep is when temperature in a server room has too much variance, chips begin to
expand and contract
o Toner Probes are specifically used to locate cables hidden in floors, ceilings or walls and
to track cables from patch panel to destination
o Protocol Analyzer
Can be hardware or software
37
Alert unused protocols
Identify unwanted or malicious network traffic
Isolate network traffic-related problems
Can also be used for 2 key reasons
Identify protocol patterns
Decode information
Allows administrators to examine bandwidth that a particular protocol is using
o Media/Cable Tester
Tells you if media/cable works correctly and where the problem may
Cable Certifier checks for speed and performance
o Time Domain Reflectometer (TDR)
Used to send a signal through a medium to check continuity
Works on physical layer
OTDR optical media, review if break and how far
o Multimeter
Measure voltage, current, resistance or temp
Has a display, terminals, probes and a dial to select measurement ranges
Network Multimeters can ping, verify network cabling, locate and identify cable,
document ability
o Network Qualification Tester
Takes a quick glance at network bandwidth to determine if it can handle VoIP
Can check why network is struggling
o Wi-Fi Detector
Scans radio waves and gives LED feedback
Can be used for troubleshooting to check signal strength
o Voltage Event Recorder
Can find power irregularities, surges, spikes, power sags
Command Line Utilities
Utilities
o Hostname from CMD line is your PC name o Netstat alone only shows TCP connections o Netstat -a shows TCP and UDP o Netstat -an shows information in all numeric o Netstat -e shows Ethernet stats, sent/received o Netstat -r is the same as route print o Netstat -s shows stats per protocol o nbtstat netbios information o nbtstat -R clears the NetBIOS name cache o Tracert is Trace Route o tracert -d shows all numeric, much faster o tracert, each line represents a "hop" to another network o pathping shows route with stats on packet loss
38
o pathping -n is in all numeric o nslookup displays information about DNS names and their IP o FTP.. "ftp ftp.site.com"
o dir, cd, get, put, mget, mput, close
netsh is a CMD line script utility that enables you to display and modify the local PC NIC o "netsh interface ip set address name="Local Area Connection" static 192.168.1.101
255.255.255.0 192.168.1.1" o "netsh interface ip set address name="Local Area Connection" scource=dhcp
Route enables you to view and make changes to the local IP routing table of a PC o Route Print
o Troubleshooting with Ping
Ping loopback
Ping your assigned address
Ping known working local node
Ping default gateway
Ping remote system
o If ICMP requests are blocked you can use arp ping
ARP Ping works only on local network
Built into Linux, not windows
Dig is a linux command line tool for querying DNS name servers
Network Optimization Level of Availability Availability % Downtime Per Year
Commercial availability 99.5% 43.8 hours
High availability 99.9% 8.8 hours
Fault-resilient clusters 99.99% 53 minutes
Fault-tolerant 99.999% 5 minutes
Continuous 100% 0
Hard Drives are most likely component to fail in a system
Fault-tolerance is the ability for a system or network to continue operating if an unexpected
hardware of software error occurs
Raid 0
o Not fault tolerant
o If one HD goes the entire raid goes down
o High performance
Raid 1
o Disk Mirroring
o Can load balance over multiple disks
o HD controller is single point of failure
o Disk duplexing is like mirroring but HDs are placed on separate HD controllers
Raid 5
39
o Disk Striping with Parity
o Writes information across all disks
o Parity information provides fault tolerance
o Minimum 3 disks, 1 for parity
Eg; 3 1 TB Drives is 2 TB of storage in Raid 5
o Can continue to operate if a HD fails
o Poor write performance
o Replacing disk requires regeneration time
Raid 10
o Mirror Stripe Set
o Combines Raid 1 and 0
o Minimum 4 disks
o High overhead and decreased write performance
Summary of RAID Levels
RAID Level Description Advantage Disadvantage Required Disks
RAID 0 Disk Striping Increased read and write performance. RAID 0 can be implemented with two or more disks
Does not offer any fault tolerance
2 or more
RAID 1 Disk mirroring Provides fault tolerance. Can also be used with separate disk controllers, reducing the single point of failure. This is called disk duplexing
RAID 1 has 50% overhead and suffers from poor write performance
2
RAID 5 Disk striping with distributed parity
Can recover from a single disk failure. Increased read performance over a poor-write single disk. Disks can be added to the array to increase storage capacity.
May slow down the network during regeneration time, and performance may suffer
Minimum of 3
RAID 10 Striping with mirrored volumes
Increased performance with striping. Offers mirrored fault tolerance
High overhead, as with mirroring
4
Server Fault Tolerance
o Stand by
Second server setup identical to first
Setup in failover configuration
Monitors primary and ready to take over at moment’s notice
If it detects Primary is down will cut in, no network down time
Uses Heartbeat
o Server Clustering
Synonymous with Server Farm
Grouping of servers for fault tolerance and load balancing
Failed server has no impact on network
Highest level of fault tolerance and data availability
40
Cost is high
Link Redundancy
o Adapter teaming is groups of NICs that are configured to act as a single unit
This is achieved through software or function of NIC driver
Features
Adapter Fault Tolerance
o One card configured as primary, others as secondary
o If primary fails one of the others will take its place on its own
Adapter Load Balancing
o Due to software control the workload can be distributed evenly
across the cards
Link Aggregation
o Improved performance by allowing more than one network card’s
bandwidth to be aggregated into a single connection
Eg; 4 1GBps NIC can provide 4GBps of bandwidth
Common Address Redundancy Protocol (CARP)
o Open source Protocol enabling multiple hosts to share a set of IP addresses
o Hosts within the redundant group are known as group of redundancy
o Requires a minimum of one common virtual host ID and a set of virtual host IP addresses
Uninterruptible Power Supplies (UPS)
o Improves Data Availability by keeping devices online after power failure
o Protection from Data Loss as servers can be shut down properly
o Protection from hardware loss
Power Threats
o Blackout
Total failure of power supplied to the server
o Spike
A short (less than 1 second) but intense increase in voltage, spikes can do damage to
any type of equipment, especially computers
o Surge
Compared to a spike, considerably longer (multiple seconds) but less intense in
power, can also damage equipment
o Sag
Short term voltage drop, can cause a server to reboot
o Brownout
A drop in voltage that lasts more than a few minutes
Backups
o Full Backup
Clears archive bit
Long, resource intense
Can fully restore from one tape
41
This can also be a single point of failure
It is the fastest way to restore
o Differential Backup
Does not reset archive bit
Backups data that has changed since the last full backup
Restore requires last full back up and last differential
o Incremental Backup
Checks archive bit and clears it
Backs up data that has changed since last full backup or incremental
Faster to backup because it’s the least amount of data
Longer to restore because it requires last full backup and all incremental backups
since
Backup Strategies
Backup Type Advantage Disadvantage Data Backed Up Archive Bit Full Backs up all data on a
single tape or tape set. Restoring data requires fewest tapes
Depending on the amount of data, full back ups can take a long time
All files and directions are backed up
Does not use the archive bit, but resets it after data has been backed up
Differential Faster backups than a full backup
Uses more tape than a full backup. The restore process takes longer than a full backup
All files and directions that have changed since the last full backup
Uses the archive bit to determine the files that have changed but not does reset the archive bit
Increment Faster backup times Requires multiple disks;restoring data takes more than the other backup methods
The files and directions that have changed since the last full or incremental backup
Uses the archive bit to determine the files that have changed and resets the archive bit
Tape Rotations
o Grandfather, Father, Son (GFS) system is most common
Backup Best Practices
o Offsite Storage
Must be included to protect from fire, theft etc
o Label Tapes
o New Tapes
o Verify backups
o Cleaning
Hot and Cold Spares
o Hot
HD idle in server, RAID uses in case of failure, no manual intervention
Allow you to replace component while system is running
o Cold
Component ready to go but needs manual intervention
Must shut down to replace part
o Warm
42
Can change while system is online but it requires configuration
Hot site
o Ready to go
Cold site
o Have space, basic services
o Likely requires equipment
Warm Site
o Has equipment but it will require configuration
Network Optimization Strategies
o Quality of Service (QoS)
Used to manage and increase flow of network traffic to ensure bandwidth is
available for applications that need it, two kinds:
Latency-sensitive – Video, VoIP
Latency-insensitive – FTP, backup procedures
Key concept for QoS is priority queueing
Traffic is placed in order based on its importance on delivery time
All data given access but more important and latency-sensitive data is given
higher priority
o Traffic Shaping
Like QoS strategy, traffic is categorized, queued and directed according to network
policy
Shaping by application – Eg; 4Mbps for FTP etc
Shaping network traffic per user
Priority shaping – change traffic flow when priority applications are not in need
Involves delaying flow of data traffic that is designated as less important compared
to other traffic streams
o Caching Engines
Improves network performance by locally caching content, thereby limit surges in
traffic
Network Security Internet Security Association and Key Management Protocol (ISAKMP)
o Documented in RFC 2408, framework defining the procedures for authentication, create and
management of security associations (SAs), key generation techniques and threat mitigation
Point-to-Point Tunneling Protocol (PPTP)
o Documented in RFC 2637
o Creates secure tunnel between two points on a network
o Forms the basis of VPN
VPNs are created and managed using PPTP which builds on PPP. Makes it possible
to create dedicated PTP tunnels through a public network
43
o PPTP requires a TCP connection known as a PPTP Control Connection, provides
authenticated and encrypted communications between client and server, does not use
public key infrastructure but does use User ID and Password
Same authentication methods as PPP, MS-CHAP-, CHAP, PAP, EAP
Layer 2 Tunneling Protocol (L2TP)
o Combination of PPTP and Cisco L2F technology
o Two phase process to authenticate
Authenticate computer and user
By Authenticating the computer it prevents the data from being
intercepted, changed and returned to the user
This is known as a man in the middle attack
o Unlikely IPSec, which operates at network layer, L2TP operates at the data link layer, making
it protocol-independent. Means that a L2TP connection can support protocols other than
TCP/IP such as AppleTalk and Novell’s IPX
PPTP Advantages L2TP Advantages
Around longer, offers more interoperability Offers greater security
Industry Standard Supports common public key infrastructure technology
Easier to configure than L2TP because L2TP uses digital certificates
Provides support for header compression
Less overhead than L2TP
IPSec
o Designed to provide secure communications between systems
o Can encrypt and authenticate network transmissions
o Comprised of Authentication Header (AH) and Encapsulating Security Payload (ESP)
o Created by IETF, works on IPv4 and IPv6
o Provides 3 key security services
Data Verification
Verifies data received is from intended source
Protection from Data Tampering
Ensures it has not been tampered with during transmission
Private Transactions
Ensures data is unreadable in transmission
o Works on network layer
o Can secure almost all TCP/IP communications
o Can only be used on TCP/IP networks
Two Types of VPN
o Site-to-site
Gateways of each network do all the work, transparent to user
o Client-to-site
User must use VPN software to create connection
Access Control
o Mandatory Access Control (MAC)
Most secure form of Access Control
44
Common in financial, mility etc
Secures by assigning sensitivity labels to objects and users
During a request labels are compared, access is granted accordingly
o Discretionary Access Control (DAC)
Not controlled by administrator, creator of objects sets who can access
Uses an Access Control List (ACL)
o Rule-Based Access Control (RBAC)
Variation of MAC
Access given based on established rules like a router or firewall; allow/disallow
o Role-Based Access Control (RoBAC)
Administrator requires a good understand of what the user does
Eg; Teacher for tasks and Administration for Financial
Least Privilege often too restrictive, Eg; senior teacher can’t access additional
functions given to her
PPP is greater than SLIP, it’s more flexible and secure
Point-to-Point Protocol over Ethernet (PPPoE)
o Used to connect multiple network users on an Ethernet LAN to a remote site through a
common device. PPP information encapsulated into Ethernet frame
o Allows the ability to track individual access time
Network Access Control
o Method to restrict access to the network based on identify or posture
o Posture Assessment is any evaluation of a system’s security based on settings and
applications found
o Can also check 802.1x values
Remote-Control Protocols
o RDP, SSH and Citrix Independent Computing Architecture (ICA)
o RDP sends mouse movement, keystrokes and bitmap image of the screen
o ICA is similar to RDP
o SSH uses port 22 and is mostly worked with through UNIX
MAC Filtering
o Done using ACL, is common in wireless
TCP/IP Filtering
o ACL determines what types of IP traffic will be allowed through
Authentication, Authorization and Accounting (AAA)
o Authentication
Usually by username and password
o Authorization
Determine if person, previously authenticated, is allowed access to a particular
resource
o Accounting
Tracking mechanisms to keep record of events
45
Mostly done with Auditing, the process of monitoring events and keeping a log
Passwords and Policies
o System should enforce:
Minimum length
Password Expiration – every 30 days
Prevention of reuse – system remembers last 10
Prevention of easy-to-guess – Eg, 12345
o Strong Password
At least 8 characters, Alphanumeric, Mixed Case, Not a word, Special Character
Kerberos
o Developed by IETF, plays significant role
o Method that requires only a single sign-on
o Designed to remove threat of network eavesdropping
o Ensures data integrity and blocks tampering
o Non proprietary protocol and is used for cross-platform authentication
o Uses secret key cryptography
Cryptography used so a client can prove its identity across an insecure network
o Uses Symmetric key cryptography
Both client and server uses the same encryption key to cipher and decipher
o Another cryptography method in use is asymmetric key cryptography, or public key
cryptography. Device has both a public and private key. Private Key is never shared. Public
key is used to encrypt the communication and the private key is used for decrypting
o Security tokens in Kerberos are also known as tickets
Public Key Infrastructure (PKI)
o Enable users from unsecure networks to securely exchange data
o Uses public and private cryptographic key pair obtained and shared through a trusted
authority
Certificates
Electronic credentials that validates users, devices on a network
Certificate Authorities (CAs)
CAs can issue and manage certificates, can be third party or not.
o Public is known as Public CA, private as Private CAs
Certificate Templates
Use to customize certificates issued by a CA. Rules and settings for
incoming certificate requests
Certificate Revocation List (CRL)
List of certifications that were revoked before they reached the expiration
date
Public and Private Keys
o Public key
46
Non secret key that forms half of a cryptographic key pair used with a public key
algorithm
Freely given to all potential receivers
o Private key
The secret half of a cryptographic key pair used with a public key algorithm
Never transmitted over a network
o Keys can be used two different ways to secure data communication
Public (Asymmetric)
Uses both Private and Public key to encrypt and decrypt messages
Public encrypt, Private decrypt
Private (Symmetric)
Single key for encryption and decryption
If a person posses the key they can do either
Can’t be shared with anyone except intended
o PKI is used for:
Web security
Confidentiality – SSL, TLS, both client and server require certificate
SSL VPN is also known as WebVPN and Open VPN
RADIUS
o Protocol that enables a single server to become responsible for all remote-access
authentication, authorization and accounting services
User dials into remote access server, which acts as a RADIUS client and connects to
RADIUS server
RADIUS server performs AAA and reteurns the information to the RADIUS client
Connection is accepted or refused on the previous information
Terminal Access Controller Access Control System+ (TACACS+)
o Security protocol designed to provide centralized validation of users who are attempting to
gain access to a router or Network Access Server (NAS)
o Uses AAA on TCP port 49
o TACACS+ relies on TCP for connection-oriented delivery. RADUS uses connectionless UDP for
data delivery
o RADIUS combines authentication and authorization, where as TACACS+ can separate their
functions
Remote Authentication Protocols
o Microsoft Challenge Handshake Authentication Protocol (MS-CHAP)
Windows workstations, works with PPP, PPTP, L2TP network connections
Uses a challenge response mechanism to prevent password from being sent
Uses Message Digest 5 (MD5) and Data Encryption Standard (DES) encryption
algorithm to generate the challenge and response
o MS-CHAP V2
New 2-way authentication, changes to how cryptographic key is analyzed
47
Most secure / recommended
o Extensible Authentication Protocol (EAP)
Extension of PPP that supports authentication methods that go beyond username
and password
Developed for authentication methods for other types of devices – token cards,
smart cards and digital certifications
o CHAP
Supports non MS remote access clients
Industry standard, therefore allows any windows client to connect to any third party
PPP server
o Password Authentication Protocol (PAP)
Use only if necessary (when connecting to old UNIX server)
Uses username/password but is sent in clear text
o Unauthenticated Access
Users can get on without any information
Protocol Summary
Protocol Name Description
FTP File Transfer Protocol Protocol for uploading and downloading to a remote host. Also accommodates basic file management tasks
SFTP Secure FTP Protocol for securely uploading and downloading files to and from a remote host, based on SSH security
HTTP Hyper Text Transfer Protocol Protocol for retrieving files from a web server, data is sent in clear text
HTTPS Hyper Text Transfer Protocol Secure Secure protocol for retrieving files from a web server. HTTPS uses SSL to encrypt data between the client and host
Telnet Telnet Enables sessions to be opened on a remote host
SSH Secure Shell A secure alternative to Telnet that enables secure sessions to be opened on a remote host
TLS Transport Layer Security Cryptographic protocol whose purpose is to verify that secure communications between a server and client remain secure. TLS is an enhancement/replacement for SSL
ISAKMP Internet Security Association and key Management Protocol
Provides an independent framework for authentication and key exchange. The actual implementation is usually done by IPSec but could be handled by any implementation capable of negotiating, modifying and deleting security associations
RSH UNIX utility used to run a command on a remote machine
Replaced by SSH because RSH sends all data in clear text
SCP Secure Copy Protocol Enables files to be securely copied between two systems. Uses SSH to provide encryption services
RCP Remote Copy Protocol Copies files between systems but transport is not secured
SNMPv1/2 Simple Network Management Protocol Version 1 and 2
A network monitoring system used to monitor the network’s condition. Both SNMPv1 and v2 are not secured
SNMPv3 Simple Network Management Protocol Version 3
Enhanced SNMP service offering both encryption and authentication services
Any access method with more than one method is “multifactor”
o A “two-factor” is a subset of multifactor
Common Threats
o Viruses
48
Software or code loaded without user knowledge, performs undesirable action
o Macro Viruses
Damage office or text documents
o Worms
Silently damage or relay data
Propagate silently
o Trojan Horses
Appear harmless but after installed carry and deliver a malicious payload
o Spyware
Gathers system and internet information
Viruses
o To be considered a virus:
Must be able to duplicate itself
Require a host program known as a carrier
Must be activated or executed in order to run
o Types
Resident
Install to operating system, puts itself in memory and does damage, loads
when operating system boots up
Variant
Modified version of existing virus
Polymorphic
Can change to avoid detection
Overwriting/non overwriting
Overwrite data and replace with modified data
Stealth
Can hide itself
Macro
Targets documents because they are often shared and can spread easily
Worms and Trojan Horses
o Trojan Horse is about hiding in a program, when executed hides in the background
Different than virus because they do not try to replicate and do not require a host
program to run it
o Can spread by removable media and email
o Worms can spread faster than any other malware
o Different than a virus because it can replicate but does not require a host and does not
require user intervention to propagate
o Exploits security holes in applications and operating systems
Malware Type Replication Host Required? User Intervention Required?
Virus Can self-replicate Requires a host program to propagate
Needs to be activated or executed by a user
Trojan Horse Does not replicate itself Does not require a host The user must execute the
49
program program in which the Trojan horse is hidden
Worm Self-replicates without user intervention
Self-contained and does not require a host
Replicates and activates without requiring user intervention
Denial of Service and Distributed Denial of Service Attacks
o DoS are designed to tie up network bandwidth and resources, eventually bringing network
to a halt
o Effects of Attack
Saturating network resources, renders services unusable
Flooding the network media, prevents communication between nodes
Causing user downtime
Causing potential financial loss due to downtime
o Types of DoS
Fraggle
Spoofed UDP packets are sent to a network broadcast address, packets are
directed to specific ports such as 7 or 19 and after they’re connected can
flood the system
Smurf
Similar to fraggle, ping request sent to broadcast address with the sending
address spoofed so that many ping replies overload the victim and prevent
it from processing replies
Ping of Death
Large ICMP datagram is used to crash devices manufactured before 1996
SYN Flood
Spam SYN requests but don’t reply with ACK
Server fills up with half open connections and starts to ignore all incoming,
even legit
Buffer Overflow
More data is put into a buffer than it can hold
ICMP Flood
Flood server with ICMP requests and the server cannot tend to other TCP/IP
requests
Other Common Attacks
o Password Attacks
o Social Engineering
o Eavesdropping – Listening to network traffic
o Back Door Attacks
o Man-in-the-Middle Attack – Attack sits in the middle of communications, changes it and
sends it along
o Spoofing – Replacing a real message with a fake one
o Rogue AP – Wireless security can be compromised by a cheap rogue router
o Evil Twin – Rogue AP poses as a legit AP
50
o Advertising Wireless Weakness – War driving and leaving behind symbols to indicate
weakness
o Phishing – Email tricks
Anti-Virus
o Real Time Protection
o Virus Scanning
o Scheduling Scans
o Live Updates
o Email Scanning
o Centralized Management
To Aid AV
o Develop in-house policies and rules
o Monitor virus threats
o Educate users
o Automatic scanning and updates
o Patches and updates for exploits
Firewalls and Other Appliances
o Firewall
Manages flow of data and can separate sensitive areas from less sensitive areas
Dedicated hardware or a system with more than one NIC with software
Popular Add-Ons
Content Filtering
o Limit inbound traffic and restrict web access on outbound
Signature Identification
o Can detect certain signatures associated with malware and block it
Virus Scanning Services
o Scans content as web pages are downloaded
Network Address Translation (NAT)
o Not as popular as Port Address Translation (PAT)
URL Filtering
o Restrict web access
Bandwidth Management
Stateful and Stateless
o Stateless packet-filtering firewall monitors specific packets and restricts access based on
criteria
Looks at each packet in isolation and is therefore unaware if that packet is part of a
larger data stream
o Stateful monitors data streams from one end to the other
Denies incoming traffic that does not comply with dynamic or preconfigured firewall
exception rules
51
Track the state of network connections including monitoring source and destination
address and TCP/UDP port numbers
Packet Filtering Firewall
o Deals with packets at L2 and L3
o Can filter by:
IP Address
Port #
Protocol ID
Implicit deny, if not one of the pre-existing rules deny
MAC
Circuit Level Firewall
o Similar in operation to packet-filtering but operates at L4
o Main difference is circuit-level validates TCP and UDP sessions before opening connection
through firewall
o May not be enough protection against advanced attacks
Application Layer Firewall
o Operate at L7
o Can inspect traffic packets going to/from an application
o Can proxy in each direction
Comparing Firewall Types
o Packet-filtering firewalls operate at L2 and L3 and are designed to monitor traffic based on
criteria like source, port or destination service in individual IP packets, usually fast and
transparent to users
Basic Firewall function
o Session layer firewalls are known as circuit-level firewalls. Typically use NAT to protect
internal network, these gateways have little or no connection to the application layer and
can’t filter more complicated connections.
Filter traffic on only a basic rule such as source destination port
Provides NAT
o Application layer firewalls control browser, telnet and FTP traffic, prevent unwanted traffic
and perform logging and auditing of traffic passing through them
Provides Proxy
Typically all three methods are combined into a single FW Application
Demilitarized Zones (Perimeter Network)
o Always access through firewall
o Gives firewall configuration extra flexibility
o For resources/servers needed by both internal and external users
Intrusion Prevention System (IPS)
o Continuously scans the network looking for load activity, can shut down threats
o Reactive security measure
Intrusion Detection System (IDS)
52
o Passive system, can detect attack and log it, can also alert administrator
o Several kinds of IDS
Behavior-based – Looks at odd behavior, Eg; high network traffic
Signature based – uses database of signatures and evaluates potential attacks
Network Based IDS (NIDS) – examines all network traffic to/from systems
Host-Based IDS (HIDS) – Applications like spyware or AV
VPN Concentrator
o Sits between client and server
o Increases security, can:
Create tunnel
Authenticate Users
Encrypt, decrypt
Regulate and monitor data cross tunnel
Control inbound and outbound traffic as tunnel endpoint or router
Honeypots and Honeynets
o Honeypot
A decoy system setup to lure attacks, lets admin know off the kinds of attacks being
carried out
Deter attacks if they suspect they’re actions are being monitored with a honeypot
Identify source of attack, whether its internal or external
o Honeynet
Is an entire network setup to monitor attacks from outsiders
Carefully documented and the information shared with network professionals
Vulnerability Scanners
o NMAP & Nessus
Also SAINT and OpenVAS
Network Troubleshooting Method
o Identify Problem
Information gathering
Id symptoms
Question user
Determine if anything has changed
o Establish a theory of probably cause
Question the obvious
o Test Theory to determine cause
When confirmed, determine next steps to resolve
If not confirmed, re-establish a new theory or escalate
o Establish a plan of action to resolve problem and id potential side effects
o Implement the solution or escalate as necessary
o Verify full system functionality
53
If applicable implement preventative measure
o Document findings, actions and out comes
When
Why
What
Results
Who
Wiring problems are related to the actual cable used in a network, for the purpose of the exam,
infrastructure problems are classified as those related to network devices such as hubs, switches and
routers
Common Problems to Be Aware Of
o Switching Loop
When multiple active paths are available, switch loops can occur
STP designed to prevent
Occur at L2
o Routing Loop
Packets routed in endless circle, due to incorrect routing tables
o Proxy ARP
One system answers ARP for another system
o Broadcast Storm
Constant broadcasts / multicasts
o Port Configuration
Port Configuration, require proper ports opened for services like FTP etc
o Mismatched MTU/MUT Black Hole
When a router does not send back an expected message that data has been
received Black Holes can occur because that data is being sent but no essentially is
lost
Occurs when the packet the router receives is larger than the configured size of the
Maximum Transmission Unit (MTU) and the Do Not Fragment flag is configured on
the packet
o Bad/Missing Routes
Any route that you can’t rely on to deliver packets
Use route poisoning to prevent this route from being used
Set hop count to 16 or infinity
o Wrong Subnet
Bad subnet means that traffic may be routed to a subnet that doesn’t exist
o Wrong Gatewy
Ping / tracert to test
o Duplicate IP Address
Both systems with the same IP will have issues
o Wrong DNS
54
Cable Problems
o Crosstalk
o Attenuation
o EMI
o Open Impedance Mismatch (Echo)
Cables can have a mismatched Ohms rating which can cause a failed link
UTP = 100 and STP = 150
o Open Fault
Cables not making full circuit
Use multifunction cable tester D to troubleshoot
o DB loss
Use power meter or loop back test
DB loss associated with almost every wiring component
o TXRX Reversed
Using a crossover cable by mistake
Troubleshoot Client Connectivity
o NIC
Bus, type of network, media compatibility
o Connect to Network Media
To a coax network – warn users of downtime
To a twisted pair network – connect patch cable
o Configure client system for TCP/IP
IP Address, subnet, Gateway, DNS
IP and subnet is bare minimum
o Port speed and Duplex
o VLAN
Plugged into the wrong port or MAC not added
Know how to troubleshooting different topology errors
Topologies
o Star Topology
Has single point of failure
Use LEDs to check for proper connection or noisy NIC
Exchange cable to device, check the length
Right cable type – Straight Through
o Mesh Topology
Harder to detect, need to setup mechanisms to detect and report broken links