1.

MODULE 1: INTRODUCTION TO NETWORKING

1.1. NETWORK MODELS
A network is a group of network devices that are connected by some type of
transmission media.
A topology describes how the parts of a whole work together.
 Physical Topology: refers to a network’s hardware and how network devices and
cables, signals work together.
 Logical Topology: refers to how software controls access to network resources
and how resources are shared on the network.
OS controls how users and programs get access to resources on a network by using
one of two models:
 The peer-to-peer model: any assortment OS.
In this model, the OS of each computer on the network controls access to its
resources without centralized control. Each computer on a P2P network controls
its own administration, resources and security.
Devices in P2P network can share resources with peered devices, even if those
devices are running different OSs. You can combine folder and file sharing with
workgroups on the same network, but it can get confusing to track permissions,
so it’s best to stick with either folder and file sharing or workgroups.
P2P model should use for the network fewer than 15 computers, because it’s
simple to configure, cheap to set up and maintain but not scable and net
necessary to secure.

Figure 1. Peer-to-peer model

  The client-server model: requires a NOS (network operating system) to control
access to the entire network. In this model, resources are managed by the NOS
via a centralized directory database.

Figure 2. Client - Server model

When Windows Server controls network access to a group of computer, it is called a

Windows domain. The centralized directory database that contains user account
information and security is called AD (Active Directory). An user can sign on to the
network from any computer in the network and get access to the resources that AD
allows. This process is managed by AD DS (Active Directory Domain Services).
A computer making a request is call the client. They don’t share their resources directly
with others; instead, access is controlled by entries in the centralized domain database.
Advantages over P2P networks:
 User accounts used for the network are assigned in one place.
 Access to multiple share resources can be centrally granted to a single user
or group of users.
 Problems can be monitored and fixed from one location.
 Client - Server are more scalable.
 1.2. CLIENT-SERVER APPLICATIONS
Network services are the applications whose resources are made available to users in
the network. These apps involve at least 2 endpoint devices, and are known as client-
server applications.

Figure 3. A web browser (client application) requests a web page from a web server (server
application)

Protocols are the way these networked devices communicate. The 2 primary network
protocols are TCP (transmission Control Protocol) and IP (Internet Protocol), and the
suite of all the protocols an OS uses for communication is the TCP/IP.
Popular client-server applications:
 Web services: A web server serves up web pages to clients, uses HTTP
(HyperText Transfer Protocol) and HTTPs (HTTP Secure, which is HTTP layered
by SSL (Secure Socket Layer) or TLS (Transport Layer Security)).
 Email services: The client uses SMTP (Simple Mail Transfer Protocol) to send an
email message to the first server (SMTP server). The first server sends the
message on to the receiver’s mail server, which delivers the message to the
receiving client using POP3 (Post Office Protocol v3) or IMAP4 (Internet
Message Access Protocol v4). Using POP3 will download the email to the client
computer and remove it from the server, while IMAP4 only download the email.

Figure 4. A mail service

  DNS services: DNS (Domain Name System) helps clients find web servers over
a network by name instead of IP address.
 FTP services: Using FTP (File Transfer Protocol) to tranfer files between two
computers. An encrypted and secure file transfer protocol is SFTP (Secure File
Transfer Protocol), which is based on SSH protocol.
 Database services: Databases serve as a container for massive amounts of data
organized into tables and records. A DBMS (database management system), a
software installed on the database server, is responsible for making requested
changes to the data and organizing the data. Many DBMSs use the SQL
(Structured Query Language) to configure and interact with the database.
 Remote access service: Used to control a remote computer from the local
device. Telnet protocol is a command-line application, but transmission in Telnet
are not encrypted and is replaced by SSH (Secure Shell) protocol. SSH creates
an encrypted channel between two computers. In Windows, RDP (Remote
Desktop Protocol) also provides secure, encrypted transmission. Because they
can be accessed from outside the local network, remote access servers
necessitate strict security measures.

1.3. NETWORK HARDWARE

A LAN (local area network) has each node on the network can communicate directly
with others on the network. LANs are usually contained in a small space, such as an
office or building.
A switch receives incoming data from one of its ports and redirects (or switches) it to
another ports that will send the data to its intended destinations within the local network.
A hub accepted signals from a transmitting device and repeated those signals to all
other connected devices in a broadcast fashion, has been replaced by switches.
Network devices have network ports into which you plug a network cable. Another type
of port is provided by a modular NIC (network interface card), also called a network
adapter, installed in an expansion slot on the motherboard.

Figure 5. Onboard network port

 Figure 6. An NIC or network adapter

A LAN can have several switches. A backbone is a central conduit that connects the
segments of a network (yellow lines).

A LAN needs to communicate with other networks. A router is a device that manages
traffic between two or more networks and find the best path for traffic to get from one
network to another. A home network might use a combination device, which is both a
router and a switch, and perhaps a wireless access point. Don’t confuse this combo
device with a dedicated router device in which each port connects to a different LAN,
the key difference is that a switch belongs to a single LAN, while a router belongs to
multiple LANs. The router acts as a gateway between multiple networks, but a switch
can only communicate within a single network. Infact, routers are often referred to
gateways.

Figure 7. Router and switch vs Combo device

A host is any endpoint device connected to a network that hosts or accesses a resource
such as an application or data. A node is any device connected to a network that can be
addressed on the local network. Hosts are networked devices, nodes are networking
device.
A group of LANs that spread over a wide geographical area is called a WAN (wide area
network).
A group of connected LANs in the same geographical area is known as a MAN
(metropolitan area network)
WLAN (wireless local area network) consists of two or more devices connected
wirelessly.
In addition, there are more sizes of network, such as CAN (campus area network), PAN
(personal area network), SAN (storage area network).

Figure 8. Relative sizes of WAN, MAN, CAN, LAN, PAN

1.4. THE SEVEN-LAYER OSI MODEL

OSI (Open Systems Interconnection) reference model is used to communicate about
networking technologies.
 Layer 7: Application. Describe the interface between two applications. Data that
is passed between applications or utility programs and the OS is called a
payload.
 Layer 6: Presentation. Reformat, compress and encrypt data in a way that the
application on the receiving end can read.
 Layer 5: Session. Describe how data between applications is synced and
recovered if messages don’t arrive intact at the receiving application. Most tasks
for each layer are performed by the OS when an application makes an API call to
the OS. API (application programming interface) is an access point into a
software’s available processes will generate a particular kind of response.
 Layer 4: Transport. Transport application layer payloads from one application to
another, using one of two transport-layer protocol.
o TCP (Transmission Control Protocol): makes a connection with the end
host, checks whether the data is received and resends if it iis not. It is
called a connection-oriented protocol.
 o UDP (User Datagram Protocol): used for broadcasting, where guaranteed
delivery is not as important as fast transmission. UDP is called a
connectionless protocol. Transport-layer protocols add control information
at the beginning of the payload called the header. The process of adding a
header is called encapsulation. The transport layer header addresses the
receiving application by a number called a port. If the message is too large
to transport in one package, TCP divides it into smaller messages called
segments, and in UDP they’re called datagrams.
 Layer 3: Network. Move messages from one node to another until they reach the
destination host. The used protocol is IP (Internet Protocol), which will add
network-layer header to segment/datagram and the entire network layer
message is called a packet. IP address is an address assigned to each node on
a network, which the network layer uses to uniquely identify them across multiple
networks.
 Layer 2: Data Link. Layer 2 and 1 are responsible for interfacing with the physical
hardware. The type of networking hardware or technology used on a network
determines the data link layer protocol used. This layer attaches control
information to the end of packet in a trailer. The entire data-link layer message is
call a frame.
 Layer 1: Physical. Send bits via a wired/wireless transmission. In fact, the only
layers that must deal with the details of wired versus wireless transmission are
the data link layer and physical layer on the firmware of the NIC. The receiving
host removes the headers and trailer in reverse order before the message
reaches the application. This process is called decapsulation.

Figure 9. Names for a PDU (Protocol Data Unit) or message as it moves from one layer to
another

A four-layer model similar to the OSI model is the TCP/IP model: application, transport,
internet and link layer. While the OSI model is preferred in reference to theoretical
concepts and troubleshooting techniques, the TCP/IP model is used to refer to the
protocols used at each layer.
2. Module 2: Infrastructure And Documentation
2.1. Components of Structured Cabling
Demarc (demarcation point) is the device where WAN ends and the LAN begins.
MDF (main distribution frame) can refer either to the racks holding the network
equipment or to the room that houses both the racks and the equipment.
Data Room is an enclosed space that holds network equipment. It requires good cooling
and ventilation systems for maintaining a constant temperature.
Racks hold various network equipment, ensure adaquate spacing, access and
ventilation for the devices.
Patch panel provides a central termination point when many patch cables converge in a
single location.

Figure 10. Patch panel on rack

VoIP telephone equipment is the device which converts signals from a campus’s analog
phone equipment into IP data that can travel over the Internet.
IDF (intermediate distribution frame) provides an intermediate connection between the
MDF and end-user equipment on each floor and in each building.
3 basic types of cable installation:
  Patch cable: short (3-25 feet) length with connectors at both ends.
 Horizontal cabling: connects workstations to the closest data room and to
switches housed in the room.
 Backbone cabling: cable or wireless links provide interconnection between the
entrance facility and MDF and between the MDF and IDFs.

Figure 11. A typical UTP cabling installation

2.2. Network documentation

Network diagrams are graphical representations of a network’s devices and
connections. Most of them provide broad snapshots of a network’s physical or logical
topology. This is useful for planning where to insert a new switch or determining how
particular routers, gateways and firewalls interact.
Wiring diagram is a graphical representation of a network’s wired infrastructure. It
shows every wire necessary to interconnect network devices and the locations of those
wires.
Rack diagram show the devices stacked in a rack system. They are helpful when
planning a rack installation.
 Figure 12. Rack diagram

The process of designing, implementing and maintaining an entire network is called the
system life cycle.
 Requirements analysis: Identify network requirements and business needs.
 Design planning: Progress from big picture goals to detailed decisions.
 Development and testing: Purchase equipment and test before deploying.
 Implementation: Deploy new equipment, replace old ones and test to achieve a
new stable baseline.
 Documentation and maintenance: Apply effective monitoring techniques and
keep documentation updated.
 Figure 13. Phrases of a network system life cycle

Inventory management refers to the monitoring and maintaining of all network assets.
The first step is to list all the components:
 Hardware (including virtual hardware): Configuration files, model number, serial
number, location on the network, and technical support contact.
 Software (including operating systems): Version number, vendor, licensing, and
technical support contact.
4 types of software changes:
 Installation
 Patch
 Upgrade
 Rollback
Steps for changing software or hardware:
1) Don’t allow patches to be auutomatically installed. You need to fully understand
the impact of any change before you allow that change.
2) Determine whether the patch or upgrade is necessary.
 3) Read the vendor’s documentation regarding the patch or upgrade to learn its
purpose, and understand how it will affect the system, whether or not it is
compatible with current hardware and software, and how to apply or undo the
change.
4) Before deploying, test it in a lab to make sure it acts as expected.
5) Determine whether the change should apply to users, network segments, or
devices.
6) Schedule the change for completion during off-hours (unless emergency).
7) Before the change is made, inform system administrators and affected users. If
necessary, prevent users from accessing the system.
8) Back up the current system, software or hardware configuration before making
any modifications.
9) Keep the installation instructions and vendor documentation handy as you
implement the change.
10)After the change is implemented, test the system in real time. Note any
unintended or unanticipated consequences of the modification.
11) If the change was successful, reenable access to the system. If not, revert to the
previous version according to your rollback plan.
12)Inform system administrators and affected users when the change is complete.
13)Record your change in the change management system.

3. Addressing
3.1. Addressing Overview
Data link layer MAC (Media Access Control) address: is embedded on every NIC and
assumed to be unique to that NIC. A MAC address is 48 bits, written as six hex number
separated by colons (00:60:8C:00:54:99). Node on a LAN find each other using their
MAC addresses. Switches check MAC address to determine where to send messages
on the LAN.
Network layer IP address: is used to find any computer in the world if the IP address is
public. For routing purposes, an IP address is used only at the network layer. Routers
check IP addresses to determine which network a message is destined for.
 IPv4: 32 bits and are written as 4 decimal numbers called octets (92.106.50.200).
Each octet in binary consists of 8 bits (92 = 0101 1100).
 IPv6: 128 bits and eight blocks of hex number
(2001:0DB8:0B80:0000:0000:00D3:9C5A:00CC). Each block contains 16 bits.
Transport layer ports: used to identify one application among several that are running on
a host.
Every host on a network is assigned a unique character-based name called the FQDN
(fully qualified domain name) (susan.company.com). The last 2 parts (company.com)
are called domain name. The first part is the host name (susan), which identifies the
individual computer on the network.

3.2. MAC Address

Data link layer MAC (Media Access Control) address is embedded on every NIC and
assumed to be unique to that NIC.

Figure 14. NIC with MAC address

A MAC address is 48 bits, written as six hex number separated by colons

(00:60:8C:00:54:99). The first 24 bits are OUI (Organizationnally Unique Identifier)
which identifies NIC’s manufacturer. Check OIU on wireshark.org/tools/oui-lookup. The
last 24 bits mark up device ID and identify the device itself. In theory, no 2 NICs share
the same MAC address.
Node on a LAN find each other using their MAC addresses. Switches check MAC
address to determine where to send messages on the LAN. MAC addresses are stored
in a MAC address table mapping each MAC address to a physical port on the switch.
The information in a MAC address table expires after a short period of time.
 Figure 15. The switch learns the sending MAC address

Figure 16. The switch learned ealier which port the destination MAC address is connected to

3.3. IP Addresses
Where switches need MAC addresses to identify devices in a network, routers rely on
IP addresses to locate devices across networks.
You can assign a static IP address to a device, or configure the device to request and
lease a dynamic IP address from a DHCP server, which manages the dynamic
distribution of IP addresses to devices on a network.
A subnet mask is a 32-bit number that helps one computer find another. It is used to
indicate what part of an IP address’s bits are the network portion, called network ID, and
which bits consist of the host portion, called the host ID or node ID. A subnet is a similar
network within a larger network.
A gateway is a device that host uses to access another network. The default gateway is
the routing device that nodes on the network turn to for access to the outside world.

3.3.1. IPv4
Classful IPv4 addresses are categorized into 5 classes: A, B, C, D, E. Class A, B, C can
be used to connect to and access Internet resources. Class D addresses (start with 224
to 239) are used for multicast (one host sends messages to multiple hosts). Class E
addresses (begin with 240 to 254) are reserved for research.
Class A, B, C licensed IP addresses are available for use on the Internet and called
public IP addresses. To conserve, a company can instead use private IP addresses for
devices on its private networks, that is devices do not directly connect to the Internet but
instead communicate through a device such as a router. A router and a web server
might have a public IP address, but laptops, desktops... might all have private IP
addresses. RFC1918 allocated IP addresses for private networks:
 Class A: 10.0.0.0 to 10.255.255.255
 Class B: 172.16.0.0 to 172.31.255.255
 Class C: 192.168.0.0 to 192.168.255.255
Reserved IP addresses:
 255.255.255.255: used for broadcast messages.
 0.0.0.0: unassigned.
 127.0.0.1 to 127.255.255.254: loopback address, used for research or indicate
your own computer.
 169.254.0.1 to 169.254.255.254: Automatic Private IP Addressing when a
computer configured for DHCP first connects to the network and unable to lease
an IPv4 address from the DHCP server.
Classless addressing allows the dividing line between network and host portions.
Shifting this dividing line allows for segmenting networks within networks is called
subnetting. With classless addressing, you rely on a variety of subnet mask values to
communicate any number of bits used for the network or host portions.
CIDR (cider) notation takes the network ID or a host’s IP address and follows it with a
forward slash (/), then is followed by the number of bits used for the network ID.
Example: 192.168.89.127/24.
DHCP (Dymanic Host Configuration Protocol) server automatically assigned IP for
devices connecting to the network.
 Scope option: set the starting IP address to ending IP address, others are
reserved.
 Lease time: a time limit before requiring a host renew a new DHCP IP address.
 Primary and secondary DNS server addresses: clients use to match computer
names with IP addresses.
 DHCP reservation: IP addresses outside the scope, allow client to have the same
IP address every time it requests one (a static IP address is configured never
requests an IP address).
NAT (Network Address Translation) is the process of substituting the private IP
addresses used by computers on the private network with its own public IP address.
Using NAT, the gateway hides the entire private network’s hosts behind a single public
IP address.
PAT (Port Address Translation) assigns a separate TCP port to each session between a
local host and an Internet host.

Figure 17. PAT (Port Address Translation)

2 variations of NAT:
 SNAT (Source NAT): the gateway assigns the same public IP address to a host
each time it makes a request to access the Internet.
 DNAT (Destination NAT): When a message sent to the public IP address reaches
the router managing DNAT, the destination IP address is changed to the private
IP address of the host inside the network.

Figure 18. SNAT for outging, DNAT for incoming messages

 3.3.2.IPv6 Addresses
An IPv6 adress has 128 bits as 8 blocks. Each block is 16 bits long. Because they are
so long, so you can use shorthand notation:
 Leading zeroes in a four-character hex block can be eliminated. Example:
2001:0000:0B80:0000:0000:00D3:9C5A:00CC =>
2001:0000:B80:0000:0000:D3:9C5A:CC
 If blocks contain all zeroes, they can be eliminated and replaced by double
colons (::). Only one set of double colons is used in an IPv6 address. Example:
2001::B80:0000:0000:D3:9C5A:CC
Terms used in the IPv6 standards:
 Link: any LAN bounded by routers.
 Neighbors: nodes on the same link.
 Dual stacked: a network configured to use both IPv4 and IPv6 protocols. If this
network must traverse other networks where dual stacking is not used, the
solution is to use tunneling, which transporting IPv6 over IPv4 network.
 Interface ID: the last 64 bits, used to identify the interface.
Types of IPv6:
 Global address: can be routed on the Internet and similar to public IPv4
addresses.
 Link local address: can be used for communicating with nodes in the same link
and similar to an autoconfigured APIPA address in IPv4.
 Loopback address: is similar to the IPv4 loopback address, consists of 127 zeros
and a 1: ::1/128.
 Figure 19. Types of IPv6 address

 Unicast address: specifies a single node on a network.

 Multicast address: delivers packets to all nodes in a targeted group.
 Anycast address: identifies multiple destinations, with packets delivered to the
closest destination.
 Figure 20. Concepts of broadcasting, multicasting, anycasting, unicasting

IPv6 can autoconfigure its own link local IP address without the help of a DHCPv6
sever. It is called SLAAC (Stateless address autoconfiguration) and similar to APIPA
address in IPv4 bit results in an address the computer can continue to use on the
network.

3.3.3. Ports and Sockets

A port is a number assigned to a running process. TCP/UDP ports ensure data is
transmitted to the correct process on the device.
A socket consists of both IP address and a process’s port, with a colon separating the
two values, such as: 10.43.3.87:23.
Well-known ports: 0-1023, assigned for well-known utilities and applications.
Registered ports: 1024-49151, temporarily assigned for non-standard processes.
Dynamic & private ports: 19152-65535, which are open for use without restriction.
 NTP (Network Time Protocol) used to synchronize clocks.
 LDAP (Lightweight Directory Access Protocol) used to access network-based
directories.
  SMB (Server Message Block) used for file sharing on a network.
 Syslog (System log) used for generating, storing and processing messages
about events on a system.

3.3.4. Domain names and DNS

You access websites by URL, which is an application layer addressing scheme that
identifies where to find a particular resource on the network. The first part is the protocol
to be used, the next part is the FQDN.
Computers must convert the FQDN to an IP address before finding the referenced
computer. This process is called name resolution, which discovery the IP address of a
host when its FQDN is known.
DNS doesn’t follow a centralized database model, but rather a distributed databased
model.
 Primary DNS server: holds the authoritative DNS database for the organization’s
zones.
 Secondary DNS server: back up authoritative name server.
 Caching DNS server: caches the DNS information it collects. It receives DNS
queries from local network clients and resolves them by contacting other DNS
servers for information.
 Forwarding DNS server: maintain its own DNS cache from previous queries, and
receives queries from local clients but doesn’t work to resolve the queries.

Figure 21. Hierarchy of name servers

 13 clusters of root DNS servers hold information used to locate the TLD servers.
 TLD (Top-Level Domain) servers hold information about the authoritative name
servers owned by organizations.
 Figure 22. Queries for name resolution

 Step 1: The client computer searches its DNS cache on local computer. If it can’t
find www.mdc.edu there, the resolver sends a DNS query to its local DNS server.
 Step 2-3: The local name server queries a root server. The root server responds
to the local name server with a list of IP addresses of TLD name server
responsible for TLD .edu suffix.
 Step 4-5: The local name server makes the same request to one of the TLD
name servers responsible for the TLD suffix. The TLD name server responds
with the IP address of the .mdc.edu authoritative server.
 Step 6-7: The local name server makes the request to the authoritative name
server, which responds the IP address of www.mdc.edu host.
 Step 8: The local name server responds to the client resolver with the requested
IP address.
2 types of DNS requests:
 Recursive lookup: A query that demands a resolution or the answer “It can’t be
found.”
 Iterative lookup: A query that does not demand resolution.
DNS troubleshooting tools:
 ping
 ipconfig/ifconfig
 hostname
 nslookup/dig: allows you to query the DNS database from any computer on the
network and find the host name of a device by specifying its IP address
4. Protocols
4.1. TCP/IP Core Protocols
TCP/IP is a suite of protocols, or standards including TCP, IP, UDP, ARP...
TCP (Transmission Control Protocol) provides reliable data delivery services.
 Connection-oriented: TCP use three-way handshake process to establish a TCP
connection.
 Sequence and checksum: TCP sends a character string called a checkup, TCP
on the destination host then generate a similar string. If the two checksums fail to
match, the destination asks the source to retransmit the data.
 Flow control: it is the process of gauging the appropriate rate of transmission
based on how quickly the recipient can accept data.

4.1.1. TCP Segment

Figure 23. TCP packet

Three-way handshake
 Figure 24. The three-way handshake

 Step 1: SYN - request for a connection

 Step 2: SYN/ACK - response to the request
 Step 3: ACK - connection established
After establishing the connection, computer A will begin data transmission. No payload
has been included in any of the three initial messages, the sequence number have
increased by 1 in acknowledgement, and they will each be increased by the numbers of
bits included in each received segment as confirmation that the correct length of
message was received.
The two hosts continue communicating until computer A issues a segment whose FIN is
set to 1, indicating the end of the transmission.

4.1.2. UDP (User Datagram Protocol)

UDP is an connectionless protocol. No connection is established before data is
transmitted, there for it does not guarantee delivery of data. It is faster than TCP.

Figure 25. UDP datagram

 4.1.3. IP (Internet Protocol)
IP is the protocol that enables TCP/IP to internetwork - traverse more than one LAN
segment and more than one type of network through a router.
It is a connectionless protocol. Each IP packet travels separately from all other
packagets in its series, some might take a different route than others even if they’re
going to the same place. Once IP delivers the message to the correct host, it depends
on TCP to ensure the messages are reassembled in the right order, if that’s necessary.

Figure 26. IPv4 packet

 Figure 27. IPv6 packet

4.1.4. ICMP (Internet Control Message Protocol)

ICMP reports on the success or failure of data delivery. ICMP announces these
transmission failures to the sender, but it does not correct errors it detects.

Figure 28. ICMP packet

4.1.5. ARP (Address Resolution Protocol) on IPv4 Networks

ARP works with IPv4 to discover the MAC address of a note on the local network and to
maintain a database that maps local IPv4 addresses to MAC addresses. This database
is called an ARP table or ARP cache, and kept on the computer hardrive.
 Dynamic ARP table entries: record new informtaion for future reference.
 Static ARP table entries: entered manually using the ARP utility.
 Figure 29. ARP table

Command on Windows
 View: arp -a
 Flush: arp -d <IP>
 Add static entry: arp -s IP MAC

4.1.6. NDP (Neighbor Discovery Protocol)

On IPv4 networks, neighbor discovery is managed by ARP and ICMP. However, on IPv6
networks, this process is done by NDP, which automatically detects neighboring
devices.

4.1.7. Ethernet
It is the most popular network technology used on modern LANs. Ethernet II is the
current Ethernet standard.

Figure 30. Ethernet II frame

MTU (maximum transmission unit) is the largest size, in bytes, that routers in a
message’s path will allow at the network layer. It defines the maximum payload size that
a layer 2 frame can encapsulate.
There are notable exceptions
 Ethernet frames on a VLAN can have an extra 4-byte field between the Source
address field and the Type field.
 Some special-purpose networks allows for a jumbo frame, in which the MTU can
be set above 9000 bytes, depending on the type of Ethernet architecture used.

4.2. Encryption Protocols

In security, data exists in three states:
  At rest: data is most secure (stored on devices protected by firewall, AV... and
physical security).
 In use: data is accessible. Reduce risks by tightly controlling access and reliable
authentication of users.
 In motion: data is most vulnerable because it’s exposed to potential gaps,
intrusions and weak links.
Encyption protocols use a mathematical code, called a cipher, to scramble data into a
format that can be read only by reversing the cipher.
Encryption is the last layer of defense against data theft but it can happen at various
layers of the OSI model. It encodes the original data’s bits using a key, or a random
string to scramble the data and generates a unique and consistently sized data block
called ciphertext.
 Private key encryption: using a single key that only the sender and the receiver
know. It also known as symmetric encryption.

Figure 31. Private key encryption

 Public key encryption: encrypted by using a private key known only to the user,
and decrypted by a public key that available through a third-party source (PKI –
public key infrastructure). Alternatively, data can be encrypted with the public key,
and then can only be decrypted with the matching private key. It is also known as
asymmetric encryption. Users use digital certificate, which is small file containing
that user’s verified identification information and the user’s public key, to simplify
and secure key management.
 Figure 32. Pubic key encryption

4.2.1.IPSec (Internet Protocol Security)

IPSec is a set of rules for encryption, authentication and key management for TCP/IP
transmissions. It adds security information to the headers of IP packets and encrypts
the data payload.
 IPSec initiation
 Key management
o IKE (Internet Key Exchange): negotiates the exchange of keys, including
authentication of the keys.
o ISAKMP (Internet Security Association and Key Management Protocol):
works with the IKE process to establish policies for managing the keys.
 Security negotiations: IKE continues to establish security parameters
associations that will serve to protect data while in transit.
 Data transfer: After params and encryption techniques are agreed upon, a secure
channel is created.
 Termination: To maintain communication, the connection can be renegotiated and
reestablished before the current session times out.
 4.2.2.SSL (Secure Sockets Layer) and TLS (Transport Layer
Security)
The two protocols are both encryption methods and they can work side by side, known
as SSL/TLS.
Each time a client and server establish an SSL/TLS connection, they establish a unique
session. This handshake conversation is similar to the TCP three-way handshake.
 Step 1: The browser sends a client hello message (type of encryption the
browser can decipher, a random number the uniquely idetifies the session) to the
web server.
 Step 2: The server responds with a sever hello messages that confirms the
information it received and agrees to encryption terms, issues to the browser a
public key or a digital certificate.
 Step 3: If the server request a cert, the browser sends it. Any data is encrypted
using the server’s public key. After the browser and server have agreed on the
terms of encryption, the security channel is in place and they begin exchanging
data.

4.3. Remote Access Protocols

Remote access is a service that allow a client to connect with and log on to a server, or
WAN in a different geographical location. All types of remote access techniques require
some type of RAS (Remote Access Server) software to accept a remote connection and
grant it privileges to the networks resources.
Remote file access: allows a remote client to upload and download data files and
configuration files.
o FTPS (FTP over SSL): Add a layer of protection for FTP using SSL/TLS
the can encrypt both the control and data channels.
o SFTP (Secure FTP): File-transfer version of SSH that includes encryption
and authentication, both inbound and outbound communications are
usually configured to cross SSH’s port 22.
o TFTP (Trivial FTP): Similar to FTP except that it includes no authentication
or security and uses UDP at the transport layer.
Terminal emulation: allows a remote client to take over and command a host
computer, which means that a host may allow clients a variety of privileges, from merely
viewing the screen to running applications and modifying data on the host. Ex: telnet,
SSH, Remote Desktop, VNC
VPN (virtual private network): is a virtual connection that remotely accesses
resources between a client and a network. A VPN is referred to as a tunnel. VPN can be
classified to three models:
 Site-to-site VPN: tunnels connect multiple sites on a WAN.
 Figure 33. Site-to-site VPN

 Client-to-site VPN: the tunnel created between the client and the headend
encrypts and encapsulates data. Only the VPN headend needs a static public IP
address. Each remote client on a client-to-site VPN must either run VPN software
to connect to the VPN headend.
 Figure 34. Client-to-site VPN

 Host-to-host VPN: two computers create a VPN tunnel directly between them.
VPN tunneling approaches:
 Full tunnel VPN: Captures all network traffic.
 Split tunnel VPN: Only captures traffic desired for the corporate network.
GRE (Generic Routing Encapsulation) is a layer 3 protocol used to transmit messages
through a tunnel, developed by Cisco.
Multipoint VPNs:
 mGRE (multipoint GRE) protocol allows the configuration of multiple tunnel
destinations on a single interface.
 Requires spoke routers at branch locations to communicate with the hub router
at the headquaters to annouce and collect updated IP address information for
other spoke routers.
 DMVPN (Dynamic Multipoint VPN): dynamically creates VPN tunnels between
branch locations as needed rather than requiring constant, static tunnels for site-
to-site connections.
 Figure 35. VPN tunneling approaches

4.4. Troubleshooting Tools

5. Cabling
5.1. Transmission Basics
Frequency, measured in MHz or GHz, which indicates the number of times in a second
that an electrical signal can change states. A cable’s maximum frequency is important to
know because it affects how quickly you can transfer data over that cable.
Bandwidth, measured in Mbps or Gbps, refers to the amount of data you could
theoretically transmit during a given period of time. It refers to the number of lanes
available for data transfer.
Throughput, measured in Mbps or Gbps, refers to the number of data bits that are
actually received across a connection each second. It as a range of possibilities.

5.2. Transmission Flaws

Noise (interference) can degrade or distort a signal, is measured in dB loss. The signal
might get weaker due to noise, or get stronger by an amplifier.
Attenuation is the loss of a signal’s strength as it travels away from its source. To boost
signals, use a repeater, which regenerates a digital signal in it original form without the
noise previously accumulated.
Latency is a brief delay takes place between the instant when data leaves the source
and when it arrives at its destination.
Two important NIC settings include the direction in which signals travel over the media
(duplexing) and the number of signals traverse the media at any given time
(multiplexing). These create different methods of communication:
 Full-duplex (duplex): Signals are free to travel in both directions over a medium
simultaneously.
 Half-duplex: Signals may travel in both directions over a medium but in only one
direction at a time.
 Simplex: Signals may travel in only one direction, called one-way communication.
Duplexing pairs two wires together inside a cable, one transmits and the other receives.
Multiplexing allows multiple signals to travel simultaneously over one medium.

6. Wireless Networking
6.1. Characteristic of wireless transmissions
LANs that transmit signals through the air via RF (radio frequency) waves are known as
WLANs (wireless local area networks).
The wireless spectrum is the frequency range of waves used for data and voice
communication. It’s band is between 9kHz and 300GHz.
Kinds of wireless:
  RFID (Radio Frequency Identification): store data on a small chip in an RFID tag,
which includes an antenna that can both transmit and receive.
 NFC (near-field communication): transfer data wirelessly over very short
distances. The NFC tag collects power by magnetic induction.
 Z-Wave is a smart home protocol that provides two basic types of functions:
signaling to manage wireless connections or control to transmit data (commands)
between devices. Devices on the netwok are identify by a 1-byte Node ID, and
the entire network has a 4-byte Network ID.
 Bluetooth: unite separate entities, under a single communications standard. It
requires close proximity to form a connection.
 ANT+: gathers and tracks information from sensors that are typically embedded
in activity monitoring devices. Unlike bluetooth, ANT+ can also sync data from
multiple devices for the same activity.
 IR (infrared): is used primarily to collect data through various sensors. It requires
a nearly unobstructed LOS (line of sight) between the transmitter and receiver.
Channel Management
To allow multiple devices to share the same band, the band is subdivided into channels,
and channels are further subdivided into narrowband channels.
 FHSS (frequency hopping spread spectrum): a short burst of data is transmitted
on a particular frequency within the band, and the next burst goes to the next
frequency in the sequence. Ex: bluetooth
 DSSS (direct sequence spread spectrum): data streams are divided and
encoded into small chunks, which are spread over all available frequencies within
one of three wide channels, all at the same time. Ex: wifi
Even with the frequency spread of FHSS or DSSS to avoid interference, collisions can
still happen. Each technology has a procedure to follow when it senses a collision.
Antennas
The lack of fixed path requires wireless signals to be transmitted differently than wired
signals. Antenna resolves this problem, it emits the signal as a series of electromagnetic
waves into the atmosphere.
 Figure 36. Wireless transmission

Two antennas must be tuned to the same frequency so they can communicate on the
same channel. Receivers must be located within a transmitter’s range to receive signal
consistently. Two basic categories:
 Directional antenna: issues wireless signals along a single direction.
 Omnidirectional antenna: issues and receives wireless signals with equal
strength and clarity in all directions.
Association and Wireless Topologies
Association is a process involves a number of packet exchanges between access point
and your devices. Besides, your devices also periodically surveys its surroundings for
evidence of an access point, known as scanning.
 Active scanning: the client takes the initiative
o The device transmits a special frame (probe) on all available channels
within its frequency range.
o An AP detects the probe frame, issues a probe response for that device.
o The device can agree to associate with that AP.
o The two nodes begin communicating over the frequency channel specified
by the AP.
 Passive scanning: the AP takes the initiative
o A wireless-enabled device listens on all channels within its frequency
range.
o The device can choose to associate with the AP.
o The two nodes agree on a frequency channel and begin communicating.

A wireless controller provide centralized authentication for wireless clients, load

balancing and channel management so that neighboring APs don’t try to use
overlapping channels.
A client can associate with any one of many APs that use the same ESSID, which
allows users to roam, or change from AP to AP, without losing wireless network service.
Roaming between APs requires reassociation.
SOHO Network: Home or small office network, generally requires only one central AP
and possibly some range extenders. The AP device often combines switching, routing
and other network functions.

Figure 37. A SOHO Network

6.2. Wifi Network Security

WEP (Wired Equivalent Privacy) has 2 forms of authentication, neither of which is
secure.
WPA (Wi-Fi Protected Access) dynamically assigns every transmission its own key,
known as TKIP (Temporal Key Integrity Protocol). It uses the same encryption
mechanism as WEP but with improved algorithms in more securely encrypted
transmission.
WPA2 ensures data confidentiality
 Message integrity: CCMP (counter Mode with CBC-MAC Protocol) ensure
incoming packets are coming from their declared sources, and using the AES.
 Encryption: CCMP uses AES, which faster and more secure than TKIP.
Personal and Enterprise
 The personal version of WPA/WPA2 (WPA-PSK or WPA2-PSK, Pre-Shared Key)
is the common configuration on home wireless networks in which you need to
ennter a passphrase for authentication.
 WPA-Enterprise: is made by combining a RADIUS (Remote Authentication Dial-
In User Service) authenticaiton server with WPA. In the context of Wi-Fi, a
RADIUS server is used with an authentication mechanism called EAP
(Extensible Authentication Protocol, which works with other encryption and
authentication schemes to verify the credentials of users and devices to provide
the framework for authenticating clients and servers.

Figure 38. EAP messages are encapsulated in RADIUS message

AP and antenna placement: positioning the AP in the center of it’s intended range
increases the strength of the signal for users. Consider what antenna placement will
give the best signal where you want it and reduce the strength of the signal outside your
building or other intended range.
Guest network: The guest network has a separate SSID and passphrase and can be
managed with different rules or time restrictions.
Wireless client isolation: It allows a client onto the network but imposes firewall rules to
restrict that client’s ability to communicate with only the default gateway. If you provide a
guest network, be sure to set up a captive portal. It is the first page a new client sees
when connecting to the guest network, and it usually requires the user to agree to a set
of terms and conditions.

6.3. Troubleshooting
Spectrum analyzer: assess the quality of a wireless signal by scanning a band of
frequencies for signal and noise.
Wi-Fi analyzer: evaluate Wi-Fi network availability as well as help optimize Wi-Fi signal
settings.
Slow connections
 Insufficient wireless coverage: If a client is too far from an AP or if there are too
many obstacles between the two nodes, communication might occur, but data
errors become more probable and slow down communication.
 RF attenuation/signal loss: If the strength of the signal the AP emits is too low, it
will result in dropped signals as clients roam to the peripheral areas of the AP’s
range. Otherwise, maxed out power levels will result in too much overlap
between AP coverage areas. Begin with a 50% power setting, and make
incremental changes as needed to optimize the amount of overlap between APs.
Also keep in mind that even if a client can receive a signal from a high-powered
AP installed on the other end if the building, the return signal from the client
might not be reliably strong enough to reach the AP, which is called a near–far
effect.
 Interference
 Channel overlap: Using channels or frequencies that are too close to each other
on the frequency spectrum can interfere with each other’s transmissions. You can
use a Wi-Fi analyzer to determine which channels are being used by nearby
wireless networks, and then utilize a less crowded channel.
 Wireless standard specifications
 Simultaneous wired and wireless connections
 Problem with firmware updates
 Incorrect antenna type
 Mismatched antenna polarization
 Client saturation or overcapacity: A SOHO network’s AP might take 10-15
devices before becoming overwhelmed.
 Client disassociation issues: If client is frequently disassociating from the AP,
confirm the AP is not using an overly crowded Wi-Fi channel and consider using
a narrower channel.

7. Module 7: Network Architecture

8. Module 8: Segmentation
8.1. Subnet Masks
As the network grows, you’ll need to better manage network traffic by segmenting the
network so that each floor contains a separate LAN, or broadcast domain.
 Figure 39. A separate subnet for each floor

However, a device on subnet 2 doesn’t know devices on Subnet 3. The solution is to

divide your pool of IP addresses into 3 groups or subnets, one for each LAN or floor.
This is called subnetting. A device uses a subnet mask to determine which subnet or
network it belongs to. If the device knows the remote host is not on its own network, it’ll
send the transmission directly to its default gateway.
A subnet mask is always a series of 1s followed by a series of 0s. The more bits you
borrow for network information, the more subnets you can have, but the fewer hosts
each subnet will contain. You can calculate the magic number by raising 2 to the power
of the number of bits in the host portion of the subnet mask’s interesting octet using:
magic number = 2h.

8.2. VLANs (Virtual LANs)

A VLAN groups ports on one or more switches so that some of the local traffic on each
switch is forced to go through a router. You could use managed switches and VLANs to
segment the network. The switch manages all network traffic on the LAN unless a host
on the network wants to communicate with a host on another network, and then that
traffic goes through the router.
 Figure 40. A managed switch with its ports partitioned into two groups,
each belonging to a different VLAN

Traffic between hosts on VLAN 1 and VLAN 2 must go through the router. The ports for
a VLAN don’t have to be located next to each other, each port is individually configured
to belong to a specific VLAN. All transmissions coming from the connected host will be
associated with the VLAN on that switch’s port.

Figure 41. Each port on a switch is assigned to a different VLAN

A switch can support more than one VLAN. A VLAN can include ports from more than
one switch.
 Figure 42. 3 switches on a LAN with multiple VLANs

8.2.1. VLAN Trunks

Ports connected to hosts are usually configured to support traffic for only one VLAN.
However, the port that connects to Switch C must be able to carry traffic for multiple
VLANs. With trunking, a single switch can support traffic belonging to several VLANs
across the network.
 Access port: connects the switch to a host.
 Trunk port: connects the switch to a networking device.

Figure 43. Trunk lines carry traffic for VLANs

Each VLAN is assigned its own subnet of IP addresses. As traffic from each VLAN
reaches the router, the router sees three logical LANs connected to a single router port.
Each logical interfaces on the one physical interface is called a subinterface.

Figure 44. 3 subnets are connected to a single router interface

8.2.2. Types of VLANs

 Default VLAN: cannot be renamed or deleted, but ports in the default VLAN can
be reassigned to other VLANs.
 Native VLAN: receive all untagged frames from untagged ports, should be
changed to an unused VLAN so that untagged traffic essentially runs into a dead-
end.
 Data VLAN: carries user-generated traffic.
 Management VLAN: provide administrative access to a switch.
 Voice VLAN: supports VoIP traffic.
 Private VLAN: Hosts assigned to a secondary VLAN cannot communicate
outside their own subdomain within the private LAN. However, a server or load
balancer might instead be connected to a promiscuous port within the primary
VLAN so it can communicate with hosts inside all the secondary VLANs.
o Isolated VLAN: the host on each switch port is completely isolated from
hosts in the same and other secondary VLANs within the primary VLAN.
o Community VLAN: hosts within the same community VLAN can
communicate with each other but not with hosts in other secondary
VLANs.