Network + Online Assessment Scope

• Trusted/ untrusted certificates.

• Protocol Field
• DiffServ Field
• Time to Live Field
• ID
• Flags
• Fragment offset Fields.
• CrossTalk
• Switch configuration
• Remote access
• Data Loss Prevention
• IP Address conflict
• IP Address parameters
• DNS problem

TRUSTED AND UNTRUSTED CERTIFICATES

Trusted and untrusted root certificates are used by Windows operating systems and applications as a
reference when determining whether public key infrastructure (PKI) hierarchies and digital certificates are
trustworthy. Untrusted root certificates are certificates that are publicly known to be fraudulent. Trusted
and untrusted root certificates functionality works across all environments, whether connected or
disconnected.
Trusted and untrusted root certificates are contained in a certificate trust list (CTL). When you want to
distribute root certificates, you use a CTL. Windows Server features automatic daily update functionality
that includes downloads of latest CTLs. The list of trusted and untrusted root certificates are called the
Trusted CTL and Untrusted CTL, respectively. For more information, see Announcing the automated
updater of untrustworthy certificates and keys.
DEFINE THE FOLLOWING:
1. PROTOCOL FIELD – This is an 8-bit number that defines what protocol is used inside the IP packet.
2. DIFFERENT SERVER FIELD- Describe details about the system acting as the server in the network event.
3. TIME TO LIVE FIELD- This refers to the time it takes for something to be completed, like measuring how
long it takes for an action to turn into a result.
4. ID- This is a unique number assigned to data packets, indicating whether they should be fragmented
(broken into smaller pieces) and how they should be placed in the original message when reassembled,
helping to construct the complete message from its fragmented parts.
5. FLAG FIELD-Contains binary settings that control the behaviour of data packets, indicating whether they
should be fragmented.
6. FRAGMENT OFFSET FIELD- Indicates where a particular fragment of a data packet should be placed.

CROSSTALK
Unwanted interference between 2 or more signals or channels, due to communication lines running
adjacent.
Types of crosstalk
 Forward crosstalk- Refers to the unwanted interference or noise that occurs when a signal on one
channel or wire interferes with another channel which can disrupt data transmission or information.
 Near-end crosstalk (NEXT)-Is a type of electromagnetic interference in which signals on nearby wires
interfere with each other in a cable.
 Far end crosstalk (FEXT)- This is when signals on one cable interferes with signals on another cable
further away. It’s like hearing a conversation from a table across the restaurant instead of at the
neighbouring table.
 Alien crosstalk (AXT)- This refers to when signals on one cable interfere with signals on a nearby
cable, like hearing a conversation from another restaurant in addition to the one you’re in.

CROSSTALK- This is a term used in various fields, including electronics, telecommunications and audio
engineering to describe unwanted interference between two or more signals or channels.
It occurs when signals traveling on adjacent conductors or channels interfere with each other.
Types of crosstalk:
-Near end crosstalk (NEXT)
-Far end crosstalk (FEXT)
-Alien Crosstalk (AXT)
-Power Sum Near end crosstalk (PSNEXT)
-Console cable -Is a type of cable that is used to connect a computer or other device to a network device
such as a router or switch.
Allows administrators and technicians to access the devices COMMAND LINE INTERFACE(CLI) for
configuration, troubleshooting and management purposes even if primary network is down or
misconfigured.
HOW TO PREVENT CROSSTALK
1. Proper cable management.
2. Twisted or Shielded cables.
3. Proper grounding.
4. Use shorter cables.
5. Separate cables.
CAUSES OF DATA LOSS OVER A NETWORK
Refers to the unintentional disappearance or corruption of digital information while its being transmitted
between devices.

DATA LOSS CAN OCCUR TO VARIOUS REASONS:

Hardware failure- This when your device stops working because something inside it broke or stopped
functioning.
Software issues- These are problems in programmes that can mess up how things work on your computer
or device.
Cyber-attacks- These are like digital break-ins whereby hackers try get into your computer or online
accounts to steal information.
Data corruption- Data can become corrupted during transmission due to errors in a network or faulty
hardware.
Lack of redundancy- when there is no backup or duplication of essential components or information,
making a system vulnerable to failure.
WAYS TO MITIGATE DATA LOSS OVER A NETWORK?
Backup systems

Redundancy

Reliable hardware

Encryption

DATA LOSS OVER A NETWORK- this refers to the unintentional disappearance or corruption of digital information
while its being transmitted between devices or systems. This loss can happen due to various reasons:

Packet loss- This when digital data packets don’t arrive properly at their destination, causing gaps or errors in
transmitted information.

Network Disruptions – these are like unexpected roadblocks for your internet connection, causing sudden stops or
slowdowns in your online activities.

Latency- This is the delay between doing something online and seeing the response.

Hardware failures- This is when your computer or device stops working because something inside it broke or
stopped functioning.

Cyber-attacks- these are like digital break-ins whereby hackers try to get into your computer or online accounts to
steal information.

Software issues- These are problems in programmes that can mess up how things work on your computer or device.
NETWORK INSTABILITY
1. Network congestion:
• Cause- too much traffic on the network causing packets to be delayed or dropped.
• Solution-Regularly maintain and replace faulty hardware components.
2. Hardware failures:
• Cause: Malfunctioning network devices, such as routers, switches or cables can disrupt network
connectivity.
• Solution: Regularly maintain and replace faulty hardware components.
3.Software issues:
• Cause: Software bugs, or compatibility problems can lead to network instability.
• Solution: Update software, apply patches and review network configurations.
4.Lack of redundancy:
• Cause: Single points in network architecture can lead to instability if those components fail.
• Solution: Implement redundancy to ensure network strength
5.Environmental issues:
• Cause: issues such as temperature, humidity and physical obstructions can affect network
instability.
• Solution: Ensure proper environmental control.

HARDWARE REQUIREMENT FOR FAST ETHERNET

1. Ethernet Cable-A cable that connects computers and devices to share information in a local network.
2. Switch-A device that connects devices in a local area.
3. Access Point- A devices that enables wired devices connect to a wireless network.
4. Router-A device that connects different networks.
5. Modem- A device that helps your devices connect to the internet through internet service.

(Online Assessment question: List hardware requirements for a network relying on 10Gb speeds. And list
their current hardware devices.)

GUIDELINES FOR IMPLEMENTIMNG SWITCHES AND NETWORKS (switch configuration)

1. Plan Ahead

2. regular backups

3. Regular updates

4. Choose Right hardware

5. Segment Networks

6. Label everything

DEPLOYING A MANAGED CISCO SWITCH

1. Inspect your hardware.

2. Set up management IP.

3. Check VTP revision number.

4. Configure access points.

5. Configure trunk ports.

6. Configure access ports.

7. Set up VTY line configuration.

THREE CISCO MODES: (Name the three principal configuration modes of a cisco switch)

1.User EXEC mode. The User EXEC mode is the first mode a user has access to after logging in to
the switch. The user mode is identified by a greater than symbol following the switch name.
This mode provides access to the basic commands, including the show commands as well as
the system status commands. The switch cannot be configured or restarted from this mode.
2.Privileged EXEC mode. The Privileged EXEC mode includes all the commands that are available
in the User mode. Privileged mode supports configurations or restarts. It also allows the
user to view the system configuration file, restart the switch, and includes access to all
configuration commands.
3.Global EXEC mode. The Global Configuration mode allows users to make changes to the
router's global configuration settings, such as the hostname and the enable secret
password. This mode is accessed by entering the "configure terminal" command in
Privileged EXEC mode.
REMOTE ACCESS
Remote access enables remote users to access files and other system resources on any devices or servers that are
connected to the network at any time. Remote access is the ability of users to access a device or a network from any
location. With that access, users can manage files and data that are stored on a remote device. Some operating
systems include a remote access controller. For example, Windows uses Remote Desktop Protocol (RDP) and Linux
has Secure Socket Shell (SSH).

ISSUES TO MITIGATE WHEN DEPLOYING REMOTE ACCESS:

1: Network Failure.

2: Firewall Problems.

3: SSL Certificate Issues.

4: DNS Problems.

5: Insufficient permissions.

6: Capacity Exceeded.

7: Dropped connections.

8: CredSSP Problems.
https://www.techtarget.com/searchvirtualdesktop/tip/Top-5-remote-desktop-connectivity-problems-and-how-
to-prevent-them

VPN ACCESS

A virtual private network (VPN) is like a secret tunnel that keeps your internet connection private and secure. It
makes your online activities harder to see and helps you access websites from different places.

THERE ARE MAINLY 2 TYPES OF VPN ACCESS:

1.Remote Access VPN- This type of VPN allows individual users to connect to a private network from a remote
location, such as their home or a coffee shop. It’s commonly used to ensure a secure connection for remote workers
or travellers.

2. Site to site- Connects entire networks together, such as two branch offices of a company located in different
cities.it allows these networks to securely communicate with each other over the internet as if they were in the
same physical location.

IP ADDRESS PARAMETERS
1. IP Address
2. Subnet mask
3. 32-bit Address
4. Quality of service
5. Proxy settings
6. DHCP configuration
7. Firewall settings.

IP ADDRESS CONFLICT
This conflict happens when two devices on a network get confused because they’re using the same
“address” to identify themselves. It’s like two houses having the same street address- things get mixed up
and might not end going where it’s supposed to.
CAUSES OF IP ADDRESS CONFLICT:
Manual configuration errors
• DHCP Server issues- misconfigured DHCP server might assign same IP address to multiple devices.
• Rogue DHCP servers -Unauthorized DHCP servers on a network can cause conflicting IP addresses.
• Device cloning -If a device is cloned and copied without changing its IP address it will conflict with
the original device.

PREVENTION METHODS
. Proper network management practices.
. Regular maintenance of IP assignments
. Use of DHCP as it automatically assigns IP address to devices on your network.
. Subnetting-Divides your network into smaller subnets if you have many devices, this reduces the
number of devices sharing the same space and lowers risk of conflicts.

WAYS OF MITIGATING IP ADDRESS CONFLICT

1. Manual resolution- User physically tap in the IP address.
2. Use of DHCP – It automatically ASSIGNS IP address to devices on a network.
3. Subnetting- Divides users’ network into smaller subnets if user has many devices. This reduces the
number of devices sharing the same space and lowers risk of conflicts.
4. Regular maintenance of IP assignments
5. Proper network management practices.

NEW Insert ---

To upgrade ethernet speed from 1 gigabit (1 Gb per second to 10 gigabits per second (10Gb), follow
these steps:
1. Network interface cards (NICs): Ensure the new NICs support 10GbE.
2. Patch Panel: Use patch panels designed for high-speed data typically Cat 6a or Cat 7 for copper
cabling as they can handle 10 GbE. Also ensure patch panel loss has enough ports to
accommodate required needs.
3. Router/Gateway: If your network is connected to the internet, check if your router supports
10GbE, upgrade if necessary.
4. Configuration: Update the network settings on all devices to use 10GbE connection, this
includes configuring IP addresses, subnet masks and any other relevant settings.
5. Fibre optic cables: For 10 GbE network consider using single-mode Fibre (SMF) or multimode
fibre. MMF is suitable for shorter distances.

IP ADDRESS CONFLICT
IP address conflict is a situation in which two or more devices within a network are configured with the
same IP address which results in communication problems and network disruptions. These conflicts arise
due to IP issues, DHCP server issues resulting in network instability problems or delay of packets.
Causes:
1.Rogue DHCP server: Unauthorized DHCP servers on the network can allocate IP addresses and causes
conflict if they are not properly managed or identified.
2.Network changes: Adding new devices or configuring the network can sometimes result in IP address
conflict in devices that aren’t updates with the current IP information
3.Device cloning: By assigning identical IP addresses to both the original and cloned device (duplication of
hardware or software) on the network, it causes disruption, difficulty in resolution and operational impact.
4.Static assignment errors: Manually assigning IP addresses to devices and making a mistake such as
assigning the same IP to two different devices.
5.Network segment changes: If devices are moved between different network segments or subnet mask
without updating their IP configurations, conflict might occur.

DIFFERENCE BETWEEN MANAGED&UNMANGED SWITCH

➢ A managed switch provides advanced configuration options, monitoring capabilities and
security features, allowing for customized control over network settings. It can be managed
remotely and is suitable for larger or more complex networks.
➢ An unmanaged witch is a plug-and-play solution, lacking advanced configuration and
monitoring. It’s more straightforward and cost-effective, making it ideal for smaller networks
where basic connectivity suffices.
 Untrusted Certificate
An untrusted certificate is one that the browser or system doesn’t recognize or validate as
coming from a reliable source, potentially indicating a security risk or a compromised
connection.

Trusted Certificate
A trusted certificate is recognized by browsers and systems as issued by reliable source, indicating a
secure and verified connection.
 DOMAIN NAME SYSTEM(DNS)
DNS. Auto main name system. Is a vital component Of the Internet It translates human
readable domain names into IP addresses. it plays a crucial role in enabling users to access
websites and services seamlessly.

COMMON DNS SERVER PROBLEMS

1. DNS resolution failure: This occurs when the system cannot translate a domain a domain
name into an IP address. Disrupting access to web services.
2. Slow DNS resolution: Low DNS resolution negatively impacts Internet speed, causing
delays in accessing websites.
3. DNS cache poisoning: DNS cache poisoning poses a security risk by corrupting the
information stored in DNS cache, leading the redirection of users to malicious websites.
4. Misconfigured DNS records: Incorrect DNS records can cause service disruptions, making
it essential to ensure accurate configuration for seamless domain resolution.
5.DDoS attacks on DNS servers: DDoS attacks overwhelmed the DNS servers with traffic,
which causes service outages. Implementing measures to counter such attacks is crucial.

Solutions to DNS server problems

1. Use redundant DNS servers: Employing multiple DNS service provides redundancy. Which
ensures continued service availability. In case of any server failures.
2. DNS caching: DNS caching helps improve resolution and speed the load on the DNS
servers by storing previously resolved domain information.
3. Educating users: User education is vital to prevent issues related to misconfigured DNS
settings. As it emphasises the importance of configuring DNS parameters correctly.
4. Implementing the DNSSEC: DNS Security extensions Enhance security by validating the
authenticity of DNS data, protecting against cache poisoning and other threats.

In conclusion. By implementing these solutions, the Internet infrastructure can maintain

stability and security, ensuring reliable and efficient domain resolution.
(INSERT 2---)

UNTRUSTED CERTIFICATES.
Digital certificates that are not recognized as trustworthy by user’s web browser or application. These
certificates can impose security risks and when encountered they typically trigger warning or errors.
TYPES OF CERTFIFICATES:
Self- signed certificates – These certificates are not issued by CA; they are not issued by CA they are
generated and signed by the entity self.
Expire certificates – When a certificate expires, it is not longer considered trustworthy and connections
using the expired will result in warning or errors.
Revoked certificates – A certificate may be revoked by issuing Certificates Authority (CA) before its
expiration date due to compromise or other security concerns.
TRUSTED CERTIFICATES
These certificates are signed by using a recognised and trusted Certificate Authority (CA). These certificates
are wildly accepted and trusted by web browsers, operating systems and applications and they play a
critical role in establishing secure and trusted online connections.

TYPES
➢ Issued by a trusted certificate authority.
➢ Valid & Current: these certificates have not expired.
➢ Correct hostname

SWITCH CONFIGURATION MODES

User exec mode
➢ Allows performance of basic test & list of system information
➢ Access level: Limited access, read-only mode.

Privileged Exec mode

➢ Commands set operating parameters.
➢ High-Level commands such as debug.
➢ Access level: Provides full access to the switch and allows for configuration changes.
Global Configuration Mode
➢ Access level: Provides access to global configuration settings for the entire switch.
➢ Commands: Used to configure individual interfaces, including Ethernet, VLAN and port settings.
CROSSTALK
Crosstalk usually indicates crosstalk on the receiving pairs at the transmitter end and is usually
caused by excessive untwisting of pairs or faulty bonding of shielded elements.
• Near end(next)- This measure crosstalk on the on the receiving pairs at the transmitter end
and is usually caused by excessive untwisting of pairs or faulty bonding of shielded elements.
• Far-end crosstalk(fext)- Is measured on the receiving pairs at the receipt end. The difference
between insertion loss and FEXT gives Attenuation to Crosstalk Ratio, Far End (ACRF).
• Power sum-Gigabit and 10 GbE ethernet use all four pairs. Power sum crosstalk calculations
confirm that a cable is suitable for this type of application. They are measured by energizing
three of four pairs in turn.
 DEFINITIONS
Protocol Field- The Protocol field describes what is contained (encapsulated) in the payload
so that the receiving host knows how to process it.

- For most packets the value in the Protocol field will indicate a Transmission Control
Protocol (TCP/6) segment or a User Datagram Protocol (UDP/17) datagram.
- The values assigned to protocols (TCP 6& 17 for UDP) are managed by IANA.

DiffServ Field- The Differentiated Services Code Point (DSCP) field is used to indicate a
priority value for the packet.
-This can be used with class of service (Cos) and quality of service (QOS) mechanisms to
facilitate a better quality of real time data transfers, such as video streaming or Voice over IP
calling.
-The 6-byte DSCP value can be combined with a 2-byte Explicit Congestion Notification
(ECN).

Time To Live field- The time to live field IP header is decreased by at least 1. this could be
greater if the router is congested.
✓ -The TTL is normally the number of seconds a packet can stay on the network before
being discarded.
✓ While TTL is defined as a unit of time(seconds), In practice. It is interpreted as a
maximum hop count.
✓ When TTL is 0 the packet is discarded. This prevents badly addressed packets from
permanently circulating the network.

ID, Flags & Fragment Offset Fields

The IT flags end fragment offset IP header fields I used to record the sequence in which the packets were
sent and to indicate whether the IP datagram has been split between multiple frames for transport over
the underlying data link protocol. For example, the MTU of an Ethernet frame is usually 1500 bytes.
-An IP datagram larger than 1500 bytes would have to be fragmented across more than one Ethernet
frame.
-A datagram passing over and might have to be encapsulated in different data link frame types each with
different MTUs
-most systems try to avoid IP fragmentation. IPV 6 does not allow routers to perform fragmentation
instead the host performs the path MTU discovery to work out the MTU supported by each hop and crafts
the IP datagram that will fit in the smallest MTU.

CONSOLE CABLE IN DEPTH

A console cable is used to connect a PC or laptop to the command line terminal of a switch router. The
console port connection on the appliance is a standard RJ45 Jack (but why I didn't different way to put
Ethernet).
-A legacy console cable has a serial DB-9 connector for the PC end.
- As almost no computers come with the DB-9 ports anymore modern cables use a USB connector and port
console cable is traditionally colored pale blue.

PING TEST

• Ping the device to a look back address to test full functionality of TCP\IP.
• Ping another computer within that network and if this fails the switch is most likely to have a
problem.
• Ping another device within the same subnet and if this fails the issue lies within the gateway.

DOMAIN NAME SYSTEM

The Domain Name System is like the Internet address book it translates human friendly domain names
into IP addresses.
To troubleshoot DNS issues, do the following:
➢ Check for connectivity problems.
➢ verify DNS server settings.
➢ clear cache
➢ use diagnostic tools like Lookup.
➢ Mitigating problems involves having redundant DNS servers.
➢ implement DNSSEC for security and monitoring for unusual activity.