CompTIA Network Study Note 1731172258
CompTIA Network Study Note 1731172258
CompTIA Network+
Study Notes
You can learn more about registered trademarks on the USPTO website.
2
Contents
Comparing OSI Model Network Functions .................................................................................. 58
Compare and Contrast OSI Model Layers .................................................................................. 58
Configure SOHO Networks ......................................................................................................... 60
Deploying Ethernet Cabling ........................................................................................................ 62
Summarize Ethernet Standards current, infrared light, or radio waves, to transmit signals. ...... 62
● Electromagnetic radiation creates carrier waves with specific bandwidths or frequency
ranges, and signals are transmitted over these waves through modulation and encoding
schemes. .................................................................................................................................... 62
● Encoding methods, such as transitioning between low and high voltage states, encode
digital information using characteristics of the wave like amplitude. More available bandwidth
allows for encoding greater amounts of data. ............................................................................ 62
● Bandwidth is typically measured in cycles per second or Hertz (Hz), but in data networking,
it refers to the amount of data transfer measured in bits per second (bps). .............................. 62
Copper Cable .............................................................................................................................. 62
● Copper cable transmits electrical signals and suffers from high attenuation, meaning
signals lose strength over long distances. .................................................................................. 62
● Two main types of copper cable are twisted pair and coaxial (coax), with twisted pair cable
rated to Cat standards. ............................................................................................................... 62
Fiber Optic Cable ......................................................................................................................... 62
● Fiber optic cable carries high frequency radiation in the infrared light spectrum, providing
higher bandwidth and less susceptibility to interference or attenuation compared to copper
cable. .......................................................................................................................................... 62
● Fiber optic cabling includes Single Mode (SMF) and MultiMode (MMF) types, categorized
further by Optical Mode designations (OM1, OM2, OM3, and OM4)............................................ 62
Ethernet Standards ..................................................................................................................... 62
● Ethernet standards, notably IEEE 802.3, ensure network cabling meets bandwidth
requirements, specifying bit rates and supported distances. ..................................................... 62
● Ethernet media specifications follow a convention like xBASE-y, indicating bit rate, signal
mode, and media type. ................................................................................................................ 62
Media Access Control and Collision Domains ............................................................................ 62
● Ethernet is a multiple access area network, with media access control (MAC) determining
when nodes can communicate on shared media. ....................................................................... 63
3
● Ethernet uses a contention-based MAC system, where each network node in the same
media shares the same collision domain.................................................................................... 63
● Collision detection mechanisms like Carrier Sense Multiple Access with Collision Detection
(CSMA/CD) detect and handle collisions, reducing available bandwidth. ................................... 63
Ethernet Standards Overview ...................................................................................................... 63
● Fast Ethernet (100BASE-TX) increases bit rate to 100 Mbps, using improved encoding
methods and autonegotiation protocols. .................................................................................... 63
● Gigabit Ethernet (1000BASE-T) further increases bit rate to 1000 Mbps (1 Gbps), typically
implemented only using switches. .............................................................................................. 63
● 10 Gigabit Ethernet (10 GbE) multiplies speed by 10, with specifications for 40 Gbps
operation as well, typically deployed in scenarios requiring very high bandwidth data transfers 63
Summarize Copper Cabling Types ............................................................................................. 64
Summarize Fiber Optic Cabling Types Fiber Optic Cable Considerations ................................. 65
Deploy Ethernet Cabling ............................................................................................................. 67
Deploying Ethernet Switching ..................................................................................................... 69
Deploy Networking Devices ........................................................................................................ 69
Explain Network Interfaces ......................................................................................................... 70
Deploy Common Ethernet Switching Features Ethernet Switch Types: ...................................... 71
Troubleshooting Ethernet Networks Explain Network Troubleshooting Methodology Network
Troubleshooting Methodology: 1. Identify the Problem: ............................................................ 73
● Gather Information: ............................................................................................................. 73
● Define the scope of the problem. ........................................................................................ 73
● Check system documentation, recent job logs, and vendor support sites. ......................... 73
● Identify Symptoms and Duplicate the Problem: .................................................................. 73
● Conduct physical inspection. .............................................................................................. 73
● Check system logs or diagnostic software. ........................................................................ 73
● Attempt to duplicate the issue on a test system. ................................................................ 73
● Question Users: ................................................................................................................... 73
● Ask open-ended and closed-ended questions to gather information. ................................. 73
● Determine if anything has changed since the problem started. .......................................... 73
● Approach Multiple Problems Individually: ........................................................................... 73
● Treat each issue as a separate case. .................................................................................. 73
● Check for related support or maintenance tickets. ............................................................. 73
2. Establish a Theory of Probable Cause: .................................................................................... 73
4
● Throughput: average data transfer rate over time, excluding encoding schemes, errors, and
other losses. ............................................................................................................................... 75
● Speed measured in milliseconds (ms) also known as latency or delay. ............................. 75
Distance Limitations, Attenuation, and Noise: ............................................................................ 75
● Attenuation: loss of signal strength, expressed in decibels (dB). ........................................ 75
● Noise: unwanted signals causing interference, expressed as the signal to noise ratio (SNR).
75
Cable Issues: ............................................................................................................................... 75
● Troubleshooting cable connectivity focuses on physical layer issues. ............................... 75
● Components of an Ethernet link: transceiver, patch cables, structured cable, patch panel,
switch port. ................................................................................................................................. 75
● Verify patch cord connections and test transceivers using loopback tools. ....................... 75
● Use known working hosts or swap ports at the switch if needed........................................ 75
● Use cable testers to diagnose structured cabling issues. ................................................... 75
Loopback Plugs, Status Indicators, and Interface Configuration: ............................................... 75
● Loopback adapter: used to test for bad ports and network cards. ...................................... 75
● Check link lights or LED status indicators for connectivity.................................................. 75
● Verify settings on switch port and NIC for speed and duplex settings. ............................... 75
Cable Testers: ............................................................................................................................. 76
● Verify cable type and installation quality using cable testers. ............................................. 76
● Certifiers ensure installations meet performance standards. ............................................. 76
● Time Domain Reflectometer (TDR) locates cable faults. .................................................... 76
● Multimeter can check physical connectivity in absence of dedicated testers. .................... 76
Wire Map Testers and Tone Generators:..................................................................................... 76
● Identify wiring faults like continuity, shorts, incorrect terminations. ................................... 76
● Tone generator traces cables, especially useful in bundled or unlabeled setups. ............... 76
Attenuation and Interference Issues: .......................................................................................... 76
● Attenuation: loss of signal strength due to cable length; measured in decibels (dB). ......... 76
● Interference from sources like electrical cables, lights, motors, or radio transmitters can
degrade signal quality. ................................................................................................................ 76
Crosstalk Issues: ......................................................................................................................... 76
● Crosstalk indicates bad wiring, poor connectors, or improper termination. ........................ 76
● Measured in dB, higher values indicate less noise. ............................................................. 76
6
● Masks use binary 1s to reveal network ID portions, with contiguous 1s being crucial for
validity. ........................................................................................................................................ 77
● The AND operation between the mask and IP address helps derive the network ID. .......... 78
5. Subnet Masks ......................................................................................................................... 78
● Subnetting involves dividing networks into subnets, adding a hierarchical level that
includes a network ID, subnet ID, and host ID. ............................................................................ 78
● Subnet masks use high-order contiguous bits to delineate subnet boundaries. ................. 78
● Hosts within subnets use longer subnet masks for differentiation, allowing for more
efficient network management and resource allocation. ............................................................ 78
6. Host Address Ranges.............................................................................................................. 78
● The number of available host IDs within a network depends on the subnet mask and the
subnetting scheme employed. .................................................................................................... 78
● Subnetting enables the creation of smaller broadcast domains with fewer hosts, optimizing
network performance and management. .................................................................................... 78
Understanding IPv4 addressing schemes is fundamental to network configuration,
management, and troubleshooting, making it a crucial topic for network professionals to
master. ........................................................................................................................................ 78
Explain IPv4 Forwarding 1. Introduction to IPv4 Forwarding IP facilitates the creation of
interconnected networks (internetworks), requiring packets addressed to remote hosts to be
forwarded. ................................................................................................................................... 79
● Forwarding at Layer 3 is termed routing, while forwarding at Layer 2 is referred to as
switching. .................................................................................................................................... 79
2. Layer 2 versus Layer 3 Addressing and Forwarding ................................................................ 79
● Logical addressing (network, subnet, and host IDs) at Layer 3 maps to forwarding at the
data link Layer 2. ......................................................................................................................... 79
● Subnets are mapped to Layer 2 segments using switches, while routers connect different
subnets. ...................................................................................................................................... 79
● Nodes within a subnet communicate directly via MAC addresses, while communication
between subnets requires routing. .............................................................................................. 79
3. IPv4 Default Gateways ............................................................................................................ 79
● When comparing source and destination IP addresses, if the masked portions match, the
destination is assumed to be on the same subnet...................................................................... 79
● If masked portions don't match, the packet is forwarded to the default gateway (router) for
routing to a remote network. ....................................................................................................... 79
● Routers use routing tables to determine the appropriate interface for packet forwarding,
dropping packets if no suitable path is found. ............................................................................ 79
8
● Routers have performed classless routing for years, but class terminology is still widely
used. ........................................................................................................................................... 81
3. Public versus Private Addressing ............................................................................................ 81
● Public IP addresses can connect to other public IP networks over the Internet and are
governed by IANA. ...................................................................................................................... 81
● Private IP addresses, defined in RFC 1918, are non-routable over the Internet and can be
used within organizations. .......................................................................................................... 81
● Private address ranges include 10.0.0.0 to 10.255.255.255, 172.16.0.0 to 172.31.255.255,
and 192.168.0.0 to 192.168.255.255. ......................................................................................... 81
4. Automatic Private IP Addressing (APIPA) ............................................................................... 81
● APIPA allows clients unable to contact a DHCP server to communicate on the local
network by randomly selecting an address from 169.254.1.1 to 169.254.254.254. ................... 81
● These addresses are from the reserved private addressing range (169.254.0.0/16). ........ 82
5. Other Reserved Address Ranges ............................................................................................. 82
● Class D addresses (224.0.0.0 to 239.255.255.255) are used for multicasting. .................. 82
● Class E addresses (240.0.0.0 to 255.255.255.255) are reserved for experimental use and
testing. ........................................................................................................................................ 82
● Loopback addresses (127.0.0.0 to 127.255.255.255) are reserved for TCP/IP stack testing.
82
● Several other address ranges are reserved for special use, such as documentation and
examples..................................................................................................................................... 82
6. IPv4 Address Scheme Design ................................................................................................. 82
● Factors to consider when planning an IPv4 network addressing scheme include the
number of networks and subnets required, the number of hosts per subnet, and the need for
valid public or private ranges. ..................................................................................................... 82
● The subnetting process involves determining the number of subnets required, calculating
the number of hosts per subnet, and determining subnet IDs and host ranges for each subnet.
82
Understanding how to configure IP networks and subnets is crucial for network administrators
to optimize performance and security within organizations. By implementing VLANs, subnetting,
and understanding IP addressing schemes, administrators can efficiently manage network
resources and ensure smooth communication between hosts. ................................................. 82
Supporting IPv4 and IPv6 Networks Use Appropriate Tools to Test IP Configuration 1. IP
Interface Configuration in Windows Host adapters require appropriate IP addresses, subnet
masks, default gateway (router) addresses, and DNS server addresses for network
communication. .......................................................................................................................... 83
10
● IP provides best-effort delivery, and packets may be fragmented to fit within the Maximum
Transmission Unit (MTU) of the Data Link protocol frame. ........................................................ 90
● IPv4 uses ID, Flags, and Fragment Offset IP header fields to indicate packet fragmentation.
90
● IPv6 does not allow routers to perform fragmentation; instead, hosts perform path MTU
discovery to determine the MTU supported by each hop. ........................................................... 90
Compare and Contrast Dynamic Routing Concepts 1. Introduction to Dynamic Routing
Protocols: Dynamic routing protocols use algorithms and metrics to build and maintain a
routing information base. ............................................................................................................ 91
● These protocols allow routers to exchange routing information rapidly to prevent outages.
91
● Learned routes are communicated between routers, and each router maintains a routing
information base. ........................................................................................................................ 91
2. Topology and Metrics:............................................................................................................. 91
● Routing algorithms are categorized into distance vector or link state protocols. ............... 91
● Distance vector protocols prioritize routes based on the number of hops to the destination.
91
● Link state protocols build a complete topology database and calculate the shortest path
based on metrics. ....................................................................................................................... 91
3. Convergence: .......................................................................................................................... 91
● Convergence is the process where routers agree on the network topology. ....................... 91
● Routers must quickly adapt to changes like network additions, failures, or link failures to
avoid black holes and loops. ....................................................................................................... 91
4. Interior vs. Exterior Gateway Protocols: .................................................................................. 91
● Interior Gateway Protocols (IGP) operate within an autonomous system (AS). .................. 91
● Exterior Gateway Protocols (EGP) advertise routes between autonomous systems. ......... 91
● Examples include RIP (IGP), EIGRP (IGP/Hybrid), OSPF (IGP), and BGP (EGP). .................. 91
5. Routing Information Protocol (RIP): ........................................................................................ 91
● RIP is a distance vector protocol that prioritizes routes based on hop count. .................... 91
● RIP sends regular updates of its routing database to neighbors. ....................................... 91
● Versions include RIPv1 (classful), RIPv2 (classless with multicast), and RIPng for IPv6. ... 92
6. Enhanced Interior Gateway Routing Protocol (EIGRP): ........................................................... 92
● EIGRP is an advanced distance vector or hybrid protocol developed by Cisco. .................. 92
● It uses a composite metric based on bandwidth and delay. ............................................... 92
15
● EIGRP sends full updates only when topology changes, enhancing convergence
performance. .............................................................................................................................. 92
7. Open Shortest Path First (OSPF): ............................................................................................ 92
● OSPF is a widely adopted link state protocol suitable for large organizations with multiple
paths. .......................................................................................................................................... 92
● OSPF supports classless addressing and hierarchical network organization using areas. . 92
8. Border Gateway Protocol (BGP): ............................................................................................. 92
● BGP is used between routing domains in a mesh internetwork, primarily on the Internet. .. 92
● It's an exterior gateway protocol and prioritizes stability over rapid convergence. ............. 92
● BGP operates over TCP and uses path vector routing to select routes. .............................. 92
9. Administrative Distance and Classless Inter-Domain Routing (CIDR): .................................... 92
● Administrative distance determines the trustworthiness of a routing protocol. ................. 92
● CIDR allows efficient allocation of IP addresses and reduces routing table size. ............... 92
● Variable Length Subnet Masking (VLSM) further optimizes address allocation within a
network. ...................................................................................................................................... 92
Conclusion: ................................................................................................................................. 92
● Dynamic routing protocols vary in their operation, convergence performance, and
scalability. ................................................................................................................................... 92
● Understanding these protocols and their characteristics is crucial for network
administrators to design efficient and reliable networks. ........................................................... 92
Install and Troubleshoot Routers Edge Routers: ......................................................................... 93
Explaining Network Topologies and Types Explain Network Types and Characteristics Client-
Server versus Peer-to-Peer Networks: Definition: A network consists of nodes and links, with
end system nodes sending and receiving data traffic. These end system nodes are classified as
clients or servers. ........................................................................................................................ 96
● Server: Provides network applications and resources to other hosts. ................................ 96
● Client: Consumes the services provided by servers. ........................................................... 96
● Client-Server Network: ......................................................................................................... 96
● Nodes like PCs, laptops, and smartphones act as clients, while servers are more powerful
computers. .................................................................................................................................. 96
● Application services and resources are centrally provisioned, managed, and secured. ...... 96
● Peer-to-Peer Network: ......................................................................................................... 96
● Each end system acts as both client and server. ................................................................ 96
16
● Decentralized model where provision, management, and security of services and data are
distributed across the network. .................................................................................................. 96
● Typical Usage: ..................................................................................................................... 96
● Business and enterprise networks: Client-server. ............................................................... 96
● Residential networks: Peer-to-peer (or workgroup), though client-server elements can exist.
96
Network Types: ........................................................................................................................... 96
● Local Area Networks (LANs): .............................................................................................. 96
● Definition: Confined to a single geographical location, directly connected with cables or
short-range wireless tech. ........................................................................................................... 96
● Examples: Home networks, small office/home office (SOHO) networks, small and medium-
sized enterprise (SME) networks, enterprise LANs, datacenters. ............................................... 96
● Wireless LAN (WLAN): Based on Wi-Fi, open WLANs often called hotspots. ...................... 96
● Wide Area Networks (WANs): ............................................................................................. 96
● Definition: Network of networks connected by long-distance links, connecting main office
with branch offices, remote workers, or large LANs. .................................................................. 96
● Managed: Likely to use leased network devices and links managed by a service provider. 97
● Personal Area Networks (PANs): ........................................................................................ 97
● Definition: Close-range network links established between personal devices like
smartphones, tablets, headsets, printers, etc. ............................................................................. 97
● Growth: With increasing digital and network integration in everyday objects, PAN usage
continues to grow. ...................................................................................................................... 97
Network Topology: ...................................................................................................................... 97
● Physical Topology: .............................................................................................................. 97
● Description: Placement of nodes and their connections by network media. ....................... 97
● Example: Nodes directly connected via a single cable or to a switch via separate cables. . 97
● Logical Topology: ................................................................................................................ 97
● Description: Flow of data through the network. .................................................................. 97
● Example: Different physical implementations achieving the same logical layout. .............. 97
● Point-to-Point Link: .............................................................................................................. 97
● Description: Single link between two nodes, ensuring a level of bandwidth due to the 1:1
relationship. ................................................................................................................................ 97
● Star Topology: ..................................................................................................................... 97
17
● Purpose: Organizes bridges or switches into a hierarchy to prevent switching loops. ........ 98
● Hierarchy: Root bridge at the top, switches determine shortest paths to the root. ............. 98
● States: Forwarding, blocking, listening, learning, disabled. ................................................. 99
● Implementation: Ensures all ports on all switches are in forwarding or blocking states for
network convergence. ................................................................................................................. 99
● Versions: Original 802.1D, 802.1D-2004/802.1w, Rapid STP (RSTP) for faster convergence.
99
Switching Loop and Broadcast Storm Issues: ............................................................................ 99
● Definition: Switching loop causes flooded frames to circulate perpetually, leading to a
broadcast storm.......................................................................................................................... 99
● Impact: Network utilization near maximum capacity, CPU utilization of switches increases.
99
● Resolution: Spanning tree shuts down the port to isolate the problem, investigate potential
loop causes like legacy equipment or unmanaged switches. ..................................................... 99
Explain Virtual LANs Definition: Segment groups of hosts in the same broadcast domain at the
data link layer. ........................................................................................................................... 100
● Managed switches allow the configuration of VLANs to isolate ports to separate broadcast
domains. ................................................................................................................................... 100
Benefits: .................................................................................................................................... 100
● Reduced Broadcast Traffic: Reduces broadcast traffic by segmenting the network. ....... 100
● Enhanced Security: Each VLAN can represent a separate zone, enhancing security. ....... 100
● Traffic Type Separation: Used to separate nodes based on traffic type and Quality of
Service (QoS) requirements. ..................................................................................................... 100
VLAN Implementation: .............................................................................................................. 100
● Typically configured with a 1:1 mapping between VLANs and subnets. ........................... 100
● VLANs can represent different IP networks or subnets. ................................................... 100
● Implementation reduces broadcast traffic, enhances security, and allows for QoS. ......... 100
Virtual LAN IDs and Membership: ............................................................................................. 100
● VLAN ID configuration typically takes place on the switch interface. ............................... 100
● Default VLAN ID is 1; all ports on a switch default to VLAN 1 unless configured differently.
100
Static VLAN Assignment: .......................................................................................................... 100
● Ports on the switch configured with a VLAN ID (2 to 4,094). ............................................ 100
● Nodes connected to configured ports belong to the specified VLAN. .............................. 100
19
● Each VLAN typically configured with its own subnet address and IP address range. ....... 100
Dynamic VLAN Assignment: ..................................................................................................... 100
● Nodes assigned to VLANs based on characteristics like MAC address or user
authentication. .......................................................................................................................... 101
Trunking and IEEE 802.1Q: ........................................................................................................ 101
● Multiple switches interconnected to build network fabric; interconnections referred to as
trunks. ....................................................................................................................................... 101
● Frames transported across trunks preserve VLAN ID (VID) using IEEE 802.1Q tagging. .. 101
● Tagged ports operate as trunks, capable of transporting traffic addressed to multiple
VLANs. ...................................................................................................................................... 101
Tagged and Untagged Ports: .................................................................................................... 101
● Untagged ports participate in a single VLAN, also known as access ports or host ports. 101
● Tagged ports operate as trunks, capable of transporting traffic addressed to multiple
VLANs. ...................................................................................................................................... 101
Voice VLANs: ............................................................................................................................ 101
● Dedicated VLAN for Voice over IP (VoIP) traffic to prioritize voice traffic over data. ........ 101
● Most VoIP endpoints incorporate an embedded switch to connect handsets and PCs to a
single port. ................................................................................................................................ 101
● Switches support voice VLANs to distinguish between PC and VoIP traffic without
configuring trunks manually...................................................................................................... 101
Explaining Transport Layer Protocols Compare and Contrast Transport Protocols Transport
Layer Ports and Connections: Layer 4 protocols manage delivery of multiplexed application
data. .......................................................................................................................................... 102
● Each application is assigned a unique port number for identification. .............................. 102
● Port numbers 0 through 1,023 are preassigned for well-known server applications. ........ 102
● Ports 1,024 through 49,151 are for registered server applications. .................................. 102
● Remaining ports up to 65,535 are for private or dynamic use. .......................................... 102
Transmission Control Protocol (TCP): ...................................................................................... 102
● Provides connection-oriented, guaranteed communication. ............................................. 102
● Uses acknowledgments to ensure delivery. ...................................................................... 102
● Operates at the Transport layer. ........................................................................................ 102
● Divides data into segments with headers. ........................................................................ 102
● Requires numerous header fields for sequencing, acknowledgments, and retransmissions.
102
20
● TCP handshake involves SYN, SYN/ACK, and ACK segments to establish connections. . 102
● TCP teardown involves FIN segments to close connections. ........................................... 102
User Datagram Protocol (UDP): ................................................................................................ 102
● Connectionless and non-guaranteed method of communication. .................................... 102
● No acknowledgments or flow control. .............................................................................. 102
● Operates at the Transport layer. ........................................................................................ 102
● Suitable for applications sending small amounts of data that do not require reliability.... 102
● Used for multicast, broadcast, and time-sensitive data transmission. .............................. 102
● Header size is 8 bytes compared to TCP's 20 bytes or more. ........................................... 102
Common TCP and UDP Ports:................................................................................................... 102
● Well-known and registered port numbers are assigned to various services and applications.
103
● Port numbers are used to identify different types of network traffic................................. 103
● Examples include FTP, SSH, Telnet, SMTP, DNS, HTTP, POP3, IMAP, SNMP, LDAP, HTTPS,
SMB, DHCP, and SIP.................................................................................................................. 103
Comparison: .............................................................................................................................. 103
● TCP provides reliable, connection-oriented communication, while UDP offers faster,
connectionless communication with less overhead. ................................................................ 103
● TCP ensures data delivery through acknowledgments and retransmissions, whereas UDP
does not guarantee delivery. ..................................................................................................... 103
● TCP is used for applications requiring reliability, while UDP is used for real-time
applications or those where occasional packet loss is acceptable. ......................................... 103
Contrast: ................................................................................................................................... 103
● TCP requires more overhead due to acknowledgments and sequencing, while UDP has
minimal overhead. .................................................................................................................... 103
● TCP is suitable for applications like file transfer and web browsing, while UDP is used for
real-time applications like VoIP and video streaming. .............................................................. 103
Use Appropriate Tools to Scan Network Ports IP Scanners: Network administrators use IP
scanners to verify connected devices and monitor network traffic. ......................................... 104
● IP scanning tools include Nmap, AngryIP, PRTG, and enterprise suites like ManageEngine,
Infoblox, SolarWinds, Bluecat, and Men & Mice. ....................................................................... 104
● IP scanning aids in host discovery and logical network topology mapping. ..................... 104
Nmap: ....................................................................................................................................... 104
21
● Nmap is a widely used open-source security scanner for IP scanning and penetration
testing. ...................................................................................................................................... 104
● It operates via command line or GUI (Zenmap) and can perform host discovery and port
scanning. .................................................................................................................................. 104
● Basic usage involves specifying the IP subnet or address to scan. .................................. 104
● Nmap sends TCP ACK packets to ports 80 and 443 by default to detect hosts. .............. 104
● Various scanning techniques like TCP SYN, TCP connect, and UDP scans are available. 104
● Custom scans and OS fingerprinting can be performed for detailed analysis. ................. 104
netstat: ...................................................................................................................................... 104
● netstat command provides visibility into local host ports and active connections. .......... 104
● On Windows, it displays active TCP connections and open ports using different switches.
104
● On Linux, it shows active connections of any type and offers switches for specific
connection types. ...................................................................................................................... 104
● Additional options include displaying numerical addresses, filtering by IPv4 or IPv6, and
showing process IDs and names. ............................................................................................. 104
Remote Port Scanners: ............................................................................................................. 104
● Remote port scanners perform probes from another machine or network to identify open
ports on target hosts. ................................................................................................................ 104
● Nmap supports various scanning techniques like TCP SYN, TCP connect, and UDP scans
for port scanning. ...................................................................................................................... 104
● Port scanning can reveal information about services running on target hosts and detect
security vulnerabilities. ............................................................................................................. 105
Protocol Analyzers: ................................................................................................................... 105
● Protocol analyzers work alongside packet capture tools to analyze network traffic. ....... 105
● They parse frames to reveal header fields and payload contents for packet-level analysis.
105
● Traffic analysis tools monitor statistics related to communication flows, bandwidth
consumption, active hosts, link utilization, and reliability. ......................................................... 105
● Wireshark is a commonly used protocol analyzer with features for packet analysis and
traffic analysis. ......................................................................................................................... 105
These tools enable network administrators to monitor network activity, troubleshoot issues, and
ensure network security. ........................................................................................................... 105
Explaining Network Services Explain the Use of Network Addressing Services Dynamic Host
Configuration Protocol (DHCP): DHCP is an automatic method for allocating IP addresses,
22
subnet masks, default gateways, and DNS server addresses to hosts when they join a network.
.................................................................................................................................................. 106
● Major operating systems support DHCP clients and servers, and many SOHO routers and
modems embed DHCP servers. ................................................................................................ 106
● Hosts are configured to use DHCP by specifying automatic IP address acquisition in their
TCP/IP configurations............................................................................................................... 106
● DHCP operates using UDP, with servers listening on port 67 and clients on port 68. ....... 106
DHCP Lease Process: ............................................................................................................... 106
● DHCP lease process involves four steps: Discover, Offer, Request, and Acknowledge
(DORA). ..................................................................................................................................... 106
● When a DHCP client initializes, it broadcasts a DHCPDISCOVER packet to find a DHCP
server. ....................................................................................................................................... 106
● The DHCP server responds with a DHCPOFFER packet containing an IP address and other
configuration information. ........................................................................................................ 106
● The client may choose to accept the offer using a DHCPREQUEST packet. ..................... 106
● If the offer is still available, the server responds with a DHCPACK packet. ....................... 106
● The client broadcasts an ARP message to check if the address is unused, and if so, it
starts using the address and options provided. ........................................................................ 106
DHCP Server Configuration: ...................................................................................................... 106
● DHCP servers are deployed as services of network operating systems or through
appliances like switches or routers. .......................................................................................... 106
● DHCP servers must be allocated a static IP address and configured with a range of IP
addresses, subnet masks, and optional parameters. ................................................................ 106
● A range of addresses and options configured for a single subnet is referred to as a scope.
106
● DHCP servers can manage multiple scopes, but each scope must correspond to a single
subnet. ...................................................................................................................................... 106
● DHCP servers can be configured to provide default options server-wide or scope-specific
options. ..................................................................................................................................... 107
DHCP Options: .......................................................................................................................... 107
● DHCP servers offer IP addresses and subnet masks, along with other IP-related settings
known as DHCP options. .......................................................................................................... 107
● Some common DHCP options include the default gateway, DNS server addresses, DNS
suffix, and other server options like time synchronization or VoIP proxy. ................................. 107
DHCP Reservations and Exclusions: ......................................................................................... 107
23
● DHCP reservations map MAC addresses to specific IP addresses within the DHCP server's
pool to ensure certain hosts retain the same IP address. ......................................................... 107
● DHCP relay agents forward DHCP traffic between subnets to allow centralized DHCP
server management. ................................................................................................................. 107
● IP helper functionality on routers supports DHCP relay agents by forwarding DHCP
broadcasts between subnets. ................................................................................................... 107
DHCPv6 Server Configuration: .................................................................................................. 107
● DHCPv6 provides additional option settings for IPv6 hosts but is often used for
supplemental configuration rather than IP address leasing. ..................................................... 107
● DHCPv6 operates on different ports (546 for clients, 547 for servers) and uses multicast
addresses for server discovery. ................................................................................................ 107
● DHCPv6 can operate in stateful mode (providing routable IP addresses) or stateless mode
(providing network prefix information)...................................................................................... 107
Explain the Use of Name Resolution Services Host Names and Fully Qualified Domain Names
(FQDNs): Host names and FQDNs provide human-readable labels for hosts on a network...... 108
● A host name is assigned to a computer by the administrator and must be unique on the
local network. ............................................................................................................................ 108
● An FQDN consists of a host name and a domain suffix, providing a unique identity for the
host within a particular network. ............................................................................................... 108
● Domain names must be registered with a registrar to ensure uniqueness within a top-level
domain. ..................................................................................................................................... 108
Domain Name System (DNS): ................................................................................................... 108
● DNS is a global hierarchy of distributed name server databases containing information on
domains and hosts. .................................................................................................................. 108
● DNS operates with 13 root level servers (A to M) and various top-level domains (TLDs)
such as .com, .org, .net, and country codes like .uk, .ca, .de. .................................................... 108
● DNS follows a hierarchical structure, with each level of servers having information about
servers at the next level down. .................................................................................................. 108
● DNS resolves FQDNs to IP addresses through iterative or recursive lookups. .................. 108
Name Resolution Using DNS: .................................................................................................... 108
● Name resolution starts when a user presents an FQDN to an application program.......... 108
● A stub resolver checks its local cache for the mapping and forwards the query to its local
name server if no mapping is found. ......................................................................................... 108
● DNS queries between name servers are typically performed as iterative lookups or
recursive lookups. ..................................................................................................................... 108
Resource Record Types: ........................................................................................................... 108
24
● DNS zones contain resource records used for name resolution. ...................................... 108
● Common resource record types include Start of Authority (SOA), Name Server (NS),
Address (A) for IPv4, Address (AAAA) for IPv6, Canonical Name (CNAME), Mail Exchange (MX),
Service (SRV), Text (TXT), and Pointer (PTR) records. .............................................................. 108
● Pointer records are used for reverse DNS querying to find the host name associated with a
given IP address. ....................................................................................................................... 108
Reverse DNS Querying: ............................................................................................................. 109
● Reverse DNS querying uses special domains like in-addr.arpa for IPv4 and ip6.arpa for IPv6
to find the host name associated with a given IP address. ....................................................... 109
● Reverse lookup zones store PTR records containing the host names associated with IP
addresses. ................................................................................................................................ 109
Reverse lookup zones are optional in DNS servers due to security concerns related to potential
exploitation by hackers. ............................................................................................................ 109
Configure DNS Services DNS Server Configuration: DNS servers are essential for the
functioning of the Internet and are required for Windows Active Directory and most Linux
networks. .................................................................................................................................. 110
● DNS servers can be configured to listen for queries on UDP port 53 and sometimes TCP
port 53 for larger record transfers or when using DNSSEC. ...................................................... 110
● DNS servers maintain the DNS namespace in zones, which can host records for multiple
domains. ................................................................................................................................... 110
● Primary name servers manage editable zone records, while secondary name servers hold
read-only copies obtained through zone transfers. ................................................................... 110
● The terms "master" and "slave" are deprecated in favor of "primary" and "secondary." .... 110
● Cache-only servers store non-authoritative answers derived from cached records. ......... 110
DNS Caching: ............................................................................................................................ 110
● Resource records are configured with a time to live (TTL) value, instructing resolvers how
long query results can be kept in cache. ................................................................................... 110
● DNS caching is performed by both servers and client computers, with each application on a
client potentially maintaining its own DNS cache. .................................................................... 110
● Changes to resource records can be slow to propagate due to server and client caching,
requiring careful management of TTL values. .......................................................................... 110
Internal versus External DNS: .................................................................................................... 110
● Internal DNS zones serve private network domains and should only be accessible to
internal clients. .......................................................................................................................... 110
● External DNS zones serve records accessible to Internet clients, such as web and email
services. .................................................................................................................................... 110
25
● DNS resolvers perform recursive queries for clients, either locating authoritative name
servers or forwarding requests to another server. .................................................................... 110
● It's essential to separate DNS servers hosting zone records from those servicing client
requests for non-authoritative domains. ................................................................................... 110
nslookup and dig: ...................................................................................................................... 110
● nslookup: A command-line tool for troubleshooting DNS name resolution in Windows
environments. It can query specific DNS servers for various record types. .............................. 111
● PowerShell: Provides a more sophisticated environment for DNS testing, offering cmdlets
like Resolve-DnsName. ............................................................................................................. 111
● dig: A command-line tool for querying DNS servers, commonly used with BIND DNS server
software. It can query specific DNS servers and display various resource records for a domain.
111
Both nslookup and dig are valuable tools for troubleshooting DNS issues and testing name
resolution configurations. ......................................................................................................... 111
Explaining Network Applications Explain the Use of Web, File/Print, and Database Services
HyperText Transfer Protocol (HTTP): HTTP is the foundation of web technology, allowing
clients to request resources from HTTP servers. ..................................................................... 112
● Clients connect to HTTP servers using TCP port 80 by default and submit requests using
URLs. ......................................................................................................................................... 112
● HTTP headers define request and response formats, while the payload usually serves
HTML web pages. ..................................................................................................................... 112
● Features include forms (POST) for submitting data from clients to servers and session
management with cookies. ....................................................................................................... 112
Web Servers: ............................................................................................................................. 112
● Websites are hosted on HTTP servers connected to the Internet, commonly leased from
ISPs. .......................................................................................................................................... 112
● Hosting options include dedicated servers, virtual private servers (VPS), cloud hosting, and
shared hosting. ......................................................................................................................... 112
● Major web server platforms include Apache, Microsoft Internet Information Server (IIS),
and nginx................................................................................................................................... 112
Secure Sockets Layer/Transport Layer Security (SSL/TLS): ..................................................... 112
● Developed to address security issues in HTTP, SSL/TLS encrypts data and provides
authentication between clients and servers. ............................................................................. 112
● SSL/TLS operates between the Application and Transport layers of the TCP/IP stack. ... 112
● HTTPS secures HTTP connections over TCP port 443, using digital certificates issued by
trusted certificate authorities. ................................................................................................... 112
26
● Uses TCP port 110 (unsecure) or 995 (secure POP3S). .................................................... 114
● Messages typically deleted from server upon download. ................................................. 114
● IMAP (Internet Message Access Protocol): ...................................................................... 114
● Supports multiple clients accessing the same mailbox simultaneously. .......................... 114
● Allows managing mailbox on the server (folders, deletion control). ................................. 114
● Uses TCP port 143 (unsecure) or 993 (secure IMAPS). .................................................... 114
2. Voice and Video Services: ..................................................................................................... 114
● Voice over IP (VoIP): ......................................................................................................... 114
● Replacing legacy voice services with IP-based protocols and products. .......................... 114
● Private Branch Exchange (PBX): ....................................................................................... 114
● Automated switchboard for an organization's voice lines................................................. 114
● Traditional (TDM-based) PBX being replaced by VoIP-enabled PBX. ................................ 114
● VoIP PBX routes calls over Ethernet network and supports features like voicemail. ........ 114
● Implemented as software on servers or hardware solutions. ........................................... 114
● VoIP Protocols: ................................................................................................................. 114
● SIP (Session Initiation Protocol): ....................................................................................... 115
● Widely used for session control. ....................................................................................... 115
● End-user devices assigned unique SIP addresses (SIP URIs). .......................................... 115
● Typically runs over UDP or TCP ports 5060/5061. ............................................................ 115
● RTP (Real-time Transport Protocol) and RTCP (RTP Control Protocol): ........................... 115
● Used for actual delivery of real-time data. ......................................................................... 115
● RTP delivers media data via UDP. ..................................................................................... 115
● RTCP monitors connection quality and provides reports. ................................................. 115
3. VoIP Phones and Gateways: ................................................................................................. 115
● VoIP phones can be software on computers/smartphones or dedicated hardware. ........ 115
● VLAN tagging used to segregate SIP control and RTP media traffic. ............................... 115
● Connection security similar to HTTPS using SIPS. ........................................................... 115
● VoIP gateways translate between VoIP systems and legacy voice equipment/networks
(POTS, PBX). ............................................................................................................................. 115
● Different types of gateways serve various functions such as connecting to telephone
networks or VoIP service providers. .......................................................................................... 115
Key Points: ................................................................................................................................ 115
28
● Email services use SMTP for message delivery and POP/IMAP for mailbox access. ....... 115
● VoIP replaces legacy voice services with IP-based protocols like SIP and RTP. ............... 115
● VoIP phones can be software or hardware, and VLAN tagging segregates voice traffic. . 115
● VoIP gateways translate between VoIP systems and legacy voice equipment/networks. 115
Ensuring Network Availability Explain the Use of Network Management Services 1. Secure
Remote Access: Secure Shell (SSH):........................................................................................ 116
● Primary means for secure remote access to UNIX, Linux servers, and network appliances.
116
● Supports terminal emulation and secure file transfer (SFTP). .......................................... 116
● Uses TCP port 22 by default. ............................................................................................. 116
● Identified by a public/private key pair (host key). .............................................................. 116
● Client authentication methods include username/password, public key, and Kerberos. .. 116
● Key management is crucial for security; compromised keys must be replaced promptly. 116
● Telnet: ............................................................................................................................... 116
● Protocol and terminal emulation software for transmitting shell commands. .................. 116
● Runs on TCP port 23. ........................................................................................................ 116
● Passwords and communications are not encrypted, making it vulnerable to packet sniffing.
116
● Considered insecure and should be disabled or replaced with secure access methods like
SSH.116
2. Secure Shell Commands: ...................................................................................................... 116
● Useful commands include sshd (start SSH server), ssh-keygen (create key pair), ssh-agent
(store private keys securely), ssh (connect to server), scp (file transfer), sftp (secure file
transfer). ................................................................................................................................... 116
3. Remote Desktop Protocol (RDP): .......................................................................................... 116
● Microsoft's protocol for remote GUI connections to Windows machines. ........................ 116
● Uses TCP port 3389. ......................................................................................................... 116
● Mainly used for remote administration of Windows servers or clients. ............................ 116
● Also used for application virtualization. ............................................................................ 116
4. Network Time Protocol (NTP): .............................................................................................. 117
● Synchronizes time-dependent applications....................................................................... 117
● Works over UDP on port 123. ............................................................................................ 117
● Utilizes hierarchical server structure (stratum levels). ...................................................... 117
● Client hosts use Simple NTP (SNTP) for time synchronization. ........................................ 117
29
● Incorrect time configuration can lead to network service access issues and authentication
failures. ..................................................................................................................................... 117
● Public NTP server pools can be used as time sources if local stratum 1 servers are not
available. ................................................................................................................................... 117
Key Points: ................................................................................................................................ 117
● SSH is the preferred method for secure remote access, offering encryption and various
authentication options. ............................................................................................................. 117
● Telnet is insecure due to lack of encryption and should be replaced with SSH. ............... 117
● RDP facilitates remote GUI connections to Windows machines. ...................................... 117
● NTP ensures time synchronization for network applications and services, critical for
authentication and security mechanisms. ................................................................................ 117
Use Event Management to Ensure Network Availability 1. Performance Metrics, Bottlenecks,
and Baselines: Performance Metrics: ...................................................................................... 118
● Bandwidth/throughput: Rate of data transfer measured in Mbps or Gbps........................ 118
● CPU and memory utilization: High utilization may indicate the need for upgrades. .......... 118
● Storage: Availability of storage space, crucial for device operation and application
efficiency................................................................................................................................... 118
● Bottlenecks: ...................................................................................................................... 118
● Points of poor performance that reduce overall network productivity. ............................. 118
● Can be device-related or user/application-related............................................................. 118
● Identification requires analysis of network utilization and errors. ..................................... 118
● Performance Baselines: .................................................................................................... 118
● Establish resource utilization metrics at a specific point in time for comparison. ............ 118
● Useful for assessing system responsiveness and planning upgrades. ............................. 118
2. Environmental Monitoring: .................................................................................................... 118
● Detects factors threatening appliance integrity or function (e.g., excessive temperatures,
fan speeds, flooding). ............................................................................................................... 118
● Internal sensors monitor device conditions; external sensors monitor ambient
environmental conditions.......................................................................................................... 118
3. Simple Network Management Protocol (SNMP): .................................................................. 118
● Framework for remote management and monitoring of network devices. ....................... 118
● SNMP Agents: ................................................................................................................... 118
● Maintain Management Information Base (MIB) containing device statistics. ................... 118
● Configured with community names for access control. .................................................... 118
30
● NetFlow: Gathers traffic metadata and reports to a structured database, using exporters,
collectors, and analyzers........................................................................................................... 120
Interface Monitoring Metrics..................................................................................................... 120
● Link State: Measures if an interface is up or down............................................................ 120
● Resets: Number of times an interface has restarted. ........................................................ 121
● Speed: Rated speed of the interface. ................................................................................ 121
● Utilization: Data transferred over a period, average and peak utilization........................... 121
● Error Rate: Number of packets causing errors. ................................................................. 121
● Discards/Drops: Frames discarded due to various reasons. ............................................ 121
● Retransmissions: Data retransmitted due to packet loss. ................................................. 121
Troubleshooting Interface Errors .............................................................................................. 121
● CRC Errors: Calculated by interfaces, indicating frame rejection due to interference. ...... 121
● Encapsulation Errors: Prevent transmission and reception, often due to frame format
mismatches. ............................................................................................................................. 121
● Runt Frame Errors: Frames smaller than minimum size, usually caused by collisions. .... 121
● Giant Frame Errors: Frames larger than maximum size, caused by configuration
mismatches or jumbo frames. .................................................................................................. 121
Explaining Common Security Concepts Explain Common Security Concepts Establishing
Computer and Network Security: Developing processes and controls to protect data assets and
ensure business continuity. ...................................................................................................... 122
● Making network systems and hosts resilient to various attacks. ...................................... 122
Confidentiality, Integrity, and Availability (CIA) Triad: ................................................................ 122
● Confidentiality: Information should only be known to certain people. ............................... 122
● Integrity: Data is stored and transferred as intended, with any modification authorized... 122
● Availability: Information is accessible to authorized individuals for viewing or modification.
122
Vulnerability, Threat, and Risk: .................................................................................................. 122
● Vulnerability: A weakness that could be exploited to cause a security breach. ................ 122
● Threat: The potential for someone or something to exploit a vulnerability. ...................... 122
● Risk: The likelihood and impact of a threat actor exercising a vulnerability. ..................... 122
Security Risk Assessments: ...................................................................................................... 122
● Utilizing tools and techniques to ensure systems demonstrate properties of the CIA triad.
122
● Guided by security policies to evaluate and mitigate risks. ............................................... 122
32
● Risk management involves identifying, assessing, and mitigating vulnerabilities and threats
to essential business functions. ............................................................................................... 122
● Risk assessment evaluates systems and procedures for risk factors. ............................. 122
Posture Assessment: ................................................................................................................ 122
● Evaluating IT services governance and frameworks to fulfill business needs. ................. 122
● Security controls provide properties like confidentiality, integrity, availability, and non-
repudiation. ............................................................................................................................... 123
● Balancing the cost of security controls with associated risks. ......................................... 123
Process Assessment: ............................................................................................................... 123
● Focuses on mission essential functions and critical systems. ......................................... 123
● Business Impact Analysis (BIA) quantifies losses for various threat scenarios................ 123
● Business Continuity Planning (BCP) identifies controls and processes to maintain critical
workflows.................................................................................................................................. 123
Vulnerability and Exploit Types: ................................................................................................ 123
● Software vulnerabilities can lead to system compromise. ................................................ 123
● Exploits use vulnerabilities to gain control or damage systems. ...................................... 123
● Zero-day vulnerabilities are exploited before vendors release patches. ............................ 123
Unpatched and Legacy Systems: .............................................................................................. 123
● Unpatched systems lack updates, while legacy systems lack vendor support. ................ 123
● Vulnerabilities extend to network appliances and embedded systems. ............................ 123
Vulnerability Assessment: ......................................................................................................... 123
● Evaluates system security and compliance based on configuration states. ..................... 123
● Utilizes automated vulnerability scanners and Common Vulnerabilities and Exposures
(CVE). ........................................................................................................................................ 123
Threat Types and Assessment:................................................................................................. 123
● Identifies threat sources and profiles threat actors. ......................................................... 123
● External threats lack authorized access, while internal threats have permissions. ........... 123
● Threat research gathers tactics, techniques, and procedures (TTPs) of threat actors. .... 123
Security Information and Event Management (SIEM): .............................................................. 123
● Integrates vulnerability and threat assessment efforts through log data collection and
analysis. .................................................................................................................................... 124
● Correlates events to indicate risk or compromise and provides regulatory compliance. .. 124
Penetration Testing: .................................................................................................................. 124
33
● Single Sign-On (SSO): Allows users to authenticate once and access compatible servers
without re-entering credentials. ................................................................................................ 125
● Kerberos: Provides SSO authentication, especially in Windows environments, using tickets.
126
Digital Certificates and Public Key Infrastructure (PKI): ............................................................ 126
● Digital Certificates: Used for server authentication (e.g., TLS) and user authentication. .. 126
● Public Key Infrastructure (PKI): Ensures validity of public keys through certificate
authorities (CAs). ...................................................................................................................... 126
Extensible Authentication Protocol (EAP) and IEEE 802.1X: ..................................................... 126
● EAP: Framework for various authentication protocols, often used with digital certificates.
126
● IEEE 802.1X: Provides network access control (NAC) for wired and wireless networks,
often with EAP. ......................................................................................................................... 126
RADIUS and TACACS+: ............................................................................................................. 126
● RADIUS: Widely used for client device access over switches, wireless networks, and VPNs.
126
● TACACS+: Similar to RADIUS but more flexible, often used for administrative access to
routers and switches. ................................................................................................................ 126
Lightweight Directory Access Protocol (LDAP): ........................................................................ 126
● LDAP: Protocol for querying and updating directory services. .......................................... 126
● LDAP Security: Can implement authentication through simple bind, SASL, or LDAPS for
secure access. .......................................................................................................................... 126
Conclusion: ............................................................................................................................... 126
Understanding various authentication methods and access controls is crucial for network
professionals to secure network resources effectively. From multifactor authentication to
directory services like LDAP, each method plays a vital role in ensuring network security and
access control........................................................................................................................... 126
Supporting and Troubleshooting Secure Networks Compare and Contrast Security Appliances
Security Appliance Overview: .................................................................................................... 127
● Security appliances such as firewalls, proxy servers, and intrusion detection/prevention
systems enforce access controls to ensure authorized use of the network. ............................ 127
● They perform filtering functions to analyze connection requests, allowing, denying, or
logging them based on predefined criteria................................................................................ 127
● Effective placement of security appliances depends on segmenting the network into clearly
defined areas. ........................................................................................................................... 127
35
Troubleshoot Service and Security Issues DHCP Issues Dynamic Host Configuration Protocol
(DHCP): ..................................................................................................................................... 129
● Provides IP addressing autoconfiguration to hosts without static IP parameters. ........... 129
● Windows clients failing to obtain a DHCP lease default to using an address in the
Automatic Private IP Addressing (APIPA) range (169.254.0.0/16). .......................................... 129
● Linux hosts use the APIPA range if they have Zeroconf support, leave the IP address set to
0.0.0.0, or disable IPv4 on the interface. ................................................................................... 129
● Possible Causes of Lease Failure: .................................................................................... 129
● DHCP server offline. .......................................................................................................... 129
● DHCP scope exhaustion. ................................................................................................... 129
● Router between client and DHCP server doesn't support BOOTP forwarding. .................. 129
● Rogue DHCP Server: .......................................................................................................... 129
● Clients could obtain leases from rogue servers, leading to incorrect IP configurations. .. 129
● Rogue servers may be deployed accidentally or maliciously. ........................................... 129
● Methods: ........................................................................................................................... 129
● Local cache check. ............................................................................................................ 129
● HOSTS file check............................................................................................................... 129
● Query DNS. ........................................................................................................................ 129
● DNS Configuration Issues: ................................................................................................ 129
● Without DNS servers, network client machines cannot connect to services or servers. ... 129
● Troubleshooting: ............................................................................................................... 129
● Verify DNS server addresses and DNS suffixes. ............................................................... 129
● Check DHCP server settings for correct configuration...................................................... 129
● Considerations: ................................................................................................................. 129
● Proper availability of services like DHCP and DNS across VLANs is essential. ................ 129
● Ensure routing is configured for VLAN-to-VLAN communications. ................................... 129
● Verify correct VLAN assignments for devices. .................................................................. 130
● Possible Causes: ............................................................................................................... 130
● Application or OS crashes. ................................................................................................ 130
● Server overload. ................................................................................................................ 130
● Network congestion or broadcast storms. ........................................................................ 130
● Denial of Service (DoS) attacks. ........................................................................................ 130
● Diagnosis: ......................................................................................................................... 130
37
This summary provides an overview of key wireless standards, including IEEE 802.11 variations,
Wi-Fi generations, and cellular technologies. ............................................................................ 133
Install Wireless Networks Infrastructure Topology and Wireless Access Points: Wireless
network devices are referred to as stations (STA), similar to nodes on a wired network. ......... 134
● Most wireless networks are deployed in an infrastructure topology where each station
connects through a base station or access point (AP), forming a logical star topology. .......... 134
● The AP mediates communications between client devices and can provide a bridge to a
cabled network segment. .......................................................................................................... 134
● In 802.11 documentation, this is referred to as an infrastructure Basic Service Set (BSS).
134
● More than one BSS can be grouped together in an Extended Service Set (ESS). .............. 134
Wireless Site Design:................................................................................................................. 134
● Clients join a WLAN through the Service Set Identifier (SSID), which can be up to 32 bytes
in length. ................................................................................................................................... 134
● In infrastructure mode, multiple APs connected to the same distribution system are
grouped into an Extended SSID (ESSID). ................................................................................... 134
● The area served by a single AP is referred to as a basic service area (BSA) or wireless cell,
while the area in which stations can roam between access points is referred to as an extended
service area (ESA). .................................................................................................................... 134
SSID Broadcast and Beacon Frame: ......................................................................................... 134
● A WLAN typically broadcasts its SSID to advertise its presence, allowing users to connect
to a named network. ................................................................................................................. 134
● A beacon frame broadcast by the AP advertises the WLAN and contains SSID, supported
data rates, signaling, and encryption/authentication requirements. ......................................... 134
Speed and Distance Requirements: .......................................................................................... 134
● Wi-Fi devices should have an indoor range of at least 30m (100 feet). ............................. 134
● 2.4 GHz radios support better ranges than 5 GHz ones, and later standards improve range
compared to earlier ones. ......................................................................................................... 134
● Dynamic Rate Switching/Selection (DRS) mechanism determines appropriate data rates
based on signal quality. ............................................................................................................ 135
Radio Interference and Planning: .............................................................................................. 135
● Radio signals can pass through solid objects but can be weakened or blocked by dense
materials. .................................................................................................................................. 135
● Interference can be caused by various devices like microwaves, cordless phones, etc. .. 135
● Planning a wireless network requires considering factors like range, interference, and site
survey is essential. .................................................................................................................... 135
40
● Open authentication may require a captive portal for secondary authentication, often used
in public hotspots...................................................................................................................... 140
5. Open Authentication and Captive Portal Issues .................................................................... 140
● Captive portal issues can occur if HTTPS redirection does not work or if the portal lacks a
trusted digital certificate. .......................................................................................................... 140
● Users should use HTTPS for confidential data transmission over open networks or use
VPNs for added security. .......................................................................................................... 140
6. Teaching Tips ........................................................................................................................ 140
● Emphasize differences between WPA/TKIP and WPA/AES. ............................................. 140
● Demonstrate AP configuration settings or Wi-Fi analyzer software for hands-on learning.
140
● Note that 802.1X/EAP is also used for switch port authentication. .................................. 140
These study notes cover important aspects of configuring and troubleshooting wireless
security, including encryption standards, authentication methods, and common configuration
issues. Understanding these concepts is crucial for securing wireless networks effectively. .. 140
Comparing WAN Links and Remote Access Methods .............................................................. 141
Explain WAN Provider Links Introduction to Wide Area Networks (WANs) and the OSI Model:
WAN technologies facilitate data communications over larger distances compared to Local
Area Networks (LANs). ............................................................................................................. 141
● Enterprises often utilize WANs controlled by a single organization but supported by public
networks owned by telecommunications (telco) companies. ................................................... 141
● WAN Physical layer describes the media type and interface specifications. Modems are
typically used for copper cable provider links. .......................................................................... 141
● Legacy modems perform digital to analog modulation for low bandwidths, while digital
modems include DSUs, DSL modems, cable modems, and satellite modems. ........................ 141
WAN Provider Links Overview: .................................................................................................. 141
● Establishing WAN provider links involves terminating the access provider’s cabling at the
demarcation point (demarc) on the customer’s premises. ....................................................... 141
● Customer premises equipment (CPE), including modems and routers, are installed by the
customer and connected to the demarc. .................................................................................. 141
● Demarc and CPE should be installed securely to restrict access to authorized staff. ...... 141
T-Carrier and Leased Line Provider Links: ................................................................................. 141
● T-carrier system enables voice traffic digitization and data transport, with T1 lines
providing 1.544 Mbps full duplex digital connections. .............................................................. 141
● T1 lines terminate at the demarc on a smartjack or Network Interface Unit (NIU), connected
to the customer's Channel Service Unit/Data Service Unit (CSU/DSU). .................................... 141
44
● Creating a remote access server (RAS) requires documentation of service use, security
risks, authorized users, and network manager authorization. Policies should restrict access,
define privileges, and log access logons and attempts. ........................................................... 143
Tunneling and Encapsulation Protocols: ................................................................................... 143
● Modern remote network access solutions use VPNs, setting up secure tunnels for private
communications over the Internet. ........................................................................................... 143
● VPNs depend on tunneling protocols like Point-to-Point Protocol (PPP) at the Data Link
layer and Generic Routing Encapsulation (GRE) at layer 3. ....................................................... 143
● GRE encapsulates an IP packet within its payload and is often used with other protocols in
a VPN solution. ......................................................................................................................... 143
● Internet Protocol Security (IPSec) operates at layer 3 to encrypt packets passing over any
network and is commonly used as a native VPN protocol. ....................................................... 143
● Transport Layer Security (TLS) can also be used to encapsulate frames or IP packets but
may add significant overhead. .................................................................................................. 143
Client-to-Site Virtual Private Networks: ..................................................................................... 143
● Client-to-site VPNs connect clients over the public network to a VPN gateway positioned
on the edge of the local network. .............................................................................................. 143
● Various protocols like SSL/TLS VPNs, Cisco's L2TP, and Microsoft's SSTP are used, often
requiring client software and AAA/RADIUS architecture for authentication. ............................ 143
● Split tunneling allows direct Internet access, while full tunneling routes all traffic through
the corporate network, offering better security but potentially causing latency issues. ........... 143
Remote Host Access and Remote Desktop Gateways: ............................................................. 144
● Remote host access allows users to configure network appliances or operate computers
remotely, often using Secure Shell (SSH) or remote desktop connections like Microsoft's
Remote Desktop Protocol (RDP). .............................................................................................. 144
● Remote desktop gateways enable user access to networked apps or virtual desktops,
providing GUI or terminal-only access....................................................................................... 144
Clientless VPNs: ........................................................................................................................ 144
● Clientless VPNs use HTML5 and WebSockets to allow browser-based access to remote
desktops or VPNs without requiring client software. ................................................................ 144
Site-to-Site Virtual Private Networks: ........................................................................................ 144
● Site-to-site VPNs connect multiple private networks, often using compulsory tunneling
between gateways to establish secure connections. ................................................................ 144
Hub and Spoke VPNs and VPN Headends: ............................................................................... 144
● Hub and spoke VPNs connect multiple remote sites to a central hub, often requiring
powerful VPN headends for aggregation and scalability. ......................................................... 144
46
● Incident Response Plan addresses security breaches or attempted breaches. ................ 146
● Disaster Recovery Plan focuses on large-scale incidents threatening site performance or
security. .................................................................................................................................... 146
● Business Continuity Plan ensures normal business operations during adverse events. ... 146
Hardening and Security Policies: .............................................................................................. 146
● Establish duty for employees to ensure data asset confidentiality, integrity, and availability.
146
● HR communicates and enforces security policies, manages onboarding and offboarding
processes. ................................................................................................................................ 146
Usage Policies:.......................................................................................................................... 146
● Password Policy guides users on credential selection and management. ....................... 146
● Acceptable Use Policy defines permitted uses of products or services. ........................... 146
● BYOD Policies govern the use of personally owned devices on corporate networks. ....... 146
Data Loss Prevention (DLP): ..................................................................................................... 146
● Prevents theft or loss of confidential data through scanning and policy enforcement. .... 146
● Utilizes DLP products to scan content and block unauthorized transfers. ........................ 146
Remote Access Policies: ........................................................................................................... 146
● Govern the use of remote access privileges, mitigating security risks associated with
remote connections. ................................................................................................................. 147
● Require malware protection, strong authentication, and restrict local privileges. ............. 147
Common Agreements: .............................................................................................................. 147
● Service Level Agreements (SLA) define terms of ongoing service provision. ................... 147
● Non-Disclosure Agreements (NDA) protect sensitive data and define permitted uses. .... 147
● Memorandum of Understanding (MOU) expresses intent to work together, often includes
confidentiality clauses. ............................................................................................................. 147
Explain Physical Security Methods Introduction: Physical security is crucial for network sites to
prevent unauthorized access and reduce the risk of intrusion. ................................................. 148
● This lesson explores various physical security methods to enhance the security of
premises. .................................................................................................................................. 148
Badges and Site Secure Entry Systems: .................................................................................... 148
● Prevention-type controls aim to stop intruders from gaining unauthorized access. ......... 148
● Access control hardware such as badge readers and electronic locks are deployed to
authenticate users quickly at access points. ............................................................................ 148
48
● Smart badges with integrated chips and cryptographic keys provide secure authentication.
148
● Biometric scanners authenticate users based on physical features like fingerprints or
retinas. ...................................................................................................................................... 148
Access Control Vestibule: ......................................................................................................... 148
● Simple entry mechanisms like doors or gates may not accurately record entries. ........... 148
● Turnstiles or access control vestibules mitigate risks by allowing one person at a time or
leading to an enclosed space protected by another barrier. ..................................................... 148
Physical Security for Server Systems: ....................................................................................... 148
● Similar access control measures can be used to manage access to IT assets. ............... 148
● Locking racks, cabinets, or smart lockers provide secure storage for equipment and
sensitive items. ......................................................................................................................... 148
Detection-Based Devices: ......................................................................................................... 148
● Surveillance mechanisms like cameras help detect intrusion attempts. .......................... 148
● CCTV networks and asset tags enable electronic surveillance of managed assets. ........ 148
● Alarms, both circuit-based and motion-based, provide additional security layers. ............ 148
Asset Disposal: ......................................................................................................................... 149
● Proper disposal of IT assets is crucial to prevent data breaches. ..................................... 149
● Secure erase methods for HDDs and SSDs ensure data is irrecoverable before disposal or
reuse. ........................................................................................................................................ 149
● Employee training is essential to prevent security breaches due to human error or
negligence. ................................................................................................................................ 149
Conclusion: ............................................................................................................................... 149
● Physical security methods play a critical role in preventing unauthorized access and
protecting IT assets. ................................................................................................................. 149
● A combination of prevention-type and detection-based controls, along with proper
employee training, is necessary for effective security measures. ............................................. 149
Compare and Contrast Internet of Things Devices Introduction to Internet of Things (IoT): IoT
refers to a global network of devices equipped with sensors, software, and network
connectivity. .............................................................................................................................. 150
● These devices communicate with each other and traditional systems, often termed
Machine to Machine (M2M) communication. ........................................................................... 150
Consumer-grade Smart Devices:............................................................................................... 150
● Used for home automation systems, consisting of: .......................................................... 150
49
● Hub/control system: Facilitates wireless networking and provides control, often operated
through smart speakers or smartphone apps. .......................................................................... 150
● Smart devices: Endpoints like lightbulbs, thermostats, or doorbells capable of remote
operation, often running on Linux or Android kernels. .............................................................. 150
Physical Access Control Systems and Smart Buildings: ........................................................... 150
● Physical access control systems (PACS) include monitored locks, alarms, and video
surveillance, while smart buildings integrate PACS with HVAC, fire control, power, and lighting
systems..................................................................................................................................... 150
● These systems are managed by programmable logic controllers (PLCs) and sensors
measuring various environmental parameters.......................................................................... 150
Industrial Control Systems/Supervisory Control and Data Acquisition (SCADA): ..................... 150
● Widely used in industries like energy, manufacturing, and logistics. ................................. 150
● Prioritize safety, availability, and integrity over confidentiality. ......................................... 150
● Comprise industrial control devices linked by networks, managed by supervisory control
and data acquisition (SCADA) systems. ................................................................................... 150
IoT Networks: ............................................................................................................................ 150
● Identified by unique serial numbers or codes, interconnected within the existing Internet
infrastructure. ........................................................................................................................... 150
● Utilize various networking standards like industrial Ethernet, cellular networks
(Narrowband-IoT, LTE-M), Z-Wave, and Zigbee. ........................................................................ 151
Placement and Security: ........................................................................................................... 151
● Consumer-grade devices connected to home Wi-Fi networks may have weak security
features, posing risks of shadow IT and remote working vulnerabilities. ................................. 151
● Smart buildings require robust security measures to prevent compromise of entry
mechanisms and climate/lighting controls. .............................................................................. 151
● ICS/SCADA networks, although typically separate from corporate data networks, require
careful monitoring and access controls at network links.......................................................... 151
Conclusion: ............................................................................................................................... 151
● IoT devices serve diverse purposes, from home automation to industrial control systems.
151
● Understanding their features, networking protocols, and security considerations is
essential for their effective deployment and integration with existing networks. ..................... 151
Explaining Disaster Recovery and High Availability Concepts Explain Disaster Recovery
Concepts High Availability: Availability: Percentage of time the system is online, measured over
a period (e.g., one year). ............................................................................................................ 152
50
● Power management: Ensure stable power supply through UPS, generators, and renewable
sources. .................................................................................................................................... 153
Network Device Backup Management: ..................................................................................... 153
● Backup policies: Guide execution and frequency of backups for network appliances. ..... 153
● Baseline configuration: Documented configuration used for device restoration. ............. 153
● Backup modes: State/bare metal and configuration file backups for system restore and
configuration import. ................................................................................................................ 153
● State information: Additional data like MAC tables and NAT tables, crucial for device
operation and security. ............................................................................................................. 153
These concepts underpin business continuity and disaster recovery operations, ensuring
system resilience and minimal downtime in the face of disruptions. ....................................... 153
Explain High Availability Concepts Multipathing: ...................................................................... 154
Applying Network Hardening Techniques ................................................................................. 156
Compare and Contrast Types of Attacks General Attack Types: Objective: Understand the
various types of attacks and their goals, such as exfiltrating information, misusing network
services, or compromising network availability. ....................................................................... 156
● Examples: Insider threats with privileged access, external threats installing malware. .... 156
Footprinting and Fingerprinting Attacks: ................................................................................... 156
● Objective: Enumerate or gather information about a network's topology and configuration.
156
● Techniques: Footprinting involves discovering network topology, often through social
engineering or port scanning. Fingerprinting identifies device and OS types and versions to
probe for vulnerabilities. ........................................................................................................... 156
Spoofing Attacks: ...................................................................................................................... 156
● Objective: Disguise identity or forge network information to appear legitimate. ............... 156
● Examples: Social engineering, phishing, pharming, exploiting protocol vulnerabilities (e.g.,
ARP, DNS). ................................................................................................................................ 156
Denial of Service (DoS) Attacks: ............................................................................................... 156
● Objective: Cause a service to fail or become unavailable to legitimate users. .................. 156
● Methods: Resource exhaustion, exploiting application vulnerabilities, physical attacks (e.g.,
cutting cables), diversionary tactics. ......................................................................................... 156
On-path Attacks (Man-in-the-Middle): ....................................................................................... 156
● Objective: Compromise connections between hosts to intercept and modify
communications. ...................................................................................................................... 156
● Techniques: ARP spoofing, DNS poisoning, intercepting and relaying communications. . 156
52
● Passwords should not be easily guessable or found in common password databases. .. 158
● Configure role-based access............................................................................................. 158
● Limit permissions for different administrative groups to reduce the impact of
compromised accounts. ........................................................................................................... 158
● Disable unneeded network services .................................................................................. 158
● Reduce the attack surface of devices by disabling unused services and protocols. ......... 158
● Disable unsecure protocols ............................................................................................... 158
● Encrypt communication channels to prevent eavesdropping and unauthorized access. .. 158
● Disable Unneeded Switch Ports ........................................................................................ 158
● Restrict access to physical switch ports to authorized staff. ............................................ 158
● MAC Filtering and Dynamic ARP Inspection...................................................................... 158
● Define which MAC addresses are permitted to connect to a port. .................................... 158
● Prevent ARP cache poisoning with dynamic ARP inspection. ........................................... 158
● DHCP Snooping................................................................................................................. 158
● Inspect DHCP traffic to prevent spoofing and rogue DHCP servers. ................................. 158
● Neighbor Discovery Inspection and Router Advertisement Guard .................................... 158
● Mitigate spoofing and on-path attacks for IPv6 networks................................................. 158
● IEEE 802.1X Port-Based Network Access Control (PNAC) ................................................ 158
● Authenticate devices before activating ports using EAPoL protocol. ............................... 158
● Use RADIUS server for authentication and assign appropriate VLANs based on
authentication results. .............................................................................................................. 158
● Private VLANs ................................................................................................................... 159
● Restrict communication between hosts within a VLAN. ................................................... 159
● Default VLAN and Native VLAN ......................................................................................... 159
● Default VLAN (ID 1) should remain unused for user data traffic. ...................................... 159
● Native VLAN is used for untagged traffic over trunk ports. ............................................... 159
● Principle of Least Access .................................................................................................. 159
● Only allow necessary traffic; use explicit deny rules. ........................................................ 159
● Control Plane Policing ....................................................................................................... 159
● Mitigate control plane vulnerabilities with ACLs and rate-limiting. ................................... 159
● Preshared keys (PSKs), Extensible Authentication Protocol ............................................. 159
● Implement authentication mechanisms for secure wireless access. ............................... 159
54
Mnemonic for OSI Layers: All People Seem To Need Data Processing
1. Layer 1—Physical:
○ Responsible for transmission and receipt of signals.
○ Specifies physical topology, interface, and signal transmission/reception
processes.
○ Devices: Transceiver, repeater, hub, media converter, modem.
2. Layer 2—Data Link:
○ Transfers data between nodes on the same logical segment.
○ Organizes bits into frames and adds control information.
○ Devices: Network adapter, bridge, switch, wireless access point.
3. Layer 3—Network:
○ Moves data around networks of networks (internetwork).
○ Forwards information between networks based on logical network
addresses.
○ Main appliance: Router.
4. Layer 4—Transport:
○ Identifies network application by assigning port numbers.
○ Packages data into segments, adds port numbers for identification.
○ Ensures reliable data delivery if required.
59
1.1 Compare and contrast the Open Systems Interconnection (OSI) model layers and
encapsulation concepts.
SOHO Routers:
● SOHO networks refer to small office/home office setups with a limited number
of computing devices typically relying on a single integrated appliance for local
and internet connectivity.
● The primary device in a SOHO network is the SOHO router, which serves as an
intermediary system forwarding traffic between the LAN and the WAN.
● SOHO routers provide physical connections including RJ-45 ports for local
cabled networks (LAN ports), radio antennas for wireless signals, and modems
(cable or DSL) for connecting to the ISP’s network (WAN port).
● At layer 2, SOHO routers implement functions such as an Ethernet switch for LAN
connectivity and a wireless access point for Wi-Fi connectivity, bridging the
cabled and wireless segments.
● At layer 3, the SOHO router handles routing between the local private network
and the public internet, distinguishing between them using IP addresses. It runs a
DHCP server to allocate IP addresses to hosts connecting to it.
● Each application is identified by a port number. Rules in the firewall can control
access based on these port numbers.
● Wireless networks are usually protected by encryption requiring passphrase-
based keys for access.
● Access to the router's management interface and configuration settings is
protected by an administrative passphrase.
The Internet:
● The WAN interface of the router connects the SOHO network to the Internet,
usually facilitated via the public switched telephone network (PSTN).
Internet Standards:
● Various organizations like IANA and IETF are responsible for managing IP
addresses, domain space, and developing internet standards and protocols.
● The Internet model simplifies the OSI model, dividing it into four layers: link,
internet, transport, and application.
Hexadecimal Notation:
Copper Cable
● Copper cable transmits electrical signals and suffers from high attenuation,
meaning signals lose strength over long distances.
● Two main types of copper cable are twisted pair and coaxial (coax), with twisted
pair cable rated to Cat standards.
● Fiber optic cable carries high frequency radiation in the infrared light spectrum,
providing higher bandwidth and less susceptibility to interference or attenuation
compared to copper cable.
● Fiber optic cabling includes Single Mode (SMF) and MultiMode (MMF) types,
categorized further by Optical Mode designations (OM1, OM2, OM3, and OM4).
Ethernet Standards
● Ethernet standards, notably IEEE 802.3, ensure network cabling meets bandwidth
requirements, specifying bit rates and supported distances.
● Ethernet media specifications follow a convention like xBASE-y, indicating bit
rate, signal mode, and media type.
● Ethernet is a multiple access area network, with media access control (MAC)
determining when nodes can communicate on shared media.
● Ethernet uses a contention-based MAC system, where each network node in the
same media shares the same collision domain.
● Collision detection mechanisms like Carrier Sense Multiple Access with Collision
Detection (CSMA/CD) detect and handle collisions, reducing available
bandwidth.
● Fast Ethernet (100BASE-TX) increases bit rate to 100 Mbps, using improved
encoding methods and autonegotiation protocols.
● Gigabit Ethernet (1000BASE-T) further increases bit rate to 1000 Mbps (1 Gbps),
typically implemented only using switches.
● 10 Gigabit Ethernet (10 GbE) multiplies speed by 10, with specifications for 40
Gbps operation as well, typically deployed in scenarios requiring very high
bandwidth data transfers
64
● Plenum spaces in buildings, designed for HVAC systems, are also used for
communications wiring. Plenum cable must meet strict fire safety standards to minimize
smoke emission and be self-extinguishing.
● Plenum-rated cable uses treated PVC or Fluorinated Ethylene Polymer (FEP) jackets.
General purpose cables use PVC jackets.
● Cabling between floors is referred to as riser cabling and must be fire-stopped to prevent
fire spread. Riser-rated cable must also adhere to fire safety standards, though less
strict than plenum-rated cable.
● Coaxial cable consists of a core conductor enclosed by plastic insulation and surrounded
by a wire mesh acting as shielding and ground. It's categorized using the Radio Grade
(RG) standard based on core conductor thickness and cable impedance.
● Coax cables are terminated using F-type connectors, commonly used in CATV and
broadband cable modems.
● Twinaxial cable, similar to coax but with two inner conductors, is used for datacenter
interconnects like 10 GbE and 40 GbE. It's terminated using SFP+ Direct Attach Copper
(DAC) and QSFP+ DAC transceivers.
65
● Fiber optic connectors come in various form factors, with different types preferred for
single mode or multimode applications.
● Connector types include Straight Tip (ST), Subscriber Connector (SC), Local Connector
(LC), and Mechanical Transfer Registered Jack (MTRJ), each offering specific features
like push-and-twist locking mechanism or small form factor.
● Ethernet standards over fiber specify cable types and maximum distances for different
data rates, with variants for long and short wavelength optics.
● Fiber is commonly used for backbone cabling in office networks and for high-bandwidth
workstation applications.
66
● Fiber optic installation follows similar topologies as copper cable using distribution
frames and switches, with long-distance cables laid as trunks or rings with repeaters or
amplifiers.
● Patch cords for fiber optic must maintain correct polarity to ensure proper signal
transmission, with connectors often keyed to prevent incorrect insertion.
● Connectors have different finishing types like Physical Contact (PC), Ultra Physical
Contact (UPC), and Angled Physical Contact (APC), each suited for specific applications
and performance requirements.
67
Cable Management:
● 66 Block: Older-style distribution frame for terminating telephone cabling and legacy
data applications.
● 110 Block: Supports higher frequencies (Cat 5 and better), arranged horizontally for
better density and labeling.
● BIX and Krone Distribution Frames: Single-piece designs, common in North America
(BIX) and Europe (Krone), respectively.
● Patch Panel/Patch Bay: Simplifies moves, adds, and changes (MACs), allows
reconfiguration by changing patch cable connections.
● Cable Installation: Pulling cable carefully from the telecommunications closet to the work
area, avoiding bends and proximity to electrical power cables.
● Termination Tools: Punchdown tools for IDCs, block tools for terminating groups of
connectors, cable crimpers for creating patch cords.
● Fusion Splicing: Mechanically splicing cables using adhesive junction boxes or fusion
splicers for a more permanent join.
● Transceivers: Modular, hot-swappable devices for terminating different cable and
connector types, converting between media types.
Transceiver Types:
● Wavelength Division Multiplexing (WDM): Utilizes a single fiber strand to transmit and/or
receive multiple channels simultaneously, with variations like BiDi, CWDM, and DWDM
supporting different channel configurations.
69
Hubs:
● Act as multiport repeaters, forwarding transmissions from any port to all other ports.
● Operate only at the Physical layer.
● All ports are part of the same shared media access area and collision domain.
● Node interfaces are half-duplex, using CSMA/CD protocol.
● MDI (Medium Dependent Interface) and MDI-X (MDI crossover) interfaces distinguish
between end system and intermediate system interfaces.
Bridges:
● Work at the data link layer (Layer 2) to establish separate physical network segments
while maintaining a single logical network.
● Reduce collisions by segmenting the network.
● Create separate collision domains, isolating segments from each other.
● Build MAC address tables to track addresses associated with each port.
● Forward traffic only to the appropriate segment.
● Create a single logical network, referred to as a layer 2 broadcast domain.
Layer 2 Switches:
● Perform functions similar to bridges but on a larger scale with more ports.
● Establish microsegmentation, with each port as a separate collision domain.
● Establish point-to-point links between network nodes.
● Collision occurs only in half-duplex mode and affects only the microsegment.
● All switch ports are in the same broadcast domain by default, unless VLANs are
configured.
70
● Preamble: Used for clock synchronization and early collision detection in the CSMA/CD
protocol.
● Error Checking: Contains a 32-bit checksum (CRC) or Frame Check Sequence (FCS)
for error detection.
● Media Access Control (MAC) Address Format: A unique 48-bit (6-byte) identifier
assigned to each Ethernet port.
● Broadcast Address: Consists of all 1s (ff:ff:ff:ff:ff:ff) and is used for broadcast and
multicast transmissions.
● Frame Length and Maximum Transmission Unit (MTU): Payload size can range from 46
to 1500 bytes, with the minimum frame length being 64 bytes to comply with CSMA/CD.
Some Ethernet products support jumbo frames with larger MTUs.
● tcpdump: A network packet analyzer that captures and displays packets transmitted or
received over a network.
● Filtering: tcpdump can filter packets based on various criteria such as host, network,
port, protocol, direction, and more using Boolean operators and parentheses for
grouping.
● Other Tools: ngrep and netcat can also be used for packet capture and analysis, with
ngrep supporting regular expressions for filtering.
Wireshark:
Auto MDI/MDI-X:
● MAC Address Learning: Switches learn MAC addresses by reading source addresses
from received frames and storing them in a MAC address table.
● Port Security: Validates MAC addresses of connected devices, ensuring only authorized
devices can access the network through a specific port.
Port Aggregation:
● Definition: Combining multiple physical links into a single logical channel to increase
bandwidth and redundancy.
● Protocols: Link Aggregation Control Protocol (LACP) is commonly used to manage port
aggregation.
72
Port Mirroring:
● Purpose: Copies traffic from one or more source ports to a mirror (destination) port for
analysis.
● Applications: Used for network monitoring, packet sniffing, intrusion detection, etc.
● Jumbo Frames: Support larger data payloads, reducing processing overhead and
improving efficiency for certain types of traffic.
● Flow Control: IEEE 802.3x allows a server to pause traffic temporarily to prevent buffer
overflow, improving network performance.
resolve network issues while minimizing downtime and ensuring smooth network
operations.
75
Given a scenario, troubleshoot common cable connectivity issues and select the
appropriate tools.
Cable Issues:
● Loopback adapter: used to test for bad ports and network cards.
● Check link lights or LED status indicators for connectivity.
● Verify settings on switch port and NIC for speed and duplex settings.
76
Cable Testers:
Crosstalk Issues:
● The IPv4 header includes essential fields such as Version, Length, Protocol, and
Total Packet Size.
● The Protocol field identifies the encapsulated data in the payload, typically
indicating Transmission Control Protocol (TCP) or User Datagram Protocol
(UDP).
● Other protocols running directly on IP include ICMP, IGMP, GRE, ESP, AH, EIGRP,
and OSPF.
● IPv4 addresses consist of a network number (network ID) and a host number
(host ID), with each being 32 bits long.
● Binary addresses are divided into four octets and are usually represented in
dotted decimal notation for easier human understanding.
● Binary-to-decimal and decimal-to-binary conversions are essential skills for
working with IP addresses.
4. Network Masks
● The AND operation between the mask and IP address helps derive the network
ID.
5. Subnet Masks
● The number of available host IDs within a network depends on the subnet mask
and the subnetting scheme employed.
● Subnetting enables the creation of smaller broadcast domains with fewer hosts,
optimizing network performance and management.
to master.
79
● Logical addressing (network, subnet, and host IDs) at Layer 3 maps to forwarding
at the data link Layer 2.
● Subnets are mapped to Layer 2 segments using switches, while routers connect
different subnets.
● Nodes within a subnet communicate directly via MAC addresses, while
communication between subnets requires routing.
Modern Ethernet networks use switches, where each port is typically in the same
broadcast domain.
● Excessive broadcast traffic can reduce performance, so VLANs are used to
segment networks logically.
● VLANs allow different groups of computers attached to the same switch(es) to
appear as separate LAN segments, each with its own broadcast domain.
● At Layer 3, subnetting logically divides an IP network into smaller subnetworks,
each with a unique address.
2. Classful Addressing
● Classful addressing was used in the 1980s before netmasks were developed to
identify network IDs.
● Class A, B, and C networks allocated network IDs based on the first octet of the
IP address.
● Class A supports over 16 million hosts, Class B supports up to about 65,000
hosts, and Class C supports 254 hosts.
● Routers have performed classless routing for years, but class terminology is still
widely used.
● Public IP addresses can connect to other public IP networks over the Internet
and are governed by IANA.
● Private IP addresses, defined in RFC 1918, are non-routable over the Internet and
can be used within organizations.
● Private address ranges include 10.0.0.0 to 10.255.255.255, 172.16.0.0 to
172.31.255.255, and 192.168.0.0 to 192.168.255.255.
Host adapters require appropriate IP addresses, subnet masks, default gateway (router)
addresses, and DNS server addresses for network communication.
● Configuration can be static or dynamic (using DHCP).
● Commands like netsh and PowerShell cmdlets (Get-NetAdapter, Get-
NetIPAddress) are used for configuration and querying.
2. ipconfig
● Linux interfaces identified as eth0, eth1, etc., with different naming schemes
emerging.
● Persistent configuration methods vary by distribution, including editing
configuration files, using NetworkManager, or employing systemd-networkd.
● ifconfig (legacy) and ip (modern) commands for reporting and configuring IP
addresses.
● ARP caches MAC addresses associated with IP addresses on the local network.
● arp utility used for ARP cache functions: -a to show cache contents, -s to add an
entry, and -d to delete entries.
Troubleshoot IP Networks
1. Hardware Failure and Network Interface Issues
Rule out physical hardware failure and Data Link layer issues before diagnosing
Network layer problems.
● Power issues such as surges, spikes, brownouts, and blackouts can affect
network devices. UPSs provide temporary power during outages.
● Test for hardware failure in network adapters, switches, routers, and cables using
diagnostic tools.
● Check interface status using LED indicators and command line utilities.
● Verify line and protocol status and autonegotiation settings.
● Check for mismatches in speed and duplex settings, collisions, and faulty NICs
or drivers.
3. IP Configuration Issues
● Detect duplicate IP addresses using arp utility and resolve by assigning unique
addresses.
● Duplicate MAC addresses can lead to contention or split communications and
should be identified and fixed promptly.
5. Problem Isolation
● Enable IGMP snooping on switches to filter multicast traffic and prevent flooding
to unnecessary ports and VLANs.
● Multicast transmissions can consume bandwidth if not managed efficiently,
especially in VLAN environments.
87
IPv4: Based on a 32-bit binary number, allowing for 4.3 billion unique addresses.
● IPv6: Utilizes a 128-bit addressing scheme, providing space for 340 undecillion
unique addresses, addressing the issue of IPv4 address exhaustion.
● Main Header: Fixed length, unlike IPv4, containing source and destination
addresses.
● Extension Headers: Optional, providing additional functionality such as
fragmentation, security, and source routing.
● Payload: Data being transmitted.
Interface ID/EUI-64
● Starts with fe80, with the last 64 bits representing the interface ID.
ICMPv6
● Routing table entries include Direct network routes, Remote network routes, Host
routes, and Default routes.
● Directly connected routes are automatically added to the routing table for each
active router interface.
● Static routes are manually added and only change if edited by the administrator.
● Static routes can be configured as non-persistent or persistent/permanent.
● Default routes are used when no exact match is found and are represented by
destination address 0.0.0.0/0 for IPv4 and ::/0 for IPv6.
3. Packet Forwarding:
4. Hop Count:
90
5. Fragmentation:
● IP provides best-effort delivery, and packets may be fragmented to fit within the
Maximum Transmission Unit (MTU) of the Data Link protocol frame.
● IPv4 uses ID, Flags, and Fragment Offset IP header fields to indicate packet
fragmentation.
● IPv6 does not allow routers to perform fragmentation; instead, hosts perform
path MTU discovery to determine the MTU supported by each hop.
91
Dynamic routing protocols use algorithms and metrics to build and maintain a routing
information base.
● These protocols allow routers to exchange routing information rapidly to prevent
outages.
● Learned routes are communicated between routers, and each router maintains a
routing information base.
● Routing algorithms are categorized into distance vector or link state protocols.
● Distance vector protocols prioritize routes based on the number of hops to the
destination.
● Link state protocols build a complete topology database and calculate the
shortest path based on metrics.
3. Convergence:
● RIP is a distance vector protocol that prioritizes routes based on hop count.
● RIP sends regular updates of its routing database to neighbors.
92
● Versions include RIPv1 (classful), RIPv2 (classless with multicast), and RIPng for
IPv6.
● OSPF is a widely adopted link state protocol suitable for large organizations with
multiple paths.
● OSPF supports classless addressing and hierarchical network organization using
areas.
Conclusion:
Internal Routers:
● Internal routers are positioned within the network and have no public interfaces.
● They are used to implement various network topologies.
Subinterfaces:
● Layer 3 switches are optimized for routing between VLANs and use static and
dynamic routing.
● They maintain a mapping table of IP addresses to MAC addresses for efficient
hardware-based forwarding.
● However, they do not typically have WAN interfaces and are not used for routing
at the network edge.
Router Configuration:
94
● Routers are configured locally via a console port or remotely using protocols like
SSH.
● Best practice includes creating a loopback interface to assign the router an
internal IP address for remote management.
Route Command:
● Used to view and modify the routing table on end systems (Windows and Linux
hosts).
● The routing table typically contains entries for local subnet and default route.
● Routes can be added, deleted, or modified using the route command.
● Traceroute/tracert is used to test the path between two nodes and isolate
network problems.
● Traceroute uses UDP probe messages, while tracert uses ICMP Echo Request
probes.
● Both tools help identify routing issues, such as missing routes, routing loops, and
asymmetrical routing.
● Routing loops occur when routers use each other as paths to a network, causing
packets to circulate indefinitely.
● Routing protocols employ mechanisms like maximum hop count, holddown
timer, and split horizon to prevent loops.
● Traceroute can help diagnose routing loops by identifying repeated IP addresses
in the output.
● Poor connectivity across fiber optic links can result from a low optical link
budget.
● The link budget is calculated based on attenuation, connectors, and splices.
● Margin between transmitter power and link budget is crucial for optimal
performance.
● Use tools like an optical time domain reflectometer (OTDR) to test link budget
and identify installation faults.
This lesson covers configuring and troubleshooting routers, including edge and internal
routers, subinterfaces, layer 3 capable switches, router configuration, route command
usage, traceroute and tracert, and various routing issues like missing routes, routing
loops, asymmetrical routing, and low optical link budget issues. Understanding these
concepts is essential for network configuration and troubleshooting.
96
Definition: A network consists of nodes and links, with end system nodes sending and
receiving data traffic. These end system nodes are classified as clients or servers.
● Server: Provides network applications and resources to other hosts.
● Client: Consumes the services provided by servers.
● Client-Server Network:
● Nodes like PCs, laptops, and smartphones act as clients, while servers are
more powerful computers.
● Application services and resources are centrally provisioned, managed,
and secured.
● Peer-to-Peer Network:
● Each end system acts as both client and server.
● Decentralized model where provision, management, and security of
services and data are distributed across the network.
● Typical Usage:
● Business and enterprise networks: Client-server.
● Residential networks: Peer-to-peer (or workgroup), though client-server
elements can exist.
Network Types:
Network Topology:
● Physical Topology:
● Description: Placement of nodes and their connections by network media.
● Example: Nodes directly connected via a single cable or to a switch via
separate cables.
● Logical Topology:
● Description: Flow of data through the network.
● Example: Different physical implementations achieving the same logical
layout.
● Point-to-Point Link:
● Description: Single link between two nodes, ensuring a level of bandwidth
due to the 1:1 relationship.
● Star Topology:
● Description: Endpoints connected to a central node, facilitating easy
reconfiguration and troubleshooting.
● Mesh Topology:
● Description: Fully connected nodes, often impractical, hence a hybrid
approach is used for redundancy and fault tolerance.
● Ring Topology:
● Description: Closed loop where each node is wired to its neighbor, with
dual rings for fault tolerance.
● Bus Topology:
● Description: Shared access topology with all nodes sharing the bandwidth
of the media.
● Hybrid Topology:
● Description: Mixture of point-to-point, star, mesh, ring, and bus topologies,
often used for redundancy and fault tolerance in WANs or hierarchical
designs.
98
Definition: Breaks down large and complex network designs into smaller sections based
on functions performed.
● Model Example: Cisco’s design principles: access, distribution, and core layers.
Access/Edge Layer:
Distribution/Aggregation Layer:
Core Layer:
Benefits:
VLAN Implementation:
● Untagged ports participate in a single VLAN, also known as access ports or host
ports.
● Tagged ports operate as trunks, capable of transporting traffic addressed to
multiple VLANs.
Voice VLANs:
● Dedicated VLAN for Voice over IP (VoIP) traffic to prioritize voice traffic over
data.
● Most VoIP endpoints incorporate an embedded switch to connect handsets and
PCs to a single port.
● Switches support voice VLANs to distinguish between PC and VoIP traffic
without configuring trunks manually.
102
● Well-known and registered port numbers are assigned to various services and
applications.
● Port numbers are used to identify different types of network traffic.
● Examples include FTP, SSH, Telnet, SMTP, DNS, HTTP, POP3, IMAP, SNMP,
LDAP, HTTPS, SMB, DHCP, and SIP.
Comparison:
Contrast:
Nmap:
netstat:
● netstat command provides visibility into local host ports and active connections.
● On Windows, it displays active TCP connections and open ports using different
switches.
● On Linux, it shows active connections of any type and offers switches for
specific connection types.
● Additional options include displaying numerical addresses, filtering by IPv4 or
IPv6, and showing process IDs and names.
● Port scanning can reveal information about services running on target hosts and
detect security vulnerabilities.
Protocol Analyzers:
● DHCP lease process involves four steps: Discover, Offer, Request, and
Acknowledge (DORA).
● When a DHCP client initializes, it broadcasts a DHCPDISCOVER packet to find a
DHCP server.
● The DHCP server responds with a DHCPOFFER packet containing an IP address
and other configuration information.
● The client may choose to accept the offer using a DHCPREQUEST packet.
● If the offer is still available, the server responds with a DHCPACK packet.
● The client broadcasts an ARP message to check if the address is unused, and if
so, it starts using the address and options provided.
DHCP Options:
● DHCP servers offer IP addresses and subnet masks, along with other IP-related
settings known as DHCP options.
● Some common DHCP options include the default gateway, DNS server
addresses, DNS suffix, and other server options like time synchronization or VoIP
proxy.
● DHCPv6 provides additional option settings for IPv6 hosts but is often used for
supplemental configuration rather than IP address leasing.
● DHCPv6 operates on different ports (546 for clients, 547 for servers) and uses
multicast addresses for server discovery.
● DHCPv6 can operate in stateful mode (providing routable IP addresses) or
stateless mode (providing network prefix information).
108
● Reverse DNS querying uses special domains like in-addr.arpa for IPv4 and
ip6.arpa for IPv6 to find the host name associated with a given IP address.
● Reverse lookup zones store PTR records containing the host names associated
with IP addresses.
Reverse lookup zones are optional in DNS servers due to security concerns related to
DNS Caching:
● Resource records are configured with a time to live (TTL) value, instructing
resolvers how long query results can be kept in cache.
● DNS caching is performed by both servers and client computers, with each
application on a client potentially maintaining its own DNS cache.
● Changes to resource records can be slow to propagate due to server and client
caching, requiring careful management of TTL values.
● Internal DNS zones serve private network domains and should only be accessible
to internal clients.
● External DNS zones serve records accessible to Internet clients, such as web and
email services.
● DNS resolvers perform recursive queries for clients, either locating authoritative
name servers or forwarding requests to another server.
● It's essential to separate DNS servers hosting zone records from those servicing
client requests for non-authoritative domains.
Both nslookup and dig are valuable tools for troubleshooting DNS issues and testing
name resolution configurations.
112
HTTP is the foundation of web technology, allowing clients to request resources from
HTTP servers.
● Clients connect to HTTP servers using TCP port 80 by default and submit
requests using URLs.
● HTTP headers define request and response formats, while the payload usually
serves HTML web pages.
● Features include forms (POST) for submitting data from clients to servers and
session management with cookies.
Web Servers:
● Used for transferring files to and from remote hosts, often for administrative
purposes.
● FTP operates over TCP port 21, with data transfer modes including active and
passive.
● Trivial File Transfer Protocol (TFTP) is a lightweight protocol used for small file
transfers, running over UDP port 69.
● Server Message Block (SMB) provides file and print sharing services on Windows
networks, also supported by Samba for UNIX/Linux.
● SMB typically operates over TCP ports 139 or 445, with version 3 supporting
message encryption.
Database Services:
● Relational databases store data in tables and are queried using Structured Query
Language (SQL).
● Relational Database Management System (RDBMS) platforms include Oracle,
Microsoft SQL Server, MySQL/MariaDB, and PostgreSQL.
● NoSQL databases offer flexible data structures and are accessed using APIs
over HTTPS.
● Both RDBMS and NoSQL databases can be secured using TLS transport
encryption.
Key Points:
● Email services use SMTP for message delivery and POP/IMAP for mailbox
access.
● VoIP replaces legacy voice services with IP-based protocols like SIP and RTP.
● VoIP phones can be software or hardware, and VLAN tagging segregates voice
traffic.
● VoIP gateways translate between VoIP systems and legacy voice
equipment/networks.
116
● Useful commands include sshd (start SSH server), ssh-keygen (create key pair),
ssh-agent (store private keys securely), ssh (connect to server), scp (file
transfer), sftp (secure file transfer).
Key Points:
● SSH is the preferred method for secure remote access, offering encryption and
various authentication options.
● Telnet is insecure due to lack of encryption and should be replaced with SSH.
● RDP facilitates remote GUI connections to Windows machines.
● NTP ensures time synchronization for network applications and services, critical
for authentication and security mechanisms.
118
Performance Metrics:
● Bandwidth/throughput: Rate of data transfer measured in Mbps or Gbps.
● CPU and memory utilization: High utilization may indicate the need for
upgrades.
● Storage: Availability of storage space, crucial for device operation and
application efficiency.
● Bottlenecks:
● Points of poor performance that reduce overall network productivity.
● Can be device-related or user/application-related.
● Identification requires analysis of network utilization and errors.
● Performance Baselines:
● Establish resource utilization metrics at a specific point in time for
comparison.
● Useful for assessing system responsiveness and planning upgrades.
2. Environmental Monitoring:
5. Event Management:
Bandwidth Management
Posture Assessment:
Process Assessment:
● Unpatched systems lack updates, while legacy systems lack vendor support.
● Vulnerabilities extend to network appliances and embedded systems.
Vulnerability Assessment:
● Integrates vulnerability and threat assessment efforts through log data collection
and analysis.
● Correlates events to indicate risk or compromise and provides regulatory
compliance.
Penetration Testing:
Vendor Assessment:
● Evaluates risks in the supply chain for vulnerabilities and impacts on service.
● Vendor management selects suppliers and assesses risks inherent in third-party
products or services.
125
● Authentication Factors:
● Knowledge factor (e.g., password).
● Ownership factor (e.g., smart card).
● Human or biometric factor (e.g., fingerprint).
● Behavioral factor (e.g., signature).
● Location factor (e.g., GPS location).
● Multifactor Authentication: Combines multiple authentication factors for stronger
security.
● Two-Factor Authentication (2FA): Combines two authentication factors (e.g.,
smart card + PIN).
● Digital Certificates: Used for server authentication (e.g., TLS) and user
authentication.
● Public Key Infrastructure (PKI): Ensures validity of public keys through certificate
authorities (CAs).
● EAP: Framework for various authentication protocols, often used with digital
certificates.
● IEEE 802.1X: Provides network access control (NAC) for wired and wireless
networks, often with EAP.
● RADIUS: Widely used for client device access over switches, wireless networks,
and VPNs.
● TACACS+: Similar to RADIUS but more flexible, often used for administrative
access to routers and switches.
Conclusion:
authentication to directory services like LDAP, each method plays a vital role in ensuring
● Internet-facing hosts are placed in the perimeter network zone, which allows
external access while protecting internal systems.
● Perimeter network enables external clients to access data on private systems
without compromising internal network security.
● Proxy servers in the perimeter handle connections between internal and external
hosts.
Screened Subnets:
Firewall Types:
● Packet Filtering Firewalls: Basic type, inspecting IP packet headers and applying
rules based on IP addresses, protocols, and port numbers.
128
Proxy Servers:
● Proxy servers forward requests on behalf of clients, providing traffic analysis and
caching.
● Forward proxies handle outbound traffic, while reverse proxies handle inbound
traffic.
Defense in Depth:
● IDS analyze network traffic or logs for suspicious activity and raise alerts based
on predefined signatures.
● IPS can actively respond to threats, such as ending sessions or blocking attacker
IP addresses.
● Host-based IDS/IPS run on end systems to monitor local activity in addition to
network-based IDS/IPS.
129
● Methods:
● Local cache check.
● HOSTS file check.
● Query DNS.
● DNS Configuration Issues:
● Without DNS servers, network client machines cannot connect to services
or servers.
● Troubleshooting:
● Verify DNS server addresses and DNS suffixes.
● Check DHCP server settings for correct configuration.
● Considerations:
● Proper availability of services like DHCP and DNS across VLANs is
essential.
● Ensure routing is configured for VLAN-to-VLAN communications.
130
● Possible Causes:
● Application or OS crashes.
● Server overload.
● Network congestion or broadcast storms.
● Denial of Service (DoS) attacks.
● Diagnosis:
● Check server resources and network latency.
● Monitor for unusual access patterns indicating attacks.
● Impact:
● Misconfigurations can block services, ports, or addresses.
● Diagnosis:
● Confirm firewall ACL configuration.
● Test connections from inside and outside the firewall.
● Causes:
● Certificate issuer not trusted.
● Certificate subject name mismatch.
● Certificate expired or revoked.
● Resolution:
● Add trusted certificates to client devices.
● Verify certificate common names.
● NTP Issues:
● Network Time Protocol (NTP) synchronization for host time sources.
● BYOD Challenges:
● Compatibility, support, and security issues with Bring Your Own Device
(BYOD) models.
● Licensed Feature Issues:
● Troubleshoot licensing or feature activation problems, such as evaluation
period expiration or exceeding seat counts.
131
These troubleshooting steps cover a range of issues that may arise at the service and
security layers, providing a comprehensive approach to resolving network problems.
132
● Wi-Fi 5 (802.11ac): Operates in the 5 GHz band with improved throughput and
channel bonding.
● Wi-Fi 6 (802.11ax): Uses more complex modulation for higher efficiency and
aims for 10G speeds.
Cellular Technologies:
● 2G and 3G: Based on GSM and CDMA, supporting voice calls with limited data
access.
● 4G and 5G: LTE and LTE-A offer improved data speeds, while 5G aims for faster
speeds and broader applications.
This summary provides an overview of key wireless standards, including IEEE 802.11
Wireless network devices are referred to as stations (STA), similar to nodes on a wired
network.
● Most wireless networks are deployed in an infrastructure topology where each
station connects through a base station or access point (AP), forming a logical
star topology.
● The AP mediates communications between client devices and can provide a
bridge to a cabled network segment.
● In 802.11 documentation, this is referred to as an infrastructure Basic Service Set
(BSS).
● More than one BSS can be grouped together in an Extended Service Set (ESS).
● Clients join a WLAN through the Service Set Identifier (SSID), which can be up to
32 bytes in length.
● In infrastructure mode, multiple APs connected to the same distribution system
are grouped into an Extended SSID (ESSID).
● The area served by a single AP is referred to as a basic service area (BSA) or
wireless cell, while the area in which stations can roam between access points is
referred to as an extended service area (ESA).
● A WLAN typically broadcasts its SSID to advertise its presence, allowing users to
connect to a named network.
● A beacon frame broadcast by the AP advertises the WLAN and contains SSID,
supported data rates, signaling, and encryption/authentication requirements.
● Wi-Fi devices should have an indoor range of at least 30m (100 feet).
● 2.4 GHz radios support better ranges than 5 GHz ones, and later standards
improve range compared to earlier ones.
135
● Radio signals can pass through solid objects but can be weakened or blocked by
dense materials.
● Interference can be caused by various devices like microwaves, cordless phones,
etc.
● Planning a wireless network requires considering factors like range, interference,
and site survey is essential.
● Clients can roam within an extended service area (ESA) by detecting stronger
signals from other APs with the same SSID.
● Wireless distribution system (WDS) allows multiple APs to cover areas where
cabling is not possible.
● WDS can be used to bridge separate cabled segments.
Signal Strength
● Received Signal Strength Indicator (RSSI):
● Measures signal strength at the client end.
● Lower dBm values indicate better performance.
● RSSI indices can vary; displayed as signal strength bars on adapters.
● Signal-to-Noise Ratio (SNR):
● Measures comparative strength of data signal to background noise.
● Higher dB values indicate better performance.
● Tools: Wi-Fi analyzer software for measuring RSSI and SNR.
Antenna Types
● Omnidirectional Antennas:
● Send and receive signals in all directions equally.
● Ceiling-mounted for best coverage.
● Unidirectional Antennas:
● Focus signal in a single direction; useful for point-to-point connections.
138
Antenna Placement
● Optimization:
● Use site surveys and heat maps to determine optimal AP placement.
● Incorrect placement exacerbates attenuation and interference.
2. Personal Authentication
● Captive portal issues can occur if HTTPS redirection does not work or if the
portal lacks a trusted digital certificate.
● Users should use HTTPS for confidential data transmission over open networks
or use VPNs for added security.
6. Teaching Tips
These study notes cover important aspects of configuring and troubleshooting wireless
security, including encryption standards, authentication methods, and common
configuration issues. Understanding these concepts is crucial for securing wireless
networks effectively.
141
● T-carrier system enables voice traffic digitization and data transport, with T1
lines providing 1.544 Mbps full duplex digital connections.
● T1 lines terminate at the demarc on a smartjack or Network Interface Unit (NIU),
connected to the customer's Channel Service Unit/Data Service Unit (CSU/DSU).
● DSL transfers data over voice-grade telephone lines, using frequencies above
human voice for communication.
142
● DSL modems are installed as CPE, connecting to the provider's phone jack via
RJ-11 and to the local network's router via RJ-45 Ethernet port.
● Fiber optic links aim to improve WAN access bandwidth, with solutions like FTTC
and FTTP terminating fiber links at the demarc.
● Very high-speed DSL (VDSL) supports FTTC, offering high bit rates over short
distances.
● Cable Internet connections combine fiber optic core networks with coaxial links
to CPE, offering broadband services.
● Cable modems interface with the access provider’s network via coax and with
the local network via Ethernet or USB.
● Satellite systems provide wide coverage but suffer from latency issues due to
signal travel distance.
● Satellite Internet connections involve installing a VSAT dish at the customer’s
premises, aligning it with orbital satellites, and connecting it to a DVB-S modem.
Understanding WAN provider links is crucial for configuring enterprise WANs and
Remote network access occurs over an intermediate network, often a public WAN,
rather than direct cabled or wireless connections.
● Historically, remote access might have used analog modems over the telephone
system, but nowadays, it's mostly implemented as a VPN over the Internet.
● Administering remote access involves tasks similar to those for the local
network but with added complexity due to the security risks associated with
remote workstations and servers.
● Creating a remote access server (RAS) requires documentation of service use,
security risks, authorized users, and network manager authorization. Policies
should restrict access, define privileges, and log access logons and attempts.
● Modern remote network access solutions use VPNs, setting up secure tunnels
for private communications over the Internet.
● VPNs depend on tunneling protocols like Point-to-Point Protocol (PPP) at the
Data Link layer and Generic Routing Encapsulation (GRE) at layer 3.
● GRE encapsulates an IP packet within its payload and is often used with other
protocols in a VPN solution.
● Internet Protocol Security (IPSec) operates at layer 3 to encrypt packets passing
over any network and is commonly used as a native VPN protocol.
● Transport Layer Security (TLS) can also be used to encapsulate frames or IP
packets but may add significant overhead.
● Client-to-site VPNs connect clients over the public network to a VPN gateway
positioned on the edge of the local network.
● Various protocols like SSL/TLS VPNs, Cisco's L2TP, and Microsoft's SSTP are
used, often requiring client software and AAA/RADIUS architecture for
authentication.
● Split tunneling allows direct Internet access, while full tunneling routes all traffic
through the corporate network, offering better security but potentially causing
latency issues.
144
Clientless VPNs:
● Hub and spoke VPNs connect multiple remote sites to a central hub, often
requiring powerful VPN headends for aggregation and scalability.
Configuration Management:
Change Management:
● Governs tasks with detailed steps and considerations like budget, security, or
customer contact.
● Provides clear guidelines and lines of responsibility for task completion.
● Ensures consistency and adherence to approved procedures.
146
● Establish duty for employees to ensure data asset confidentiality, integrity, and
availability.
● HR communicates and enforces security policies, manages onboarding and
offboarding processes.
Usage Policies:
● Govern the use of remote access privileges, mitigating security risks associated
with remote connections.
● Require malware protection, strong authentication, and restrict local privileges.
Common Agreements:
Physical security is crucial for network sites to prevent unauthorized access and reduce
the risk of intrusion.
● This lesson explores various physical security methods to enhance the security
of premises.
● Simple entry mechanisms like doors or gates may not accurately record entries.
● Turnstiles or access control vestibules mitigate risks by allowing one person at a
time or leading to an enclosed space protected by another barrier.
Detection-Based Devices:
Asset Disposal:
Conclusion:
IoT refers to a global network of devices equipped with sensors, software, and network
connectivity.
● These devices communicate with each other and traditional systems, often
termed Machine to Machine (M2M) communication.
● Physical access control systems (PACS) include monitored locks, alarms, and
video surveillance, while smart buildings integrate PACS with HVAC, fire control,
power, and lighting systems.
● These systems are managed by programmable logic controllers (PLCs) and
sensors measuring various environmental parameters.
IoT Networks:
Conclusion:
● IoT devices serve diverse purposes, from home automation to industrial control
systems.
● Understanding their features, networking protocols, and security considerations
is essential for their effective deployment and integration with existing networks.
152
Availability: Percentage of time the system is online, measured over a period (e.g., one
year).
● High availability: Characteristic of a system that guarantees a certain level of
availability.
● Maximum Tolerable Downtime (MTD): States the requirement for a business
function.
● Metrics:
● Availability Annual MTD: Specifies the maximum downtime allowed for
different availability levels.
● Recovery Time Objective (RTO): Period following a disaster that an IT
system may remain offline.
● Work Recovery Time (WRT): Additional time post-recovery for integration,
testing, and user briefing.
● Recovery Point Objective (RPO): Amount of data loss a system can
sustain, measured in time units.
Recovery Sites:
153
● Combines two or more separate cabled links between a host and a switch into a single
logical channel.
● Also known as NIC teaming at the host end and port aggregation at the switch end.
● Provides redundancy; if one link is broken, the connection is maintained by the other.
● Cost-effective solution.
● Implemented using IEEE 802.3ad/802.1ax standard.
● Described as a Link Aggregation Group (LAG) in the 802.3ad standard.
● Utilizes Link Aggregation Control Protocol (LACP) for configuration and error detection.
Load Balancers:
Redundant Hardware/Clusters:
Objective: Understand the various types of attacks and their goals, such as exfiltrating
information, misusing network services, or compromising network availability.
● Examples: Insider threats with privileged access, external threats installing
malware.
Spoofing Attacks:
Password Attacks:
Understanding these attack types enables effective incident response and system
hardening to mitigate security risks.
158
● Private VLANs
● Restrict communication between hosts within a VLAN.
● Default VLAN and Native VLAN
● Default VLAN (ID 1) should remain unused for user data traffic.
● Native VLAN is used for untagged traffic over trunk ports.
Wireless Security
These network hardening techniques help enhance security and protect against various
threats by implementing layered defenses and best practices.
160
Cloud computing offers on-demand resources such as server instances, file storage,
and databases over a network, usually the Internet.
● Consumers are not responsible for the underlying infrastructure but pay for the
services provided.
● Providers use virtualization for quick and easy provisioning of resources.
● Scalability involves linear costs when supplying services to more users, achieved
through adding nodes or resources to each node.
● Elasticity refers to real-time handling of changes in demand without loss of
service or performance.
● Public: Services offered over the Internet by cloud service providers (CSPs) to
multiple tenants. Offers subscriptions or pay-as-you-go financing.
● Hosted Private: Exclusive use of a cloud by an organization, hosted by a third
party. Offers better security but is more expensive.
● Private: Completely owned and managed by the organization, offering greater
control over privacy and security.
● Community: Shared costs of hosting a private or fully private cloud by multiple
organizations for common concerns like standardization and security.
● Hybrid: Combination of public/private/community/hosted/onsite/offsite
solutions, offering flexibility but requiring careful management of data risks.
Host-Based Hypervisor (Type II): Installed onto a host operating system. Examples
include VMware Workstation, Oracle Virtual Box, and Parallels Workstation. Requires
support for the host OS.
● Bare Metal Hypervisor (Type I): Installed directly onto the computer hardware,
managing access to host hardware without a host OS. Examples include VMware
ESXi Server, Microsoft’s Hyper-V, and Citrix’s XEN Server. Requires only base
system requirements for the hypervisor.
● Virtual NIC (vNIC): Emulates standard hardware network adapters within virtual
machines (VMs), configurable like physical NICs.
● Virtual Switch (vSwitch): Implemented in software, analogous to physical
switches. Connects VMs and can bridge virtual and physical networks. Examples
include External (bridges to physical network), Internal (usable only by VMs on
the host), and Private (usable only by VMs).
● SAN provisions access to storage devices at block level, isolated from the main
network, accessed only by servers.
● Can integrate different storage technologies, allowing for tiered storage and
supporting different file access requirements.
163
● Fibre Channel: Uses fibre optic networks for high bandwidth, can operate over
long distances. Components include initiators, targets, and FC switches.
● Fibre Channel over Ethernet (FCoE): Delivers Fibre Channel packets over Ethernet
cabling, requiring converged network adapters (CNAs) and lossless Ethernet.
● iSCSI (Internet Small Computer System Interface): IP tunneling protocol enabling
SCSI data transfer over IP-based networks, an alternative to Fibre Channel.
Works with ordinary Ethernet adapters and switches.
164
Traffic Flows:
● North-South Traffic: Between clients outside the datacenter and servers inside.
● East-West Traffic: Between servers within the datacenter, predominant in cloud
and Internet services.
Overlay Networks:
● On-Premises: Located at the same site as the corporate client network, accessed
over Ethernet links.
● Branch Office Access: Uses technologies like Generic Routing Encapsulation
(GRE) or Multiprotocol Label Switching (MPLS) for secure connections.
● Colocation: Private servers installed in a shared datacenter, managed by a
colocation provider.
● Establishes private links with guaranteed service levels, isolating traffic from
other customers or public networks.
● Offers solutions for enterprise networking requirements, such as site-to-site
VPNs and traffic shaping.