0% found this document useful (0 votes)
13 views165 pages

CompTIA Network Study Note 1731172258

Uploaded by

Mazen Khan
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
13 views165 pages

CompTIA Network Study Note 1731172258

Uploaded by

Mazen Khan
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 165

1

CompTIA Network+
Study Notes

Donate to Cecelia’s education dreams here:


https://www.gofundme.com/f/support-ayebares-dream-for-higher-
education

Network+ is a registered trademark of COMPUTING TECHNOLOGY INDUSTRY


ASSOCIATION, INC (aka - CompTIA)

You can learn more about registered trademarks on the USPTO website.
2

Contents
Comparing OSI Model Network Functions .................................................................................. 58
Compare and Contrast OSI Model Layers .................................................................................. 58
Configure SOHO Networks ......................................................................................................... 60
Deploying Ethernet Cabling ........................................................................................................ 62
Summarize Ethernet Standards current, infrared light, or radio waves, to transmit signals. ...... 62
● Electromagnetic radiation creates carrier waves with specific bandwidths or frequency
ranges, and signals are transmitted over these waves through modulation and encoding
schemes. .................................................................................................................................... 62
● Encoding methods, such as transitioning between low and high voltage states, encode
digital information using characteristics of the wave like amplitude. More available bandwidth
allows for encoding greater amounts of data. ............................................................................ 62
● Bandwidth is typically measured in cycles per second or Hertz (Hz), but in data networking,
it refers to the amount of data transfer measured in bits per second (bps). .............................. 62
Copper Cable .............................................................................................................................. 62
● Copper cable transmits electrical signals and suffers from high attenuation, meaning
signals lose strength over long distances. .................................................................................. 62
● Two main types of copper cable are twisted pair and coaxial (coax), with twisted pair cable
rated to Cat standards. ............................................................................................................... 62
Fiber Optic Cable ......................................................................................................................... 62
● Fiber optic cable carries high frequency radiation in the infrared light spectrum, providing
higher bandwidth and less susceptibility to interference or attenuation compared to copper
cable. .......................................................................................................................................... 62
● Fiber optic cabling includes Single Mode (SMF) and MultiMode (MMF) types, categorized
further by Optical Mode designations (OM1, OM2, OM3, and OM4)............................................ 62
Ethernet Standards ..................................................................................................................... 62
● Ethernet standards, notably IEEE 802.3, ensure network cabling meets bandwidth
requirements, specifying bit rates and supported distances. ..................................................... 62
● Ethernet media specifications follow a convention like xBASE-y, indicating bit rate, signal
mode, and media type. ................................................................................................................ 62
Media Access Control and Collision Domains ............................................................................ 62
● Ethernet is a multiple access area network, with media access control (MAC) determining
when nodes can communicate on shared media. ....................................................................... 63
3

● Ethernet uses a contention-based MAC system, where each network node in the same
media shares the same collision domain.................................................................................... 63
● Collision detection mechanisms like Carrier Sense Multiple Access with Collision Detection
(CSMA/CD) detect and handle collisions, reducing available bandwidth. ................................... 63
Ethernet Standards Overview ...................................................................................................... 63
● Fast Ethernet (100BASE-TX) increases bit rate to 100 Mbps, using improved encoding
methods and autonegotiation protocols. .................................................................................... 63
● Gigabit Ethernet (1000BASE-T) further increases bit rate to 1000 Mbps (1 Gbps), typically
implemented only using switches. .............................................................................................. 63
● 10 Gigabit Ethernet (10 GbE) multiplies speed by 10, with specifications for 40 Gbps
operation as well, typically deployed in scenarios requiring very high bandwidth data transfers 63
Summarize Copper Cabling Types ............................................................................................. 64
Summarize Fiber Optic Cabling Types Fiber Optic Cable Considerations ................................. 65
Deploy Ethernet Cabling ............................................................................................................. 67
Deploying Ethernet Switching ..................................................................................................... 69
Deploy Networking Devices ........................................................................................................ 69
Explain Network Interfaces ......................................................................................................... 70
Deploy Common Ethernet Switching Features Ethernet Switch Types: ...................................... 71
Troubleshooting Ethernet Networks Explain Network Troubleshooting Methodology Network
Troubleshooting Methodology: 1. Identify the Problem: ............................................................ 73
● Gather Information: ............................................................................................................. 73
● Define the scope of the problem. ........................................................................................ 73
● Check system documentation, recent job logs, and vendor support sites. ......................... 73
● Identify Symptoms and Duplicate the Problem: .................................................................. 73
● Conduct physical inspection. .............................................................................................. 73
● Check system logs or diagnostic software. ........................................................................ 73
● Attempt to duplicate the issue on a test system. ................................................................ 73
● Question Users: ................................................................................................................... 73
● Ask open-ended and closed-ended questions to gather information. ................................. 73
● Determine if anything has changed since the problem started. .......................................... 73
● Approach Multiple Problems Individually: ........................................................................... 73
● Treat each issue as a separate case. .................................................................................. 73
● Check for related support or maintenance tickets. ............................................................. 73
2. Establish a Theory of Probable Cause: .................................................................................... 73
4

● Question the obvious and consider multiple approaches. .................................................. 73


● Use top-to-bottom or bottom-to-top OSI model approach. .................................................. 73
● Employ a divide and conquer approach. ............................................................................. 73
3. Test the Theory to Determine Cause: ...................................................................................... 73
● Gather enough data to form an initial theory. ...................................................................... 73
● Prove or disprove the theory using troubleshooting skills and tools. .................................. 73
● If unable to prove the cause, develop a new theory or escalate. ......................................... 73
4. Establish a Plan of Action: ...................................................................................................... 73
● Determine repair, replace, or ignore options........................................................................ 73
● Assess cost, time, and potential effects on the system. ..................................................... 73
● Consider change management plan for system or network environment changes. ........... 74
5. Implement the Solution: .......................................................................................................... 74
● Apply the solution directly if reverting to a known good configuration. .............................. 74
● Follow change management plan for system or network changes. .................................... 74
● Test after each change and document the process. ........................................................... 74
6. Verify Full System Functionality and Implement Preventive Measures: .................................. 74
● Validate that the solution fixes the reported problem. ........................................................ 74
● Ensure system continues to function normally. .................................................................. 74
● Implement preventive measures to avoid recurrence of the problem. ................................ 74
7. Document Findings, Actions, and Outcomes:.......................................................................... 74
● Record troubleshooting activity in a ticket system. ............................................................. 74
● Provide a complete description of the problem and its solution. ........................................ 74
● Write clearly and concisely for future reference and analysis. ............................................ 74
This methodology provides a structured approach to efficiently identify, diagnose, and resolve
network issues while minimizing downtime and ensuring smooth network operations. ............ 74
Troubleshoot Common Cable Connectivity Issues Exam Objectives Covered: Given a scenario,
troubleshoot common cable connectivity issues and select the appropriate tools. ................... 75
Specification and Limitations: ..................................................................................................... 75
● Understand how to assess and distinguish speed, throughput, and distance specifications
and limitations. ........................................................................................................................... 75
● Baud rate: number of symbols transmitted per second; measured in hertz (MHz or GHz). 75
● Nominal bit rate or bandwidth: amount of information transmitted, measured in bits per
second (bps). .............................................................................................................................. 75
5

● Throughput: average data transfer rate over time, excluding encoding schemes, errors, and
other losses. ............................................................................................................................... 75
● Speed measured in milliseconds (ms) also known as latency or delay. ............................. 75
Distance Limitations, Attenuation, and Noise: ............................................................................ 75
● Attenuation: loss of signal strength, expressed in decibels (dB). ........................................ 75
● Noise: unwanted signals causing interference, expressed as the signal to noise ratio (SNR).
75
Cable Issues: ............................................................................................................................... 75
● Troubleshooting cable connectivity focuses on physical layer issues. ............................... 75
● Components of an Ethernet link: transceiver, patch cables, structured cable, patch panel,
switch port. ................................................................................................................................. 75
● Verify patch cord connections and test transceivers using loopback tools. ....................... 75
● Use known working hosts or swap ports at the switch if needed........................................ 75
● Use cable testers to diagnose structured cabling issues. ................................................... 75
Loopback Plugs, Status Indicators, and Interface Configuration: ............................................... 75
● Loopback adapter: used to test for bad ports and network cards. ...................................... 75
● Check link lights or LED status indicators for connectivity.................................................. 75
● Verify settings on switch port and NIC for speed and duplex settings. ............................... 75
Cable Testers: ............................................................................................................................. 76
● Verify cable type and installation quality using cable testers. ............................................. 76
● Certifiers ensure installations meet performance standards. ............................................. 76
● Time Domain Reflectometer (TDR) locates cable faults. .................................................... 76
● Multimeter can check physical connectivity in absence of dedicated testers. .................... 76
Wire Map Testers and Tone Generators:..................................................................................... 76
● Identify wiring faults like continuity, shorts, incorrect terminations. ................................... 76
● Tone generator traces cables, especially useful in bundled or unlabeled setups. ............... 76
Attenuation and Interference Issues: .......................................................................................... 76
● Attenuation: loss of signal strength due to cable length; measured in decibels (dB). ......... 76
● Interference from sources like electrical cables, lights, motors, or radio transmitters can
degrade signal quality. ................................................................................................................ 76
Crosstalk Issues: ......................................................................................................................... 76
● Crosstalk indicates bad wiring, poor connectors, or improper termination. ........................ 76
● Measured in dB, higher values indicate less noise. ............................................................. 76
6

● Types of crosstalk include NEXT, ACR, and FEXT. .............................................................. 76


Cable Application Issues: ............................................................................................................ 76
● Differentiate between straight-through, crossover, and rollover cables. ............................. 76
● Patch cords should match application requirements. ......................................................... 76
● Consider Power over Ethernet (PoE) requirements for cable selection. .............................. 76
Fiber Optic Cable Testing Tools: ................................................................................................. 76
● Use optical source and power meter to test signal attenuation. ......................................... 76
● Optical Time Domain Reflectometer (OTDR) locates breaks in fiber optic cables. ............. 76
● Optical Spectrum Analyzer (OSA) ensures proper wavelength usage. ................................ 76
● Clean connectors and ensure correct transceivers for optimal performance. .................... 76
Explaining IPv4 Addressing Explain IPv4 Addressing Schemes 1. Introduction to IPv4 ........... 77
● The Transmission Control Protocol/Internet Protocol (TCP/IP) suite comprises protocols
and standards that facilitate modern network functionality. ...................................................... 77
● IPv4 (Internet Protocol version 4) serves as the core of this suite, providing logical
addressing and packet forwarding between different networks. ................................................ 77
● IPv4 packets are structured with a header containing fields for managing logical
addressing and forwarding functions. ........................................................................................ 77
2. IPv4 Datagram Header ............................................................................................................ 77
● The IPv4 header includes essential fields such as Version, Length, Protocol, and Total
Packet Size. ................................................................................................................................ 77
● The Protocol field identifies the encapsulated data in the payload, typically indicating
Transmission Control Protocol (TCP) or User Datagram Protocol (UDP). .................................. 77
● Other protocols running directly on IP include ICMP, IGMP, GRE, ESP, AH, EIGRP, and OSPF.
77
3. IPv4 Address Format............................................................................................................... 77
● IPv4 addresses consist of a network number (network ID) and a host number (host ID),
with each being 32 bits long. ...................................................................................................... 77
● Binary addresses are divided into four octets and are usually represented in dotted decimal
notation for easier human understanding. .................................................................................. 77
● Binary-to-decimal and decimal-to-binary conversions are essential skills for working with IP
addresses. .................................................................................................................................. 77
4. Network Masks ....................................................................................................................... 77
● A 32-bit network mask distinguishes between network ID and host ID in an IP address. ... 77
7

● Masks use binary 1s to reveal network ID portions, with contiguous 1s being crucial for
validity. ........................................................................................................................................ 77
● The AND operation between the mask and IP address helps derive the network ID. .......... 78
5. Subnet Masks ......................................................................................................................... 78
● Subnetting involves dividing networks into subnets, adding a hierarchical level that
includes a network ID, subnet ID, and host ID. ............................................................................ 78
● Subnet masks use high-order contiguous bits to delineate subnet boundaries. ................. 78
● Hosts within subnets use longer subnet masks for differentiation, allowing for more
efficient network management and resource allocation. ............................................................ 78
6. Host Address Ranges.............................................................................................................. 78
● The number of available host IDs within a network depends on the subnet mask and the
subnetting scheme employed. .................................................................................................... 78
● Subnetting enables the creation of smaller broadcast domains with fewer hosts, optimizing
network performance and management. .................................................................................... 78
Understanding IPv4 addressing schemes is fundamental to network configuration,
management, and troubleshooting, making it a crucial topic for network professionals to
master. ........................................................................................................................................ 78
Explain IPv4 Forwarding 1. Introduction to IPv4 Forwarding IP facilitates the creation of
interconnected networks (internetworks), requiring packets addressed to remote hosts to be
forwarded. ................................................................................................................................... 79
● Forwarding at Layer 3 is termed routing, while forwarding at Layer 2 is referred to as
switching. .................................................................................................................................... 79
2. Layer 2 versus Layer 3 Addressing and Forwarding ................................................................ 79
● Logical addressing (network, subnet, and host IDs) at Layer 3 maps to forwarding at the
data link Layer 2. ......................................................................................................................... 79
● Subnets are mapped to Layer 2 segments using switches, while routers connect different
subnets. ...................................................................................................................................... 79
● Nodes within a subnet communicate directly via MAC addresses, while communication
between subnets requires routing. .............................................................................................. 79
3. IPv4 Default Gateways ............................................................................................................ 79
● When comparing source and destination IP addresses, if the masked portions match, the
destination is assumed to be on the same subnet...................................................................... 79
● If masked portions don't match, the packet is forwarded to the default gateway (router) for
routing to a remote network. ....................................................................................................... 79
● Routers use routing tables to determine the appropriate interface for packet forwarding,
dropping packets if no suitable path is found. ............................................................................ 79
8

4. Address Resolution Protocol (ARP) ........................................................................................ 79


● ARP resolves IP addresses to hardware (MAC) addresses for local communication. ........ 79
● Local ARP resolution occurs within the same subnet using ARP requests and replies. ...... 79
● For communication outside the subnet, hosts use ARP to determine the MAC address of
the default gateway..................................................................................................................... 79
5. Unicast and Broadcast Addressing ......................................................................................... 79
● Unicast packets are sent to a single recipient's IP address, while broadcast packets are
sent to all hosts on a network or subnet. .................................................................................... 80
● Broadcast addresses are the last addresses in an IP network where all host bits are set to
1. 80
● Broadcast domains are established at Layer 3 by routers, which don't forward broadcasts
except in special cases. .............................................................................................................. 80
6. Multicast and Anycast Addressing .......................................................................................... 80
● Multicast allows one host to send content to multiple hosts interested in receiving it. ...... 80
● Multicast packets are sent to a special range of IP addresses and delivered using
multicast-capable switches. ....................................................................................................... 80
● Anycast addressing assigns the same IP address to a group of hosts, enabling load
balancing and failover between them. ........................................................................................ 80
Understanding IPv4 forwarding mechanisms is essential for network configuration and
troubleshooting, enabling efficient data transmission across interconnected networks. ........... 80
Configure IP Networks and Subnets 1. Virtual LANs (VLANs) and Subnets Modern Ethernet
networks use switches, where each port is typically in the same broadcast domain. ................ 81
● Excessive broadcast traffic can reduce performance, so VLANs are used to segment
networks logically. ...................................................................................................................... 81
● VLANs allow different groups of computers attached to the same switch(es) to appear as
separate LAN segments, each with its own broadcast domain. ................................................. 81
● At Layer 3, subnetting logically divides an IP network into smaller subnetworks, each with a
unique address............................................................................................................................ 81
2. Classful Addressing ................................................................................................................ 81
● Classful addressing was used in the 1980s before netmasks were developed to identify
network IDs. ................................................................................................................................ 81
● Class A, B, and C networks allocated network IDs based on the first octet of the IP address.
81
● Class A supports over 16 million hosts, Class B supports up to about 65,000 hosts, and
Class C supports 254 hosts. ....................................................................................................... 81
9

● Routers have performed classless routing for years, but class terminology is still widely
used. ........................................................................................................................................... 81
3. Public versus Private Addressing ............................................................................................ 81
● Public IP addresses can connect to other public IP networks over the Internet and are
governed by IANA. ...................................................................................................................... 81
● Private IP addresses, defined in RFC 1918, are non-routable over the Internet and can be
used within organizations. .......................................................................................................... 81
● Private address ranges include 10.0.0.0 to 10.255.255.255, 172.16.0.0 to 172.31.255.255,
and 192.168.0.0 to 192.168.255.255. ......................................................................................... 81
4. Automatic Private IP Addressing (APIPA) ............................................................................... 81
● APIPA allows clients unable to contact a DHCP server to communicate on the local
network by randomly selecting an address from 169.254.1.1 to 169.254.254.254. ................... 81
● These addresses are from the reserved private addressing range (169.254.0.0/16). ........ 82
5. Other Reserved Address Ranges ............................................................................................. 82
● Class D addresses (224.0.0.0 to 239.255.255.255) are used for multicasting. .................. 82
● Class E addresses (240.0.0.0 to 255.255.255.255) are reserved for experimental use and
testing. ........................................................................................................................................ 82
● Loopback addresses (127.0.0.0 to 127.255.255.255) are reserved for TCP/IP stack testing.
82
● Several other address ranges are reserved for special use, such as documentation and
examples..................................................................................................................................... 82
6. IPv4 Address Scheme Design ................................................................................................. 82
● Factors to consider when planning an IPv4 network addressing scheme include the
number of networks and subnets required, the number of hosts per subnet, and the need for
valid public or private ranges. ..................................................................................................... 82
● The subnetting process involves determining the number of subnets required, calculating
the number of hosts per subnet, and determining subnet IDs and host ranges for each subnet.
82
Understanding how to configure IP networks and subnets is crucial for network administrators
to optimize performance and security within organizations. By implementing VLANs, subnetting,
and understanding IP addressing schemes, administrators can efficiently manage network
resources and ensure smooth communication between hosts. ................................................. 82
Supporting IPv4 and IPv6 Networks Use Appropriate Tools to Test IP Configuration 1. IP
Interface Configuration in Windows Host adapters require appropriate IP addresses, subnet
masks, default gateway (router) addresses, and DNS server addresses for network
communication. .......................................................................................................................... 83
10

● Configuration can be static or dynamic (using DHCP). ....................................................... 83


● Commands like netsh and PowerShell cmdlets (Get-NetAdapter, Get-
NetIPAddress) are used for configuration and querying. ........................................................ 83
2. ipconfig ................................................................................................................................... 83
● Basic command for reporting IP configuration in Windows. ............................................... 83
● Usage: ipconfig displays IP address, subnet mask, and default gateway; ipconfig
/all shows complete TCP/IP configuration. ............................................................................. 83
● Additional switches include /renew and /release for DHCP lease management, and
/displaydns and /flushdns for DNS cache management. .................................................. 83
3. ifconfig and ip in Linux ............................................................................................................ 83
● Linux interfaces identified as eth0, eth1, etc., with different naming schemes emerging. .. 83
● Persistent configuration methods vary by distribution, including editing configuration files,
using NetworkManager, or employing systemd-networkd. ......................................................... 83
● ifconfig (legacy) and ip (modern) commands for reporting and configuring IP
addresses. .................................................................................................................................. 83
4. ARP Cache Utility .................................................................................................................... 83
● ARP caches MAC addresses associated with IP addresses on the local network. ............. 83
● arp utility used for ARP cache functions: -a to show cache contents, -s to add an entry,
and -d to delete entries. ............................................................................................................. 83
5. Internet Control Message Protocol (ICMP) and ping .............................................................. 83
● ICMP used for error reporting and connectivity testing. ...................................................... 83
● ping utility sends ICMP request packets to test connectivity. ........................................... 84
● Usage: ping IPAddress for basic connectivity test. ....................................................... 84
● Output interpretation includes successful replies, TTL values, and error messages like
"Destination host unreachable" or "Request timed out." ............................................................. 84
● Switches like -t for continuous pinging and -c for a set number of packets used in Linux.
84
Understanding and effectively utilizing these tools is essential for network administrators to
diagnose and troubleshoot IP configuration issues effectively. ................................................. 84
Troubleshoot IP Networks 1. Hardware Failure and Network Interface Issues Rule out physical
hardware failure and Data Link layer issues before diagnosing Network layer problems. .......... 85
● Power issues such as surges, spikes, brownouts, and blackouts can affect network
devices. UPSs provide temporary power during outages. ........................................................... 85
● Test for hardware failure in network adapters, switches, routers, and cables using
diagnostic tools. ......................................................................................................................... 85
11

2. Interface Status Issues ........................................................................................................... 85


● Check interface status using LED indicators and command line utilities. ........................... 85
● Verify line and protocol status and autonegotiation settings. ............................................. 85
● Check for mismatches in speed and duplex settings, collisions, and faulty NICs or drivers.
85
3. IP Configuration Issues ........................................................................................................... 85
● Check basic addressing and protocol configuration using ipconfig (Windows) or
ip/ifconfig (Linux). ............................................................................................................... 85
● Verify correct IP address, subnet mask, and default gateway settings. .............................. 85
● Ensure hosts in the same subnet have valid configurations to avoid communication issues.
85
4. Duplicate IP and MAC Address Issues .................................................................................... 85
● Detect duplicate IP addresses using arp utility and resolve by assigning unique addresses.
85
● Duplicate MAC addresses can lead to contention or split communications and should be
identified and fixed promptly. ..................................................................................................... 85
5. Problem Isolation .................................................................................................................... 85
● Use ping to perform connectivity tests: ............................................................................... 85
1. Ping loopback address (127.0.0.1). .................................................................................... 85
2. Ping local host IP address. .................................................................................................. 86
3. Ping default gateway IP address. ........................................................................................ 86
4. Ping other hosts on the same subnet.................................................................................. 86
5. Ping remote host IP address. .............................................................................................. 86
● Analyze ICMP responses and time-outs to identify potential issues at different layers of the
OSI model.................................................................................................................................... 86
6. Incorrect DNS Issues............................................................................................................... 86
● Verify DNS server configuration using ipconfig /all (Windows) or
/etc/resolv.conf (Linux)...................................................................................................... 86
● Check connectivity to DNS servers and resolve configuration errors to ensure proper name
resolution. ................................................................................................................................... 86
7. Multicast Flooding Issues ....................................................................................................... 86
● Enable IGMP snooping on switches to filter multicast traffic and prevent flooding to
unnecessary ports and VLANs. ................................................................................................... 86
12

● Multicast transmissions can consume bandwidth if not managed efficiently, especially in


VLAN environments. ................................................................................................................... 86
Explain IPv6 Addressing Schemes IPv4 versus IPv6 IPv4: Based on a 32-bit binary number,
allowing for 4.3 billion unique addresses. ................................................................................... 87
● IPv6: Utilizes a 128-bit addressing scheme, providing space for 340 undecillion unique
addresses, addressing the issue of IPv4 address exhaustion..................................................... 87
● Main Header: Fixed length, unlike IPv4, containing source and destination addresses. ..... 87
● Extension Headers: Optional, providing additional functionality such as fragmentation,
security, and source routing. ....................................................................................................... 87
● Payload: Data being transmitted. ........................................................................................ 87
● Consists of eight 16-bit numbers represented as 4 hex digits each. ................................... 87
● Can be compressed using double colon (::) for contiguous series of zeros. ....................... 87
● Example: 2001:db8::abc:0:def0:1234 .................................................................................. 87
● Divided into network ID (first 64 bits) and interface (last 64 bits). ...................................... 87
● Network addresses use classless notation (/nn) to denote the length of the network prefix.
87
● Example: 2001:db8:3c4d::/48 represents a network address, while
2001:db8:3c4d:0001::/64 represents a subnet within that network. ........................................... 87
● Identifies a single network interface. .................................................................................. 87
● Scoped: Global addresses for public addressing, link-local for private addressing............. 87
● Global addresses are routable over the Internet and start with 0010 or 0011 in binary. ..... 87
● 64-bit interface ID derived from MAC address or generated using privacy extensions. ...... 87
● Restricted to a single subnet, not forwarded by routers. ..................................................... 87
● Starts with fe80, with the last 64 bits representing the interface ID. ................................... 88
● Interface must be configured with a link-local address. ...................................................... 88
● Routable addresses can be assigned statically or using stateless address
autoconfiguration (SLAAC). ........................................................................................................ 88
● Performs functions like ARP and ICMP in IPv4. .................................................................. 88
● Supports address autoconfiguration, prefix discovery, local address resolution, and
redirection. .................................................................................................................................. 88
● Supports error and informational messaging, replaces ARP with Neighbor Discovery. ...... 88
● Used to send packets from a single source to multiple interfaces. .................................... 88
● No broadcast addresses; multicast addresses are used instead. ....................................... 88
● Dual stack hosts run both IPv4 and IPv6 simultaneously. ................................................... 88
13

● Tunneling can deliver IPv6 packets across IPv4 networks. ................................................. 88


● Common tunneling protocols 5 ........................................................................................... 88
Configuring and Troubleshooting Routers Compare and Contrast Routing Concepts 1. Routing
Tables and Path Selection: Routers facilitate packet forwarding between subnets or
internetworks. ............................................................................................................................. 89
● Routing tables store information about the location of other IP networks and hosts. ........ 89
● Parameters defining a routing entry include Protocol, Destination, Interface, and
Gateway/Next Hop. ..................................................................................................................... 89
● The most specific destination prefix is selected for forwarding if there are multiple
matches. ..................................................................................................................................... 89
2. Static and Default Routes: ....................................................................................................... 89
● Routing table entries include Direct network routes, Remote network routes, Host routes,
and Default routes....................................................................................................................... 89
● Directly connected routes are automatically added to the routing table for each active
router interface. .......................................................................................................................... 89
● Static routes are manually added and only change if edited by the administrator. ............. 89
● Static routes can be configured as non-persistent or persistent/permanent. ..................... 89
● Default routes are used when no exact match is found and are represented by destination
address 0.0.0.0/0 for IPv4 and ::/0 for IPv6. ............................................................................... 89
3. Packet Forwarding: ................................................................................................................. 89
● When a router receives a packet, it looks up a matching destination network IP address
and prefix in its routing table....................................................................................................... 89
● If a match is found, the router forwards the packet out of one of its interfaces,
encapsulating the packet in a new frame. .................................................................................. 89
● Packet forwarding can occur via directly connected networks, gateways, or other
interfaces. ................................................................................................................................... 89
● If no match is found, the packet is either forwarded via the default route or dropped. ....... 89
4. Hop Count: .............................................................................................................................. 89
● Each router along the path counts as one hop. ................................................................... 90
● Time to Live (TTL) IP header field is decreased at each router to prevent badly addressed
packets from circulating indefinitely. .......................................................................................... 90
● TTL is interpreted as a maximum hop count, and when it reaches 0, the packet is
discarded. ................................................................................................................................... 90
5. Fragmentation: ........................................................................................................................ 90
14

● IP provides best-effort delivery, and packets may be fragmented to fit within the Maximum
Transmission Unit (MTU) of the Data Link protocol frame. ........................................................ 90
● IPv4 uses ID, Flags, and Fragment Offset IP header fields to indicate packet fragmentation.
90
● IPv6 does not allow routers to perform fragmentation; instead, hosts perform path MTU
discovery to determine the MTU supported by each hop. ........................................................... 90
Compare and Contrast Dynamic Routing Concepts 1. Introduction to Dynamic Routing
Protocols: Dynamic routing protocols use algorithms and metrics to build and maintain a
routing information base. ............................................................................................................ 91
● These protocols allow routers to exchange routing information rapidly to prevent outages.
91
● Learned routes are communicated between routers, and each router maintains a routing
information base. ........................................................................................................................ 91
2. Topology and Metrics:............................................................................................................. 91
● Routing algorithms are categorized into distance vector or link state protocols. ............... 91
● Distance vector protocols prioritize routes based on the number of hops to the destination.
91
● Link state protocols build a complete topology database and calculate the shortest path
based on metrics. ....................................................................................................................... 91
3. Convergence: .......................................................................................................................... 91
● Convergence is the process where routers agree on the network topology. ....................... 91
● Routers must quickly adapt to changes like network additions, failures, or link failures to
avoid black holes and loops. ....................................................................................................... 91
4. Interior vs. Exterior Gateway Protocols: .................................................................................. 91
● Interior Gateway Protocols (IGP) operate within an autonomous system (AS). .................. 91
● Exterior Gateway Protocols (EGP) advertise routes between autonomous systems. ......... 91
● Examples include RIP (IGP), EIGRP (IGP/Hybrid), OSPF (IGP), and BGP (EGP). .................. 91
5. Routing Information Protocol (RIP): ........................................................................................ 91
● RIP is a distance vector protocol that prioritizes routes based on hop count. .................... 91
● RIP sends regular updates of its routing database to neighbors. ....................................... 91
● Versions include RIPv1 (classful), RIPv2 (classless with multicast), and RIPng for IPv6. ... 92
6. Enhanced Interior Gateway Routing Protocol (EIGRP): ........................................................... 92
● EIGRP is an advanced distance vector or hybrid protocol developed by Cisco. .................. 92
● It uses a composite metric based on bandwidth and delay. ............................................... 92
15

● EIGRP sends full updates only when topology changes, enhancing convergence
performance. .............................................................................................................................. 92
7. Open Shortest Path First (OSPF): ............................................................................................ 92
● OSPF is a widely adopted link state protocol suitable for large organizations with multiple
paths. .......................................................................................................................................... 92
● OSPF supports classless addressing and hierarchical network organization using areas. . 92
8. Border Gateway Protocol (BGP): ............................................................................................. 92
● BGP is used between routing domains in a mesh internetwork, primarily on the Internet. .. 92
● It's an exterior gateway protocol and prioritizes stability over rapid convergence. ............. 92
● BGP operates over TCP and uses path vector routing to select routes. .............................. 92
9. Administrative Distance and Classless Inter-Domain Routing (CIDR): .................................... 92
● Administrative distance determines the trustworthiness of a routing protocol. ................. 92
● CIDR allows efficient allocation of IP addresses and reduces routing table size. ............... 92
● Variable Length Subnet Masking (VLSM) further optimizes address allocation within a
network. ...................................................................................................................................... 92
Conclusion: ................................................................................................................................. 92
● Dynamic routing protocols vary in their operation, convergence performance, and
scalability. ................................................................................................................................... 92
● Understanding these protocols and their characteristics is crucial for network
administrators to design efficient and reliable networks. ........................................................... 92
Install and Troubleshoot Routers Edge Routers: ......................................................................... 93
Explaining Network Topologies and Types Explain Network Types and Characteristics Client-
Server versus Peer-to-Peer Networks: Definition: A network consists of nodes and links, with
end system nodes sending and receiving data traffic. These end system nodes are classified as
clients or servers. ........................................................................................................................ 96
● Server: Provides network applications and resources to other hosts. ................................ 96
● Client: Consumes the services provided by servers. ........................................................... 96
● Client-Server Network: ......................................................................................................... 96
● Nodes like PCs, laptops, and smartphones act as clients, while servers are more powerful
computers. .................................................................................................................................. 96
● Application services and resources are centrally provisioned, managed, and secured. ...... 96
● Peer-to-Peer Network: ......................................................................................................... 96
● Each end system acts as both client and server. ................................................................ 96
16

● Decentralized model where provision, management, and security of services and data are
distributed across the network. .................................................................................................. 96
● Typical Usage: ..................................................................................................................... 96
● Business and enterprise networks: Client-server. ............................................................... 96
● Residential networks: Peer-to-peer (or workgroup), though client-server elements can exist.
96
Network Types: ........................................................................................................................... 96
● Local Area Networks (LANs): .............................................................................................. 96
● Definition: Confined to a single geographical location, directly connected with cables or
short-range wireless tech. ........................................................................................................... 96
● Examples: Home networks, small office/home office (SOHO) networks, small and medium-
sized enterprise (SME) networks, enterprise LANs, datacenters. ............................................... 96
● Wireless LAN (WLAN): Based on Wi-Fi, open WLANs often called hotspots. ...................... 96
● Wide Area Networks (WANs): ............................................................................................. 96
● Definition: Network of networks connected by long-distance links, connecting main office
with branch offices, remote workers, or large LANs. .................................................................. 96
● Managed: Likely to use leased network devices and links managed by a service provider. 97
● Personal Area Networks (PANs): ........................................................................................ 97
● Definition: Close-range network links established between personal devices like
smartphones, tablets, headsets, printers, etc. ............................................................................. 97
● Growth: With increasing digital and network integration in everyday objects, PAN usage
continues to grow. ...................................................................................................................... 97
Network Topology: ...................................................................................................................... 97
● Physical Topology: .............................................................................................................. 97
● Description: Placement of nodes and their connections by network media. ....................... 97
● Example: Nodes directly connected via a single cable or to a switch via separate cables. . 97
● Logical Topology: ................................................................................................................ 97
● Description: Flow of data through the network. .................................................................. 97
● Example: Different physical implementations achieving the same logical layout. .............. 97
● Point-to-Point Link: .............................................................................................................. 97
● Description: Single link between two nodes, ensuring a level of bandwidth due to the 1:1
relationship. ................................................................................................................................ 97
● Star Topology: ..................................................................................................................... 97
17

● Description: Endpoints connected to a central node, facilitating easy reconfiguration and


troubleshooting. .......................................................................................................................... 97
● Mesh Topology: ................................................................................................................... 97
● Description: Fully connected nodes, often impractical, hence a hybrid approach is used for
redundancy and fault tolerance................................................................................................... 97
● Ring Topology: .................................................................................................................... 97
● Description: Closed loop where each node is wired to its neighbor, with dual rings for fault
tolerance. .................................................................................................................................... 97
● Bus Topology: ..................................................................................................................... 97
● Description: Shared access topology with all nodes sharing the bandwidth of the media. . 97
● Hybrid Topology: ................................................................................................................. 97
● Description: Mixture of point-to-point, star, mesh, ring, and bus topologies, often used for
redundancy and fault tolerance in WANs or hierarchical designs. .............................................. 97
Explain Tiered Switching Architecture Three-Tiered Network Hierarchy: Definition: Breaks down
large and complex network designs into smaller sections based on functions performed. ....... 98
● Model Example: Cisco’s design principles: access, distribution, and core layers. ............... 98
Access/Edge Layer: .................................................................................................................... 98
● Function: Allows end-user devices to connect to the network. ........................................... 98
● Implementation: Structured cabling, wall ports for wired access, access points for wireless
access, connected to workgroup switches. ................................................................................ 98
● Topology: End systems connect to switches in a star topology.......................................... 98
Distribution/Aggregation Layer: .................................................................................................. 98
● Function: Provides fault-tolerant interconnections between different access blocks and the
core or other distribution blocks. ................................................................................................ 98
● Implementation: Full or partial mesh links to routers or layer 3 switches. .......................... 98
● Policies: Implements traffic policies like routing boundaries, filtering, or quality of service
(QoS). .......................................................................................................................................... 98
● Capabilities: Layer 3 switches with higher port speeds for aggregation. ............................ 98
Core Layer: .................................................................................................................................. 98
● Function: Provides a highly available network backbone. ................................................... 98
● Purpose: Simplified to provide redundant traffic paths for data flow around access and
distribution layers........................................................................................................................ 98
● Topology: Establishes a full mesh topology with switches in distribution layer blocks. ..... 98
Spanning Tree Protocol (STP): .................................................................................................... 98
18

● Purpose: Organizes bridges or switches into a hierarchy to prevent switching loops. ........ 98
● Hierarchy: Root bridge at the top, switches determine shortest paths to the root. ............. 98
● States: Forwarding, blocking, listening, learning, disabled. ................................................. 99
● Implementation: Ensures all ports on all switches are in forwarding or blocking states for
network convergence. ................................................................................................................. 99
● Versions: Original 802.1D, 802.1D-2004/802.1w, Rapid STP (RSTP) for faster convergence.
99
Switching Loop and Broadcast Storm Issues: ............................................................................ 99
● Definition: Switching loop causes flooded frames to circulate perpetually, leading to a
broadcast storm.......................................................................................................................... 99
● Impact: Network utilization near maximum capacity, CPU utilization of switches increases.
99
● Resolution: Spanning tree shuts down the port to isolate the problem, investigate potential
loop causes like legacy equipment or unmanaged switches. ..................................................... 99
Explain Virtual LANs Definition: Segment groups of hosts in the same broadcast domain at the
data link layer. ........................................................................................................................... 100
● Managed switches allow the configuration of VLANs to isolate ports to separate broadcast
domains. ................................................................................................................................... 100
Benefits: .................................................................................................................................... 100
● Reduced Broadcast Traffic: Reduces broadcast traffic by segmenting the network. ....... 100
● Enhanced Security: Each VLAN can represent a separate zone, enhancing security. ....... 100
● Traffic Type Separation: Used to separate nodes based on traffic type and Quality of
Service (QoS) requirements. ..................................................................................................... 100
VLAN Implementation: .............................................................................................................. 100
● Typically configured with a 1:1 mapping between VLANs and subnets. ........................... 100
● VLANs can represent different IP networks or subnets. ................................................... 100
● Implementation reduces broadcast traffic, enhances security, and allows for QoS. ......... 100
Virtual LAN IDs and Membership: ............................................................................................. 100
● VLAN ID configuration typically takes place on the switch interface. ............................... 100
● Default VLAN ID is 1; all ports on a switch default to VLAN 1 unless configured differently.
100
Static VLAN Assignment: .......................................................................................................... 100
● Ports on the switch configured with a VLAN ID (2 to 4,094). ............................................ 100
● Nodes connected to configured ports belong to the specified VLAN. .............................. 100
19

● Each VLAN typically configured with its own subnet address and IP address range. ....... 100
Dynamic VLAN Assignment: ..................................................................................................... 100
● Nodes assigned to VLANs based on characteristics like MAC address or user
authentication. .......................................................................................................................... 101
Trunking and IEEE 802.1Q: ........................................................................................................ 101
● Multiple switches interconnected to build network fabric; interconnections referred to as
trunks. ....................................................................................................................................... 101
● Frames transported across trunks preserve VLAN ID (VID) using IEEE 802.1Q tagging. .. 101
● Tagged ports operate as trunks, capable of transporting traffic addressed to multiple
VLANs. ...................................................................................................................................... 101
Tagged and Untagged Ports: .................................................................................................... 101
● Untagged ports participate in a single VLAN, also known as access ports or host ports. 101
● Tagged ports operate as trunks, capable of transporting traffic addressed to multiple
VLANs. ...................................................................................................................................... 101
Voice VLANs: ............................................................................................................................ 101
● Dedicated VLAN for Voice over IP (VoIP) traffic to prioritize voice traffic over data. ........ 101
● Most VoIP endpoints incorporate an embedded switch to connect handsets and PCs to a
single port. ................................................................................................................................ 101
● Switches support voice VLANs to distinguish between PC and VoIP traffic without
configuring trunks manually...................................................................................................... 101
Explaining Transport Layer Protocols Compare and Contrast Transport Protocols Transport
Layer Ports and Connections: Layer 4 protocols manage delivery of multiplexed application
data. .......................................................................................................................................... 102
● Each application is assigned a unique port number for identification. .............................. 102
● Port numbers 0 through 1,023 are preassigned for well-known server applications. ........ 102
● Ports 1,024 through 49,151 are for registered server applications. .................................. 102
● Remaining ports up to 65,535 are for private or dynamic use. .......................................... 102
Transmission Control Protocol (TCP): ...................................................................................... 102
● Provides connection-oriented, guaranteed communication. ............................................. 102
● Uses acknowledgments to ensure delivery. ...................................................................... 102
● Operates at the Transport layer. ........................................................................................ 102
● Divides data into segments with headers. ........................................................................ 102
● Requires numerous header fields for sequencing, acknowledgments, and retransmissions.
102
20

● TCP handshake involves SYN, SYN/ACK, and ACK segments to establish connections. . 102
● TCP teardown involves FIN segments to close connections. ........................................... 102
User Datagram Protocol (UDP): ................................................................................................ 102
● Connectionless and non-guaranteed method of communication. .................................... 102
● No acknowledgments or flow control. .............................................................................. 102
● Operates at the Transport layer. ........................................................................................ 102
● Suitable for applications sending small amounts of data that do not require reliability.... 102
● Used for multicast, broadcast, and time-sensitive data transmission. .............................. 102
● Header size is 8 bytes compared to TCP's 20 bytes or more. ........................................... 102
Common TCP and UDP Ports:................................................................................................... 102
● Well-known and registered port numbers are assigned to various services and applications.
103
● Port numbers are used to identify different types of network traffic................................. 103
● Examples include FTP, SSH, Telnet, SMTP, DNS, HTTP, POP3, IMAP, SNMP, LDAP, HTTPS,
SMB, DHCP, and SIP.................................................................................................................. 103
Comparison: .............................................................................................................................. 103
● TCP provides reliable, connection-oriented communication, while UDP offers faster,
connectionless communication with less overhead. ................................................................ 103
● TCP ensures data delivery through acknowledgments and retransmissions, whereas UDP
does not guarantee delivery. ..................................................................................................... 103
● TCP is used for applications requiring reliability, while UDP is used for real-time
applications or those where occasional packet loss is acceptable. ......................................... 103
Contrast: ................................................................................................................................... 103
● TCP requires more overhead due to acknowledgments and sequencing, while UDP has
minimal overhead. .................................................................................................................... 103
● TCP is suitable for applications like file transfer and web browsing, while UDP is used for
real-time applications like VoIP and video streaming. .............................................................. 103
Use Appropriate Tools to Scan Network Ports IP Scanners: Network administrators use IP
scanners to verify connected devices and monitor network traffic. ......................................... 104
● IP scanning tools include Nmap, AngryIP, PRTG, and enterprise suites like ManageEngine,
Infoblox, SolarWinds, Bluecat, and Men & Mice. ....................................................................... 104
● IP scanning aids in host discovery and logical network topology mapping. ..................... 104
Nmap: ....................................................................................................................................... 104
21

● Nmap is a widely used open-source security scanner for IP scanning and penetration
testing. ...................................................................................................................................... 104
● It operates via command line or GUI (Zenmap) and can perform host discovery and port
scanning. .................................................................................................................................. 104
● Basic usage involves specifying the IP subnet or address to scan. .................................. 104
● Nmap sends TCP ACK packets to ports 80 and 443 by default to detect hosts. .............. 104
● Various scanning techniques like TCP SYN, TCP connect, and UDP scans are available. 104
● Custom scans and OS fingerprinting can be performed for detailed analysis. ................. 104
netstat: ...................................................................................................................................... 104
● netstat command provides visibility into local host ports and active connections. .......... 104
● On Windows, it displays active TCP connections and open ports using different switches.
104
● On Linux, it shows active connections of any type and offers switches for specific
connection types. ...................................................................................................................... 104
● Additional options include displaying numerical addresses, filtering by IPv4 or IPv6, and
showing process IDs and names. ............................................................................................. 104
Remote Port Scanners: ............................................................................................................. 104
● Remote port scanners perform probes from another machine or network to identify open
ports on target hosts. ................................................................................................................ 104
● Nmap supports various scanning techniques like TCP SYN, TCP connect, and UDP scans
for port scanning. ...................................................................................................................... 104
● Port scanning can reveal information about services running on target hosts and detect
security vulnerabilities. ............................................................................................................. 105
Protocol Analyzers: ................................................................................................................... 105
● Protocol analyzers work alongside packet capture tools to analyze network traffic. ....... 105
● They parse frames to reveal header fields and payload contents for packet-level analysis.
105
● Traffic analysis tools monitor statistics related to communication flows, bandwidth
consumption, active hosts, link utilization, and reliability. ......................................................... 105
● Wireshark is a commonly used protocol analyzer with features for packet analysis and
traffic analysis. ......................................................................................................................... 105
These tools enable network administrators to monitor network activity, troubleshoot issues, and
ensure network security. ........................................................................................................... 105
Explaining Network Services Explain the Use of Network Addressing Services Dynamic Host
Configuration Protocol (DHCP): DHCP is an automatic method for allocating IP addresses,
22

subnet masks, default gateways, and DNS server addresses to hosts when they join a network.
.................................................................................................................................................. 106
● Major operating systems support DHCP clients and servers, and many SOHO routers and
modems embed DHCP servers. ................................................................................................ 106
● Hosts are configured to use DHCP by specifying automatic IP address acquisition in their
TCP/IP configurations............................................................................................................... 106
● DHCP operates using UDP, with servers listening on port 67 and clients on port 68. ....... 106
DHCP Lease Process: ............................................................................................................... 106
● DHCP lease process involves four steps: Discover, Offer, Request, and Acknowledge
(DORA). ..................................................................................................................................... 106
● When a DHCP client initializes, it broadcasts a DHCPDISCOVER packet to find a DHCP
server. ....................................................................................................................................... 106
● The DHCP server responds with a DHCPOFFER packet containing an IP address and other
configuration information. ........................................................................................................ 106
● The client may choose to accept the offer using a DHCPREQUEST packet. ..................... 106
● If the offer is still available, the server responds with a DHCPACK packet. ....................... 106
● The client broadcasts an ARP message to check if the address is unused, and if so, it
starts using the address and options provided. ........................................................................ 106
DHCP Server Configuration: ...................................................................................................... 106
● DHCP servers are deployed as services of network operating systems or through
appliances like switches or routers. .......................................................................................... 106
● DHCP servers must be allocated a static IP address and configured with a range of IP
addresses, subnet masks, and optional parameters. ................................................................ 106
● A range of addresses and options configured for a single subnet is referred to as a scope.
106
● DHCP servers can manage multiple scopes, but each scope must correspond to a single
subnet. ...................................................................................................................................... 106
● DHCP servers can be configured to provide default options server-wide or scope-specific
options. ..................................................................................................................................... 107
DHCP Options: .......................................................................................................................... 107
● DHCP servers offer IP addresses and subnet masks, along with other IP-related settings
known as DHCP options. .......................................................................................................... 107
● Some common DHCP options include the default gateway, DNS server addresses, DNS
suffix, and other server options like time synchronization or VoIP proxy. ................................. 107
DHCP Reservations and Exclusions: ......................................................................................... 107
23

● DHCP reservations map MAC addresses to specific IP addresses within the DHCP server's
pool to ensure certain hosts retain the same IP address. ......................................................... 107
● DHCP relay agents forward DHCP traffic between subnets to allow centralized DHCP
server management. ................................................................................................................. 107
● IP helper functionality on routers supports DHCP relay agents by forwarding DHCP
broadcasts between subnets. ................................................................................................... 107
DHCPv6 Server Configuration: .................................................................................................. 107
● DHCPv6 provides additional option settings for IPv6 hosts but is often used for
supplemental configuration rather than IP address leasing. ..................................................... 107
● DHCPv6 operates on different ports (546 for clients, 547 for servers) and uses multicast
addresses for server discovery. ................................................................................................ 107
● DHCPv6 can operate in stateful mode (providing routable IP addresses) or stateless mode
(providing network prefix information)...................................................................................... 107
Explain the Use of Name Resolution Services Host Names and Fully Qualified Domain Names
(FQDNs): Host names and FQDNs provide human-readable labels for hosts on a network...... 108
● A host name is assigned to a computer by the administrator and must be unique on the
local network. ............................................................................................................................ 108
● An FQDN consists of a host name and a domain suffix, providing a unique identity for the
host within a particular network. ............................................................................................... 108
● Domain names must be registered with a registrar to ensure uniqueness within a top-level
domain. ..................................................................................................................................... 108
Domain Name System (DNS): ................................................................................................... 108
● DNS is a global hierarchy of distributed name server databases containing information on
domains and hosts. .................................................................................................................. 108
● DNS operates with 13 root level servers (A to M) and various top-level domains (TLDs)
such as .com, .org, .net, and country codes like .uk, .ca, .de. .................................................... 108
● DNS follows a hierarchical structure, with each level of servers having information about
servers at the next level down. .................................................................................................. 108
● DNS resolves FQDNs to IP addresses through iterative or recursive lookups. .................. 108
Name Resolution Using DNS: .................................................................................................... 108
● Name resolution starts when a user presents an FQDN to an application program.......... 108
● A stub resolver checks its local cache for the mapping and forwards the query to its local
name server if no mapping is found. ......................................................................................... 108
● DNS queries between name servers are typically performed as iterative lookups or
recursive lookups. ..................................................................................................................... 108
Resource Record Types: ........................................................................................................... 108
24

● DNS zones contain resource records used for name resolution. ...................................... 108
● Common resource record types include Start of Authority (SOA), Name Server (NS),
Address (A) for IPv4, Address (AAAA) for IPv6, Canonical Name (CNAME), Mail Exchange (MX),
Service (SRV), Text (TXT), and Pointer (PTR) records. .............................................................. 108
● Pointer records are used for reverse DNS querying to find the host name associated with a
given IP address. ....................................................................................................................... 108
Reverse DNS Querying: ............................................................................................................. 109
● Reverse DNS querying uses special domains like in-addr.arpa for IPv4 and ip6.arpa for IPv6
to find the host name associated with a given IP address. ....................................................... 109
● Reverse lookup zones store PTR records containing the host names associated with IP
addresses. ................................................................................................................................ 109
Reverse lookup zones are optional in DNS servers due to security concerns related to potential
exploitation by hackers. ............................................................................................................ 109
Configure DNS Services DNS Server Configuration: DNS servers are essential for the
functioning of the Internet and are required for Windows Active Directory and most Linux
networks. .................................................................................................................................. 110
● DNS servers can be configured to listen for queries on UDP port 53 and sometimes TCP
port 53 for larger record transfers or when using DNSSEC. ...................................................... 110
● DNS servers maintain the DNS namespace in zones, which can host records for multiple
domains. ................................................................................................................................... 110
● Primary name servers manage editable zone records, while secondary name servers hold
read-only copies obtained through zone transfers. ................................................................... 110
● The terms "master" and "slave" are deprecated in favor of "primary" and "secondary." .... 110
● Cache-only servers store non-authoritative answers derived from cached records. ......... 110
DNS Caching: ............................................................................................................................ 110
● Resource records are configured with a time to live (TTL) value, instructing resolvers how
long query results can be kept in cache. ................................................................................... 110
● DNS caching is performed by both servers and client computers, with each application on a
client potentially maintaining its own DNS cache. .................................................................... 110
● Changes to resource records can be slow to propagate due to server and client caching,
requiring careful management of TTL values. .......................................................................... 110
Internal versus External DNS: .................................................................................................... 110
● Internal DNS zones serve private network domains and should only be accessible to
internal clients. .......................................................................................................................... 110
● External DNS zones serve records accessible to Internet clients, such as web and email
services. .................................................................................................................................... 110
25

● DNS resolvers perform recursive queries for clients, either locating authoritative name
servers or forwarding requests to another server. .................................................................... 110
● It's essential to separate DNS servers hosting zone records from those servicing client
requests for non-authoritative domains. ................................................................................... 110
nslookup and dig: ...................................................................................................................... 110
● nslookup: A command-line tool for troubleshooting DNS name resolution in Windows
environments. It can query specific DNS servers for various record types. .............................. 111
● PowerShell: Provides a more sophisticated environment for DNS testing, offering cmdlets
like Resolve-DnsName. ............................................................................................................. 111
● dig: A command-line tool for querying DNS servers, commonly used with BIND DNS server
software. It can query specific DNS servers and display various resource records for a domain.
111
Both nslookup and dig are valuable tools for troubleshooting DNS issues and testing name
resolution configurations. ......................................................................................................... 111
Explaining Network Applications Explain the Use of Web, File/Print, and Database Services
HyperText Transfer Protocol (HTTP): HTTP is the foundation of web technology, allowing
clients to request resources from HTTP servers. ..................................................................... 112
● Clients connect to HTTP servers using TCP port 80 by default and submit requests using
URLs. ......................................................................................................................................... 112
● HTTP headers define request and response formats, while the payload usually serves
HTML web pages. ..................................................................................................................... 112
● Features include forms (POST) for submitting data from clients to servers and session
management with cookies. ....................................................................................................... 112
Web Servers: ............................................................................................................................. 112
● Websites are hosted on HTTP servers connected to the Internet, commonly leased from
ISPs. .......................................................................................................................................... 112
● Hosting options include dedicated servers, virtual private servers (VPS), cloud hosting, and
shared hosting. ......................................................................................................................... 112
● Major web server platforms include Apache, Microsoft Internet Information Server (IIS),
and nginx................................................................................................................................... 112
Secure Sockets Layer/Transport Layer Security (SSL/TLS): ..................................................... 112
● Developed to address security issues in HTTP, SSL/TLS encrypts data and provides
authentication between clients and servers. ............................................................................. 112
● SSL/TLS operates between the Application and Transport layers of the TCP/IP stack. ... 112
● HTTPS secures HTTP connections over TCP port 443, using digital certificates issued by
trusted certificate authorities. ................................................................................................... 112
26

File Transfer Protocol (FTP): ..................................................................................................... 112


● Used for transferring files to and from remote hosts, often for administrative purposes. 113
● FTP operates over TCP port 21, with data transfer modes including active and passive. . 113
● Trivial File Transfer Protocol (TFTP) is a lightweight protocol used for small file transfers,
running over UDP port 69. ......................................................................................................... 113
File and Print Services: .............................................................................................................. 113
● Server Message Block (SMB) provides file and print sharing services on Windows
networks, also supported by Samba for UNIX/Linux. ................................................................ 113
● SMB typically operates over TCP ports 139 or 445, with version 3 supporting message
encryption. ................................................................................................................................ 113
Database Services:.................................................................................................................... 113
● Relational databases store data in tables and are queried using Structured Query Language
(SQL). ........................................................................................................................................ 113
● Relational Database Management System (RDBMS) platforms include Oracle, Microsoft
SQL Server, MySQL/MariaDB, and PostgreSQL. ........................................................................ 113
● NoSQL databases offer flexible data structures and are accessed using APIs over HTTPS.
113
● Both RDBMS and NoSQL databases can be secured using TLS transport encryption. ..... 113
Understanding these services and protocols is crucial for network technicians to support and
troubleshoot various network applications and services effectively. ........................................ 113
Explain the Use of Email and Voice Services 1. Email Services: SMTP (Simple Mail Transfer
Protocol): .................................................................................................................................. 114
● Used for delivering email from one system to another. .................................................... 114
● Sender SMTP server discovers recipient SMTP server via domain name. ........................ 114
● SMTP servers registered in DNS using Mail Exchange (MX) and host records. ................ 114
● Does not queue messages indefinitely; retries at intervals before timing out. .................. 114
● Supports message encryption via TLS (SMTPS). .............................................................. 114
● Can use either STARTTLS or SMTPS for secure connections. .......................................... 114
● Typical ports: 25 for message relay between SMTP servers, 587 for mail client submission.
114
● Mailbox Access Protocols: ................................................................................................ 114
● POP (Post Office Protocol):............................................................................................... 114
● Version 3 (POP3) commonly used. ................................................................................... 114
● Allows clients to download messages from the server. .................................................... 114
27

● Uses TCP port 110 (unsecure) or 995 (secure POP3S). .................................................... 114
● Messages typically deleted from server upon download. ................................................. 114
● IMAP (Internet Message Access Protocol): ...................................................................... 114
● Supports multiple clients accessing the same mailbox simultaneously. .......................... 114
● Allows managing mailbox on the server (folders, deletion control). ................................. 114
● Uses TCP port 143 (unsecure) or 993 (secure IMAPS). .................................................... 114
2. Voice and Video Services: ..................................................................................................... 114
● Voice over IP (VoIP): ......................................................................................................... 114
● Replacing legacy voice services with IP-based protocols and products. .......................... 114
● Private Branch Exchange (PBX): ....................................................................................... 114
● Automated switchboard for an organization's voice lines................................................. 114
● Traditional (TDM-based) PBX being replaced by VoIP-enabled PBX. ................................ 114
● VoIP PBX routes calls over Ethernet network and supports features like voicemail. ........ 114
● Implemented as software on servers or hardware solutions. ........................................... 114
● VoIP Protocols: ................................................................................................................. 114
● SIP (Session Initiation Protocol): ....................................................................................... 115
● Widely used for session control. ....................................................................................... 115
● End-user devices assigned unique SIP addresses (SIP URIs). .......................................... 115
● Typically runs over UDP or TCP ports 5060/5061. ............................................................ 115
● RTP (Real-time Transport Protocol) and RTCP (RTP Control Protocol): ........................... 115
● Used for actual delivery of real-time data. ......................................................................... 115
● RTP delivers media data via UDP. ..................................................................................... 115
● RTCP monitors connection quality and provides reports. ................................................. 115
3. VoIP Phones and Gateways: ................................................................................................. 115
● VoIP phones can be software on computers/smartphones or dedicated hardware. ........ 115
● VLAN tagging used to segregate SIP control and RTP media traffic. ............................... 115
● Connection security similar to HTTPS using SIPS. ........................................................... 115
● VoIP gateways translate between VoIP systems and legacy voice equipment/networks
(POTS, PBX). ............................................................................................................................. 115
● Different types of gateways serve various functions such as connecting to telephone
networks or VoIP service providers. .......................................................................................... 115
Key Points: ................................................................................................................................ 115
28

● Email services use SMTP for message delivery and POP/IMAP for mailbox access. ....... 115
● VoIP replaces legacy voice services with IP-based protocols like SIP and RTP. ............... 115
● VoIP phones can be software or hardware, and VLAN tagging segregates voice traffic. . 115
● VoIP gateways translate between VoIP systems and legacy voice equipment/networks. 115
Ensuring Network Availability Explain the Use of Network Management Services 1. Secure
Remote Access: Secure Shell (SSH):........................................................................................ 116
● Primary means for secure remote access to UNIX, Linux servers, and network appliances.
116
● Supports terminal emulation and secure file transfer (SFTP). .......................................... 116
● Uses TCP port 22 by default. ............................................................................................. 116
● Identified by a public/private key pair (host key). .............................................................. 116
● Client authentication methods include username/password, public key, and Kerberos. .. 116
● Key management is crucial for security; compromised keys must be replaced promptly. 116
● Telnet: ............................................................................................................................... 116
● Protocol and terminal emulation software for transmitting shell commands. .................. 116
● Runs on TCP port 23. ........................................................................................................ 116
● Passwords and communications are not encrypted, making it vulnerable to packet sniffing.
116
● Considered insecure and should be disabled or replaced with secure access methods like
SSH.116
2. Secure Shell Commands: ...................................................................................................... 116
● Useful commands include sshd (start SSH server), ssh-keygen (create key pair), ssh-agent
(store private keys securely), ssh (connect to server), scp (file transfer), sftp (secure file
transfer). ................................................................................................................................... 116
3. Remote Desktop Protocol (RDP): .......................................................................................... 116
● Microsoft's protocol for remote GUI connections to Windows machines. ........................ 116
● Uses TCP port 3389. ......................................................................................................... 116
● Mainly used for remote administration of Windows servers or clients. ............................ 116
● Also used for application virtualization. ............................................................................ 116
4. Network Time Protocol (NTP): .............................................................................................. 117
● Synchronizes time-dependent applications....................................................................... 117
● Works over UDP on port 123. ............................................................................................ 117
● Utilizes hierarchical server structure (stratum levels). ...................................................... 117
● Client hosts use Simple NTP (SNTP) for time synchronization. ........................................ 117
29

● Incorrect time configuration can lead to network service access issues and authentication
failures. ..................................................................................................................................... 117
● Public NTP server pools can be used as time sources if local stratum 1 servers are not
available. ................................................................................................................................... 117
Key Points: ................................................................................................................................ 117
● SSH is the preferred method for secure remote access, offering encryption and various
authentication options. ............................................................................................................. 117
● Telnet is insecure due to lack of encryption and should be replaced with SSH. ............... 117
● RDP facilitates remote GUI connections to Windows machines. ...................................... 117
● NTP ensures time synchronization for network applications and services, critical for
authentication and security mechanisms. ................................................................................ 117
Use Event Management to Ensure Network Availability 1. Performance Metrics, Bottlenecks,
and Baselines: Performance Metrics: ...................................................................................... 118
● Bandwidth/throughput: Rate of data transfer measured in Mbps or Gbps........................ 118
● CPU and memory utilization: High utilization may indicate the need for upgrades. .......... 118
● Storage: Availability of storage space, crucial for device operation and application
efficiency................................................................................................................................... 118
● Bottlenecks: ...................................................................................................................... 118
● Points of poor performance that reduce overall network productivity. ............................. 118
● Can be device-related or user/application-related............................................................. 118
● Identification requires analysis of network utilization and errors. ..................................... 118
● Performance Baselines: .................................................................................................... 118
● Establish resource utilization metrics at a specific point in time for comparison. ............ 118
● Useful for assessing system responsiveness and planning upgrades. ............................. 118
2. Environmental Monitoring: .................................................................................................... 118
● Detects factors threatening appliance integrity or function (e.g., excessive temperatures,
fan speeds, flooding). ............................................................................................................... 118
● Internal sensors monitor device conditions; external sensors monitor ambient
environmental conditions.......................................................................................................... 118
3. Simple Network Management Protocol (SNMP): .................................................................. 118
● Framework for remote management and monitoring of network devices. ....................... 118
● SNMP Agents: ................................................................................................................... 118
● Maintain Management Information Base (MIB) containing device statistics. ................... 118
● Configured with community names for access control. .................................................... 118
30

● SNMP Monitor: .................................................................................................................. 118


● Polls agents for information from MIBs at regular intervals. ............................................ 118
● Receives trap operations as alerts for network administrator assessment. ..................... 118
4. Network Device Logs:............................................................................................................ 119
● Valuable sources of performance, troubleshooting, and security auditing information. ... 119
● Log types include system, security, application, and performance/traffic logs. ............... 119
● Log collectors and Syslog facilitate log aggregation and storage..................................... 119
5. Event Management: .............................................................................................................. 119
● Prioritizes events requiring immediate or long-term response.......................................... 119
● Categorizes events by severity levels for effective management. .................................... 119
● Automated alert systems generate alerts or notifications based on predefined thresholds.
119
● Log reviews involve real-time monitoring and later inspection and interpretation of
captured data for incident investigation and prevention. .......................................................... 119
Use Performance Metrics to Ensure Network Availability Network Metrics Quality of Service
(QoS): Supports real-time services like voice and video............................................................ 120
● Bandwidth: Measured in bits per second (bps), throughput at Layer 3, and goodput
available to an application. Bandwidth for audio depends on sampling frequency and bit depth.
Bandwidth required for video depends on image resolution, color depth, and fram rate. ......... 120
● Latency and Jitter: Latency is the time for transmission to reach the recipient, while jitter is
a variation in delay. Real-time applications are sensitive to these, causing issues like echo,
delay, and video slow down. ..................................................................................................... 120
Bandwidth Management ........................................................................................................... 120
● DiffServ (Differentiated Services): Classifies each packet passing through a device for
prioritized delivery, grouped into Best Effort, Assured Forwarding, and Expedited Forwarding. 120
● IEEE 802.1p: Classifies and prioritizes traffic at Layer 2. .................................................. 120
● Traffic Shaping: Controls traffic parameters, ensuring bandwidth and low latency for
priority traffic. ........................................................................................................................... 120
● QoS Architecture: Involves control plane, data plane, and management plane for traffic
prioritization and switching. ...................................................................................................... 120
Traffic Analysis Tools ............................................................................................................... 120
● Throughput Testers: Measure network throughput by transferring large files between
hosts. ........................................................................................................................................ 120
● Top Talkers/Listeners: Identify hosts generating the most outgoing or incoming traffic. 120
● Bandwidth Speed Testers: Test Internet links for speed and performance. ...................... 120
31

● NetFlow: Gathers traffic metadata and reports to a structured database, using exporters,
collectors, and analyzers........................................................................................................... 120
Interface Monitoring Metrics..................................................................................................... 120
● Link State: Measures if an interface is up or down............................................................ 120
● Resets: Number of times an interface has restarted. ........................................................ 121
● Speed: Rated speed of the interface. ................................................................................ 121
● Utilization: Data transferred over a period, average and peak utilization........................... 121
● Error Rate: Number of packets causing errors. ................................................................. 121
● Discards/Drops: Frames discarded due to various reasons. ............................................ 121
● Retransmissions: Data retransmitted due to packet loss. ................................................. 121
Troubleshooting Interface Errors .............................................................................................. 121
● CRC Errors: Calculated by interfaces, indicating frame rejection due to interference. ...... 121
● Encapsulation Errors: Prevent transmission and reception, often due to frame format
mismatches. ............................................................................................................................. 121
● Runt Frame Errors: Frames smaller than minimum size, usually caused by collisions. .... 121
● Giant Frame Errors: Frames larger than maximum size, caused by configuration
mismatches or jumbo frames. .................................................................................................. 121
Explaining Common Security Concepts Explain Common Security Concepts Establishing
Computer and Network Security: Developing processes and controls to protect data assets and
ensure business continuity. ...................................................................................................... 122
● Making network systems and hosts resilient to various attacks. ...................................... 122
Confidentiality, Integrity, and Availability (CIA) Triad: ................................................................ 122
● Confidentiality: Information should only be known to certain people. ............................... 122
● Integrity: Data is stored and transferred as intended, with any modification authorized... 122
● Availability: Information is accessible to authorized individuals for viewing or modification.
122
Vulnerability, Threat, and Risk: .................................................................................................. 122
● Vulnerability: A weakness that could be exploited to cause a security breach. ................ 122
● Threat: The potential for someone or something to exploit a vulnerability. ...................... 122
● Risk: The likelihood and impact of a threat actor exercising a vulnerability. ..................... 122
Security Risk Assessments: ...................................................................................................... 122
● Utilizing tools and techniques to ensure systems demonstrate properties of the CIA triad.
122
● Guided by security policies to evaluate and mitigate risks. ............................................... 122
32

● Risk management involves identifying, assessing, and mitigating vulnerabilities and threats
to essential business functions. ............................................................................................... 122
● Risk assessment evaluates systems and procedures for risk factors. ............................. 122
Posture Assessment: ................................................................................................................ 122
● Evaluating IT services governance and frameworks to fulfill business needs. ................. 122
● Security controls provide properties like confidentiality, integrity, availability, and non-
repudiation. ............................................................................................................................... 123
● Balancing the cost of security controls with associated risks. ......................................... 123
Process Assessment: ............................................................................................................... 123
● Focuses on mission essential functions and critical systems. ......................................... 123
● Business Impact Analysis (BIA) quantifies losses for various threat scenarios................ 123
● Business Continuity Planning (BCP) identifies controls and processes to maintain critical
workflows.................................................................................................................................. 123
Vulnerability and Exploit Types: ................................................................................................ 123
● Software vulnerabilities can lead to system compromise. ................................................ 123
● Exploits use vulnerabilities to gain control or damage systems. ...................................... 123
● Zero-day vulnerabilities are exploited before vendors release patches. ............................ 123
Unpatched and Legacy Systems: .............................................................................................. 123
● Unpatched systems lack updates, while legacy systems lack vendor support. ................ 123
● Vulnerabilities extend to network appliances and embedded systems. ............................ 123
Vulnerability Assessment: ......................................................................................................... 123
● Evaluates system security and compliance based on configuration states. ..................... 123
● Utilizes automated vulnerability scanners and Common Vulnerabilities and Exposures
(CVE). ........................................................................................................................................ 123
Threat Types and Assessment:................................................................................................. 123
● Identifies threat sources and profiles threat actors. ......................................................... 123
● External threats lack authorized access, while internal threats have permissions. ........... 123
● Threat research gathers tactics, techniques, and procedures (TTPs) of threat actors. .... 123
Security Information and Event Management (SIEM): .............................................................. 123
● Integrates vulnerability and threat assessment efforts through log data collection and
analysis. .................................................................................................................................... 124
● Correlates events to indicate risk or compromise and provides regulatory compliance. .. 124
Penetration Testing: .................................................................................................................. 124
33

● Uses authorized hacking techniques to discover exploitable weaknesses. ...................... 124


● Active testing of security controls to identify vulnerabilities. ............................................ 124
Privileged Access Management (PAM): .................................................................................... 124
● Prevents malicious abuse of privileged accounts through policies and controls. ............. 124
● Includes principles like least privilege, role-based access, and zero trust. ........................ 124
Vendor Assessment: ................................................................................................................. 124
● Evaluates risks in the supply chain for vulnerabilities and impacts on service. ................ 124
● Vendor management selects suppliers and assesses risks inherent in third-party products
or services. ................................................................................................................................ 124
Explain Authentication Methods Access Control System Overview: Access control system
governs interactions between subjects (users, devices, software) and objects (networks,
servers, databases). .................................................................................................................. 125
● Typically managed through Access Control Lists (ACLs) specifying subject permissions on
objects. ..................................................................................................................................... 125
Identity and Access Management (IAM) Processes: ................................................................ 125
1. Identification: Creating an account or ID for users/devices/processes on the network. .. 125
2. Authentication: Proving subject's identity when accessing resources. ............................. 125
3. Authorization: Determining subject's rights on resources. ................................................ 125
4. Accounting: Tracking authorized resource usage and detecting unauthorized access. ... 125
Multifactor and Two-Factor Authentication: ............................................................................. 125
● Authentication Factors: ..................................................................................................... 125
● Knowledge factor (e.g., password).................................................................................... 125
● Ownership factor (e.g., smart card). .................................................................................. 125
● Human or biometric factor (e.g., fingerprint). .................................................................... 125
● Behavioral factor (e.g., signature). .................................................................................... 125
● Location factor (e.g., GPS location). ................................................................................. 125
● Multifactor Authentication: Combines multiple authentication factors for stronger security.
125
● Two-Factor Authentication (2FA): Combines two authentication factors (e.g., smart card +
PIN). .......................................................................................................................................... 125
Local Authentication and Single Sign-On (SSO): ....................................................................... 125
● Local Authentication: Typically uses passwords or PINs stored as cryptographic hashes.
125
34

● Single Sign-On (SSO): Allows users to authenticate once and access compatible servers
without re-entering credentials. ................................................................................................ 125
● Kerberos: Provides SSO authentication, especially in Windows environments, using tickets.
126
Digital Certificates and Public Key Infrastructure (PKI): ............................................................ 126
● Digital Certificates: Used for server authentication (e.g., TLS) and user authentication. .. 126
● Public Key Infrastructure (PKI): Ensures validity of public keys through certificate
authorities (CAs). ...................................................................................................................... 126
Extensible Authentication Protocol (EAP) and IEEE 802.1X: ..................................................... 126
● EAP: Framework for various authentication protocols, often used with digital certificates.
126
● IEEE 802.1X: Provides network access control (NAC) for wired and wireless networks,
often with EAP. ......................................................................................................................... 126
RADIUS and TACACS+: ............................................................................................................. 126
● RADIUS: Widely used for client device access over switches, wireless networks, and VPNs.
126
● TACACS+: Similar to RADIUS but more flexible, often used for administrative access to
routers and switches. ................................................................................................................ 126
Lightweight Directory Access Protocol (LDAP): ........................................................................ 126
● LDAP: Protocol for querying and updating directory services. .......................................... 126
● LDAP Security: Can implement authentication through simple bind, SASL, or LDAPS for
secure access. .......................................................................................................................... 126
Conclusion: ............................................................................................................................... 126
Understanding various authentication methods and access controls is crucial for network
professionals to secure network resources effectively. From multifactor authentication to
directory services like LDAP, each method plays a vital role in ensuring network security and
access control........................................................................................................................... 126
Supporting and Troubleshooting Secure Networks Compare and Contrast Security Appliances
Security Appliance Overview: .................................................................................................... 127
● Security appliances such as firewalls, proxy servers, and intrusion detection/prevention
systems enforce access controls to ensure authorized use of the network. ............................ 127
● They perform filtering functions to analyze connection requests, allowing, denying, or
logging them based on predefined criteria................................................................................ 127
● Effective placement of security appliances depends on segmenting the network into clearly
defined areas. ........................................................................................................................... 127
35

● Segmentation is achieved using VLANs and subnets, creating separate broadcast


domains. ................................................................................................................................... 127
● Each segment, or zone, has its own security configuration. ............................................. 127
● Traffic between zones should be controlled using security devices like firewalls. ........... 127
● Internet-facing hosts are placed in the perimeter network zone, which allows external
access while protecting internal systems. ................................................................................ 127
● Perimeter network enables external clients to access data on private systems without
compromising internal network security. .................................................................................. 127
● Proxy servers in the perimeter handle connections between internal and external hosts. 127
● A screened subnet consists of two firewalls placed on either side of the perimeter network
zone. ......................................................................................................................................... 127
● The edge firewall filters traffic on the external interface, while the internal firewall filters
communications between the perimeter and LAN hosts. ......................................................... 127
● Packet Filtering Firewalls: Basic type, inspecting IP packet headers and applying rules
based on IP addresses, protocols, and port numbers. .............................................................. 127
● Stateful Inspection Firewalls: Maintain stateful information about sessions between hosts
to provide better security and performance. ............................................................................. 128
● Firewall selection depends on traffic volume and placement requirements. .................... 128
● Appliance firewalls are standalone hardware devices dedicated to firewall functions. .... 128
● Proxy servers forward requests on behalf of clients, providing traffic analysis and caching.
128
● Forward proxies handle outbound traffic, while reverse proxies handle inbound traffic. .. 128
● NAT translates between private and public IP addresses, conserving public addresses and
providing basic security. ........................................................................................................... 128
● Port Address Translation (PAT) allows multiple private IP addresses to map to a single
public address using different port numbers. ........................................................................... 128
● Network security should implement defense in depth strategies, placing security controls
throughout the network. ............................................................................................................ 128
● Examples include Network Access Control, honeypots, separation of duties, and intrusion
detection/prevention systems. ................................................................................................. 128
● IDS analyze network traffic or logs for suspicious activity and raise alerts based on
predefined signatures. .............................................................................................................. 128
● IPS can actively respond to threats, such as ending sessions or blocking attacker IP
addresses. ................................................................................................................................ 128
● Host-based IDS/IPS run on end systems to monitor local activity in addition to network-
based IDS/IPS. .......................................................................................................................... 128
36

Troubleshoot Service and Security Issues DHCP Issues Dynamic Host Configuration Protocol
(DHCP): ..................................................................................................................................... 129
● Provides IP addressing autoconfiguration to hosts without static IP parameters. ........... 129
● Windows clients failing to obtain a DHCP lease default to using an address in the
Automatic Private IP Addressing (APIPA) range (169.254.0.0/16). .......................................... 129
● Linux hosts use the APIPA range if they have Zeroconf support, leave the IP address set to
0.0.0.0, or disable IPv4 on the interface. ................................................................................... 129
● Possible Causes of Lease Failure: .................................................................................... 129
● DHCP server offline. .......................................................................................................... 129
● DHCP scope exhaustion. ................................................................................................... 129
● Router between client and DHCP server doesn't support BOOTP forwarding. .................. 129
● Rogue DHCP Server: .......................................................................................................... 129
● Clients could obtain leases from rogue servers, leading to incorrect IP configurations. .. 129
● Rogue servers may be deployed accidentally or maliciously. ........................................... 129
● Methods: ........................................................................................................................... 129
● Local cache check. ............................................................................................................ 129
● HOSTS file check............................................................................................................... 129
● Query DNS. ........................................................................................................................ 129
● DNS Configuration Issues: ................................................................................................ 129
● Without DNS servers, network client machines cannot connect to services or servers. ... 129
● Troubleshooting: ............................................................................................................... 129
● Verify DNS server addresses and DNS suffixes. ............................................................... 129
● Check DHCP server settings for correct configuration...................................................... 129
● Considerations: ................................................................................................................. 129
● Proper availability of services like DHCP and DNS across VLANs is essential. ................ 129
● Ensure routing is configured for VLAN-to-VLAN communications. ................................... 129
● Verify correct VLAN assignments for devices. .................................................................. 130
● Possible Causes: ............................................................................................................... 130
● Application or OS crashes. ................................................................................................ 130
● Server overload. ................................................................................................................ 130
● Network congestion or broadcast storms. ........................................................................ 130
● Denial of Service (DoS) attacks. ........................................................................................ 130
● Diagnosis: ......................................................................................................................... 130
37

● Check server resources and network latency. ................................................................... 130


● Monitor for unusual access patterns indicating attacks. .................................................. 130
● Impact: .............................................................................................................................. 130
● Misconfigurations can block services, ports, or addresses............................................... 130
● Diagnosis: ......................................................................................................................... 130
● Confirm firewall ACL configuration. .................................................................................. 130
● Test connections from inside and outside the firewall. .................................................... 130
● Causes: ............................................................................................................................. 130
● Certificate issuer not trusted. ............................................................................................ 130
● Certificate subject name mismatch. ................................................................................. 130
● Certificate expired or revoked. .......................................................................................... 130
● Resolution: ........................................................................................................................ 130
● Add trusted certificates to client devices. ......................................................................... 130
● Verify certificate common names. .................................................................................... 130
● NTP Issues: ....................................................................................................................... 130
● Network Time Protocol (NTP) synchronization for host time sources. ............................. 130
● BYOD Challenges: ............................................................................................................. 130
● Compatibility, support, and security issues with Bring Your Own Device (BYOD) models. 130
● Licensed Feature Issues:................................................................................................... 130
● Troubleshoot licensing or feature activation problems, such as evaluation period expiration
or exceeding seat counts. ......................................................................................................... 130
These troubleshooting steps cover a range of issues that may arise at the service and security
layers, providing a comprehensive approach to resolving network problems. .......................... 131
Deploying and Troubleshooting Wireless Networks Summarize Wireless Standards IEEE 802.11
Wireless Standards: Basics: WLANs are based on IEEE 802.11 standards, known as Wi-Fi. .... 132
● Physical Layer: Defines encoding data into radio carrier signals using modulation schemes.
132
● Carrier Methods: Provide resistance to interference from noise and other radio sources.
132
● CSMA/CA: Carrier Sense Multiple Access with Collision Avoidance manages contention.
132
● Virtual Carrier Sense: Reduces collisions with RTS/CTS flow control mechanism. .......... 132
● Evolution: Revised over time with different signaling and transmission mechanisms. ..... 132
IEEE 802.11a and 5 GHz Channel Bandwidth: ........................................................................... 132
38

● Frequency Bands: 2.4 GHz and 5 GHz. .............................................................................. 132


● Characteristics: 5 GHz supports more channels with less congestion but shorter ranges.
132
● 802.11a: Operates in the 5 GHz band with OFDM, offering a nominal data rate of 54 Mbps.
132
● Channel Allocation: Subdivided into non-overlapping channels, initially 11, later expanded
to 23. ......................................................................................................................................... 132
IEEE 802.11b/g and 2.4 GHz Channel Bandwidth: .................................................................... 132
● Standards: 802.11b and 802.11g use the 2.4 GHz band. .................................................. 132
● 802.11b: Utilizes DSSS with a nominal data rate of 11 Mbps. ........................................... 132
● 802.11g: Uses OFDM in the 2.4 GHz band, offering a nominal data rate of 54 Mbps. ...... 132
IEEE 802.11n, MIMO, and Channel Bonding: ............................................................................. 132
● 802.11n: Increases bandwidth using MIMO with up to 4 separate antennas. ................... 132
● MIMO Configurations: Identified by AxB:C notation, supporting spatial multiplexing. ...... 133
● Channel Bonding: Combines adjacent channels into a single 40 MHz channel for increased
bandwidth. ................................................................................................................................ 133
● Data Rates: Nominal data rate of 72 Mbps per stream, up to 600 Mbps with optimal
conditions. ................................................................................................................................ 133
● Wi-Fi 4: Renamed version of 802.11n for simplicity. ......................................................... 133
Wi-Fi 5 and Wi-Fi 6: .................................................................................................................... 133
● Wi-Fi 5 (802.11ac): Operates in the 5 GHz band with improved throughput and channel
bonding. .................................................................................................................................... 133
● Wi-Fi 6 (802.11ax): Uses more complex modulation for higher efficiency and aims for 10G
speeds. ..................................................................................................................................... 133
Multiuser MIMO (MU-MIMO): .................................................................................................... 133
● Functionality: Allows simultaneous connections to multiple stations, improving bandwidth.
133
● DL MU-MIMO: Enables AP to process spatial streams separately for simultaneous
connections. ............................................................................................................................. 133
● UL MU-MIMO: Allows stations to initiate beamforming with the access point. ................ 133
Cellular Technologies: ............................................................................................................... 133
● 2G and 3G: Based on GSM and CDMA, supporting voice calls with limited data access. . 133
● 4G and 5G: LTE and LTE-A offer improved data speeds, while 5G aims for faster speeds
and broader applications. ......................................................................................................... 133
39

This summary provides an overview of key wireless standards, including IEEE 802.11 variations,
Wi-Fi generations, and cellular technologies. ............................................................................ 133
Install Wireless Networks Infrastructure Topology and Wireless Access Points: Wireless
network devices are referred to as stations (STA), similar to nodes on a wired network. ......... 134
● Most wireless networks are deployed in an infrastructure topology where each station
connects through a base station or access point (AP), forming a logical star topology. .......... 134
● The AP mediates communications between client devices and can provide a bridge to a
cabled network segment. .......................................................................................................... 134
● In 802.11 documentation, this is referred to as an infrastructure Basic Service Set (BSS).
134
● More than one BSS can be grouped together in an Extended Service Set (ESS). .............. 134
Wireless Site Design:................................................................................................................. 134
● Clients join a WLAN through the Service Set Identifier (SSID), which can be up to 32 bytes
in length. ................................................................................................................................... 134
● In infrastructure mode, multiple APs connected to the same distribution system are
grouped into an Extended SSID (ESSID). ................................................................................... 134
● The area served by a single AP is referred to as a basic service area (BSA) or wireless cell,
while the area in which stations can roam between access points is referred to as an extended
service area (ESA). .................................................................................................................... 134
SSID Broadcast and Beacon Frame: ......................................................................................... 134
● A WLAN typically broadcasts its SSID to advertise its presence, allowing users to connect
to a named network. ................................................................................................................. 134
● A beacon frame broadcast by the AP advertises the WLAN and contains SSID, supported
data rates, signaling, and encryption/authentication requirements. ......................................... 134
Speed and Distance Requirements: .......................................................................................... 134
● Wi-Fi devices should have an indoor range of at least 30m (100 feet). ............................. 134
● 2.4 GHz radios support better ranges than 5 GHz ones, and later standards improve range
compared to earlier ones. ......................................................................................................... 134
● Dynamic Rate Switching/Selection (DRS) mechanism determines appropriate data rates
based on signal quality. ............................................................................................................ 135
Radio Interference and Planning: .............................................................................................. 135
● Radio signals can pass through solid objects but can be weakened or blocked by dense
materials. .................................................................................................................................. 135
● Interference can be caused by various devices like microwaves, cordless phones, etc. .. 135
● Planning a wireless network requires considering factors like range, interference, and site
survey is essential. .................................................................................................................... 135
40

Site Surveys and Heat Maps: .................................................................................................... 135


● Site survey involves examining blueprints, identifying interference sources, and marking
WLAN cells and APs on a new plan........................................................................................... 135
● Tools like Cisco Aironet, Metageek inSSIDer, or Ekahau Site Survey can be used to record
signal strength and generate heat maps. .................................................................................. 135
Wireless Roaming and Bridging: ............................................................................................... 135
● Clients can roam within an extended service area (ESA) by detecting stronger signals from
other APs with the same SSID................................................................................................... 135
● Wireless distribution system (WDS) allows multiple APs to cover areas where cabling is not
possible..................................................................................................................................... 135
● WDS can be used to bridge separate cabled segments. ................................................... 135
Wireless LAN Controllers: ......................................................................................................... 135
● Wireless LAN controllers enable centralized management and monitoring of multiple APs.
135
● They autoconfigure APs, aggregate client traffic, provide central switching, routing, and
VLAN assignment. .................................................................................................................... 135
Ad Hoc and Mesh Topologies: .................................................................................................. 135
● Ad hoc topology allows peer-to-peer connections without requiring an access point. ..... 136
● Mesh topology, defined by the 802.11s standard, forms a Mesh Basic Service Set (MBSS)
where nodes can relay transmissions between peers, making it scalable and suitable for IoT
networks. .................................................................................................................................. 136
Troubleshoot Wireless Networks Wireless Performance Assessment Signal Strength and
Interference Issues: .................................................................................................................. 137
● Similar to cabled networks, wireless networks face signal strength and interference
challenges. ................................................................................................................................ 137
● Ensure correct configuration of security and authentication parameters before diagnosing
Physical layer connectivity problems. ....................................................................................... 137
● Speed vs. Throughput: ...................................................................................................... 137
● Speed: Data rate at the physical and data link layers determined by standards, channel
bonding, and optimizations like MU-MIMO. .............................................................................. 137
● Throughput: Amount of data transferred at the network layer, accounting for overhead. . 137
● Attenuation and Signal Strength: ....................................................................................... 137
● Attenuation refers to signal weakening over distance, measured in decibels (dB). .......... 137
● Signal strength represented as the ratio of measurement to 1 milliwatt (mW), where 1 mW
= 0 dBm. .................................................................................................................................... 137
41

● Interference sources add to background noise, imposing distance limitations on client


access. ...................................................................................................................................... 137
● Received Signal Strength Indicator (RSSI): ........................................................................ 137
● Measures signal strength at the client end. ...................................................................... 137
● Lower dBm values indicate better performance. ............................................................... 137
● RSSI indices can vary; displayed as signal strength bars on adapters. ............................. 137
● Signal-to-Noise Ratio (SNR):.............................................................................................. 137
● Measures comparative strength of data signal to background noise. .............................. 137
● Higher dB values indicate better performance. ................................................................. 137
● Tools: Wi-Fi analyzer software for measuring RSSI and SNR. ........................................... 137
● Omnidirectional Antennas: ................................................................................................ 137
● Send and receive signals in all directions equally. ............................................................ 137
● Ceiling-mounted for best coverage. .................................................................................. 137
● Unidirectional Antennas: ................................................................................................... 137
● Focus signal in a single direction; useful for point-to-point connections. ......................... 137
● Types include Yagi and parabolic antennas. ..................................................................... 138
● Polarization: ...................................................................................................................... 138
● Ensures proper signal reception; antennas should match polarization. ............................ 138
● Optimization: ..................................................................................................................... 138
● Use site surveys and heat maps to determine optimal AP placement. ............................. 138
● Incorrect placement exacerbates attenuation and interference. ....................................... 138
● Signal Loss: ....................................................................................................................... 138
● Loss along coax cables connecting antennas to access points. ...................................... 138
● Consider cable types to minimize attenuation. ................................................................. 138
● Configuration:.................................................................................................................... 138
● Sum of transmit power, cable/connector loss, and antenna gain. .................................... 138
● Ensure compliance with regulatory limits. ........................................................................ 138
● Interference Types: ........................................................................................................... 138
● Co-channel interference (CCI) and adjacent channel interference (ACI). .......................... 138
● Maintain spacing between APs to minimize interference. ................................................ 138
● Overcapacity: .................................................................................................................... 138
● Maximum client density per AP varies; ensure adequate coverage. ................................. 138
42

● Bandwidth saturation due to client bandwidth consumption. ........................................... 138


● Interference Sources: ........................................................................................................ 138
● Reflection, refraction, absorption, and electromagnetic interference (EMI). ..................... 138
● Use spectrum analyzers to detect EMI and pinpoint sources. .......................................... 138
Configure and Troubleshoot Wireless Security 1. Wi-Fi Encryption Standards Wireless networks
require security settings to prevent interception of data........................................................... 139
● Encryption standards determine cryptographic protocols, key generation, and
authentication methods. ........................................................................................................... 139
● WEP (Wired Equivalent Privacy) and WPA (Wi-Fi Protected Access) were early standards,
but both had vulnerabilities. ...................................................................................................... 139
● WPA2 (Wi-Fi Protected Access 2) uses AES (Advanced Encryption Standard) and CCMP
(Counter Mode with Cipher Block Chaining Message Authentication Code Protocol) for stronger
security. .................................................................................................................................... 139
● WPA3 is designed to replace WPA2 due to identified weaknesses. ................................. 139
2. Personal Authentication ........................................................................................................ 139
● Three types of Wi-Fi authentication: personal, open, and enterprise. ................................ 139
● Personal authentication includes PSK (Pre-Shared Key) and SAE (Simultaneous
Authentication of Equals). ......................................................................................................... 139
● WPA2-PSK uses a passphrase to generate a key for encryption....................................... 139
● WPA3-SAE replaces the 4-way handshake with the Simultaneous Authentication of Equals
(SAE) protocol for enhanced security. ...................................................................................... 139
3. Enterprise/IEEE 802.1X Authentication ................................................................................. 139
● Enterprise authentication uses IEEE 802.1X and EAP (Extensible Authentication Protocol)
for secure authentication against a network directory. ............................................................. 139
● Implemented as WPA2-Enterprise or WPA3-Enterprise on access points. ....................... 139
● Supplicant credentials are validated by an AAA (RADIUS or TACACS+) server, and session
keys are derived for encryption. ................................................................................................ 139
4. Wi-Fi Security Configuration Issues ...................................................................................... 139
● SSID mismatch and passphrase errors can cause connectivity issues. ........................... 139
● Encryption protocol mismatches between client and AP can lead to connection failures.
139
● Client disassociation issues may arise from legitimate roaming or malicious attacks. ... 139
● Disassociation/deauthentication attacks can disrupt wireless infrastructure or exploit
disconnected stations. .............................................................................................................. 140
43

● Open authentication may require a captive portal for secondary authentication, often used
in public hotspots...................................................................................................................... 140
5. Open Authentication and Captive Portal Issues .................................................................... 140
● Captive portal issues can occur if HTTPS redirection does not work or if the portal lacks a
trusted digital certificate. .......................................................................................................... 140
● Users should use HTTPS for confidential data transmission over open networks or use
VPNs for added security. .......................................................................................................... 140
6. Teaching Tips ........................................................................................................................ 140
● Emphasize differences between WPA/TKIP and WPA/AES. ............................................. 140
● Demonstrate AP configuration settings or Wi-Fi analyzer software for hands-on learning.
140
● Note that 802.1X/EAP is also used for switch port authentication. .................................. 140
These study notes cover important aspects of configuring and troubleshooting wireless
security, including encryption standards, authentication methods, and common configuration
issues. Understanding these concepts is crucial for securing wireless networks effectively. .. 140
Comparing WAN Links and Remote Access Methods .............................................................. 141
Explain WAN Provider Links Introduction to Wide Area Networks (WANs) and the OSI Model:
WAN technologies facilitate data communications over larger distances compared to Local
Area Networks (LANs). ............................................................................................................. 141
● Enterprises often utilize WANs controlled by a single organization but supported by public
networks owned by telecommunications (telco) companies. ................................................... 141
● WAN Physical layer describes the media type and interface specifications. Modems are
typically used for copper cable provider links. .......................................................................... 141
● Legacy modems perform digital to analog modulation for low bandwidths, while digital
modems include DSUs, DSL modems, cable modems, and satellite modems. ........................ 141
WAN Provider Links Overview: .................................................................................................. 141
● Establishing WAN provider links involves terminating the access provider’s cabling at the
demarcation point (demarc) on the customer’s premises. ....................................................... 141
● Customer premises equipment (CPE), including modems and routers, are installed by the
customer and connected to the demarc. .................................................................................. 141
● Demarc and CPE should be installed securely to restrict access to authorized staff. ...... 141
T-Carrier and Leased Line Provider Links: ................................................................................. 141
● T-carrier system enables voice traffic digitization and data transport, with T1 lines
providing 1.544 Mbps full duplex digital connections. .............................................................. 141
● T1 lines terminate at the demarc on a smartjack or Network Interface Unit (NIU), connected
to the customer's Channel Service Unit/Data Service Unit (CSU/DSU). .................................... 141
44

Digital Subscriber Line (DSL) Provider Links: ............................................................................ 141


● DSL transfers data over voice-grade telephone lines, using frequencies above human voice
for communication. ................................................................................................................... 141
● DSL modems are installed as CPE, connecting to the provider's phone jack via RJ-11 and to
the local network's router via RJ-45 Ethernet port..................................................................... 142
Fiber to the Curb (FTTC) and Fiber to the Premises (FTTP): ..................................................... 142
● Fiber optic links aim to improve WAN access bandwidth, with solutions like FTTC and FTTP
terminating fiber links at the demarc. ....................................................................................... 142
● Very high-speed DSL (VDSL) supports FTTC, offering high bit rates over short distances.
142
Cable Provider Links: ................................................................................................................ 142
● Cable Internet connections combine fiber optic core networks with coaxial links to CPE,
offering broadband services. .................................................................................................... 142
● Cable modems interface with the access provider’s network via coax and with the local
network via Ethernet or USB. ..................................................................................................... 142
Metro-optical Provider Links: .................................................................................................... 142
● Carrier Ethernet provisions point-to-point or point-to-multipoint Ethernet leased lines over
WANs, often referred to as metro-optical provider links. .......................................................... 142
● Service categories include E-line (point-to-point) and E-LAN (mesh topology), offering
scalability and simplicity in configuration. ................................................................................ 142
Microwave Satellite Provider Links: .......................................................................................... 142
● Satellite systems provide wide coverage but suffer from latency issues due to signal travel
distance. ................................................................................................................................... 142
● Satellite Internet connections involve installing a VSAT dish at the customer’s premises,
aligning it with orbital satellites, and connecting it to a DVB-S modem. ................................... 142
Understanding WAN provider links is crucial for configuring enterprise WANs and selecting the
most suitable connectivity method for a network's requirements. ........................................... 142
Compare and Contrast Remote Access Methods Remote Network Access Authentication and
Authorization: Remote network access occurs over an intermediate network, often a public
WAN, rather than direct cabled or wireless connections. .......................................................... 143
● Historically, remote access might have used analog modems over the telephone system,
but nowadays, it's mostly implemented as a VPN over the Internet.......................................... 143
● Administering remote access involves tasks similar to those for the local network but with
added complexity due to the security risks associated with remote workstations and servers.
143
45

● Creating a remote access server (RAS) requires documentation of service use, security
risks, authorized users, and network manager authorization. Policies should restrict access,
define privileges, and log access logons and attempts. ........................................................... 143
Tunneling and Encapsulation Protocols: ................................................................................... 143
● Modern remote network access solutions use VPNs, setting up secure tunnels for private
communications over the Internet. ........................................................................................... 143
● VPNs depend on tunneling protocols like Point-to-Point Protocol (PPP) at the Data Link
layer and Generic Routing Encapsulation (GRE) at layer 3. ....................................................... 143
● GRE encapsulates an IP packet within its payload and is often used with other protocols in
a VPN solution. ......................................................................................................................... 143
● Internet Protocol Security (IPSec) operates at layer 3 to encrypt packets passing over any
network and is commonly used as a native VPN protocol. ....................................................... 143
● Transport Layer Security (TLS) can also be used to encapsulate frames or IP packets but
may add significant overhead. .................................................................................................. 143
Client-to-Site Virtual Private Networks: ..................................................................................... 143
● Client-to-site VPNs connect clients over the public network to a VPN gateway positioned
on the edge of the local network. .............................................................................................. 143
● Various protocols like SSL/TLS VPNs, Cisco's L2TP, and Microsoft's SSTP are used, often
requiring client software and AAA/RADIUS architecture for authentication. ............................ 143
● Split tunneling allows direct Internet access, while full tunneling routes all traffic through
the corporate network, offering better security but potentially causing latency issues. ........... 143
Remote Host Access and Remote Desktop Gateways: ............................................................. 144
● Remote host access allows users to configure network appliances or operate computers
remotely, often using Secure Shell (SSH) or remote desktop connections like Microsoft's
Remote Desktop Protocol (RDP). .............................................................................................. 144
● Remote desktop gateways enable user access to networked apps or virtual desktops,
providing GUI or terminal-only access....................................................................................... 144
Clientless VPNs: ........................................................................................................................ 144
● Clientless VPNs use HTML5 and WebSockets to allow browser-based access to remote
desktops or VPNs without requiring client software. ................................................................ 144
Site-to-Site Virtual Private Networks: ........................................................................................ 144
● Site-to-site VPNs connect multiple private networks, often using compulsory tunneling
between gateways to establish secure connections. ................................................................ 144
Hub and Spoke VPNs and VPN Headends: ............................................................................... 144
● Hub and spoke VPNs connect multiple remote sites to a central hub, often requiring
powerful VPN headends for aggregation and scalability. ......................................................... 144
46

Out-of-Band Management Methods: ......................................................................................... 144


● Managed network appliances support configuration and monitoring via various interfaces
like console ports, AUX ports, and management ports. ............................................................ 144
● Out-of-band management methods ensure access to network devices even if the main
network goes down, enhancing security and reliability. ............................................................ 144
Explaining Organizational and Physical Security Concepts Explain Organizational
Documentation and Policies Purpose of Organizational Documents and Policies: .................. 145
● Essential for managing and troubleshooting networks effectively. .................................. 145
● Ensure efficient administration and management of network infrastructure. ................... 145
● Provide guidelines and procedures for configuration management, change management,
security response, and more. .................................................................................................... 145
Configuration Management: ..................................................................................................... 145
● Involves identifying and documenting all infrastructure and devices. ............................... 145
● Implemented using ITIL elements: service assets, configuration items (CI), baselines,
Configuration Management System (CMS). ............................................................................. 145
● Baselines document approved states of CIs, aiding in auditing and change detection. .... 145
● CMS collects, stores, and manages information about CIs. .............................................. 145
Change Management: ............................................................................................................... 145
● Minimizes risk of unscheduled downtime by implementing changes in a planned,
controlled manner. .................................................................................................................... 145
● Reactive or proactive changes categorized by potential impact and risk.......................... 145
● Change process initiated with a Request for Change (RFC), followed by evaluation and
approval, especially for major changes. .................................................................................... 145
Standard Operating Procedures (SOP): ..................................................................................... 145
● Governs tasks with detailed steps and considerations like budget, security, or customer
contact. ..................................................................................................................................... 145
● Provides clear guidelines and lines of responsibility for task completion. ........................ 145
● Ensures consistency and adherence to approved procedures. ......................................... 145
System Life Cycle Plans: ........................................................................................................... 146
● Crucial for inventory management of tangible (devices) and intangible (software) assets.
146
● Includes audit reports for identifying and recording assets. ............................................. 146
● Utilizes inventory management software and databases for efficient tracking. ............... 146
Security Response Plans: .......................................................................................................... 146
47

● Incident Response Plan addresses security breaches or attempted breaches. ................ 146
● Disaster Recovery Plan focuses on large-scale incidents threatening site performance or
security. .................................................................................................................................... 146
● Business Continuity Plan ensures normal business operations during adverse events. ... 146
Hardening and Security Policies: .............................................................................................. 146
● Establish duty for employees to ensure data asset confidentiality, integrity, and availability.
146
● HR communicates and enforces security policies, manages onboarding and offboarding
processes. ................................................................................................................................ 146
Usage Policies:.......................................................................................................................... 146
● Password Policy guides users on credential selection and management. ....................... 146
● Acceptable Use Policy defines permitted uses of products or services. ........................... 146
● BYOD Policies govern the use of personally owned devices on corporate networks. ....... 146
Data Loss Prevention (DLP): ..................................................................................................... 146
● Prevents theft or loss of confidential data through scanning and policy enforcement. .... 146
● Utilizes DLP products to scan content and block unauthorized transfers. ........................ 146
Remote Access Policies: ........................................................................................................... 146
● Govern the use of remote access privileges, mitigating security risks associated with
remote connections. ................................................................................................................. 147
● Require malware protection, strong authentication, and restrict local privileges. ............. 147
Common Agreements: .............................................................................................................. 147
● Service Level Agreements (SLA) define terms of ongoing service provision. ................... 147
● Non-Disclosure Agreements (NDA) protect sensitive data and define permitted uses. .... 147
● Memorandum of Understanding (MOU) expresses intent to work together, often includes
confidentiality clauses. ............................................................................................................. 147
Explain Physical Security Methods Introduction: Physical security is crucial for network sites to
prevent unauthorized access and reduce the risk of intrusion. ................................................. 148
● This lesson explores various physical security methods to enhance the security of
premises. .................................................................................................................................. 148
Badges and Site Secure Entry Systems: .................................................................................... 148
● Prevention-type controls aim to stop intruders from gaining unauthorized access. ......... 148
● Access control hardware such as badge readers and electronic locks are deployed to
authenticate users quickly at access points. ............................................................................ 148
48

● Smart badges with integrated chips and cryptographic keys provide secure authentication.
148
● Biometric scanners authenticate users based on physical features like fingerprints or
retinas. ...................................................................................................................................... 148
Access Control Vestibule: ......................................................................................................... 148
● Simple entry mechanisms like doors or gates may not accurately record entries. ........... 148
● Turnstiles or access control vestibules mitigate risks by allowing one person at a time or
leading to an enclosed space protected by another barrier. ..................................................... 148
Physical Security for Server Systems: ....................................................................................... 148
● Similar access control measures can be used to manage access to IT assets. ............... 148
● Locking racks, cabinets, or smart lockers provide secure storage for equipment and
sensitive items. ......................................................................................................................... 148
Detection-Based Devices: ......................................................................................................... 148
● Surveillance mechanisms like cameras help detect intrusion attempts. .......................... 148
● CCTV networks and asset tags enable electronic surveillance of managed assets. ........ 148
● Alarms, both circuit-based and motion-based, provide additional security layers. ............ 148
Asset Disposal: ......................................................................................................................... 149
● Proper disposal of IT assets is crucial to prevent data breaches. ..................................... 149
● Secure erase methods for HDDs and SSDs ensure data is irrecoverable before disposal or
reuse. ........................................................................................................................................ 149
● Employee training is essential to prevent security breaches due to human error or
negligence. ................................................................................................................................ 149
Conclusion: ............................................................................................................................... 149
● Physical security methods play a critical role in preventing unauthorized access and
protecting IT assets. ................................................................................................................. 149
● A combination of prevention-type and detection-based controls, along with proper
employee training, is necessary for effective security measures. ............................................. 149
Compare and Contrast Internet of Things Devices Introduction to Internet of Things (IoT): IoT
refers to a global network of devices equipped with sensors, software, and network
connectivity. .............................................................................................................................. 150
● These devices communicate with each other and traditional systems, often termed
Machine to Machine (M2M) communication. ........................................................................... 150
Consumer-grade Smart Devices:............................................................................................... 150
● Used for home automation systems, consisting of: .......................................................... 150
49

● Hub/control system: Facilitates wireless networking and provides control, often operated
through smart speakers or smartphone apps. .......................................................................... 150
● Smart devices: Endpoints like lightbulbs, thermostats, or doorbells capable of remote
operation, often running on Linux or Android kernels. .............................................................. 150
Physical Access Control Systems and Smart Buildings: ........................................................... 150
● Physical access control systems (PACS) include monitored locks, alarms, and video
surveillance, while smart buildings integrate PACS with HVAC, fire control, power, and lighting
systems..................................................................................................................................... 150
● These systems are managed by programmable logic controllers (PLCs) and sensors
measuring various environmental parameters.......................................................................... 150
Industrial Control Systems/Supervisory Control and Data Acquisition (SCADA): ..................... 150
● Widely used in industries like energy, manufacturing, and logistics. ................................. 150
● Prioritize safety, availability, and integrity over confidentiality. ......................................... 150
● Comprise industrial control devices linked by networks, managed by supervisory control
and data acquisition (SCADA) systems. ................................................................................... 150
IoT Networks: ............................................................................................................................ 150
● Identified by unique serial numbers or codes, interconnected within the existing Internet
infrastructure. ........................................................................................................................... 150
● Utilize various networking standards like industrial Ethernet, cellular networks
(Narrowband-IoT, LTE-M), Z-Wave, and Zigbee. ........................................................................ 151
Placement and Security: ........................................................................................................... 151
● Consumer-grade devices connected to home Wi-Fi networks may have weak security
features, posing risks of shadow IT and remote working vulnerabilities. ................................. 151
● Smart buildings require robust security measures to prevent compromise of entry
mechanisms and climate/lighting controls. .............................................................................. 151
● ICS/SCADA networks, although typically separate from corporate data networks, require
careful monitoring and access controls at network links.......................................................... 151
Conclusion: ............................................................................................................................... 151
● IoT devices serve diverse purposes, from home automation to industrial control systems.
151
● Understanding their features, networking protocols, and security considerations is
essential for their effective deployment and integration with existing networks. ..................... 151
Explaining Disaster Recovery and High Availability Concepts Explain Disaster Recovery
Concepts High Availability: Availability: Percentage of time the system is online, measured over
a period (e.g., one year). ............................................................................................................ 152
50

● High availability: Characteristic of a system that guarantees a certain level of availability.


152
● Maximum Tolerable Downtime (MTD): States the requirement for a business function. . 152
● Metrics: ............................................................................................................................. 152
● Availability Annual MTD: Specifies the maximum downtime allowed for different availability
levels. ........................................................................................................................................ 152
● Recovery Time Objective (RTO): Period following a disaster that an IT system may remain
offline. ....................................................................................................................................... 152
● Work Recovery Time (WRT): Additional time post-recovery for integration, testing, and user
briefing. ..................................................................................................................................... 152
● Recovery Point Objective (RPO): Amount of data loss a system can sustain, measured in
time units. ................................................................................................................................. 152
Fault Tolerance and Redundancy: ............................................................................................. 152
● Fault: Event causing a service to become unavailable. ..................................................... 152
● Key Performance Indicators (KPIs): Assess reliability of assets. ...................................... 152
● Metrics: ............................................................................................................................. 152
● Mean Time Between Failures (MTBF) ............................................................................... 152
● Mean Time to Failure (MTTF) ............................................................................................ 152
● Mean Time to Repair (MTTR) ............................................................................................ 152
● Fault Tolerance: System's ability to continue service despite component failures. .......... 152
● Redundant components and systems: Ensure failover capability and uninterrupted service.
152
Recovery Sites: .......................................................................................................................... 152
● Disaster Recovery Plans (DRPs): Procedures to recover a system or site after a disaster.
153
● Site resiliency: Hot, warm, or cold site distinctions based on readiness and deployment
time. .......................................................................................................................................... 153
● Cloud solutions: Offer hot site redundancy, ensuring service continuity across geographic
regions. ..................................................................................................................................... 153
Facilities and Infrastructure Support: ........................................................................................ 153
● Environmental controls: Maintain optimal working conditions to prevent mechanical
issues. ....................................................................................................................................... 153
● Fire suppression systems: Detect and suppress fires based on the fire triangle principle.
153
51

● Power management: Ensure stable power supply through UPS, generators, and renewable
sources. .................................................................................................................................... 153
Network Device Backup Management: ..................................................................................... 153
● Backup policies: Guide execution and frequency of backups for network appliances. ..... 153
● Baseline configuration: Documented configuration used for device restoration. ............. 153
● Backup modes: State/bare metal and configuration file backups for system restore and
configuration import. ................................................................................................................ 153
● State information: Additional data like MAC tables and NAT tables, crucial for device
operation and security. ............................................................................................................. 153
These concepts underpin business continuity and disaster recovery operations, ensuring
system resilience and minimal downtime in the face of disruptions. ....................................... 153
Explain High Availability Concepts Multipathing: ...................................................................... 154
Applying Network Hardening Techniques ................................................................................. 156
Compare and Contrast Types of Attacks General Attack Types: Objective: Understand the
various types of attacks and their goals, such as exfiltrating information, misusing network
services, or compromising network availability. ....................................................................... 156
● Examples: Insider threats with privileged access, external threats installing malware. .... 156
Footprinting and Fingerprinting Attacks: ................................................................................... 156
● Objective: Enumerate or gather information about a network's topology and configuration.
156
● Techniques: Footprinting involves discovering network topology, often through social
engineering or port scanning. Fingerprinting identifies device and OS types and versions to
probe for vulnerabilities. ........................................................................................................... 156
Spoofing Attacks: ...................................................................................................................... 156
● Objective: Disguise identity or forge network information to appear legitimate. ............... 156
● Examples: Social engineering, phishing, pharming, exploiting protocol vulnerabilities (e.g.,
ARP, DNS). ................................................................................................................................ 156
Denial of Service (DoS) Attacks: ............................................................................................... 156
● Objective: Cause a service to fail or become unavailable to legitimate users. .................. 156
● Methods: Resource exhaustion, exploiting application vulnerabilities, physical attacks (e.g.,
cutting cables), diversionary tactics. ......................................................................................... 156
On-path Attacks (Man-in-the-Middle): ....................................................................................... 156
● Objective: Compromise connections between hosts to intercept and modify
communications. ...................................................................................................................... 156
● Techniques: ARP spoofing, DNS poisoning, intercepting and relaying communications. . 156
52

MAC Spoofing and IP Spoofing: ................................................................................................ 156


● Objective: Impersonate valid MAC or IP addresses to bypass access controls or mask the
origin of attacks. ....................................................................................................................... 157
● Examples: IP spoofing in DoS attacks to hide the attacker's identity. ............................... 157
Wireless Network Attacks: ........................................................................................................ 157
● Objective: Gain unauthorized access to wireless networks. ............................................. 157
● Examples: Rogue access points, evil twins (spoofing legitimate APs), deauthentication
attacks. ..................................................................................................................................... 157
Distributed DoS Attacks and Botnets: ....................................................................................... 157
● Objective: Launch coordinated attacks from multiple compromised hosts. ..................... 157
● Methods: SYN flood attacks, distributed reflection DoS attacks, using botnets for large-
scale attacks. ............................................................................................................................ 157
Malware and Ransomware Attacks:.......................................................................................... 157
● Objective: Infect systems to disrupt operations or extort money. ..................................... 157
● Types: Viruses, worms, Trojans, ransomware; crypto-malware encrypts files for ransom.
157
Password Attacks: .................................................................................................................... 157
● Objective: Obtain credentials to access networks or escalate privileges. ......................... 157
● Techniques: Dictionary attacks, brute force attacks, capturing password hashes from
network traffic. .......................................................................................................................... 157
Human and Environmental Attacks: .......................................................................................... 157
● Objective: Compromise security systems through social engineering or physical means.
157
● Examples: Phishing (via email or spoofed websites), shoulder surfing, tailgating,
piggybacking. ............................................................................................................................ 157
Understanding these attack types enables effective incident response and system hardening to
mitigate security risks. .............................................................................................................. 157
Apply Network Hardening Techniques Device and Service Hardening Change default
passwords/credentials ............................................................................................................. 158
● Default passwords should be changed on installation to prevent unauthorized access. .. 158
● Enforce password complexity/length requirements ......................................................... 158
● Passwords should be of sufficient length and complexity to resist guessing and cracking
attacks. ..................................................................................................................................... 158
● Avoiding common passwords ........................................................................................... 158
53

● Passwords should not be easily guessable or found in common password databases. .. 158
● Configure role-based access............................................................................................. 158
● Limit permissions for different administrative groups to reduce the impact of
compromised accounts. ........................................................................................................... 158
● Disable unneeded network services .................................................................................. 158
● Reduce the attack surface of devices by disabling unused services and protocols. ......... 158
● Disable unsecure protocols ............................................................................................... 158
● Encrypt communication channels to prevent eavesdropping and unauthorized access. .. 158
● Disable Unneeded Switch Ports ........................................................................................ 158
● Restrict access to physical switch ports to authorized staff. ............................................ 158
● MAC Filtering and Dynamic ARP Inspection...................................................................... 158
● Define which MAC addresses are permitted to connect to a port. .................................... 158
● Prevent ARP cache poisoning with dynamic ARP inspection. ........................................... 158
● DHCP Snooping................................................................................................................. 158
● Inspect DHCP traffic to prevent spoofing and rogue DHCP servers. ................................. 158
● Neighbor Discovery Inspection and Router Advertisement Guard .................................... 158
● Mitigate spoofing and on-path attacks for IPv6 networks................................................. 158
● IEEE 802.1X Port-Based Network Access Control (PNAC) ................................................ 158
● Authenticate devices before activating ports using EAPoL protocol. ............................... 158
● Use RADIUS server for authentication and assign appropriate VLANs based on
authentication results. .............................................................................................................. 158
● Private VLANs ................................................................................................................... 159
● Restrict communication between hosts within a VLAN. ................................................... 159
● Default VLAN and Native VLAN ......................................................................................... 159
● Default VLAN (ID 1) should remain unused for user data traffic. ...................................... 159
● Native VLAN is used for untagged traffic over trunk ports. ............................................... 159
● Principle of Least Access .................................................................................................. 159
● Only allow necessary traffic; use explicit deny rules. ........................................................ 159
● Control Plane Policing ....................................................................................................... 159
● Mitigate control plane vulnerabilities with ACLs and rate-limiting. ................................... 159
● Preshared keys (PSKs), Extensible Authentication Protocol ............................................. 159
● Implement authentication mechanisms for secure wireless access. ............................... 159
54

● Captive portal, MAC filtering, Geofencing.......................................................................... 159


● Additional measures for securing wireless networks. ....................................................... 159
● Regular audits and security procedures ............................................................................ 159
● Detect and secure IoT devices to prevent security risks. .................................................. 159
● Stay updated with vendor security advisories ................................................................... 159
● Apply patches and updates to address vulnerabilities. ..................................................... 159
● Firmware updates ............................................................................................................. 159
● Update firmware for network devices to address known vulnerabilities. .......................... 159
● Downgrading ..................................................................................................................... 159
● Carefully consider and test downgrade options when necessary. .................................... 159
These network hardening techniques help enhance security and protect against various threats
by implementing layered defenses and best practices. ............................................................ 159
Summarizing Cloud and Datacenter Architecture Summarize Cloud Concepts Cloud Scalability
and Elasticity: Cloud computing offers on-demand resources such as server instances, file
storage, and databases over a network, usually the Internet. ................................................... 160
● Consumers are not responsible for the underlying infrastructure but pay for the services
provided. ................................................................................................................................... 160
● Providers use virtualization for quick and easy provisioning of resources........................ 160
● Scalability involves linear costs when supplying services to more users, achieved through
adding nodes or resources to each node. ................................................................................. 160
● Elasticity refers to real-time handling of changes in demand without loss of service or
performance. ............................................................................................................................ 160
Cloud Deployment Models: ....................................................................................................... 160
● Public: Services offered over the Internet by cloud service providers (CSPs) to multiple
tenants. Offers subscriptions or pay-as-you-go financing. ........................................................ 160
● Hosted Private: Exclusive use of a cloud by an organization, hosted by a third party. Offers
better security but is more expensive. ...................................................................................... 160
● Private: Completely owned and managed by the organization, offering greater control over
privacy and security. ................................................................................................................. 160
● Community: Shared costs of hosting a private or fully private cloud by multiple
organizations for common concerns like standardization and security.................................... 160
● Hybrid: Combination of public/private/community/hosted/onsite/offsite solutions, offering
flexibility but requiring careful management of data risks. ....................................................... 160
Cloud Service Models (XaaS): ................................................................................................... 160
55

● Infrastructure as a Service (IaaS): Provisioning IT resources like servers and storage


components on-demand from a service provider's datacenter. ................................................ 160
● Software as a Service (SaaS): Accessing software applications hosted on supplier servers
on a pay-as-you-go basis........................................................................................................... 160
● Platform as a Service (PaaS): Provisioning resources between IaaS and SaaS, offering
server and storage infrastructure along with a multi-tier web application/database platform. 161
● Desktop as a Service (DaaS): Provisioning virtual desktop infrastructure (VDI) as a cloud
service, removing the need for client PC deployment and maintenance. .................................. 161
Cloud Connectivity Options: ...................................................................................................... 161
● Internet/Virtual Private Network (VPN): Simplest way to connect to cloud services, with
potential performance issues due to public Internet usage. ..................................................... 161
● Private-Direct Connection/Colocation: Higher bandwidth solution offering direct or private
links, preferred for more centralized operations. ...................................................................... 161
● Infrastructure as Code (IaC): Automation and orchestration fully replace manual
configuration for provisioning, ensuring consistency and reducing errors. .............................. 161
Cloud Security Implications: ..................................................................................................... 161
● Risks of potentially transferring confidential or commercially secret data over links beyond
enterprise control. ..................................................................................................................... 161
● Division of responsibility between "security of the cloud" (provider responsibility) and
"security in the cloud" (customer responsibility). ...................................................................... 161
● Legal and regulatory implications, including remaining directly liable for security breaches
and considering the risk of insider threats. ............................................................................... 161
● Need for effective security mechanisms, separation of duties, and assurances from service
providers regarding data protection. ......................................................................................... 161
Explain Virtualization and Storage Area Network Technologies Hypervisor Types: Host-Based
Hypervisor (Type II): Installed onto a host operating system. Examples include VMware
Workstation, Oracle Virtual Box, and Parallels Workstation. Requires support for the host OS. 162
● Bare Metal Hypervisor (Type I): Installed directly onto the computer hardware, managing
access to host hardware without a host OS. Examples include VMware ESXi Server, Microsoft’s
Hyper-V, and Citrix’s XEN Server. Requires only base system requirements fr the hypervisor. . 162
Virtual NICs and Switches: ........................................................................................................ 162
● Virtual NIC (vNIC): Emulates standard hardware network adapters within virtual machines
(VMs), configurable like physical NICs. ..................................................................................... 162
● Virtual Switch (vSwitch): Implemented in software, analogous to physical switches.
Connects VMs and can bridge virtual and physical networks. Examples include External (bridges
to physical network), Internal (usable only by VMs on the host), and Private usable only by VMs).
162
56

Network Function Virtualization (NFV): ..................................................................................... 162


● Allows VMs to communicate with other networks and services. ...................................... 162
● Configurable through IP parameters (static or DHCP) and security measures like firewalls.
162
● Supports virtual appliances, emulating hardware functions like routers or firewalls. ....... 162
Storage Area Networks (SAN): .................................................................................................. 162
● SAN provisions access to storage devices at block level, isolated from the main network,
accessed only by servers. ......................................................................................................... 162
● Can integrate different storage technologies, allowing for tiered storage and supporting
different file access requirements. ........................................................................................... 162
SAN Connection Types: ............................................................................................................ 163
● Fibre Channel: Uses fibre optic networks for high bandwidth, can operate over long
distances. Components include initiators, targets, and FC switches. ....................................... 163
● Fibre Channel over Ethernet (FCoE): Delivers Fibre Channel packets over Ethernet cabling,
requiring converged network adapters (CNAs) and lossless Ethernet. ..................................... 163
● iSCSI (Internet Small Computer System Interface): IP tunneling protocol enabling SCSI data
transfer over IP-based networks, an alternative to Fibre Channel. Works with ordinary Ethernet
adapters and switches. ............................................................................................................. 163
Explain Datacenter Network Architecture Introduction: Datacenters are vital for both on-
premises and cloud networks. .................................................................................................. 164
● Understanding different topologies and automation requirements is crucial for a
successful networking career. .................................................................................................. 164
Datacenter Network Design: ..................................................................................................... 164
● Dedicated to provisioning server resources, hosting network services, application servers,
and SANs. ................................................................................................................................. 164
● Contains dedicated networking, power, climate control, and physical access control
features. .................................................................................................................................... 164
● Unlike corporate networks, datacenters have no client PCs, only secure administrative
workstations (SAWs). ............................................................................................................... 164
Traffic Flows: ............................................................................................................................ 164
● North-South Traffic: Between clients outside the datacenter and servers inside. ............. 164
● East-West Traffic: Between servers within the datacenter, predominant in cloud and
Internet services........................................................................................................................ 164
Overlay Networks: ..................................................................................................................... 164
● Used for secure east-west traffic, avoiding bottlenecks. .................................................. 164
57

● Implement logical point-to-point links using encapsulation protocols and software-defined


networking. ............................................................................................................................... 164
● Often implemented using virtual extensible LANs (VXLANs). ........................................... 164
Software Defined Networking (SDN): ........................................................................................ 164
● Facilitates rapid provisioning and deprovisioning of server instances and networks using
automation and orchestration. .................................................................................................. 164
● Divides network functions into application, control, and infrastructure layers. ................. 164
● Inserts a control layer (SDN controller) between application and infrastructure layers,
enabling automation. ................................................................................................................ 164
Spine and Leaf Topology:.......................................................................................................... 164
● Provides efficient support for east-west traffic and overlay networks. ............................. 165
● Consists of spine (top-tier switches) and leaf (access switches) layers. .......................... 165
● Each server is a single hop from the backbone, enabling predictable network latency. .... 165
Datacenter Access Types: ........................................................................................................ 165
● On-Premises: Located at the same site as the corporate client network, accessed over
Ethernet links. ........................................................................................................................... 165
● Branch Office Access: Uses technologies like Generic Routing Encapsulation (GRE) or
Multiprotocol Label Switching (MPLS) for secure connections. ............................................... 165
● Colocation: Private servers installed in a shared datacenter, managed by a colocation
provider. .................................................................................................................................... 165
Multiprotocol Label Switching (MPLS): ..................................................................................... 165
● Establishes private links with guaranteed service levels, isolating traffic from other
customers or public networks. .................................................................................................. 165
● Offers solutions for enterprise networking requirements, such as site-to-site VPNs and
traffic shaping. .......................................................................................................................... 165
Software-defined WAN (SD-WAN): ............................................................................................ 165
● Overlay network facilitating secure connectivity to corporate clouds. .............................. 165
● Dynamically provisions links based on application requirements and network congestion.
165
● Utilizes automation and orchestration for provisioning, ensuring secure tunneling through
underlying transport networks. ................................................................................................. 165
Understanding datacenter network architecture involves grasping various topologies, traffic
flows, and technologies like SDN and SD-WAN for efficient and secure connectivity. .............. 165
58

Comparing OSI Model Network Functions

Compare and Contrast OSI Model Layers


Open Systems Interconnection Model (OSI Model):

● Developed by the International Organization for Standardization (ISO) to promote


understanding of network components' functionality.
● Divides the data communication process into seven discrete layers, each
performing different tasks required for network communication.

Mnemonic for OSI Layers: All People Seem To Need Data Processing

Data Encapsulation and Decapsulation:

● Network protocol functions include addressing (identifying where data messages


should go) and encapsulation (packaging data for transmission).
● Encapsulation adds headers at each layer to the data payload, forming Protocol
Data Units (PDUs).
● Decapsulation is the reverse process, extracting data at the receiving node.

OSI Model Layers:

1. Layer 1—Physical:
○ Responsible for transmission and receipt of signals.
○ Specifies physical topology, interface, and signal transmission/reception
processes.
○ Devices: Transceiver, repeater, hub, media converter, modem.
2. Layer 2—Data Link:
○ Transfers data between nodes on the same logical segment.
○ Organizes bits into frames and adds control information.
○ Devices: Network adapter, bridge, switch, wireless access point.
3. Layer 3—Network:
○ Moves data around networks of networks (internetwork).
○ Forwards information between networks based on logical network
addresses.
○ Main appliance: Router.
4. Layer 4—Transport:
○ Identifies network application by assigning port numbers.
○ Packages data into segments, adds port numbers for identification.
○ Ensures reliable data delivery if required.
59

○ Devices: Multilayer switches, advanced firewalls, intrusion detection


systems.
5. Upper Layers:
○ Layers 5 to 7 are less associated with distinct protocols and focus on
interfaces between applications and the transport layer.
6. Layer 5—Session:
○ Administers session establishment, data transfer, and session termination.
7. Layer 6—Presentation:
○ Transforms data between network and application formats.
○ Handles character set conversion, data compression, encryption.
8. Layer 7—Application:
○ Top layer providing interface for software programs on network hosts.
○ Offers various services such as web browsing, email, directory lookup,
etc.
60

Configure SOHO Networks


Exam Objectives Covered:

1.1 Compare and contrast the Open Systems Interconnection (OSI) model layers and
encapsulation concepts.

SOHO Routers:

● SOHO networks refer to small office/home office setups with a limited number
of computing devices typically relying on a single integrated appliance for local
and internet connectivity.
● The primary device in a SOHO network is the SOHO router, which serves as an
intermediary system forwarding traffic between the LAN and the WAN.

Physical Layer Functions:

● SOHO routers provide physical connections including RJ-45 ports for local
cabled networks (LAN ports), radio antennas for wireless signals, and modems
(cable or DSL) for connecting to the ISP’s network (WAN port).

Data Link Layer Functions:

● At layer 2, SOHO routers implement functions such as an Ethernet switch for LAN
connectivity and a wireless access point for Wi-Fi connectivity, bridging the
cabled and wireless segments.

Network Layer Functions:

● At layer 3, the SOHO router handles routing between the local private network
and the public internet, distinguishing between them using IP addresses. It runs a
DHCP server to allocate IP addresses to hosts connecting to it.

Transport and Application Layer and Security Functions:

● Security measures are implemented across layers to control network access.


Firewalls are configured to block traffic based on IP addresses and application
types.
61

● Each application is identified by a port number. Rules in the firewall can control
access based on these port numbers.
● Wireless networks are usually protected by encryption requiring passphrase-
based keys for access.
● Access to the router's management interface and configuration settings is
protected by an administrative passphrase.

The Internet:

● The WAN interface of the router connects the SOHO network to the Internet,
usually facilitated via the public switched telephone network (PSTN).

Internet Standards:

● Various organizations like IANA and IETF are responsible for managing IP
addresses, domain space, and developing internet standards and protocols.
● The Internet model simplifies the OSI model, dividing it into four layers: link,
internet, transport, and application.

Hexadecimal Notation:

● Hexadecimal notation (hex) is used to represent long sequences of bytes in


network addresses. It's base 16 with values 0-9 and A-F.
● Each hex digit corresponds to four binary digits, making it convenient for
expressing byte values.

This lesson provides a comprehensive overview of configuring SOHO networks,


covering physical, data link, network, transport, and application layer functions, along
with security measures and internet standards. Understanding hexadecimal notation is
also emphasized for network address interpretation.
62

Deploying Ethernet Cabling

Summarize Ethernet Standards


current, infrared light, or radio waves, to transmit signals.
● Electromagnetic radiation creates carrier waves with specific bandwidths or
frequency ranges, and signals are transmitted over these waves through
modulation and encoding schemes.
● Encoding methods, such as transitioning between low and high voltage states,
encode digital information using characteristics of the wave like amplitude. More
available bandwidth allows for encoding greater amounts of data.
● Bandwidth is typically measured in cycles per second or Hertz (Hz), but in data
networking, it refers to the amount of data transfer measured in bits per second
(bps).

Copper Cable

● Copper cable transmits electrical signals and suffers from high attenuation,
meaning signals lose strength over long distances.
● Two main types of copper cable are twisted pair and coaxial (coax), with twisted
pair cable rated to Cat standards.

Fiber Optic Cable

● Fiber optic cable carries high frequency radiation in the infrared light spectrum,
providing higher bandwidth and less susceptibility to interference or attenuation
compared to copper cable.
● Fiber optic cabling includes Single Mode (SMF) and MultiMode (MMF) types,
categorized further by Optical Mode designations (OM1, OM2, OM3, and OM4).

Ethernet Standards

● Ethernet standards, notably IEEE 802.3, ensure network cabling meets bandwidth
requirements, specifying bit rates and supported distances.
● Ethernet media specifications follow a convention like xBASE-y, indicating bit
rate, signal mode, and media type.

Media Access Control and Collision Domains


63

● Ethernet is a multiple access area network, with media access control (MAC)
determining when nodes can communicate on shared media.
● Ethernet uses a contention-based MAC system, where each network node in the
same media shares the same collision domain.
● Collision detection mechanisms like Carrier Sense Multiple Access with Collision
Detection (CSMA/CD) detect and handle collisions, reducing available
bandwidth.

Ethernet Standards Overview

● Fast Ethernet (100BASE-TX) increases bit rate to 100 Mbps, using improved
encoding methods and autonegotiation protocols.
● Gigabit Ethernet (1000BASE-T) further increases bit rate to 1000 Mbps (1 Gbps),
typically implemented only using switches.
● 10 Gigabit Ethernet (10 GbE) multiplies speed by 10, with specifications for 40
Gbps operation as well, typically deployed in scenarios requiring very high
bandwidth data transfers
64

Summarize Copper Cabling Types


Copper Termination Standards
● Each conductor in a 4-pair data cable is color-coded, with pairs assigned colors (Blue,
Orange, Green, or Brown).
● The ANSI/TIA/EIA 568 standard defines two termination methods for Ethernet
connectors: T568A and T568B.
● In T568A, green pairs are wired to pins 1 and 2, and orange pairs to pins 3 and 6. T568B
swaps these pairs.
● Organizations should avoid mixing T568A and T568B standards, with T568A being
mandated by the US government and residential cabling standards.

Plenum- and Riser-rated Cable

● Plenum spaces in buildings, designed for HVAC systems, are also used for
communications wiring. Plenum cable must meet strict fire safety standards to minimize
smoke emission and be self-extinguishing.
● Plenum-rated cable uses treated PVC or Fluorinated Ethylene Polymer (FEP) jackets.
General purpose cables use PVC jackets.
● Cabling between floors is referred to as riser cabling and must be fire-stopped to prevent
fire spread. Riser-rated cable must also adhere to fire safety standards, though less
strict than plenum-rated cable.

Coaxial and Twinaxial Cable and Connectors

● Coaxial cable consists of a core conductor enclosed by plastic insulation and surrounded
by a wire mesh acting as shielding and ground. It's categorized using the Radio Grade
(RG) standard based on core conductor thickness and cable impedance.
● Coax cables are terminated using F-type connectors, commonly used in CATV and
broadband cable modems.
● Twinaxial cable, similar to coax but with two inner conductors, is used for datacenter
interconnects like 10 GbE and 40 GbE. It's terminated using SFP+ Direct Attach Copper
(DAC) and QSFP+ DAC transceivers.
65

Summarize Fiber Optic Cabling Types

Fiber Optic Cable Considerations


● Fiber optic media offers higher bandwidth and longer distance support compared to
copper wire, making it ideal for long-distance telecommunications and high-speed
networking in data centers.
● Fiber optic signaling uses pulses of infrared light, which are immune to interference,
interception, and attenuation.
● A single optical fiber consists of three elements: core (transmission path), cladding
(reflects signals back into the core), and buffer (protective coating).
● Multiple fibers are often bundled within a cable to allow simultaneous transmission and
reception or provide links for multiple applications.
● Various outer jacket designs and materials are available for different installations, with
components like Kevlar strands and fiberglass rods used for protection against bending
or kinking.

Single Mode Fiber and Multimode Fiber

● Fiber optic cables are categorized by mode, composition (glass/plastic), and


core/cladding size.
● Single Mode Fiber (SMF) has a small core and long wavelength, supporting high data
rates over long distances. It's graded as OS1 for indoor and OS2 for outdoor use.
● Multimode Fiber (MMF) has a larger core and shorter wavelength, supporting lower data
rates and shorter distances compared to SMF. It's graded as OM1/OM2 and OM3/OM4
based on manufacturing differences.

Fiber Optic Connector Types

● Fiber optic connectors come in various form factors, with different types preferred for
single mode or multimode applications.
● Connector types include Straight Tip (ST), Subscriber Connector (SC), Local Connector
(LC), and Mechanical Transfer Registered Jack (MTRJ), each offering specific features
like push-and-twist locking mechanism or small form factor.

Fiber Ethernet Standards

● Ethernet standards over fiber specify cable types and maximum distances for different
data rates, with variants for long and short wavelength optics.
● Fiber is commonly used for backbone cabling in office networks and for high-bandwidth
workstation applications.
66

Fiber Optic Cable Installation

● Fiber optic installation follows similar topologies as copper cable using distribution
frames and switches, with long-distance cables laid as trunks or rings with repeaters or
amplifiers.
● Patch cords for fiber optic must maintain correct polarity to ensure proper signal
transmission, with connectors often keyed to prevent incorrect insertion.
● Connectors have different finishing types like Physical Contact (PC), Ultra Physical
Contact (UPC), and Angled Physical Contact (APC), each suited for specific applications
and performance requirements.
67

Deploy Ethernet Cabling


Structured Cabling System:
● Work Area: Space where user equipment connects to the network, usually via wall ports.
● Horizontal Cabling: Connects user work areas to the nearest horizontal cross-connect
(HCC), typically runs through wall ducts or ceiling spaces.
● Backbone Cabling: Connects HCCs to the main cross-connect (MCC), runs vertically
between floors.
● Telecommunications Room: Houses HCCs, serves as a termination point for horizontal
cabling, and connects to backbone cabling.
● Entrance Facilities/Demarc: Where external cabling joins internal cabling, marks the
transition between access provider's network and the organization's network.

Cable Management:

● 66 Block: Older-style distribution frame for terminating telephone cabling and legacy
data applications.
● 110 Block: Supports higher frequencies (Cat 5 and better), arranged horizontally for
better density and labeling.
● BIX and Krone Distribution Frames: Single-piece designs, common in North America
(BIX) and Europe (Krone), respectively.
● Patch Panel/Patch Bay: Simplifies moves, adds, and changes (MACs), allows
reconfiguration by changing patch cable connections.

Wiring Tools and Techniques:

● Cable Installation: Pulling cable carefully from the telecommunications closet to the work
area, avoiding bends and proximity to electrical power cables.
● Termination Tools: Punchdown tools for IDCs, block tools for terminating groups of
connectors, cable crimpers for creating patch cords.
● Fusion Splicing: Mechanically splicing cables using adhesive junction boxes or fusion
splicers for a more permanent join.
● Transceivers: Modular, hot-swappable devices for terminating different cable and
connector types, converting between media types.

Transceiver Types:

● GBIC/SFP/SFP+: Used for Gigabit Ethernet, with SFP+ supporting 10 GbE.


● QSFP/QSFP+: Supports 4 x 1 Gbps links or 4 x 10 Gbps links, typically used with
parallel fiber and MPO termination.
68

● Wavelength Division Multiplexing (WDM): Utilizes a single fiber strand to transmit and/or
receive multiple channels simultaneously, with variations like BiDi, CWDM, and DWDM
supporting different channel configurations.
69

Deploying Ethernet Switching

Deploy Networking Devices


Repeaters and Media Converters:

● Repeaters: Overcome distance limitations by boosting signals along a cable run,


working at the physical layer (Layer 1) of the OSI model, transparent to the network
infrastructure.
● Media Converters: Transition from one cable type to another, working at the physical
layer, available as standalone or rack-mounted appliances, examples include:
○ Single mode fiber to twisted pair converters.
○ Multimode fiber to twisted pair converters.
○ Single mode to multimode fiber converters.

Hubs:

● Act as multiport repeaters, forwarding transmissions from any port to all other ports.
● Operate only at the Physical layer.
● All ports are part of the same shared media access area and collision domain.
● Node interfaces are half-duplex, using CSMA/CD protocol.
● MDI (Medium Dependent Interface) and MDI-X (MDI crossover) interfaces distinguish
between end system and intermediate system interfaces.

Bridges:

● Work at the data link layer (Layer 2) to establish separate physical network segments
while maintaining a single logical network.
● Reduce collisions by segmenting the network.
● Create separate collision domains, isolating segments from each other.
● Build MAC address tables to track addresses associated with each port.
● Forward traffic only to the appropriate segment.
● Create a single logical network, referred to as a layer 2 broadcast domain.

Layer 2 Switches:

● Perform functions similar to bridges but on a larger scale with more ports.
● Establish microsegmentation, with each port as a separate collision domain.
● Establish point-to-point links between network nodes.
● Collision occurs only in half-duplex mode and affects only the microsegment.
● All switch ports are in the same broadcast domain by default, unless VLANs are
configured.
70

Explain Network Interfaces


Network Interface Cards (NICs):

● Responsible for physically connecting a node to the transmission medium.


● Most Ethernet adapters support Gigabit Ethernet, Fast Ethernet, and 10BASE-T for
copper cabling.
● Adapters for fiber links or higher bandwidth channels like 10 GbE or 40 GbE come at a
premium price.
● NICs may have multiple ports on the same card for connections to different networks or
for link aggregation.

Ethernet Frame Format:

● Preamble: Used for clock synchronization and early collision detection in the CSMA/CD
protocol.
● Error Checking: Contains a 32-bit checksum (CRC) or Frame Check Sequence (FCS)
for error detection.
● Media Access Control (MAC) Address Format: A unique 48-bit (6-byte) identifier
assigned to each Ethernet port.
● Broadcast Address: Consists of all 1s (ff:ff:ff:ff:ff:ff) and is used for broadcast and
multicast transmissions.
● Frame Length and Maximum Transmission Unit (MTU): Payload size can range from 46
to 1500 bytes, with the minimum frame length being 64 bytes to comply with CSMA/CD.
Some Ethernet products support jumbo frames with larger MTUs.

tcpdump and Packet Filtering:

● tcpdump: A network packet analyzer that captures and displays packets transmitted or
received over a network.
● Filtering: tcpdump can filter packets based on various criteria such as host, network,
port, protocol, direction, and more using Boolean operators and parentheses for
grouping.
● Other Tools: ngrep and netcat can also be used for packet capture and analysis, with
ngrep supporting regular expressions for filtering.

Wireshark:

● Function: Open-source graphical packet capture and analysis utility.


● Interface: Displays captured packets in a three-pane view showing each frame, its fields,
and raw data in hex and ASCII.
● Installation: Available for most operating systems with installer packages.
71

Deploy Common Ethernet Switching Features


Ethernet Switch Types:
● Variety: Ethernet switches come in various models to support different network sizes and
requirements.
● Basic vs. Advanced: Basic switches may have fewer ports and limited expansion
capabilities, while advanced switches offer features like high-speed backplanes,
expandable capacity, redundancy, management consoles, and fiber optic connectivity.
● Dominant Vendors: Cisco's Catalyst and Nexus platforms dominate the market, but other
notable vendors include HP Enterprise, Huawei, Juniper, Arista, Linksys, D-Link,
NETGEAR, and NEC.

Switch Interface Configuration:

● Managed vs. Unmanaged: Managed switches allow configuration of settings, while


unmanaged switches typically require no configuration.
● Command Line Interface (CLI): Managed switches can be configured via a CLI, with
different modes like User EXEC, Privileged EXEC, and Global configuration mode.
● Commands: Common commands like "show config" and "show interface" are used to
view and manage switch configurations and interface states.

Auto MDI/MDI-X:

● Function: Ensures correct communication between devices by automatically adjusting


for different wiring configurations.
● Implementation: Most modern switches support auto MDI/MDI-X, which detects cable
type and configures the port accordingly.

MAC Address Table and Port Security:

● MAC Address Learning: Switches learn MAC addresses by reading source addresses
from received frames and storing them in a MAC address table.
● Port Security: Validates MAC addresses of connected devices, ensuring only authorized
devices can access the network through a specific port.

Port Aggregation:

● Definition: Combining multiple physical links into a single logical channel to increase
bandwidth and redundancy.
● Protocols: Link Aggregation Control Protocol (LACP) is commonly used to manage port
aggregation.
72

Port Mirroring:

● Purpose: Copies traffic from one or more source ports to a mirror (destination) port for
analysis.
● Applications: Used for network monitoring, packet sniffing, intrusion detection, etc.

Jumbo Frames and Flow Control:

● Jumbo Frames: Support larger data payloads, reducing processing overhead and
improving efficiency for certain types of traffic.
● Flow Control: IEEE 802.3x allows a server to pause traffic temporarily to prevent buffer
overflow, improving network performance.

Power Over Ethernet (PoE):

● Definition: Supplies electrical power to connected devices over Ethernet cables.


● Standards: IEEE 802.3af, 802.3at (PoE+), and 802.3bt (Ultra PoE) define different
power levels and capabilities.
● Benefits: Allows for efficient power delivery to devices like VoIP phones, IP cameras,
and wireless access points, reducing clutter and enabling centralized management.
73

Troubleshooting Ethernet Networks

Explain Network Troubleshooting Methodology


Network Troubleshooting Methodology:

1. Identify the Problem:


● Gather Information:
● Define the scope of the problem.
● Check system documentation, recent job logs, and vendor support sites.
● Identify Symptoms and Duplicate the Problem:
● Conduct physical inspection.
● Check system logs or diagnostic software.
● Attempt to duplicate the issue on a test system.
● Question Users:
● Ask open-ended and closed-ended questions to gather information.
● Determine if anything has changed since the problem started.
● Approach Multiple Problems Individually:
● Treat each issue as a separate case.
● Check for related support or maintenance tickets.

2. Establish a Theory of Probable Cause:

● Question the obvious and consider multiple approaches.


● Use top-to-bottom or bottom-to-top OSI model approach.
● Employ a divide and conquer approach.

3. Test the Theory to Determine Cause:

● Gather enough data to form an initial theory.


● Prove or disprove the theory using troubleshooting skills and tools.
● If unable to prove the cause, develop a new theory or escalate.

4. Establish a Plan of Action:

● Determine repair, replace, or ignore options.


● Assess cost, time, and potential effects on the system.
74

● Consider change management plan for system or network environment changes.

5. Implement the Solution:

● Apply the solution directly if reverting to a known good configuration.


● Follow change management plan for system or network changes.
● Test after each change and document the process.

6. Verify Full System Functionality and Implement Preventive Measures:

● Validate that the solution fixes the reported problem.


● Ensure system continues to function normally.
● Implement preventive measures to avoid recurrence of the problem.

7. Document Findings, Actions, and Outcomes:

● Record troubleshooting activity in a ticket system.


● Provide a complete description of the problem and its solution.
● Write clearly and concisely for future reference and analysis.

This methodology provides a structured approach to efficiently identify, diagnose, and

resolve network issues while minimizing downtime and ensuring smooth network

operations.
75

Troubleshoot Common Cable Connectivity Issues


Exam Objectives Covered:

Given a scenario, troubleshoot common cable connectivity issues and select the
appropriate tools.

Specification and Limitations:

● Understand how to assess and distinguish speed, throughput, and distance


specifications and limitations.
● Baud rate: number of symbols transmitted per second; measured in hertz (MHz
or GHz).
● Nominal bit rate or bandwidth: amount of information transmitted, measured in
bits per second (bps).
● Throughput: average data transfer rate over time, excluding encoding schemes,
errors, and other losses.
● Speed measured in milliseconds (ms) also known as latency or delay.

Distance Limitations, Attenuation, and Noise:

● Attenuation: loss of signal strength, expressed in decibels (dB).


● Noise: unwanted signals causing interference, expressed as the signal to noise
ratio (SNR).

Cable Issues:

● Troubleshooting cable connectivity focuses on physical layer issues.


● Components of an Ethernet link: transceiver, patch cables, structured cable,
patch panel, switch port.
● Verify patch cord connections and test transceivers using loopback tools.
● Use known working hosts or swap ports at the switch if needed.
● Use cable testers to diagnose structured cabling issues.

Loopback Plugs, Status Indicators, and Interface Configuration:

● Loopback adapter: used to test for bad ports and network cards.
● Check link lights or LED status indicators for connectivity.
● Verify settings on switch port and NIC for speed and duplex settings.
76

Cable Testers:

● Verify cable type and installation quality using cable testers.


● Certifiers ensure installations meet performance standards.
● Time Domain Reflectometer (TDR) locates cable faults.
● Multimeter can check physical connectivity in absence of dedicated testers.

Wire Map Testers and Tone Generators:

● Identify wiring faults like continuity, shorts, incorrect terminations.


● Tone generator traces cables, especially useful in bundled or unlabeled setups.

Attenuation and Interference Issues:

● Attenuation: loss of signal strength due to cable length; measured in decibels


(dB).
● Interference from sources like electrical cables, lights, motors, or radio
transmitters can degrade signal quality.

Crosstalk Issues:

● Crosstalk indicates bad wiring, poor connectors, or improper termination.


● Measured in dB, higher values indicate less noise.
● Types of crosstalk include NEXT, ACR, and FEXT.

Cable Application Issues:

● Differentiate between straight-through, crossover, and rollover cables.


● Patch cords should match application requirements.
● Consider Power over Ethernet (PoE) requirements for cable selection.

Fiber Optic Cable Testing Tools:

● Use optical source and power meter to test signal attenuation.


● Optical Time Domain Reflectometer (OTDR) locates breaks in fiber optic cables.
● Optical Spectrum Analyzer (OSA) ensures proper wavelength usage.
● Clean connectors and ensure correct transceivers for optimal performance.
77

Explaining IPv4 Addressing

Explain IPv4 Addressing Schemes


1. Introduction to IPv4
● The Transmission Control Protocol/Internet Protocol (TCP/IP) suite comprises
protocols and standards that facilitate modern network functionality.
● IPv4 (Internet Protocol version 4) serves as the core of this suite, providing
logical addressing and packet forwarding between different networks.
● IPv4 packets are structured with a header containing fields for managing logical
addressing and forwarding functions.

2. IPv4 Datagram Header

● The IPv4 header includes essential fields such as Version, Length, Protocol, and
Total Packet Size.
● The Protocol field identifies the encapsulated data in the payload, typically
indicating Transmission Control Protocol (TCP) or User Datagram Protocol
(UDP).
● Other protocols running directly on IP include ICMP, IGMP, GRE, ESP, AH, EIGRP,
and OSPF.

3. IPv4 Address Format

● IPv4 addresses consist of a network number (network ID) and a host number
(host ID), with each being 32 bits long.
● Binary addresses are divided into four octets and are usually represented in
dotted decimal notation for easier human understanding.
● Binary-to-decimal and decimal-to-binary conversions are essential skills for
working with IP addresses.

4. Network Masks

● A 32-bit network mask distinguishes between network ID and host ID in an IP


address.
● Masks use binary 1s to reveal network ID portions, with contiguous 1s being
crucial for validity.
78

● The AND operation between the mask and IP address helps derive the network
ID.

5. Subnet Masks

● Subnetting involves dividing networks into subnets, adding a hierarchical level


that includes a network ID, subnet ID, and host ID.
● Subnet masks use high-order contiguous bits to delineate subnet boundaries.
● Hosts within subnets use longer subnet masks for differentiation, allowing for
more efficient network management and resource allocation.

6. Host Address Ranges

● The number of available host IDs within a network depends on the subnet mask
and the subnetting scheme employed.
● Subnetting enables the creation of smaller broadcast domains with fewer hosts,
optimizing network performance and management.

Understanding IPv4 addressing schemes is fundamental to network configuration,

management, and troubleshooting, making it a crucial topic for network professionals

to master.
79

Explain IPv4 Forwarding


1. Introduction to IPv4 Forwarding

IP facilitates the creation of interconnected networks (internetworks), requiring packets


addressed to remote hosts to be forwarded.
● Forwarding at Layer 3 is termed routing, while forwarding at Layer 2 is referred to
as switching.

2. Layer 2 versus Layer 3 Addressing and Forwarding

● Logical addressing (network, subnet, and host IDs) at Layer 3 maps to forwarding
at the data link Layer 2.
● Subnets are mapped to Layer 2 segments using switches, while routers connect
different subnets.
● Nodes within a subnet communicate directly via MAC addresses, while
communication between subnets requires routing.

3. IPv4 Default Gateways

● When comparing source and destination IP addresses, if the masked portions


match, the destination is assumed to be on the same subnet.
● If masked portions don't match, the packet is forwarded to the default gateway
(router) for routing to a remote network.
● Routers use routing tables to determine the appropriate interface for packet
forwarding, dropping packets if no suitable path is found.

4. Address Resolution Protocol (ARP)

● ARP resolves IP addresses to hardware (MAC) addresses for local


communication.
● Local ARP resolution occurs within the same subnet using ARP requests and
replies.
● For communication outside the subnet, hosts use ARP to determine the MAC
address of the default gateway.

5. Unicast and Broadcast Addressing


80

● Unicast packets are sent to a single recipient's IP address, while broadcast


packets are sent to all hosts on a network or subnet.
● Broadcast addresses are the last addresses in an IP network where all host bits
are set to 1.
● Broadcast domains are established at Layer 3 by routers, which don't forward
broadcasts except in special cases.

6. Multicast and Anycast Addressing

● Multicast allows one host to send content to multiple hosts interested in


receiving it.
● Multicast packets are sent to a special range of IP addresses and delivered using
multicast-capable switches.
● Anycast addressing assigns the same IP address to a group of hosts, enabling
load balancing and failover between them.

Understanding IPv4 forwarding mechanisms is essential for network configuration and

troubleshooting, enabling efficient data transmission across interconnected networks.


81

Configure IP Networks and Subnets


1. Virtual LANs (VLANs) and Subnets

Modern Ethernet networks use switches, where each port is typically in the same
broadcast domain.
● Excessive broadcast traffic can reduce performance, so VLANs are used to
segment networks logically.
● VLANs allow different groups of computers attached to the same switch(es) to
appear as separate LAN segments, each with its own broadcast domain.
● At Layer 3, subnetting logically divides an IP network into smaller subnetworks,
each with a unique address.

2. Classful Addressing

● Classful addressing was used in the 1980s before netmasks were developed to
identify network IDs.
● Class A, B, and C networks allocated network IDs based on the first octet of the
IP address.
● Class A supports over 16 million hosts, Class B supports up to about 65,000
hosts, and Class C supports 254 hosts.
● Routers have performed classless routing for years, but class terminology is still
widely used.

3. Public versus Private Addressing

● Public IP addresses can connect to other public IP networks over the Internet
and are governed by IANA.
● Private IP addresses, defined in RFC 1918, are non-routable over the Internet and
can be used within organizations.
● Private address ranges include 10.0.0.0 to 10.255.255.255, 172.16.0.0 to
172.31.255.255, and 192.168.0.0 to 192.168.255.255.

4. Automatic Private IP Addressing (APIPA)

● APIPA allows clients unable to contact a DHCP server to communicate on the


local network by randomly selecting an address from 169.254.1.1 to
169.254.254.254.
82

● These addresses are from the reserved private addressing range


(169.254.0.0/16).

5. Other Reserved Address Ranges

● Class D addresses (224.0.0.0 to 239.255.255.255) are used for multicasting.


● Class E addresses (240.0.0.0 to 255.255.255.255) are reserved for experimental
use and testing.
● Loopback addresses (127.0.0.0 to 127.255.255.255) are reserved for TCP/IP
stack testing.
● Several other address ranges are reserved for special use, such as
documentation and examples.

6. IPv4 Address Scheme Design

● Factors to consider when planning an IPv4 network addressing scheme include


the number of networks and subnets required, the number of hosts per subnet,
and the need for valid public or private ranges.
● The subnetting process involves determining the number of subnets required,
calculating the number of hosts per subnet, and determining subnet IDs and host
ranges for each subnet.

Understanding how to configure IP networks and subnets is crucial for network

administrators to optimize performance and security within organizations. By

implementing VLANs, subnetting, and understanding IP addressing schemes,

administrators can efficiently manage network resources and ensure smooth

communication between hosts.


83

Supporting IPv4 and IPv6 Networks

Use Appropriate Tools to Test IP Configuration


1. IP Interface Configuration in Windows

Host adapters require appropriate IP addresses, subnet masks, default gateway (router)
addresses, and DNS server addresses for network communication.
● Configuration can be static or dynamic (using DHCP).
● Commands like netsh and PowerShell cmdlets (Get-NetAdapter, Get-
NetIPAddress) are used for configuration and querying.

2. ipconfig

● Basic command for reporting IP configuration in Windows.


● Usage: ipconfig displays IP address, subnet mask, and default gateway;
ipconfig /all shows complete TCP/IP configuration.
● Additional switches include /renew and /release for DHCP lease management,
and /displaydns and /flushdns for DNS cache management.

3. ifconfig and ip in Linux

● Linux interfaces identified as eth0, eth1, etc., with different naming schemes
emerging.
● Persistent configuration methods vary by distribution, including editing
configuration files, using NetworkManager, or employing systemd-networkd.
● ifconfig (legacy) and ip (modern) commands for reporting and configuring IP
addresses.

4. ARP Cache Utility

● ARP caches MAC addresses associated with IP addresses on the local network.
● arp utility used for ARP cache functions: -a to show cache contents, -s to add an
entry, and -d to delete entries.

5. Internet Control Message Protocol (ICMP) and ping

● ICMP used for error reporting and connectivity testing.


84

● ping utility sends ICMP request packets to test connectivity.


● Usage: ping IPAddress for basic connectivity test.
● Output interpretation includes successful replies, TTL values, and error
messages like "Destination host unreachable" or "Request timed out."
● Switches like -t for continuous pinging and -c for a set number of packets used
in Linux.

Understanding and effectively utilizing these tools is essential for network


administrators to diagnose and troubleshoot IP configuration issues effectively.
85

Troubleshoot IP Networks
1. Hardware Failure and Network Interface Issues

Rule out physical hardware failure and Data Link layer issues before diagnosing
Network layer problems.
● Power issues such as surges, spikes, brownouts, and blackouts can affect
network devices. UPSs provide temporary power during outages.
● Test for hardware failure in network adapters, switches, routers, and cables using
diagnostic tools.

2. Interface Status Issues

● Check interface status using LED indicators and command line utilities.
● Verify line and protocol status and autonegotiation settings.
● Check for mismatches in speed and duplex settings, collisions, and faulty NICs
or drivers.

3. IP Configuration Issues

● Check basic addressing and protocol configuration using ipconfig (Windows) or


ip/ifconfig (Linux).
● Verify correct IP address, subnet mask, and default gateway settings.
● Ensure hosts in the same subnet have valid configurations to avoid
communication issues.

4. Duplicate IP and MAC Address Issues

● Detect duplicate IP addresses using arp utility and resolve by assigning unique
addresses.
● Duplicate MAC addresses can lead to contention or split communications and
should be identified and fixed promptly.

5. Problem Isolation

● Use ping to perform connectivity tests:


1. Ping loopback address (127.0.0.1).
86

2. Ping local host IP address.


3. Ping default gateway IP address.
4. Ping other hosts on the same subnet.
5. Ping remote host IP address.
● Analyze ICMP responses and time-outs to identify potential issues at different
layers of the OSI model.

6. Incorrect DNS Issues

● Verify DNS server configuration using ipconfig /all (Windows) or


/etc/resolv.conf (Linux).
● Check connectivity to DNS servers and resolve configuration errors to ensure
proper name resolution.

7. Multicast Flooding Issues

● Enable IGMP snooping on switches to filter multicast traffic and prevent flooding
to unnecessary ports and VLANs.
● Multicast transmissions can consume bandwidth if not managed efficiently,
especially in VLAN environments.
87

Explain IPv6 Addressing Schemes


IPv4 versus IPv6

IPv4: Based on a 32-bit binary number, allowing for 4.3 billion unique addresses.
● IPv6: Utilizes a 128-bit addressing scheme, providing space for 340 undecillion
unique addresses, addressing the issue of IPv4 address exhaustion.

Pv6 Packet StructureI

● Main Header: Fixed length, unlike IPv4, containing source and destination
addresses.
● Extension Headers: Optional, providing additional functionality such as
fragmentation, security, and source routing.
● Payload: Data being transmitted.

IPv6 Address Format

● Consists of eight 16-bit numbers represented as 4 hex digits each.


● Can be compressed using double colon (::) for contiguous series of zeros.
● Example: 2001:db8::abc:0:def0:1234

IPv6 Network Prefixes

● Divided into network ID (first 64 bits) and interface (last 64 bits).


● Network addresses use classless notation (/nn) to denote the length of the
network prefix.
● Example: 2001:db8:3c4d::/48 represents a network address, while
2001:db8:3c4d:0001::/64 represents a subnet within that network.

IPv6 Unicast Addressing

● Identifies a single network interface.


● Scoped: Global addresses for public addressing, link-local for private addressing.
● Global addresses are routable over the Internet and start with 0010 or 0011 in
binary.

Interface ID/EUI-64

● 64-bit interface ID derived from MAC address or generated using privacy


extensions.

IPv6 Link Local Addressing

● Restricted to a single subnet, not forwarded by routers.


88

● Starts with fe80, with the last 64 bits representing the interface ID.

IPv6 Interface Autoconfiguration and Testing

● Interface must be configured with a link-local address.


● Routable addresses can be assigned statically or using stateless address
autoconfiguration (SLAAC).

Neighbor Discovery Protocol and Router Advertisements

● Performs functions like ARP and ICMP in IPv4.


● Supports address autoconfiguration, prefix discovery, local address resolution,
and redirection.

ICMPv6

● Supports error and informational messaging, replaces ARP with Neighbor


Discovery.

IPv6 Multicast Addressing

● Used to send packets from a single source to multiple interfaces.


● No broadcast addresses; multicast addresses are used instead.

IPv4 and IPv6 Transition Mechanisms

● Dual stack hosts run both IPv4 and IPv6 simultaneously.


● Tunneling can deliver IPv6 packets across IPv4 networks.
● Common tunneling protocols 5
89

Configuring and Troubleshooting Routers

Compare and Contrast Routing Concepts


1. Routing Tables and Path Selection:

Routers facilitate packet forwarding between subnets or internetworks.


● Routing tables store information about the location of other IP networks and
hosts.
● Parameters defining a routing entry include Protocol, Destination, Interface, and
Gateway/Next Hop.
● The most specific destination prefix is selected for forwarding if there are
multiple matches.

2. Static and Default Routes:

● Routing table entries include Direct network routes, Remote network routes, Host
routes, and Default routes.
● Directly connected routes are automatically added to the routing table for each
active router interface.
● Static routes are manually added and only change if edited by the administrator.
● Static routes can be configured as non-persistent or persistent/permanent.
● Default routes are used when no exact match is found and are represented by
destination address 0.0.0.0/0 for IPv4 and ::/0 for IPv6.

3. Packet Forwarding:

● When a router receives a packet, it looks up a matching destination network IP


address and prefix in its routing table.
● If a match is found, the router forwards the packet out of one of its interfaces,
encapsulating the packet in a new frame.
● Packet forwarding can occur via directly connected networks, gateways, or other
interfaces.
● If no match is found, the packet is either forwarded via the default route or
dropped.

4. Hop Count:
90

● Each router along the path counts as one hop.


● Time to Live (TTL) IP header field is decreased at each router to prevent badly
addressed packets from circulating indefinitely.
● TTL is interpreted as a maximum hop count, and when it reaches 0, the packet is
discarded.

5. Fragmentation:

● IP provides best-effort delivery, and packets may be fragmented to fit within the
Maximum Transmission Unit (MTU) of the Data Link protocol frame.
● IPv4 uses ID, Flags, and Fragment Offset IP header fields to indicate packet
fragmentation.
● IPv6 does not allow routers to perform fragmentation; instead, hosts perform
path MTU discovery to determine the MTU supported by each hop.
91

Compare and Contrast Dynamic Routing Concepts


1. Introduction to Dynamic Routing Protocols:

Dynamic routing protocols use algorithms and metrics to build and maintain a routing
information base.
● These protocols allow routers to exchange routing information rapidly to prevent
outages.
● Learned routes are communicated between routers, and each router maintains a
routing information base.

2. Topology and Metrics:

● Routing algorithms are categorized into distance vector or link state protocols.
● Distance vector protocols prioritize routes based on the number of hops to the
destination.
● Link state protocols build a complete topology database and calculate the
shortest path based on metrics.

3. Convergence:

● Convergence is the process where routers agree on the network topology.


● Routers must quickly adapt to changes like network additions, failures, or link
failures to avoid black holes and loops.

4. Interior vs. Exterior Gateway Protocols:

● Interior Gateway Protocols (IGP) operate within an autonomous system (AS).


● Exterior Gateway Protocols (EGP) advertise routes between autonomous
systems.
● Examples include RIP (IGP), EIGRP (IGP/Hybrid), OSPF (IGP), and BGP (EGP).

5. Routing Information Protocol (RIP):

● RIP is a distance vector protocol that prioritizes routes based on hop count.
● RIP sends regular updates of its routing database to neighbors.
92

● Versions include RIPv1 (classful), RIPv2 (classless with multicast), and RIPng for
IPv6.

6. Enhanced Interior Gateway Routing Protocol (EIGRP):

● EIGRP is an advanced distance vector or hybrid protocol developed by Cisco.


● It uses a composite metric based on bandwidth and delay.
● EIGRP sends full updates only when topology changes, enhancing convergence
performance.

7. Open Shortest Path First (OSPF):

● OSPF is a widely adopted link state protocol suitable for large organizations with
multiple paths.
● OSPF supports classless addressing and hierarchical network organization using
areas.

8. Border Gateway Protocol (BGP):

● BGP is used between routing domains in a mesh internetwork, primarily on the


Internet.
● It's an exterior gateway protocol and prioritizes stability over rapid convergence.
● BGP operates over TCP and uses path vector routing to select routes.

9. Administrative Distance and Classless Inter-Domain Routing (CIDR):

● Administrative distance determines the trustworthiness of a routing protocol.


● CIDR allows efficient allocation of IP addresses and reduces routing table size.
● Variable Length Subnet Masking (VLSM) further optimizes address allocation
within a network.

Conclusion:

● Dynamic routing protocols vary in their operation, convergence performance, and


scalability.
● Understanding these protocols and their characteristics is crucial for network
administrators to design efficient and reliable networks.
93

Install and Troubleshoot Routers


Edge Routers:
● Edge routers are positioned at the network perimeter and have external (Internet-
facing) and internal interfaces.
● They perform framing to convert data from private LAN frame format to WAN
Internet access frame format.
● Customer edge (CE) routers and provider edge (PE) routers are terms associated
with edge routers.
● Small office/home office (SOHO) routers are designed for DSL or cable
broadband access and are commonly used by enterprises for branch office
connectivity.

Internal Routers:

● Internal routers are positioned within the network and have no public interfaces.
● They are used to implement various network topologies.

Subinterfaces:

● Subinterfaces are used to segment networks using VLANs.


● Traffic between VLANs must be routed, and subinterfaces allow routers to route
VLAN traffic efficiently.
● Each subinterface is configured with a specific VLAN ID.

Layer 3 Capable Switches:

● Layer 3 switches are optimized for routing between VLANs and use static and
dynamic routing.
● They maintain a mapping table of IP addresses to MAC addresses for efficient
hardware-based forwarding.
● However, they do not typically have WAN interfaces and are not used for routing
at the network edge.

Router Configuration:
94

● Routers are configured locally via a console port or remotely using protocols like
SSH.
● Best practice includes creating a loopback interface to assign the router an
internal IP address for remote management.

Route Command:

● Used to view and modify the routing table on end systems (Windows and Linux
hosts).
● The routing table typically contains entries for local subnet and default route.
● Routes can be added, deleted, or modified using the route command.

Traceroute and Tracert:

● Traceroute/tracert is used to test the path between two nodes and isolate
network problems.
● Traceroute uses UDP probe messages, while tracert uses ICMP Echo Request
probes.
● Both tools help identify routing issues, such as missing routes, routing loops, and
asymmetrical routing.

Missing Route Issues:

● Missing routes may indicate configuration issues or router failures.


● Use traceroute or show route commands to investigate and troubleshoot missing
route problems.

Routing Loop Issues:

● Routing loops occur when routers use each other as paths to a network, causing
packets to circulate indefinitely.
● Routing protocols employ mechanisms like maximum hop count, holddown
timer, and split horizon to prevent loops.
● Traceroute can help diagnose routing loops by identifying repeated IP addresses
in the output.

Asymmetrical Routing Issues:


95

● Asymmetrical routing occurs when forward and return paths differ.


● It can cause problems with stateful firewalls or NAT devices.
● Use traceroute from both sender and receiver to compare per-hop latency and
troubleshoot misconfigurations.

Low Optical Link Budget Issues:

● Poor connectivity across fiber optic links can result from a low optical link
budget.
● The link budget is calculated based on attenuation, connectors, and splices.
● Margin between transmitter power and link budget is crucial for optimal
performance.
● Use tools like an optical time domain reflectometer (OTDR) to test link budget
and identify installation faults.

This lesson covers configuring and troubleshooting routers, including edge and internal
routers, subinterfaces, layer 3 capable switches, router configuration, route command
usage, traceroute and tracert, and various routing issues like missing routes, routing
loops, asymmetrical routing, and low optical link budget issues. Understanding these
concepts is essential for network configuration and troubleshooting.
96

Explaining Network Topologies and Types

Explain Network Types and Characteristics


Client-Server versus Peer-to-Peer Networks:

Definition: A network consists of nodes and links, with end system nodes sending and
receiving data traffic. These end system nodes are classified as clients or servers.
● Server: Provides network applications and resources to other hosts.
● Client: Consumes the services provided by servers.
● Client-Server Network:
● Nodes like PCs, laptops, and smartphones act as clients, while servers are
more powerful computers.
● Application services and resources are centrally provisioned, managed,
and secured.
● Peer-to-Peer Network:
● Each end system acts as both client and server.
● Decentralized model where provision, management, and security of
services and data are distributed across the network.
● Typical Usage:
● Business and enterprise networks: Client-server.
● Residential networks: Peer-to-peer (or workgroup), though client-server
elements can exist.

Network Types:

● Local Area Networks (LANs):


● Definition: Confined to a single geographical location, directly connected
with cables or short-range wireless tech.
● Examples: Home networks, small office/home office (SOHO) networks,
small and medium-sized enterprise (SME) networks, enterprise LANs,
datacenters.
● Wireless LAN (WLAN): Based on Wi-Fi, open WLANs often called hotspots.
● Wide Area Networks (WANs):
● Definition: Network of networks connected by long-distance links,
connecting main office with branch offices, remote workers, or large
LANs.
97

● Managed: Likely to use leased network devices and links managed by a


service provider.
● Personal Area Networks (PANs):
● Definition: Close-range network links established between personal
devices like smartphones, tablets, headsets, printers, etc.
● Growth: With increasing digital and network integration in everyday
objects, PAN usage continues to grow.

Network Topology:

● Physical Topology:
● Description: Placement of nodes and their connections by network media.
● Example: Nodes directly connected via a single cable or to a switch via
separate cables.
● Logical Topology:
● Description: Flow of data through the network.
● Example: Different physical implementations achieving the same logical
layout.
● Point-to-Point Link:
● Description: Single link between two nodes, ensuring a level of bandwidth
due to the 1:1 relationship.
● Star Topology:
● Description: Endpoints connected to a central node, facilitating easy
reconfiguration and troubleshooting.
● Mesh Topology:
● Description: Fully connected nodes, often impractical, hence a hybrid
approach is used for redundancy and fault tolerance.
● Ring Topology:
● Description: Closed loop where each node is wired to its neighbor, with
dual rings for fault tolerance.
● Bus Topology:
● Description: Shared access topology with all nodes sharing the bandwidth
of the media.
● Hybrid Topology:
● Description: Mixture of point-to-point, star, mesh, ring, and bus topologies,
often used for redundancy and fault tolerance in WANs or hierarchical
designs.
98

Explain Tiered Switching Architecture


Three-Tiered Network Hierarchy:

Definition: Breaks down large and complex network designs into smaller sections based
on functions performed.
● Model Example: Cisco’s design principles: access, distribution, and core layers.

Access/Edge Layer:

● Function: Allows end-user devices to connect to the network.


● Implementation: Structured cabling, wall ports for wired access, access points
for wireless access, connected to workgroup switches.
● Topology: End systems connect to switches in a star topology.

Distribution/Aggregation Layer:

● Function: Provides fault-tolerant interconnections between different access


blocks and the core or other distribution blocks.
● Implementation: Full or partial mesh links to routers or layer 3 switches.
● Policies: Implements traffic policies like routing boundaries, filtering, or quality of
service (QoS).
● Capabilities: Layer 3 switches with higher port speeds for aggregation.

Core Layer:

● Function: Provides a highly available network backbone.


● Purpose: Simplified to provide redundant traffic paths for data flow around
access and distribution layers.
● Topology: Establishes a full mesh topology with switches in distribution layer
blocks.

Spanning Tree Protocol (STP):

● Purpose: Organizes bridges or switches into a hierarchy to prevent switching


loops.
● Hierarchy: Root bridge at the top, switches determine shortest paths to the root.
99

● States: Forwarding, blocking, listening, learning, disabled.


● Implementation: Ensures all ports on all switches are in forwarding or blocking
states for network convergence.
● Versions: Original 802.1D, 802.1D-2004/802.1w, Rapid STP (RSTP) for faster
convergence.

Switching Loop and Broadcast Storm Issues:

● Definition: Switching loop causes flooded frames to circulate perpetually, leading


to a broadcast storm.
● Impact: Network utilization near maximum capacity, CPU utilization of switches
increases.
● Resolution: Spanning tree shuts down the port to isolate the problem, investigate
potential loop causes like legacy equipment or unmanaged switches.
100

Explain Virtual LANs


Definition:
Segment groups of hosts in the same broadcast domain at the data link layer.
● Managed switches allow the configuration of VLANs to isolate ports to separate
broadcast domains.

Benefits:

● Reduced Broadcast Traffic: Reduces broadcast traffic by segmenting the


network.
● Enhanced Security: Each VLAN can represent a separate zone, enhancing
security.
● Traffic Type Separation: Used to separate nodes based on traffic type and
Quality of Service (QoS) requirements.

VLAN Implementation:

● Typically configured with a 1:1 mapping between VLANs and subnets.


● VLANs can represent different IP networks or subnets.
● Implementation reduces broadcast traffic, enhances security, and allows for
QoS.

Virtual LAN IDs and Membership:

● VLAN ID configuration typically takes place on the switch interface.


● Default VLAN ID is 1; all ports on a switch default to VLAN 1 unless configured
differently.

Static VLAN Assignment:

● Ports on the switch configured with a VLAN ID (2 to 4,094).


● Nodes connected to configured ports belong to the specified VLAN.
● Each VLAN typically configured with its own subnet address and IP address
range.

Dynamic VLAN Assignment:


101

● Nodes assigned to VLANs based on characteristics like MAC address or user


authentication.

Trunking and IEEE 802.1Q:

● Multiple switches interconnected to build network fabric; interconnections


referred to as trunks.
● Frames transported across trunks preserve VLAN ID (VID) using IEEE 802.1Q
tagging.
● Tagged ports operate as trunks, capable of transporting traffic addressed to
multiple VLANs.

Tagged and Untagged Ports:

● Untagged ports participate in a single VLAN, also known as access ports or host
ports.
● Tagged ports operate as trunks, capable of transporting traffic addressed to
multiple VLANs.

Voice VLANs:

● Dedicated VLAN for Voice over IP (VoIP) traffic to prioritize voice traffic over
data.
● Most VoIP endpoints incorporate an embedded switch to connect handsets and
PCs to a single port.
● Switches support voice VLANs to distinguish between PC and VoIP traffic
without configuring trunks manually.
102

Explaining Transport Layer Protocols

Compare and Contrast Transport Protocols


Transport Layer Ports and Connections:
Layer 4 protocols manage delivery of multiplexed application data.
● Each application is assigned a unique port number for identification.
● Port numbers 0 through 1,023 are preassigned for well-known server
applications.
● Ports 1,024 through 49,151 are for registered server applications.
● Remaining ports up to 65,535 are for private or dynamic use.

Transmission Control Protocol (TCP):

● Provides connection-oriented, guaranteed communication.


● Uses acknowledgments to ensure delivery.
● Operates at the Transport layer.
● Divides data into segments with headers.
● Requires numerous header fields for sequencing, acknowledgments, and
retransmissions.
● TCP handshake involves SYN, SYN/ACK, and ACK segments to establish
connections.
● TCP teardown involves FIN segments to close connections.

User Datagram Protocol (UDP):

● Connectionless and non-guaranteed method of communication.


● No acknowledgments or flow control.
● Operates at the Transport layer.
● Suitable for applications sending small amounts of data that do not require
reliability.
● Used for multicast, broadcast, and time-sensitive data transmission.
● Header size is 8 bytes compared to TCP's 20 bytes or more.

Common TCP and UDP Ports:


103

● Well-known and registered port numbers are assigned to various services and
applications.
● Port numbers are used to identify different types of network traffic.
● Examples include FTP, SSH, Telnet, SMTP, DNS, HTTP, POP3, IMAP, SNMP,
LDAP, HTTPS, SMB, DHCP, and SIP.

Comparison:

● TCP provides reliable, connection-oriented communication, while UDP offers


faster, connectionless communication with less overhead.
● TCP ensures data delivery through acknowledgments and retransmissions,
whereas UDP does not guarantee delivery.
● TCP is used for applications requiring reliability, while UDP is used for real-time
applications or those where occasional packet loss is acceptable.

Contrast:

● TCP requires more overhead due to acknowledgments and sequencing, while


UDP has minimal overhead.
● TCP is suitable for applications like file transfer and web browsing, while UDP is
used for real-time applications like VoIP and video streaming.
104

Use Appropriate Tools to Scan Network Ports


IP Scanners:
Network administrators use IP scanners to verify connected devices and monitor
network traffic.
● IP scanning tools include Nmap, AngryIP, PRTG, and enterprise suites like
ManageEngine, Infoblox, SolarWinds, Bluecat, and Men & Mice.
● IP scanning aids in host discovery and logical network topology mapping.

Nmap:

● Nmap is a widely used open-source security scanner for IP scanning and


penetration testing.
● It operates via command line or GUI (Zenmap) and can perform host discovery
and port scanning.
● Basic usage involves specifying the IP subnet or address to scan.
● Nmap sends TCP ACK packets to ports 80 and 443 by default to detect hosts.
● Various scanning techniques like TCP SYN, TCP connect, and UDP scans are
available.
● Custom scans and OS fingerprinting can be performed for detailed analysis.

netstat:

● netstat command provides visibility into local host ports and active connections.
● On Windows, it displays active TCP connections and open ports using different
switches.
● On Linux, it shows active connections of any type and offers switches for
specific connection types.
● Additional options include displaying numerical addresses, filtering by IPv4 or
IPv6, and showing process IDs and names.

Remote Port Scanners:

● Remote port scanners perform probes from another machine or network to


identify open ports on target hosts.
● Nmap supports various scanning techniques like TCP SYN, TCP connect, and
UDP scans for port scanning.
105

● Port scanning can reveal information about services running on target hosts and
detect security vulnerabilities.

Protocol Analyzers:

● Protocol analyzers work alongside packet capture tools to analyze network


traffic.
● They parse frames to reveal header fields and payload contents for packet-level
analysis.
● Traffic analysis tools monitor statistics related to communication flows,
bandwidth consumption, active hosts, link utilization, and reliability.
● Wireshark is a commonly used protocol analyzer with features for packet
analysis and traffic analysis.

These tools enable network administrators to monitor network activity, troubleshoot

issues, and ensure network security.


106

Explaining Network Services

Explain the Use of Network Addressing Services


Dynamic Host Configuration Protocol (DHCP):
DHCP is an automatic method for allocating IP addresses, subnet masks, default
gateways, and DNS server addresses to hosts when they join a network.
● Major operating systems support DHCP clients and servers, and many SOHO
routers and modems embed DHCP servers.
● Hosts are configured to use DHCP by specifying automatic IP address
acquisition in their TCP/IP configurations.
● DHCP operates using UDP, with servers listening on port 67 and clients on port
68.

DHCP Lease Process:

● DHCP lease process involves four steps: Discover, Offer, Request, and
Acknowledge (DORA).
● When a DHCP client initializes, it broadcasts a DHCPDISCOVER packet to find a
DHCP server.
● The DHCP server responds with a DHCPOFFER packet containing an IP address
and other configuration information.
● The client may choose to accept the offer using a DHCPREQUEST packet.
● If the offer is still available, the server responds with a DHCPACK packet.
● The client broadcasts an ARP message to check if the address is unused, and if
so, it starts using the address and options provided.

DHCP Server Configuration:

● DHCP servers are deployed as services of network operating systems or through


appliances like switches or routers.
● DHCP servers must be allocated a static IP address and configured with a range
of IP addresses, subnet masks, and optional parameters.
● A range of addresses and options configured for a single subnet is referred to as
a scope.
● DHCP servers can manage multiple scopes, but each scope must correspond to
a single subnet.
107

● DHCP servers can be configured to provide default options server-wide or scope-


specific options.

DHCP Options:

● DHCP servers offer IP addresses and subnet masks, along with other IP-related
settings known as DHCP options.
● Some common DHCP options include the default gateway, DNS server
addresses, DNS suffix, and other server options like time synchronization or VoIP
proxy.

DHCP Reservations and Exclusions:

● DHCP reservations map MAC addresses to specific IP addresses within the


DHCP server's pool to ensure certain hosts retain the same IP address.
● DHCP relay agents forward DHCP traffic between subnets to allow centralized
DHCP server management.
● IP helper functionality on routers supports DHCP relay agents by forwarding
DHCP broadcasts between subnets.

DHCPv6 Server Configuration:

● DHCPv6 provides additional option settings for IPv6 hosts but is often used for
supplemental configuration rather than IP address leasing.
● DHCPv6 operates on different ports (546 for clients, 547 for servers) and uses
multicast addresses for server discovery.
● DHCPv6 can operate in stateful mode (providing routable IP addresses) or
stateless mode (providing network prefix information).
108

Explain the Use of Name Resolution Services


Host Names and Fully Qualified Domain Names (FQDNs):
Host names and FQDNs provide human-readable labels for hosts on a network.
● A host name is assigned to a computer by the administrator and must be unique
on the local network.
● An FQDN consists of a host name and a domain suffix, providing a unique
identity for the host within a particular network.
● Domain names must be registered with a registrar to ensure uniqueness within a
top-level domain.

Domain Name System (DNS):

● DNS is a global hierarchy of distributed name server databases containing


information on domains and hosts.
● DNS operates with 13 root level servers (A to M) and various top-level domains
(TLDs) such as .com, .org, .net, and country codes like .uk, .ca, .de.
● DNS follows a hierarchical structure, with each level of servers having
information about servers at the next level down.
● DNS resolves FQDNs to IP addresses through iterative or recursive lookups.

Name Resolution Using DNS:

● Name resolution starts when a user presents an FQDN to an application


program.
● A stub resolver checks its local cache for the mapping and forwards the query to
its local name server if no mapping is found.
● DNS queries between name servers are typically performed as iterative lookups
or recursive lookups.

Resource Record Types:

● DNS zones contain resource records used for name resolution.


● Common resource record types include Start of Authority (SOA), Name Server
(NS), Address (A) for IPv4, Address (AAAA) for IPv6, Canonical Name (CNAME),
Mail Exchange (MX), Service (SRV), Text (TXT), and Pointer (PTR) records.
● Pointer records are used for reverse DNS querying to find the host name
associated with a given IP address.
109

Reverse DNS Querying:

● Reverse DNS querying uses special domains like in-addr.arpa for IPv4 and
ip6.arpa for IPv6 to find the host name associated with a given IP address.
● Reverse lookup zones store PTR records containing the host names associated
with IP addresses.

Reverse lookup zones are optional in DNS servers due to security concerns related to

potential exploitation by hackers.


110

Configure DNS Services


DNS Server Configuration:
DNS servers are essential for the functioning of the Internet and are required for
Windows Active Directory and most Linux networks.
● DNS servers can be configured to listen for queries on UDP port 53 and
sometimes TCP port 53 for larger record transfers or when using DNSSEC.
● DNS servers maintain the DNS namespace in zones, which can host records for
multiple domains.
● Primary name servers manage editable zone records, while secondary name
servers hold read-only copies obtained through zone transfers.
● The terms "master" and "slave" are deprecated in favor of "primary" and
"secondary."
● Cache-only servers store non-authoritative answers derived from cached records.

DNS Caching:

● Resource records are configured with a time to live (TTL) value, instructing
resolvers how long query results can be kept in cache.
● DNS caching is performed by both servers and client computers, with each
application on a client potentially maintaining its own DNS cache.
● Changes to resource records can be slow to propagate due to server and client
caching, requiring careful management of TTL values.

Internal versus External DNS:

● Internal DNS zones serve private network domains and should only be accessible
to internal clients.
● External DNS zones serve records accessible to Internet clients, such as web and
email services.
● DNS resolvers perform recursive queries for clients, either locating authoritative
name servers or forwarding requests to another server.
● It's essential to separate DNS servers hosting zone records from those servicing
client requests for non-authoritative domains.

nslookup and dig:


111

● nslookup: A command-line tool for troubleshooting DNS name resolution in


Windows environments. It can query specific DNS servers for various record
types.
● PowerShell: Provides a more sophisticated environment for DNS testing, offering
cmdlets like Resolve-DnsName.
● dig: A command-line tool for querying DNS servers, commonly used with BIND
DNS server software. It can query specific DNS servers and display various
resource records for a domain.

Both nslookup and dig are valuable tools for troubleshooting DNS issues and testing
name resolution configurations.
112

Explaining Network Applications

Explain the Use of Web, File/Print, and Database


Services
HyperText Transfer Protocol (HTTP):

HTTP is the foundation of web technology, allowing clients to request resources from
HTTP servers.
● Clients connect to HTTP servers using TCP port 80 by default and submit
requests using URLs.
● HTTP headers define request and response formats, while the payload usually
serves HTML web pages.
● Features include forms (POST) for submitting data from clients to servers and
session management with cookies.

Web Servers:

● Websites are hosted on HTTP servers connected to the Internet, commonly


leased from ISPs.
● Hosting options include dedicated servers, virtual private servers (VPS), cloud
hosting, and shared hosting.
● Major web server platforms include Apache, Microsoft Internet Information
Server (IIS), and nginx.

Secure Sockets Layer/Transport Layer Security (SSL/TLS):

● Developed to address security issues in HTTP, SSL/TLS encrypts data and


provides authentication between clients and servers.
● SSL/TLS operates between the Application and Transport layers of the TCP/IP
stack.
● HTTPS secures HTTP connections over TCP port 443, using digital certificates
issued by trusted certificate authorities.

File Transfer Protocol (FTP):


113

● Used for transferring files to and from remote hosts, often for administrative
purposes.
● FTP operates over TCP port 21, with data transfer modes including active and
passive.
● Trivial File Transfer Protocol (TFTP) is a lightweight protocol used for small file
transfers, running over UDP port 69.

File and Print Services:

● Server Message Block (SMB) provides file and print sharing services on Windows
networks, also supported by Samba for UNIX/Linux.
● SMB typically operates over TCP ports 139 or 445, with version 3 supporting
message encryption.

Database Services:

● Relational databases store data in tables and are queried using Structured Query
Language (SQL).
● Relational Database Management System (RDBMS) platforms include Oracle,
Microsoft SQL Server, MySQL/MariaDB, and PostgreSQL.
● NoSQL databases offer flexible data structures and are accessed using APIs
over HTTPS.
● Both RDBMS and NoSQL databases can be secured using TLS transport
encryption.

Understanding these services and protocols is crucial for network technicians to

support and troubleshoot various network applications and services effectively.


114

Explain the Use of Email and Voice Services


1. Email Services:

SMTP (Simple Mail Transfer Protocol):


● Used for delivering email from one system to another.
● Sender SMTP server discovers recipient SMTP server via domain name.
● SMTP servers registered in DNS using Mail Exchange (MX) and host
records.
● Does not queue messages indefinitely; retries at intervals before timing
out.
● Supports message encryption via TLS (SMTPS).
● Can use either STARTTLS or SMTPS for secure connections.
● Typical ports: 25 for message relay between SMTP servers, 587 for mail
client submission.
● Mailbox Access Protocols:
● POP (Post Office Protocol):
● Version 3 (POP3) commonly used.
● Allows clients to download messages from the server.
● Uses TCP port 110 (unsecure) or 995 (secure POP3S).
● Messages typically deleted from server upon download.
● IMAP (Internet Message Access Protocol):
● Supports multiple clients accessing the same mailbox
simultaneously.
● Allows managing mailbox on the server (folders, deletion control).
● Uses TCP port 143 (unsecure) or 993 (secure IMAPS).

2. Voice and Video Services:

● Voice over IP (VoIP):


● Replacing legacy voice services with IP-based protocols and products.
● Private Branch Exchange (PBX):
● Automated switchboard for an organization's voice lines.
● Traditional (TDM-based) PBX being replaced by VoIP-enabled PBX.
● VoIP PBX routes calls over Ethernet network and supports features
like voicemail.
● Implemented as software on servers or hardware solutions.
● VoIP Protocols:
115

● SIP (Session Initiation Protocol):


● Widely used for session control.
● End-user devices assigned unique SIP addresses (SIP URIs).
● Typically runs over UDP or TCP ports 5060/5061.
● RTP (Real-time Transport Protocol) and RTCP (RTP Control Protocol):
● Used for actual delivery of real-time data.
● RTP delivers media data via UDP.
● RTCP monitors connection quality and provides reports.

3. VoIP Phones and Gateways:

● VoIP phones can be software on computers/smartphones or dedicated


hardware.
● VLAN tagging used to segregate SIP control and RTP media traffic.
● Connection security similar to HTTPS using SIPS.
● VoIP gateways translate between VoIP systems and legacy voice
equipment/networks (POTS, PBX).
● Different types of gateways serve various functions such as connecting to
telephone networks or VoIP service providers.

Key Points:

● Email services use SMTP for message delivery and POP/IMAP for mailbox
access.
● VoIP replaces legacy voice services with IP-based protocols like SIP and RTP.
● VoIP phones can be software or hardware, and VLAN tagging segregates voice
traffic.
● VoIP gateways translate between VoIP systems and legacy voice
equipment/networks.
116

Ensuring Network Availability

Explain the Use of Network Management Services


1. Secure Remote Access:

Secure Shell (SSH):


● Primary means for secure remote access to UNIX, Linux servers, and
network appliances.
● Supports terminal emulation and secure file transfer (SFTP).
● Uses TCP port 22 by default.
● Identified by a public/private key pair (host key).
● Client authentication methods include username/password, public key,
and Kerberos.
● Key management is crucial for security; compromised keys must be
replaced promptly.
● Telnet:
● Protocol and terminal emulation software for transmitting shell
commands.
● Runs on TCP port 23.
● Passwords and communications are not encrypted, making it vulnerable
to packet sniffing.
● Considered insecure and should be disabled or replaced with secure
access methods like SSH.

2. Secure Shell Commands:

● Useful commands include sshd (start SSH server), ssh-keygen (create key pair),
ssh-agent (store private keys securely), ssh (connect to server), scp (file
transfer), sftp (secure file transfer).

3. Remote Desktop Protocol (RDP):

● Microsoft's protocol for remote GUI connections to Windows machines.


● Uses TCP port 3389.
● Mainly used for remote administration of Windows servers or clients.
● Also used for application virtualization.
117

4. Network Time Protocol (NTP):

● Synchronizes time-dependent applications.


● Works over UDP on port 123.
● Utilizes hierarchical server structure (stratum levels).
● Client hosts use Simple NTP (SNTP) for time synchronization.
● Incorrect time configuration can lead to network service access issues and
authentication failures.
● Public NTP server pools can be used as time sources if local stratum 1 servers
are not available.

Key Points:

● SSH is the preferred method for secure remote access, offering encryption and
various authentication options.
● Telnet is insecure due to lack of encryption and should be replaced with SSH.
● RDP facilitates remote GUI connections to Windows machines.
● NTP ensures time synchronization for network applications and services, critical
for authentication and security mechanisms.
118

Use Event Management to Ensure Network


Availability
1. Performance Metrics, Bottlenecks, and Baselines:

Performance Metrics:
● Bandwidth/throughput: Rate of data transfer measured in Mbps or Gbps.
● CPU and memory utilization: High utilization may indicate the need for
upgrades.
● Storage: Availability of storage space, crucial for device operation and
application efficiency.
● Bottlenecks:
● Points of poor performance that reduce overall network productivity.
● Can be device-related or user/application-related.
● Identification requires analysis of network utilization and errors.
● Performance Baselines:
● Establish resource utilization metrics at a specific point in time for
comparison.
● Useful for assessing system responsiveness and planning upgrades.

2. Environmental Monitoring:

● Detects factors threatening appliance integrity or function (e.g., excessive


temperatures, fan speeds, flooding).
● Internal sensors monitor device conditions; external sensors monitor ambient
environmental conditions.

3. Simple Network Management Protocol (SNMP):

● Framework for remote management and monitoring of network devices.


● SNMP Agents:
● Maintain Management Information Base (MIB) containing device
statistics.
● Configured with community names for access control.
● SNMP Monitor:
● Polls agents for information from MIBs at regular intervals.
● Receives trap operations as alerts for network administrator assessment.
119

4. Network Device Logs:

● Valuable sources of performance, troubleshooting, and security auditing


information.
● Log types include system, security, application, and performance/traffic logs.
● Log collectors and Syslog facilitate log aggregation and storage.

5. Event Management:

● Prioritizes events requiring immediate or long-term response.


● Categorizes events by severity levels for effective management.
● Automated alert systems generate alerts or notifications based on predefined
thresholds.
● Log reviews involve real-time monitoring and later inspection and interpretation
of captured data for incident investigation and prevention.
120

Use Performance Metrics to Ensure Network


Availability
Network Metrics
Quality of Service (QoS): Supports real-time services like voice and video.
● Bandwidth: Measured in bits per second (bps), throughput at Layer 3, and
goodput available to an application. Bandwidth for audio depends on sampling
frequency and bit depth. Bandwidth required for video depends on image
resolution, color depth, and frame rate.
● Latency and Jitter: Latency is the time for transmission to reach the recipient,
while jitter is a variation in delay. Real-time applications are sensitive to these,
causing issues like echo, delay, and video slow down.

Bandwidth Management

● DiffServ (Differentiated Services): Classifies each packet passing through a


device for prioritized delivery, grouped into Best Effort, Assured Forwarding, and
Expedited Forwarding.
● IEEE 802.1p: Classifies and prioritizes traffic at Layer 2.
● Traffic Shaping: Controls traffic parameters, ensuring bandwidth and low latency
for priority traffic.
● QoS Architecture: Involves control plane, data plane, and management plane for
traffic prioritization and switching.

Traffic Analysis Tools

● Throughput Testers: Measure network throughput by transferring large files


between hosts.
● Top Talkers/Listeners: Identify hosts generating the most outgoing or incoming
traffic.
● Bandwidth Speed Testers: Test Internet links for speed and performance.
● NetFlow: Gathers traffic metadata and reports to a structured database, using
exporters, collectors, and analyzers.

Interface Monitoring Metrics

● Link State: Measures if an interface is up or down.


121

● Resets: Number of times an interface has restarted.


● Speed: Rated speed of the interface.
● Utilization: Data transferred over a period, average and peak utilization.
● Error Rate: Number of packets causing errors.
● Discards/Drops: Frames discarded due to various reasons.
● Retransmissions: Data retransmitted due to packet loss.

Troubleshooting Interface Errors

● CRC Errors: Calculated by interfaces, indicating frame rejection due to


interference.
● Encapsulation Errors: Prevent transmission and reception, often due to frame
format mismatches.
● Runt Frame Errors: Frames smaller than minimum size, usually caused by
collisions.
● Giant Frame Errors: Frames larger than maximum size, caused by configuration
mismatches or jumbo frames.
122

Explaining Common Security Concepts

Explain Common Security Concepts


Establishing Computer and Network Security:
Developing processes and controls to protect data assets and ensure business
continuity.
● Making network systems and hosts resilient to various attacks.

Confidentiality, Integrity, and Availability (CIA) Triad:

● Confidentiality: Information should only be known to certain people.


● Integrity: Data is stored and transferred as intended, with any modification
authorized.
● Availability: Information is accessible to authorized individuals for viewing or
modification.

Vulnerability, Threat, and Risk:

● Vulnerability: A weakness that could be exploited to cause a security breach.


● Threat: The potential for someone or something to exploit a vulnerability.
● Risk: The likelihood and impact of a threat actor exercising a vulnerability.

Security Risk Assessments:

● Utilizing tools and techniques to ensure systems demonstrate properties of the


CIA triad.
● Guided by security policies to evaluate and mitigate risks.
● Risk management involves identifying, assessing, and mitigating vulnerabilities
and threats to essential business functions.
● Risk assessment evaluates systems and procedures for risk factors.

Posture Assessment:

● Evaluating IT services governance and frameworks to fulfill business needs.


123

● Security controls provide properties like confidentiality, integrity, availability, and


non-repudiation.
● Balancing the cost of security controls with associated risks.

Process Assessment:

● Focuses on mission essential functions and critical systems.


● Business Impact Analysis (BIA) quantifies losses for various threat scenarios.
● Business Continuity Planning (BCP) identifies controls and processes to
maintain critical workflows.

Vulnerability and Exploit Types:

● Software vulnerabilities can lead to system compromise.


● Exploits use vulnerabilities to gain control or damage systems.
● Zero-day vulnerabilities are exploited before vendors release patches.

Unpatched and Legacy Systems:

● Unpatched systems lack updates, while legacy systems lack vendor support.
● Vulnerabilities extend to network appliances and embedded systems.

Vulnerability Assessment:

● Evaluates system security and compliance based on configuration states.


● Utilizes automated vulnerability scanners and Common Vulnerabilities and
Exposures (CVE).

Threat Types and Assessment:

● Identifies threat sources and profiles threat actors.


● External threats lack authorized access, while internal threats have permissions.
● Threat research gathers tactics, techniques, and procedures (TTPs) of threat
actors.

Security Information and Event Management (SIEM):


124

● Integrates vulnerability and threat assessment efforts through log data collection
and analysis.
● Correlates events to indicate risk or compromise and provides regulatory
compliance.

Penetration Testing:

● Uses authorized hacking techniques to discover exploitable weaknesses.


● Active testing of security controls to identify vulnerabilities.

Privileged Access Management (PAM):

● Prevents malicious abuse of privileged accounts through policies and controls.


● Includes principles like least privilege, role-based access, and zero trust.

Vendor Assessment:

● Evaluates risks in the supply chain for vulnerabilities and impacts on service.
● Vendor management selects suppliers and assesses risks inherent in third-party
products or services.
125

Explain Authentication Methods


Access Control System Overview:

Access control system governs interactions between subjects (users, devices,


software) and objects (networks, servers, databases).
● Typically managed through Access Control Lists (ACLs) specifying subject
permissions on objects.

Identity and Access Management (IAM) Processes:

1. Identification: Creating an account or ID for users/devices/processes on the


network.
2. Authentication: Proving subject's identity when accessing resources.
3. Authorization: Determining subject's rights on resources.
4. Accounting: Tracking authorized resource usage and detecting unauthorized
access.

Multifactor and Two-Factor Authentication:

● Authentication Factors:
● Knowledge factor (e.g., password).
● Ownership factor (e.g., smart card).
● Human or biometric factor (e.g., fingerprint).
● Behavioral factor (e.g., signature).
● Location factor (e.g., GPS location).
● Multifactor Authentication: Combines multiple authentication factors for stronger
security.
● Two-Factor Authentication (2FA): Combines two authentication factors (e.g.,
smart card + PIN).

Local Authentication and Single Sign-On (SSO):

● Local Authentication: Typically uses passwords or PINs stored as cryptographic


hashes.
● Single Sign-On (SSO): Allows users to authenticate once and access compatible
servers without re-entering credentials.
126

● Kerberos: Provides SSO authentication, especially in Windows environments,


using tickets.

Digital Certificates and Public Key Infrastructure (PKI):

● Digital Certificates: Used for server authentication (e.g., TLS) and user
authentication.
● Public Key Infrastructure (PKI): Ensures validity of public keys through certificate
authorities (CAs).

Extensible Authentication Protocol (EAP) and IEEE 802.1X:

● EAP: Framework for various authentication protocols, often used with digital
certificates.
● IEEE 802.1X: Provides network access control (NAC) for wired and wireless
networks, often with EAP.

RADIUS and TACACS+:

● RADIUS: Widely used for client device access over switches, wireless networks,
and VPNs.
● TACACS+: Similar to RADIUS but more flexible, often used for administrative
access to routers and switches.

Lightweight Directory Access Protocol (LDAP):

● LDAP: Protocol for querying and updating directory services.


● LDAP Security: Can implement authentication through simple bind, SASL, or
LDAPS for secure access.

Conclusion:

Understanding various authentication methods and access controls is crucial for

network professionals to secure network resources effectively. From multifactor

authentication to directory services like LDAP, each method plays a vital role in ensuring

network security and access control.


127

Supporting and Troubleshooting Secure Networks

Compare and Contrast Security Appliances


Security Appliance Overview:
● Security appliances such as firewalls, proxy servers, and intrusion
detection/prevention systems enforce access controls to ensure authorized use
of the network.
● They perform filtering functions to analyze connection requests, allowing,
denying, or logging them based on predefined criteria.

Network Segmentation Enforcement:

● Effective placement of security appliances depends on segmenting the network


into clearly defined areas.
● Segmentation is achieved using VLANs and subnets, creating separate
broadcast domains.
● Each segment, or zone, has its own security configuration.
● Traffic between zones should be controlled using security devices like firewalls.

Perimeter Network Zone:

● Internet-facing hosts are placed in the perimeter network zone, which allows
external access while protecting internal systems.
● Perimeter network enables external clients to access data on private systems
without compromising internal network security.
● Proxy servers in the perimeter handle connections between internal and external
hosts.

Screened Subnets:

● A screened subnet consists of two firewalls placed on either side of the


perimeter network zone.
● The edge firewall filters traffic on the external interface, while the internal firewall
filters communications between the perimeter and LAN hosts.

Firewall Types:

● Packet Filtering Firewalls: Basic type, inspecting IP packet headers and applying
rules based on IP addresses, protocols, and port numbers.
128

● Stateful Inspection Firewalls: Maintain stateful information about sessions


between hosts to provide better security and performance.

Firewall Selection and Placement:

● Firewall selection depends on traffic volume and placement requirements.


● Appliance firewalls are standalone hardware devices dedicated to firewall
functions.

Proxy Servers:

● Proxy servers forward requests on behalf of clients, providing traffic analysis and
caching.
● Forward proxies handle outbound traffic, while reverse proxies handle inbound
traffic.

Network Address Translation (NAT):

● NAT translates between private and public IP addresses, conserving public


addresses and providing basic security.
● Port Address Translation (PAT) allows multiple private IP addresses to map to a
single public address using different port numbers.

Defense in Depth:

● Network security should implement defense in depth strategies, placing security


controls throughout the network.
● Examples include Network Access Control, honeypots, separation of duties, and
intrusion detection/prevention systems.

Intrusion Detection and Prevention Systems (IDS/IPS):

● IDS analyze network traffic or logs for suspicious activity and raise alerts based
on predefined signatures.
● IPS can actively respond to threats, such as ending sessions or blocking attacker
IP addresses.
● Host-based IDS/IPS run on end systems to monitor local activity in addition to
network-based IDS/IPS.
129

Troubleshoot Service and Security Issues


DHCP Issues

Dynamic Host Configuration Protocol (DHCP):


● Provides IP addressing autoconfiguration to hosts without static IP
parameters.
● Windows clients failing to obtain a DHCP lease default to using an
address in the Automatic Private IP Addressing (APIPA) range
(169.254.0.0/16).
● Linux hosts use the APIPA range if they have Zeroconf support, leave the
IP address set to 0.0.0.0, or disable IPv4 on the interface.
● Possible Causes of Lease Failure:
● DHCP server offline.
● DHCP scope exhaustion.
● Router between client and DHCP server doesn't support BOOTP
forwarding.
● Rogue DHCP Server:
● Clients could obtain leases from rogue servers, leading to incorrect IP
configurations.
● Rogue servers may be deployed accidentally or maliciously.

Name Resolution Issues

● Methods:
● Local cache check.
● HOSTS file check.
● Query DNS.
● DNS Configuration Issues:
● Without DNS servers, network client machines cannot connect to services
or servers.
● Troubleshooting:
● Verify DNS server addresses and DNS suffixes.
● Check DHCP server settings for correct configuration.

VLAN Assignment Issues

● Considerations:
● Proper availability of services like DHCP and DNS across VLANs is
essential.
● Ensure routing is configured for VLAN-to-VLAN communications.
130

● Verify correct VLAN assignments for devices.

Unresponsive Service and Network Performance Issues

● Possible Causes:
● Application or OS crashes.
● Server overload.
● Network congestion or broadcast storms.
● Denial of Service (DoS) attacks.
● Diagnosis:
● Check server resources and network latency.
● Monitor for unusual access patterns indicating attacks.

Misconfigured Firewall and ACL Issues

● Impact:
● Misconfigurations can block services, ports, or addresses.
● Diagnosis:
● Confirm firewall ACL configuration.
● Test connections from inside and outside the firewall.

Untrusted Certificate Issues

● Causes:
● Certificate issuer not trusted.
● Certificate subject name mismatch.
● Certificate expired or revoked.
● Resolution:
● Add trusted certificates to client devices.
● Verify certificate common names.

Other Common Issues

● NTP Issues:
● Network Time Protocol (NTP) synchronization for host time sources.
● BYOD Challenges:
● Compatibility, support, and security issues with Bring Your Own Device
(BYOD) models.
● Licensed Feature Issues:
● Troubleshoot licensing or feature activation problems, such as evaluation
period expiration or exceeding seat counts.
131

These troubleshooting steps cover a range of issues that may arise at the service and
security layers, providing a comprehensive approach to resolving network problems.
132

Deploying and Troubleshooting Wireless Networks

Summarize Wireless Standards


IEEE 802.11 Wireless Standards:
Basics: WLANs are based on IEEE 802.11 standards, known as Wi-Fi.
● Physical Layer: Defines encoding data into radio carrier signals using modulation
schemes.
● Carrier Methods: Provide resistance to interference from noise and other radio
sources.
● CSMA/CA: Carrier Sense Multiple Access with Collision Avoidance manages
contention.
● Virtual Carrier Sense: Reduces collisions with RTS/CTS flow control mechanism.
● Evolution: Revised over time with different signaling and transmission
mechanisms.

IEEE 802.11a and 5 GHz Channel Bandwidth:

● Frequency Bands: 2.4 GHz and 5 GHz.


● Characteristics: 5 GHz supports more channels with less congestion but shorter
ranges.
● 802.11a: Operates in the 5 GHz band with OFDM, offering a nominal data rate of
54 Mbps.
● Channel Allocation: Subdivided into non-overlapping channels, initially 11, later
expanded to 23.

IEEE 802.11b/g and 2.4 GHz Channel Bandwidth:

● Standards: 802.11b and 802.11g use the 2.4 GHz band.


● 802.11b: Utilizes DSSS with a nominal data rate of 11 Mbps.
● 802.11g: Uses OFDM in the 2.4 GHz band, offering a nominal data rate of 54
Mbps.

IEEE 802.11n, MIMO, and Channel Bonding:

● 802.11n: Increases bandwidth using MIMO with up to 4 separate antennas.


133

● MIMO Configurations: Identified by AxB:C notation, supporting spatial


multiplexing.
● Channel Bonding: Combines adjacent channels into a single 40 MHz channel for
increased bandwidth.
● Data Rates: Nominal data rate of 72 Mbps per stream, up to 600 Mbps with
optimal conditions.
● Wi-Fi 4: Renamed version of 802.11n for simplicity.

Wi-Fi 5 and Wi-Fi 6:

● Wi-Fi 5 (802.11ac): Operates in the 5 GHz band with improved throughput and
channel bonding.
● Wi-Fi 6 (802.11ax): Uses more complex modulation for higher efficiency and
aims for 10G speeds.

Multiuser MIMO (MU-MIMO):

● Functionality: Allows simultaneous connections to multiple stations, improving


bandwidth.
● DL MU-MIMO: Enables AP to process spatial streams separately for
simultaneous connections.
● UL MU-MIMO: Allows stations to initiate beamforming with the access point.

Cellular Technologies:

● 2G and 3G: Based on GSM and CDMA, supporting voice calls with limited data
access.
● 4G and 5G: LTE and LTE-A offer improved data speeds, while 5G aims for faster
speeds and broader applications.

This summary provides an overview of key wireless standards, including IEEE 802.11

variations, Wi-Fi generations, and cellular technologies.


134

Install Wireless Networks


Infrastructure Topology and Wireless Access Points:

Wireless network devices are referred to as stations (STA), similar to nodes on a wired
network.
● Most wireless networks are deployed in an infrastructure topology where each
station connects through a base station or access point (AP), forming a logical
star topology.
● The AP mediates communications between client devices and can provide a
bridge to a cabled network segment.
● In 802.11 documentation, this is referred to as an infrastructure Basic Service Set
(BSS).
● More than one BSS can be grouped together in an Extended Service Set (ESS).

Wireless Site Design:

● Clients join a WLAN through the Service Set Identifier (SSID), which can be up to
32 bytes in length.
● In infrastructure mode, multiple APs connected to the same distribution system
are grouped into an Extended SSID (ESSID).
● The area served by a single AP is referred to as a basic service area (BSA) or
wireless cell, while the area in which stations can roam between access points is
referred to as an extended service area (ESA).

SSID Broadcast and Beacon Frame:

● A WLAN typically broadcasts its SSID to advertise its presence, allowing users to
connect to a named network.
● A beacon frame broadcast by the AP advertises the WLAN and contains SSID,
supported data rates, signaling, and encryption/authentication requirements.

Speed and Distance Requirements:

● Wi-Fi devices should have an indoor range of at least 30m (100 feet).
● 2.4 GHz radios support better ranges than 5 GHz ones, and later standards
improve range compared to earlier ones.
135

● Dynamic Rate Switching/Selection (DRS) mechanism determines appropriate


data rates based on signal quality.

Radio Interference and Planning:

● Radio signals can pass through solid objects but can be weakened or blocked by
dense materials.
● Interference can be caused by various devices like microwaves, cordless phones,
etc.
● Planning a wireless network requires considering factors like range, interference,
and site survey is essential.

Site Surveys and Heat Maps:

● Site survey involves examining blueprints, identifying interference sources, and


marking WLAN cells and APs on a new plan.
● Tools like Cisco Aironet, Metageek inSSIDer, or Ekahau Site Survey can be used
to record signal strength and generate heat maps.

Wireless Roaming and Bridging:

● Clients can roam within an extended service area (ESA) by detecting stronger
signals from other APs with the same SSID.
● Wireless distribution system (WDS) allows multiple APs to cover areas where
cabling is not possible.
● WDS can be used to bridge separate cabled segments.

Wireless LAN Controllers:

● Wireless LAN controllers enable centralized management and monitoring of


multiple APs.
● They autoconfigure APs, aggregate client traffic, provide central switching,
routing, and VLAN assignment.

Ad Hoc and Mesh Topologies:


136

● Ad hoc topology allows peer-to-peer connections without requiring an access


point.
● Mesh topology, defined by the 802.11s standard, forms a Mesh Basic Service Set
(MBSS) where nodes can relay transmissions between peers, making it scalable
and suitable for IoT networks.
137

Troubleshoot Wireless Networks


Wireless Performance Assessment

Signal Strength and Interference Issues:


● Similar to cabled networks, wireless networks face signal strength and
interference challenges.
● Ensure correct configuration of security and authentication parameters
before diagnosing Physical layer connectivity problems.
● Speed vs. Throughput:
● Speed: Data rate at the physical and data link layers determined by
standards, channel bonding, and optimizations like MU-MIMO.
● Throughput: Amount of data transferred at the network layer, accounting
for overhead.
● Attenuation and Signal Strength:
● Attenuation refers to signal weakening over distance, measured in
decibels (dB).
● Signal strength represented as the ratio of measurement to 1 milliwatt
(mW), where 1 mW = 0 dBm.
● Interference sources add to background noise, imposing distance
limitations on client access.

Signal Strength
● Received Signal Strength Indicator (RSSI):
● Measures signal strength at the client end.
● Lower dBm values indicate better performance.
● RSSI indices can vary; displayed as signal strength bars on adapters.
● Signal-to-Noise Ratio (SNR):
● Measures comparative strength of data signal to background noise.
● Higher dB values indicate better performance.
● Tools: Wi-Fi analyzer software for measuring RSSI and SNR.

Antenna Types
● Omnidirectional Antennas:
● Send and receive signals in all directions equally.
● Ceiling-mounted for best coverage.
● Unidirectional Antennas:
● Focus signal in a single direction; useful for point-to-point connections.
138

● Types include Yagi and parabolic antennas.


● Polarization:
● Ensures proper signal reception; antennas should match polarization.

Antenna Placement
● Optimization:
● Use site surveys and heat maps to determine optimal AP placement.
● Incorrect placement exacerbates attenuation and interference.

Antenna Cable Attenuation


● Signal Loss:
● Loss along coax cables connecting antennas to access points.
● Consider cable types to minimize attenuation.

Effective Isotropic Radiated Power (EIRP)


● Configuration:
● Sum of transmit power, cable/connector loss, and antenna gain.
● Ensure compliance with regulatory limits.

Channel Utilization and Overlap Issues


● Interference Types:
● Co-channel interference (CCI) and adjacent channel interference (ACI).
● Maintain spacing between APs to minimize interference.

Overcapacity and Interference Issues


● Overcapacity:
● Maximum client density per AP varies; ensure adequate coverage.
● Bandwidth saturation due to client bandwidth consumption.
● Interference Sources:
● Reflection, refraction, absorption, and electromagnetic interference (EMI).
● Use spectrum analyzers to detect EMI and pinpoint sources.
139

Configure and Troubleshoot Wireless Security


1. Wi-Fi Encryption Standards
Wireless networks require security settings to prevent interception of data.
● Encryption standards determine cryptographic protocols, key generation, and
authentication methods.
● WEP (Wired Equivalent Privacy) and WPA (Wi-Fi Protected Access) were early
standards, but both had vulnerabilities.
● WPA2 (Wi-Fi Protected Access 2) uses AES (Advanced Encryption Standard) and
CCMP (Counter Mode with Cipher Block Chaining Message Authentication Code
Protocol) for stronger security.
● WPA3 is designed to replace WPA2 due to identified weaknesses.

2. Personal Authentication

● Three types of Wi-Fi authentication: personal, open, and enterprise.


● Personal authentication includes PSK (Pre-Shared Key) and SAE (Simultaneous
Authentication of Equals).
● WPA2-PSK uses a passphrase to generate a key for encryption.
● WPA3-SAE replaces the 4-way handshake with the Simultaneous Authentication
of Equals (SAE) protocol for enhanced security.

3. Enterprise/IEEE 802.1X Authentication

● Enterprise authentication uses IEEE 802.1X and EAP (Extensible Authentication


Protocol) for secure authentication against a network directory.
● Implemented as WPA2-Enterprise or WPA3-Enterprise on access points.
● Supplicant credentials are validated by an AAA (RADIUS or TACACS+) server, and
session keys are derived for encryption.

4. Wi-Fi Security Configuration Issues

● SSID mismatch and passphrase errors can cause connectivity issues.


● Encryption protocol mismatches between client and AP can lead to connection
failures.
● Client disassociation issues may arise from legitimate roaming or malicious
attacks.
140

● Disassociation/deauthentication attacks can disrupt wireless infrastructure or


exploit disconnected stations.
● Open authentication may require a captive portal for secondary authentication,
often used in public hotspots.

5. Open Authentication and Captive Portal Issues

● Captive portal issues can occur if HTTPS redirection does not work or if the
portal lacks a trusted digital certificate.
● Users should use HTTPS for confidential data transmission over open networks
or use VPNs for added security.

6. Teaching Tips

● Emphasize differences between WPA/TKIP and WPA/AES.


● Demonstrate AP configuration settings or Wi-Fi analyzer software for hands-on
learning.
● Note that 802.1X/EAP is also used for switch port authentication.

These study notes cover important aspects of configuring and troubleshooting wireless
security, including encryption standards, authentication methods, and common
configuration issues. Understanding these concepts is crucial for securing wireless
networks effectively.
141

Comparing WAN Links and Remote Access


Methods

Explain WAN Provider Links


Introduction to Wide Area Networks (WANs) and the OSI Model:
WAN technologies facilitate data communications over larger distances compared to
Local Area Networks (LANs).
● Enterprises often utilize WANs controlled by a single organization but supported
by public networks owned by telecommunications (telco) companies.
● WAN Physical layer describes the media type and interface specifications.
Modems are typically used for copper cable provider links.
● Legacy modems perform digital to analog modulation for low bandwidths, while
digital modems include DSUs, DSL modems, cable modems, and satellite
modems.

WAN Provider Links Overview:

● Establishing WAN provider links involves terminating the access provider’s


cabling at the demarcation point (demarc) on the customer’s premises.
● Customer premises equipment (CPE), including modems and routers, are
installed by the customer and connected to the demarc.
● Demarc and CPE should be installed securely to restrict access to authorized
staff.

T-Carrier and Leased Line Provider Links:

● T-carrier system enables voice traffic digitization and data transport, with T1
lines providing 1.544 Mbps full duplex digital connections.
● T1 lines terminate at the demarc on a smartjack or Network Interface Unit (NIU),
connected to the customer's Channel Service Unit/Data Service Unit (CSU/DSU).

Digital Subscriber Line (DSL) Provider Links:

● DSL transfers data over voice-grade telephone lines, using frequencies above
human voice for communication.
142

● DSL modems are installed as CPE, connecting to the provider's phone jack via
RJ-11 and to the local network's router via RJ-45 Ethernet port.

Fiber to the Curb (FTTC) and Fiber to the Premises (FTTP):

● Fiber optic links aim to improve WAN access bandwidth, with solutions like FTTC
and FTTP terminating fiber links at the demarc.
● Very high-speed DSL (VDSL) supports FTTC, offering high bit rates over short
distances.

Cable Provider Links:

● Cable Internet connections combine fiber optic core networks with coaxial links
to CPE, offering broadband services.
● Cable modems interface with the access provider’s network via coax and with
the local network via Ethernet or USB.

Metro-optical Provider Links:

● Carrier Ethernet provisions point-to-point or point-to-multipoint Ethernet leased


lines over WANs, often referred to as metro-optical provider links.
● Service categories include E-line (point-to-point) and E-LAN (mesh topology),
offering scalability and simplicity in configuration.

Microwave Satellite Provider Links:

● Satellite systems provide wide coverage but suffer from latency issues due to
signal travel distance.
● Satellite Internet connections involve installing a VSAT dish at the customer’s
premises, aligning it with orbital satellites, and connecting it to a DVB-S modem.

Understanding WAN provider links is crucial for configuring enterprise WANs and

selecting the most suitable connectivity method for a network's requirements.


143

Compare and Contrast Remote Access Methods


Remote Network Access Authentication and Authorization:

Remote network access occurs over an intermediate network, often a public WAN,
rather than direct cabled or wireless connections.
● Historically, remote access might have used analog modems over the telephone
system, but nowadays, it's mostly implemented as a VPN over the Internet.
● Administering remote access involves tasks similar to those for the local
network but with added complexity due to the security risks associated with
remote workstations and servers.
● Creating a remote access server (RAS) requires documentation of service use,
security risks, authorized users, and network manager authorization. Policies
should restrict access, define privileges, and log access logons and attempts.

Tunneling and Encapsulation Protocols:

● Modern remote network access solutions use VPNs, setting up secure tunnels
for private communications over the Internet.
● VPNs depend on tunneling protocols like Point-to-Point Protocol (PPP) at the
Data Link layer and Generic Routing Encapsulation (GRE) at layer 3.
● GRE encapsulates an IP packet within its payload and is often used with other
protocols in a VPN solution.
● Internet Protocol Security (IPSec) operates at layer 3 to encrypt packets passing
over any network and is commonly used as a native VPN protocol.
● Transport Layer Security (TLS) can also be used to encapsulate frames or IP
packets but may add significant overhead.

Client-to-Site Virtual Private Networks:

● Client-to-site VPNs connect clients over the public network to a VPN gateway
positioned on the edge of the local network.
● Various protocols like SSL/TLS VPNs, Cisco's L2TP, and Microsoft's SSTP are
used, often requiring client software and AAA/RADIUS architecture for
authentication.
● Split tunneling allows direct Internet access, while full tunneling routes all traffic
through the corporate network, offering better security but potentially causing
latency issues.
144

Remote Host Access and Remote Desktop Gateways:

● Remote host access allows users to configure network appliances or operate


computers remotely, often using Secure Shell (SSH) or remote desktop
connections like Microsoft's Remote Desktop Protocol (RDP).
● Remote desktop gateways enable user access to networked apps or virtual
desktops, providing GUI or terminal-only access.

Clientless VPNs:

● Clientless VPNs use HTML5 and WebSockets to allow browser-based access to


remote desktops or VPNs without requiring client software.

Site-to-Site Virtual Private Networks:

● Site-to-site VPNs connect multiple private networks, often using compulsory


tunneling between gateways to establish secure connections.

Hub and Spoke VPNs and VPN Headends:

● Hub and spoke VPNs connect multiple remote sites to a central hub, often
requiring powerful VPN headends for aggregation and scalability.

Out-of-Band Management Methods:

● Managed network appliances support configuration and monitoring via various


interfaces like console ports, AUX ports, and management ports.
● Out-of-band management methods ensure access to network devices even if the
main network goes down, enhancing security and reliability.
145

Explaining Organizational and Physical Security


Concepts

Explain Organizational Documentation and Policies


Purpose of Organizational Documents and Policies:

● Essential for managing and troubleshooting networks effectively.


● Ensure efficient administration and management of network infrastructure.
● Provide guidelines and procedures for configuration management, change
management, security response, and more.

Configuration Management:

● Involves identifying and documenting all infrastructure and devices.


● Implemented using ITIL elements: service assets, configuration items (CI),
baselines, Configuration Management System (CMS).
● Baselines document approved states of CIs, aiding in auditing and change
detection.
● CMS collects, stores, and manages information about CIs.

Change Management:

● Minimizes risk of unscheduled downtime by implementing changes in a planned,


controlled manner.
● Reactive or proactive changes categorized by potential impact and risk.
● Change process initiated with a Request for Change (RFC), followed by
evaluation and approval, especially for major changes.

Standard Operating Procedures (SOP):

● Governs tasks with detailed steps and considerations like budget, security, or
customer contact.
● Provides clear guidelines and lines of responsibility for task completion.
● Ensures consistency and adherence to approved procedures.
146

System Life Cycle Plans:

● Crucial for inventory management of tangible (devices) and intangible (software)


assets.
● Includes audit reports for identifying and recording assets.
● Utilizes inventory management software and databases for efficient tracking.

Security Response Plans:

● Incident Response Plan addresses security breaches or attempted breaches.


● Disaster Recovery Plan focuses on large-scale incidents threatening site
performance or security.
● Business Continuity Plan ensures normal business operations during adverse
events.

Hardening and Security Policies:

● Establish duty for employees to ensure data asset confidentiality, integrity, and
availability.
● HR communicates and enforces security policies, manages onboarding and
offboarding processes.

Usage Policies:

● Password Policy guides users on credential selection and management.


● Acceptable Use Policy defines permitted uses of products or services.
● BYOD Policies govern the use of personally owned devices on corporate
networks.

Data Loss Prevention (DLP):

● Prevents theft or loss of confidential data through scanning and policy


enforcement.
● Utilizes DLP products to scan content and block unauthorized transfers.

Remote Access Policies:


147

● Govern the use of remote access privileges, mitigating security risks associated
with remote connections.
● Require malware protection, strong authentication, and restrict local privileges.

Common Agreements:

● Service Level Agreements (SLA) define terms of ongoing service provision.


● Non-Disclosure Agreements (NDA) protect sensitive data and define permitted
uses.
● Memorandum of Understanding (MOU) expresses intent to work together, often
includes confidentiality clauses.
148

Explain Physical Security Methods


Introduction:

Physical security is crucial for network sites to prevent unauthorized access and reduce
the risk of intrusion.
● This lesson explores various physical security methods to enhance the security
of premises.

Badges and Site Secure Entry Systems:

● Prevention-type controls aim to stop intruders from gaining unauthorized access.


● Access control hardware such as badge readers and electronic locks are
deployed to authenticate users quickly at access points.
● Smart badges with integrated chips and cryptographic keys provide
secure authentication.
● Biometric scanners authenticate users based on physical features like
fingerprints or retinas.

Access Control Vestibule:

● Simple entry mechanisms like doors or gates may not accurately record entries.
● Turnstiles or access control vestibules mitigate risks by allowing one person at a
time or leading to an enclosed space protected by another barrier.

Physical Security for Server Systems:

● Similar access control measures can be used to manage access to IT assets.


● Locking racks, cabinets, or smart lockers provide secure storage for equipment
and sensitive items.

Detection-Based Devices:

● Surveillance mechanisms like cameras help detect intrusion attempts.


● CCTV networks and asset tags enable electronic surveillance of managed
assets.
● Alarms, both circuit-based and motion-based, provide additional security layers.
149

Asset Disposal:

● Proper disposal of IT assets is crucial to prevent data breaches.


● Secure erase methods for HDDs and SSDs ensure data is irrecoverable before
disposal or reuse.
● Employee training is essential to prevent security breaches due to human error or
negligence.

Conclusion:

● Physical security methods play a critical role in preventing unauthorized access


and protecting IT assets.
● A combination of prevention-type and detection-based controls, along with
proper employee training, is necessary for effective security measures.
150

Compare and Contrast Internet of Things Devices


Introduction to Internet of Things (IoT):

IoT refers to a global network of devices equipped with sensors, software, and network
connectivity.
● These devices communicate with each other and traditional systems, often
termed Machine to Machine (M2M) communication.

Consumer-grade Smart Devices:

● Used for home automation systems, consisting of:


● Hub/control system: Facilitates wireless networking and provides control,
often operated through smart speakers or smartphone apps.
● Smart devices: Endpoints like lightbulbs, thermostats, or doorbells
capable of remote operation, often running on Linux or Android kernels.

Physical Access Control Systems and Smart Buildings:

● Physical access control systems (PACS) include monitored locks, alarms, and
video surveillance, while smart buildings integrate PACS with HVAC, fire control,
power, and lighting systems.
● These systems are managed by programmable logic controllers (PLCs) and
sensors measuring various environmental parameters.

Industrial Control Systems/Supervisory Control and Data Acquisition (SCADA):

● Widely used in industries like energy, manufacturing, and logistics.


● Prioritize safety, availability, and integrity over confidentiality.
● Comprise industrial control devices linked by networks, managed by supervisory
control and data acquisition (SCADA) systems.

IoT Networks:

● Identified by unique serial numbers or codes, interconnected within the existing


Internet infrastructure.
151

● Utilize various networking standards like industrial Ethernet, cellular networks


(Narrowband-IoT, LTE-M), Z-Wave, and Zigbee.

Placement and Security:

● Consumer-grade devices connected to home Wi-Fi networks may have weak


security features, posing risks of shadow IT and remote working vulnerabilities.
● Smart buildings require robust security measures to prevent compromise of
entry mechanisms and climate/lighting controls.
● ICS/SCADA networks, although typically separate from corporate data networks,
require careful monitoring and access controls at network links.

Conclusion:

● IoT devices serve diverse purposes, from home automation to industrial control
systems.
● Understanding their features, networking protocols, and security considerations
is essential for their effective deployment and integration with existing networks.
152

Explaining Disaster Recovery and High Availability


Concepts

Explain Disaster Recovery Concepts


High Availability:

Availability: Percentage of time the system is online, measured over a period (e.g., one
year).
● High availability: Characteristic of a system that guarantees a certain level of
availability.
● Maximum Tolerable Downtime (MTD): States the requirement for a business
function.
● Metrics:
● Availability Annual MTD: Specifies the maximum downtime allowed for
different availability levels.
● Recovery Time Objective (RTO): Period following a disaster that an IT
system may remain offline.
● Work Recovery Time (WRT): Additional time post-recovery for integration,
testing, and user briefing.
● Recovery Point Objective (RPO): Amount of data loss a system can
sustain, measured in time units.

Fault Tolerance and Redundancy:

● Fault: Event causing a service to become unavailable.


● Key Performance Indicators (KPIs): Assess reliability of assets.
● Metrics:
● Mean Time Between Failures (MTBF)
● Mean Time to Failure (MTTF)
● Mean Time to Repair (MTTR)
● Fault Tolerance: System's ability to continue service despite component failures.
● Redundant components and systems: Ensure failover capability and
uninterrupted service.

Recovery Sites:
153

● Disaster Recovery Plans (DRPs): Procedures to recover a system or site after a


disaster.
● Site resiliency: Hot, warm, or cold site distinctions based on readiness and
deployment time.
● Cloud solutions: Offer hot site redundancy, ensuring service continuity across
geographic regions.

Facilities and Infrastructure Support:

● Environmental controls: Maintain optimal working conditions to prevent


mechanical issues.
● Fire suppression systems: Detect and suppress fires based on the fire triangle
principle.
● Power management: Ensure stable power supply through UPS, generators, and
renewable sources.

Network Device Backup Management:

● Backup policies: Guide execution and frequency of backups for network


appliances.
● Baseline configuration: Documented configuration used for device restoration.
● Backup modes: State/bare metal and configuration file backups for system
restore and configuration import.
● State information: Additional data like MAC tables and NAT tables, crucial for
device operation and security.

These concepts underpin business continuity and disaster recovery operations,

ensuring system resilience and minimal downtime in the face of disruptions.


154

Explain High Availability Concepts


Multipathing:

Multiple physical links between network nodes.


● Default feature of full and partial mesh internetworks.
● Prevents overdependence on single critical nodes.
● Used for link redundancy in SANs and Internet access via ISPs.
● SAN multipathing involves servers with multiple SAN controllers each having a
dedicated link to the storage network.
● Multiple ISPs and diverse paths ensure fault tolerance and load balancing.
● Diverse paths provision links over separate cable conduits, physically distant from one
another.
● Cellular links can serve as backups but may substantially reduce link bandwidth.

Link Aggregation/NIC Teaming:

● Combines two or more separate cabled links between a host and a switch into a single
logical channel.
● Also known as NIC teaming at the host end and port aggregation at the switch end.
● Provides redundancy; if one link is broken, the connection is maintained by the other.
● Cost-effective solution.
● Implemented using IEEE 802.3ad/802.1ax standard.
● Described as a Link Aggregation Group (LAG) in the 802.3ad standard.
● Utilizes Link Aggregation Control Protocol (LACP) for configuration and error detection.

Load Balancers:

● Distribute client requests across server nodes in a farm or pool.


● Used when multiple servers provide the same function, e.g., web servers, email servers,
or media servers.
● Two main types: Layer 4 switch and Layer 7 switch (content switch).
● Layer 4 switch makes forwarding decisions based on IP address and TCP/UDP header
values.
● Layer 7 switch makes forwarding decisions based on application-level data.
● Can scale services, provide fault tolerance, and mitigate against DDoS attacks.

Redundant Hardware/Clusters:

● Multiple redundant processing nodes share data and accept connections.


● If one node fails, connections failover to a working node.
● Active-Passive clustering: One node is active, and the other is passive.
155

● Active-Active clustering: Both nodes process connections concurrently, allowing


maximum capacity utilization.
● First Hop Redundancy Protocols (FHRP): Hot Standby Router Protocol (HSRP) and
Virtual Router Redundancy Protocol (VRRP) ensure redundancy for default gateways in
subnets.
● HSRP and VRRP both allow multiple routers to serve as a single default gateway, with
failover capability to standby routers.
156

Applying Network Hardening Techniques

Compare and Contrast Types of Attacks


General Attack Types:

Objective: Understand the various types of attacks and their goals, such as exfiltrating
information, misusing network services, or compromising network availability.
● Examples: Insider threats with privileged access, external threats installing
malware.

Footprinting and Fingerprinting Attacks:

● Objective: Enumerate or gather information about a network's topology and


configuration.
● Techniques: Footprinting involves discovering network topology, often through
social engineering or port scanning. Fingerprinting identifies device and OS types
and versions to probe for vulnerabilities.

Spoofing Attacks:

● Objective: Disguise identity or forge network information to appear legitimate.


● Examples: Social engineering, phishing, pharming, exploiting protocol
vulnerabilities (e.g., ARP, DNS).

Denial of Service (DoS) Attacks:

● Objective: Cause a service to fail or become unavailable to legitimate users.


● Methods: Resource exhaustion, exploiting application vulnerabilities, physical
attacks (e.g., cutting cables), diversionary tactics.

On-path Attacks (Man-in-the-Middle):

● Objective: Compromise connections between hosts to intercept and modify


communications.
● Techniques: ARP spoofing, DNS poisoning, intercepting and relaying
communications.

MAC Spoofing and IP Spoofing:


157

● Objective: Impersonate valid MAC or IP addresses to bypass access controls or


mask the origin of attacks.
● Examples: IP spoofing in DoS attacks to hide the attacker's identity.

Wireless Network Attacks:

● Objective: Gain unauthorized access to wireless networks.


● Examples: Rogue access points, evil twins (spoofing legitimate APs),
deauthentication attacks.

Distributed DoS Attacks and Botnets:

● Objective: Launch coordinated attacks from multiple compromised hosts.


● Methods: SYN flood attacks, distributed reflection DoS attacks, using botnets for
large-scale attacks.

Malware and Ransomware Attacks:

● Objective: Infect systems to disrupt operations or extort money.


● Types: Viruses, worms, Trojans, ransomware; crypto-malware encrypts files for
ransom.

Password Attacks:

● Objective: Obtain credentials to access networks or escalate privileges.


● Techniques: Dictionary attacks, brute force attacks, capturing password hashes
from network traffic.

Human and Environmental Attacks:

● Objective: Compromise security systems through social engineering or physical


means.
● Examples: Phishing (via email or spoofed websites), shoulder surfing, tailgating,
piggybacking.

Understanding these attack types enables effective incident response and system
hardening to mitigate security risks.
158

Apply Network Hardening Techniques


Device and Service Hardening

Change default passwords/credentials


● Default passwords should be changed on installation to prevent
unauthorized access.
● Enforce password complexity/length requirements
● Passwords should be of sufficient length and complexity to resist
guessing and cracking attacks.
● Avoiding common passwords
● Passwords should not be easily guessable or found in common password
databases.
● Configure role-based access
● Limit permissions for different administrative groups to reduce the impact
of compromised accounts.
● Disable unneeded network services
● Reduce the attack surface of devices by disabling unused services and
protocols.
● Disable unsecure protocols
● Encrypt communication channels to prevent eavesdropping and
unauthorized access.

Endpoint Security and Switchport Protection

● Disable Unneeded Switch Ports


● Restrict access to physical switch ports to authorized staff.
● MAC Filtering and Dynamic ARP Inspection
● Define which MAC addresses are permitted to connect to a port.
● Prevent ARP cache poisoning with dynamic ARP inspection.
● DHCP Snooping
● Inspect DHCP traffic to prevent spoofing and rogue DHCP servers.
● Neighbor Discovery Inspection and Router Advertisement Guard
● Mitigate spoofing and on-path attacks for IPv6 networks.

Port Security/IEEE 802.1X Port-Based Network Access Control

● IEEE 802.1X Port-Based Network Access Control (PNAC)


● Authenticate devices before activating ports using EAPoL protocol.
● Use RADIUS server for authentication and assign appropriate VLANs
based on authentication results.
159

VLAN and PVLAN Best Practices

● Private VLANs
● Restrict communication between hosts within a VLAN.
● Default VLAN and Native VLAN
● Default VLAN (ID 1) should remain unused for user data traffic.
● Native VLAN is used for untagged traffic over trunk ports.

Firewall Rules and ACL Configuration

● Principle of Least Access


● Only allow necessary traffic; use explicit deny rules.
● Control Plane Policing
● Mitigate control plane vulnerabilities with ACLs and rate-limiting.

Wireless Security

● Preshared keys (PSKs), Extensible Authentication Protocol


● Implement authentication mechanisms for secure wireless access.
● Captive portal, MAC filtering, Geofencing
● Additional measures for securing wireless networks.

IoT Access Considerations

● Regular audits and security procedures


● Detect and secure IoT devices to prevent security risks.

Patch and Firmware Management

● Stay updated with vendor security advisories


● Apply patches and updates to address vulnerabilities.
● Firmware updates
● Update firmware for network devices to address known vulnerabilities.
● Downgrading
● Carefully consider and test downgrade options when necessary.

These network hardening techniques help enhance security and protect against various
threats by implementing layered defenses and best practices.
160

Summarizing Cloud and Datacenter Architecture

Summarize Cloud Concepts


Cloud Scalability and Elasticity:

Cloud computing offers on-demand resources such as server instances, file storage,
and databases over a network, usually the Internet.
● Consumers are not responsible for the underlying infrastructure but pay for the
services provided.
● Providers use virtualization for quick and easy provisioning of resources.
● Scalability involves linear costs when supplying services to more users, achieved
through adding nodes or resources to each node.
● Elasticity refers to real-time handling of changes in demand without loss of
service or performance.

Cloud Deployment Models:

● Public: Services offered over the Internet by cloud service providers (CSPs) to
multiple tenants. Offers subscriptions or pay-as-you-go financing.
● Hosted Private: Exclusive use of a cloud by an organization, hosted by a third
party. Offers better security but is more expensive.
● Private: Completely owned and managed by the organization, offering greater
control over privacy and security.
● Community: Shared costs of hosting a private or fully private cloud by multiple
organizations for common concerns like standardization and security.
● Hybrid: Combination of public/private/community/hosted/onsite/offsite
solutions, offering flexibility but requiring careful management of data risks.

Cloud Service Models (XaaS):

● Infrastructure as a Service (IaaS): Provisioning IT resources like servers and


storage components on-demand from a service provider's datacenter.
● Software as a Service (SaaS): Accessing software applications hosted on
supplier servers on a pay-as-you-go basis.
161

● Platform as a Service (PaaS): Provisioning resources between IaaS and SaaS,


offering server and storage infrastructure along with a multi-tier web
application/database platform.
● Desktop as a Service (DaaS): Provisioning virtual desktop infrastructure (VDI) as
a cloud service, removing the need for client PC deployment and maintenance.

Cloud Connectivity Options:

● Internet/Virtual Private Network (VPN): Simplest way to connect to cloud


services, with potential performance issues due to public Internet usage.
● Private-Direct Connection/Colocation: Higher bandwidth solution offering direct
or private links, preferred for more centralized operations.
● Infrastructure as Code (IaC): Automation and orchestration fully replace manual
configuration for provisioning, ensuring consistency and reducing errors.

Cloud Security Implications:

● Risks of potentially transferring confidential or commercially secret data over


links beyond enterprise control.
● Division of responsibility between "security of the cloud" (provider responsibility)
and "security in the cloud" (customer responsibility).
● Legal and regulatory implications, including remaining directly liable for security
breaches and considering the risk of insider threats.
● Need for effective security mechanisms, separation of duties, and assurances
from service providers regarding data protection.
162

Explain Virtualization and Storage Area Network


Technologies
Hypervisor Types:

Host-Based Hypervisor (Type II): Installed onto a host operating system. Examples
include VMware Workstation, Oracle Virtual Box, and Parallels Workstation. Requires
support for the host OS.
● Bare Metal Hypervisor (Type I): Installed directly onto the computer hardware,
managing access to host hardware without a host OS. Examples include VMware
ESXi Server, Microsoft’s Hyper-V, and Citrix’s XEN Server. Requires only base
system requirements for the hypervisor.

Virtual NICs and Switches:

● Virtual NIC (vNIC): Emulates standard hardware network adapters within virtual
machines (VMs), configurable like physical NICs.
● Virtual Switch (vSwitch): Implemented in software, analogous to physical
switches. Connects VMs and can bridge virtual and physical networks. Examples
include External (bridges to physical network), Internal (usable only by VMs on
the host), and Private (usable only by VMs).

Network Function Virtualization (NFV):

● Allows VMs to communicate with other networks and services.


● Configurable through IP parameters (static or DHCP) and security measures like
firewalls.
● Supports virtual appliances, emulating hardware functions like routers or
firewalls.

Storage Area Networks (SAN):

● SAN provisions access to storage devices at block level, isolated from the main
network, accessed only by servers.
● Can integrate different storage technologies, allowing for tiered storage and
supporting different file access requirements.
163

SAN Connection Types:

● Fibre Channel: Uses fibre optic networks for high bandwidth, can operate over
long distances. Components include initiators, targets, and FC switches.
● Fibre Channel over Ethernet (FCoE): Delivers Fibre Channel packets over Ethernet
cabling, requiring converged network adapters (CNAs) and lossless Ethernet.
● iSCSI (Internet Small Computer System Interface): IP tunneling protocol enabling
SCSI data transfer over IP-based networks, an alternative to Fibre Channel.
Works with ordinary Ethernet adapters and switches.
164

Explain Datacenter Network Architecture


Introduction:
Datacenters are vital for both on-premises and cloud networks.
● Understanding different topologies and automation requirements is crucial for a
successful networking career.

Datacenter Network Design:

● Dedicated to provisioning server resources, hosting network services, application


servers, and SANs.
● Contains dedicated networking, power, climate control, and physical access
control features.
● Unlike corporate networks, datacenters have no client PCs, only secure
administrative workstations (SAWs).

Traffic Flows:

● North-South Traffic: Between clients outside the datacenter and servers inside.
● East-West Traffic: Between servers within the datacenter, predominant in cloud
and Internet services.

Overlay Networks:

● Used for secure east-west traffic, avoiding bottlenecks.


● Implement logical point-to-point links using encapsulation protocols and
software-defined networking.
● Often implemented using virtual extensible LANs (VXLANs).

Software Defined Networking (SDN):

● Facilitates rapid provisioning and deprovisioning of server instances and


networks using automation and orchestration.
● Divides network functions into application, control, and infrastructure layers.
● Inserts a control layer (SDN controller) between application and infrastructure
layers, enabling automation.

Spine and Leaf Topology:


165

● Provides efficient support for east-west traffic and overlay networks.


● Consists of spine (top-tier switches) and leaf (access switches) layers.
● Each server is a single hop from the backbone, enabling predictable network
latency.

Datacenter Access Types:

● On-Premises: Located at the same site as the corporate client network, accessed
over Ethernet links.
● Branch Office Access: Uses technologies like Generic Routing Encapsulation
(GRE) or Multiprotocol Label Switching (MPLS) for secure connections.
● Colocation: Private servers installed in a shared datacenter, managed by a
colocation provider.

Multiprotocol Label Switching (MPLS):

● Establishes private links with guaranteed service levels, isolating traffic from
other customers or public networks.
● Offers solutions for enterprise networking requirements, such as site-to-site
VPNs and traffic shaping.

Software-defined WAN (SD-WAN):

● Overlay network facilitating secure connectivity to corporate clouds.


● Dynamically provisions links based on application requirements and network
congestion.
● Utilizes automation and orchestration for provisioning, ensuring secure tunneling
through underlying transport networks.

Understanding datacenter network architecture involves grasping various topologies,


traffic flows, and technologies like SDN and SD-WAN for efficient and secure
connectivity.

You might also like