Network Plus
FDDI
" Fiber Distribution Data Interface-A high-speed network technology, conforming to the Open Systems Interconnection (OSI) reference model for networking and the American National Standards Institute (ANSI) standard X3T9, which runs at 100 Mbps over fiber-optic cabling; often used for network backbones in a local area network (LAN) or metropolitan area network (MAN)."
IPv4 Packets Contain
" Header, Payload and trailer .Source Address, Destination address, IP Flags, protocol TCP or UDP & Data"
"STP Port Cost "
" it is used to determine if it is used for a root port or it is non-designated. Lower the cost the faster the speed . So the port with the lowest cost will be the root port. 10Mbps-100 cost100Mbps 19 cost 1Gbps 4 Cost 10 Gbps 2 cost""",
"Blocking "
"""BPDUs are received but they are not forwardedUsed at beginning and on redundant links""",
"802.1q "
"""This is vlan trunking Multiple VLANs transmitted over the same physical cable.VLANs are each tagged with 4-byte identifier Tag Protocol Identifier (TPI) & Tag Control Identifier (TCI).One VLAN is left untagged this is called the native vlan. Good for security saves on equipment.",
"VLAN "
"""Virtual Local Area Network"" Allows different logical network to share the same physical hardware and provide added security and efficiency.Same switches but switch ports can be in different VLANs.""",
Bridges
"1 collision doamin per port, 1 broadcast domain OSI Layer 2 "
Switch
"1 collision domain per port, 1 broadcast domain OSI layer 2"
Multilayer switch
"1 collision domain per port, 1 broadcast domain per port OSI layer 3. Switch that can route."
Router
"1 collision domain per port, 1 broadcast domain per port OSI layer 3. Uses IP for communicating "
Hubs
"1 collision domain, broadcast domain 1 OSI layer 1"
Establishing an IPSec Tunnel
"1-IKE Phase 1,Establishes encryption and authentication protocols between VPN endpoints to create the IKE Phase 1 tunnel,ISAKMP is established using main or aggressive mode to create a Security Association (SA),Key exchange occurs in both directions,IKE Phase 2-Within the secure IKE Phase 1 tunnel, establishes encryption and authentication protocols between VPN endpoints to create the IPsec tunnel,Each data flow uses a separate key exchange.Peers authenticate using certificates or pre-shared secret.Each side creates a private key and derives a public key from it, which it then exchanges.Each side calculates the Shared Secret (DH) using the public and private keys.Both sides agree to encryption and integrity methods for IKE Phase II."
OSI Layers
"1-Physical , 2-Data Link,3-network,4 transport ,5-Session 6-Presentation 7- Application (Please Do Not Throw Sausage Pizza Away)"
RJ11
"6-pin connector,Commonly only 2 or 4 pins are used,Commonly found in telephone systems"
MIB
"A management information base (MIB) is a database used for managing the entities in a communication network. Most often associated with the Simple Network Management Protocol (SNMP), the term is also used more generically in contexts such as in OSI/ISO Network management model."
Advanced Encryption Standard (AES)
"AES uses symmetric key encryption, which involves the use of only one secret key to cipher and decipher information. It used by both user and Application. Encryption works by taking plain text and converting it into cipher text, which is made up of seemingly random characters. Only those who have the special key can decrypt it. AES uses symmetric key encryption, which involves the use of only one secret key to cipher and decipher information.",
ATM Virtual Circuits
"ATM Virtual Circuits,Used to connect ATM switches and endpoints,Network-Node Interface (NNI),Used to connect ATM switches together"
End-User Policies
"Acceptable Use (AUP), Privileged User Agreement,Onboarding/Off-boarding, Consent to Monitoring, Non-Disclosure (NDA), Cellular, etc."
Link Aggregation Control Protocol(LACP)
"Achieves redundancy by having multiple links between devices,Load balancing occurs over multiple links,Multiple links appear as single logical link. Port channeling"
HSPA+: Evolved High-Speed Packet Access
"Advancements over LTE and 4G,Wireless broadband up to 84 Mbps.",
PIM Dense Mode: After Pruning
"After sending prune messages, the resulting source distribution tree has an optimal path between source router and last-hop router. Flood and prune repeat every 3 minutes which can cause excessive performance impacts on the network.",
Licensing Restrictions and Export Controls
"All software needs to have proper licensing, including any virtual machines,Some items are restricted from being exported to certain regions of the world (cryptography),If your organization crosses international borders, check with your legal and compliance teams to ensure you aren�t breaking any laws by sending data thru certian ports , protocols and encryption."
Dynamic Multipoint Virtual Private Network (DMVPN)
"Allow Internet to be used as WAN connection for secure site-to-site communication,VPN tunnel has authentication and encryption so users on the unsecure network cannot read or decrypt the traffic without proper keys,Can connect remote locations with low cost, instead of dedicated or leased-line access. Create a VPN tunnel to site to site."
PORTS
"Allows IP addresses to know which applications are listening on a system,Port numbers can be 0 to 65,536,Well-known� & Reserved Ports Ports 0 to 1024,"
Infrastructure as a Service (IaaS)
"Allows outsourcing of the infrastructure of the servers or desktops to a service provider,Hosted off-site at the service provider�s data center and the customer is billed for usage,Charged by hours, processing power, or bandwidth used like utility services. ie AWS and Microsoft Azure",
Network as a Service (NaaS)
"Allows outsourcing of the of a network to a service provider,Hosted off-site at the service provider�s data center and the customer is billed for usage,Charged by hours, processing power, or bandwidth used like utility services,Amazon�s VPC or Route 53 offerings. Hosted by service provider. IE amazon private cloud. ",
Packet reordering
"Allows packets to be sent over multiple links and across multiple routes for faster service, Breaks up data and re-converges it to the original format."
Variable-Length Subnet Masking (VLSM)
"Allows subnets of various sizes to be used,Requires a routing protocol that supports it RIPv2, OSPF, IS-IS, EIGRP, and BGP,Basically, it is subnetting subnets,Without VLSM, all subnets would have to be the same size",
Windowing
"Allows the clients to adjust the amount of data sent in each segment, Continually adjusts to send more or less data per segment transmitted, Speed up or slow down accordingly to see what can be handled on the network. Adjusts lower as number of retransmissions occur Adjusts upwards as retransmissions are eliminated - TCP windowing concept is primarily used to avoid congestion in the traffic.- It controls the amount of unacknowledged data a sender can send before it gets an acknowledgement back from the receiver that it has received it.- It is one of the key factors for efficient data transmission.- It can also be known as a form of flow control where the host indicates the sender how much data can be accepted and wait for the further instructions."
Wireless Network (WLANs)
"Allows users to roam within a coverage area,Popularity has increased exponentially,Convenient to use and expand network access throughout a room, floor, or building,IEEE 802.11 is the most common type.",
Non-plenum Cable
"Also known as PVC,Normal UTP/STP rated cable. Only used if seen. Not commonly used. But less expensive."
Worldwide Interoperability for Microwave Access (WiMAX)
"Alternative to DSL/Cellular, Wireless fixed location service. Faster then GSM and HSPA to large to carry due to antenna size. speeds up 1 to 5mbps possible up to 10 depending on distance. 802.16",
Marking of Traffic
"Alters bits within a frame, cell, or packet indicates handling of traffic,Network tools make decisions based on markings"
Assignable IP's
"Always calculate 2 to the power 24 class A minus 2, 2 to the 16th power minus 2 for class b and 2 to 8th power minus 2 for class c. The first is the network IP and the last is the broadcast IP",
Route Aggregation
"An aggregate route is created by first specifying the network address and mask length. Next, you must provide a set of contributing routes. A contributing route is defined when a source, such as a routing protocol, a static route, or an interface route, and a route filter, or a prefix, are specified. An aggregate route can have many contributing routes, but at least one of the routes must be present to generate an aggregate. Route aggregation lets you take several specific routes and combine them into one inclusive route. Route aggregation can reduce the number of routes a given protocol advertises. The aggregates are activated by contributing routes. For example, if a router has many interface routes sub netted from class C and is running Routing Information Protocol (RIP) 2 on another interface, the interface routes can be used to create an aggregate route (of the class C) that can then be redistributed into RIP. Creating an aggregate route reduces the number of routes advertised using RIP.",
ATA analog telephone adapter
"An analog telephone adapter (ATA) is a device for connecting traditional analog telephones, fax machines, and similar customer-premises devices to a digital telephone system or a voice over IP telephony network.",
Application Services
"Application services unite communicating components from more than one network application,File transfers and file sharing,E-mail,Remote access,Network management activities,Client/server processes"
Random Early Detection(RED)-QOS
"As the QUE fills the possibility of discard increase until it reaches 100%. If it reaches 100%, Traffic will be dropped based on priority. The lowest gets dropped 1st . Like TCP will get dropped and it retransmit."
Dynamic
"Assign IP's using DHCP protocol, easy and quick,less confusing simple for larger networks.",
Link Costs
"Associated with the speed of a link,Lower the link�s speed, the higher the cost"
Attacks on Availability
"Attack vary widely from consuming server resources to physically damaging the system,Denial of service (DoS),Distributed Denial of Service (DDoS),TCP SYN flood,Buffer overflow,ICMP attacks (Smurf),UDP attacks (Fraggle),Ping of Death,Electrical disturbances,Physical environment attacks"
Session Hijacking
"Attacker guesses the session ID for a web session, enabling them to take over the already authorized session of the client,take over the session to gather and modify data."
Ransomeware
"Attackers gain control of your files, encrypt them , and hold them for ransom. Protect against phishing, Antivirus software and good backups."
Attacks on Integrity
"Attempts to alter data,Attempts to make data viewable by an attacker,Man in the middle, Data diddling (is an attack that changes the data before it gets toi destination), Trust relationship explortation(accessing a dvice that is trusted to access other devices),Salami attack ( this is when you gather alittle pieces of data for one big attack), Password attack(break someone Password),Session Hijack(Occurs when you create unique session id and if you get access to jump in and make changes ),Botnets(it turns the PC in Zombie which it is totally controlled by attacker)"
Availability attack
"Attempts to limit network accessibility and usability. Consuming resources on the system. DOS, DDOS buffer over flow"
High Availability-Network
"Availability is measured by uptime,Five nines of availability (99.999%),Maximum of 5 minutes of downtime per year,Aailability-Concerned with being up and operational,Reliability-Concerned with not dropping packets,Mean Time to Repair (MTTR)-Measures the average time it takes to repair a network device when it breaks,Mean Time Between Failures (MTBF)-Measures the average time between failures of a device"
Blocking
"BPDUs are received but they are not forwarded,Used at beginning and on redundant links"
Bring Your Own Device (BYOD)
"BYOD brings new vulnerabilities ie Blujacking,Bluesnarfing and bluebugging. This is a cheaper cost for the company."
Layer 1 Issues
"Bad Cable or connector, cable placement,distanse limitations exceeded, splitting pairs in a cable, MI interference/cross talk or transposed Tx/Rx"
802.11a
"Band is 5ghz OFDM transmission method max bw 54mbps ,35m indoor 120 m outdoors. Expensive when they came out",
Dynamic Host Control Protocol (DHCP) Configuration
"Based on the older Bootstrap Protocol (BOOTP for short),Required static database of IP and MAC to assign,DHCP service assigns an IP from an assignable pool (scope),IP Address Management is a piece of software used to manage the IP�s being assigned Port-67,68
Link Local address
"Begin with FE80.IPv6 link-local addresses are addresses that can be used to communicate with nodes (hosts and routers) on an attached link. Packets with those addresses are not forwarded by routers. At least, they should not be. There have been cases where routers would happily forward packets with a link-local source address.",
Ways of Categorizing Traffic
"Best Effort-Does not truly provide QoS to that traffic,No reordering of packets,Uses FIFO (first in, first out) queuing,Integrated Services (IntServ or Hard QoS)-Makes strict bandwidth reservations & Reserves bandwidth by signaling devices,Differentiated Services (DiffServ or Soft QoS),Differentiates between multiple traffic flows,Packets are �marked�,Routers and switches make decisions based on those markings"
Pre-Shared Key
"Both Clients and AP use the same encryption key. Issue Scalability is difficult if key is compromised, all clients must know the same PW. Not good",
Symmetric Encryption (Confidentiality)
"Both sender and receiver use the same key,DES (Data Encryption Standard),3DES (Triple DES),AES (Advanced Encryption Standard). Using same key. Symmetric encryption is a type of encryption where only one key (a secret key) is used to both encrypt and decrypt electronic information. The entities communicating via symmetric encryption must exchange the key so that it can be used in the decryption process."
bridge protocol data units (BPDUs)
"Bridge Protocol Data Units (BPDUs) frames contain information regarding the Switch ID, originating switch port, MAC address, switch port priority, switch port cost etc,Bridge Protocol Data Units (BPDUs) frames are sent out as multicast messages regularly at multicast destination MAC address 01:80:c2:00:00:00. When Bridge Protocol Data Units (BPDUs) are received, the Switch uses a mathematical formula called the Spanning Tree Algorithm (STA) to know when there is a Layer 2 Switch loop in network and determines which of the redundant ports needs to be shut down."
Electric power lines-Internet Connection
"Broadband over Power Lines (BPL),Supports up to 2.7 Mbps,Utilizes extensive infrastructure already in place (Power lines). Slow it is a stop gap measure until newer system getinstalled. Not popular in US.",
Warm Sites
"Building and equipment is available,Software may not be installed and latest data is not available,Recovery is fairly quick, but not everything from original site is available for employees"
Cold Sites
"Building is available, but you may not have any hardware or software in place or configured,You need to buy resources (or ship them in), and then configure/restore the network,Recovery is possible, but slow and time consuming"
Hot Sites
"Building, equipment, and data is available,Software and hardware are configured,Basically, people can just walk into the new facility and get to work,Downtime is minimal with nearly identical service levels maintained"
CDMA
"CDMA, which stands for�Code Division Multiple Access, is a competing cell phone service technology to�GSM, on�2G�and�3G�networks that is gradually phasing out. In 2010, carriers worldwide switched to�LTE, a�4G network�that supports simultaneous voice and data-Verizon and Sprint use.",
CSMA/CD (Carrier Sense Multiple Access with Collision Detection)
"CSMA/CD is what Ethernet uses to control access to the network medium (network cable). If there is no data, any node may attempt to transmit, if the nodes detect a collision, both stop transmitting and wait a random amount of time before retransmitting the data. L2"
Access Point Placement
"Careful planning is required to prevent the APs from interfering with one another and still maintaining the desired coverage area in ESS,Careful planning is required to prevent the APs from interfering with one another and still maintaining the desired coverage area in ESS(Extended Service Set)",
10Base-t
"Cat3 or higher,10mbps 100m"
Radio Frequency Interference (RFI)
"Caused by using similar frequencies to WLAN,ommon sources of interference:Other wifi devices (overlapping channels),Cordless phones and baby monitors (2.4 GHz),Microwave ovens (2.4 Ghz),Wireless security systems (2.4 GHz),Physical obstacles (Walls,Signalappliances, cabinets)signal strength (Configurable on some devices) ,",
Poison reverse
"Causes a route received on one interface to be advertised back out of that same interface with a metric considered to be infinite. Poison reverse is a way in which a gateway node tells its neighbor gateways that one of the gateways is no longer connected. To do this, the notifying gateway sets the number of hops to the unconnected gateway to a number that indicates ""infinite"" (meaning ""You can't get there"")",
Man In the middle
"Causes data to flow through the attackers computer where they can intercept or manipulate the data. Example having a SSID being broadcast at Starbucks as starbucks but in reality it is the hackers computer.
WAN Wireless Media
"Cellular (Phones and Hot Spots),HSPA+: Evolved High-Speed Packet Access,Worldwide Interoperability for Microwave Access (WiMAX),Satellite & Radio",
Benefits of Client/Server
"Centralized administration,Easier management,Better scalability"
Challenge-Handshake Authentication Protocol (CHAP)
"Challenge-Handshake Authentication Protocol,Performs one-way authentication using a three-way handshake,Credentials are hashed before transmission. Challenge responds verify user info sending a hash. CHAP is an authentication scheme used by Point-to-Point Protocol (PPP) servers to validate the identity of remote clients. CHAP periodically verifies the identity of the client by using a three-way handshake. This happens at the time of establishing the initial link (LCP), and may happen again at any time afterwards..",
Router Advertisement Method
"Characteristic of a routing protocol. How does it receive, advertise, and store routing information?,Distance vector,Link state,Not every routing protocol fits neatly into one of these two categories (hybrids exist). Examples: Routing Information Protocol (RIP) Interior Gateway Protocol (IGRP) Open Shortest Path First (OSPF) Exterior Gateway Protocol (EGP) Enhanced Interior Gateway Routing Protocol (EIGRP) Border Gateway Protocol (BGP) Intermediate System-to-Intermediate System (IS-IS)
Setting up a Session
"Check user credentials,Assign numbers to session to identify them,Negotiate services needed for session & Negotiate who begins sending data"
Gateway Load Balancing Protocol (GLBP)
"Cisco-proprietary protocol-Gateway Load Balancing Protocol (GLBP) is a Cisco proprietary protocol that attempts to overcome the limitations of existing redundant router protocols by adding basic load balancing functionality. In addition to being able to set priorities on different gateway routers, GLBP allows a weighting parameter to be set."
class of IP addreses
"Class A,B , C and D. Class A first octet 1-126 Class B 1st octet 128-191 Class C 1st octet 192-223 class D 1st octet 224-239.127 is skipped due to loop back.",
Ways of Categorizing Traffic-For QOS
"Classification,Marking,Congestion Management, Congestion Avoidence, Policing and shaping & Link Efficency . Classification and marking is a system of identifying packets or traffic flows and assigning certain parameters within the packet headers in order to group them. Once the traffic is "identified," it can be marked or "colored" into groups so that QoS policies can be applied to them.
Methods of Categorizing Traffic
"Classification,Marking,Congestion Management, Congestion Avoidence, Policing and shaping & Link Efficency"
Layer 3 Redundancy
"Clients are configured with a default gateway (router),If the default gateway goes down, they cannot leave the subnet,Layer 3 Redundancy occurs with virtual gateways"
Recovery Sites
"Cold,Warm and Hot Sites"
Root Bridge
"Common device to all switches. Either manually set with a lower priorty number or uses the lower mac address as the root bridge. This is used to determine STP.Switch with the lowest bridge ID (BID) is elected as the root bridge,Switch with the lowest bridge ID (BID) is elected as the root bridge"
Network Security Goals
"Commonly called the CIA Triad, Confidentiality, Integrity and availability"
Point-to-Point Protocol (PPP)
"Commonly used Layer 2 protocol on dedicated leased lines to simultaneously transmits multiple Layer 3 protocols (IP, IPX),Each Layer 3 control protocol runs an instance of PPP�s Link Control Protocol (LCP),Multilink interface,Looped link detection,Error detection,Authentication. We can use these with any connectiions .",
PPP over Ethernet (PPPoE)
"Commonly used with DSL modems,PPPoE encapsulates PPP frames within Ethernet frames,Allows for authentication over Ethernet",
Network
"Components,Client Server Hub Wirelesss Access Point WAP Switch Router Media fiber-copper WAN link"
Collision Domains
"Comprised of all devices on a shared Ethernet segment (everything on same cable or hub),Devices operate at half-duplex when connected to a hub (Layer 1 device),Devices must listen before they transmit to avoid collisions when operating as CSMA/CD"
Physical Environment
"Computing equipment can be damaged by influencing the physical environment ie Temperture, humidity and gas(causing a fire).Threats generally mitigated through physical restrictions, access credentials, and visual monitoring."
Link Aggregation (802.3ad)
"Congestion can occur when ports all operate at the same speed,Allows for combination of multiple physical connections into a single logical connection,Bandwidth available is increased and the congestion is minimized or prevented. Also known as port-channeling"
Patch Panels (Fiber)
"Connect fiber jacks throughout building to a single patch panel in network closet,Front uses patch cables to connect to different wall jacks and switch ports"
Media
"Connect two devices or a device to a port,Made from copper cable, fiber optic cable, or radio frequency waves (WiFi),Each type has strengths and limitations, such as its available bandwidth, capacity, distance that can be covered, and cost to install and maintain Layer 1"
Router
"Connect two different networks together,Intelligently forwards traffic to and from a network based on its logical address,Most modern routers use Internet Protocol (IP) address to determine routing of traffic Layer 3"
Circuit-Switched Connection
"Connection is brought up only when needed, like making a phone call,On-demand bandwidth can provide cost savings for customers who only need periodic connectivity to a remote site. ISDN & POTS",
LLC (logical Link Control)
"Connection services,Synchronizing transmissions IEE802.2 upper sublayer of the data link layer the connection between data link layer ethernet to network layer L2"
Campus Area Network (CAN)
"Connects building-centric LANs across a university, industrial park, or business park"
Local Area Network (LAN)
"Connects components in a limited distance,Consists of Ethernet (IEEE 802.3) or WiFi networks (IEEE 802.11)"
Wide Area Network (WAN)
"Connects geographically disparate internal networks, Consists of leased lines or Virtual Private Networks tunneled over the Internet IE The Internet"
Switch
"Connects networked devices such as clients and servers (like a hub),Switches learn what devices are on which switch ports,Switches only forward traffic received from a port to the destination port based on the device�s MAC address,Provides more security and efficiently uses available bandwidth Layer 2"
Metropolitan Area Network (MAN)
"Connects scattered locations across a city IE- City departments like the police department,Community college with campuses spread across a county"
Contention-based-How devices Access Network
"Contention-based, Transmit (almost) whenever you want. For example, . Ethernet and wireless networks use contention-based media access control. When using a non-deterministic contention-based method, a network device can attempt to access the medium whenever it has data to send. To prevent complete chaos on the media, these methods use a Carrier Sense Multiple Access (CSMA) process to first detect if the media is carrying a signal.
Remote Access Security
"Controls access to network devices such as routers, switches, servers, and clients"
Convergence
"Convergence is part of the routing table update process. When a link fails or changes, updates are sent across the network that describe changes in the network topology. Each router then runs a routing algorithm to recompute routes and build new routing tables based on this information. Once all the routers in the network have updated their routing tables, convergence is complete.",
Media Converter
"Convert media from one format to another,Layer 1 device ie-ethernet to fiber,fiber to ethernet,coax to fiber ,fiber to coax (ethernet copper)"
Domain Name Service DNS
"Converts domain names to IP addresses, Port 53"
Types of Media
"Copper, Fiber optics and wireless"
Wireless Antennas
"Coverage areas will determine antenna type. Which the Areas may have distance issues , Envirment interference and pattern of wireless coverage. This will all determing the Antenna type.",
Wi-Fi Protected Access 2 (WPA2
"Created as part of IEEE 802.11i standard,Requires stronger encryption and integrity checks,Integrity checking through CCMP,Counter Mode with Cipher Block Chaining Message Authentication Code Protocol,Uses Advanced Encryption Standard (AES)",
Secure Shell SSH
"Cryptographic network protocol for operating network services securely over an unsecured network, Port 22"
Message Switching
"Data is divided into messages, similar to packet switching, except these messages may be stored then forwarded. Not Commonly used"
VPN Types: DTLS
"Datagram Transport Layer Security (TLS) is used to secure UDP traffic,Based on the TLS protocol,Designed to give security to UDP by preventing eavesdropping, tampering, and message forgery"
Drawbacks of Peer-to-Peer
"Decentralized management,Inefficient for large networks,Poor scalability"
Wireless Network Topology-Ad Hoc Mode
"Decentralized wireless network,No routers or access points are required,Forwarding decisions for data on the network are made dynamically,Creates P2P connections IE Smart phone hot spot, Vehicular hot spot"
Content Engine
"Dedicated appliances that perform the caching functions of a proxy server,Are more efficient than a proxy server,Also called Caching Engines"
WAN Connection Types
"Dedicated leased line,Circuit-switched connection,Packet-switched connection",
DES (Data Encryption Standard)
"Developed in the mid-1970s,56-bit key,Used by SNMPv3,Considered weak today. Use brute force to break"
Unified Threat Management (UTM) Devices
"Device that combines firewall, router, intrusion detection/prevention system, antimalware, and other security features into a single device,Agent is run on an internal client and can be queried by the UTM before allowing connection to the network,UTM can be purchased as a physical device to install in your network, or you can look to a cloud solution. virtual"
Spread Spectrum Wireless Transmissions
"Direct-Sequence Spread Spectrum (DSSS),Frequency-Hopping Spread Spectrum (FHSS),Orthogonal Frequency-Division Multiplexing (OFDM)",
Content Switches
"Distributes incoming requests across the various servers in the server farm, Also known as Load Balancers"
Layer 4 (Transport)
"Dividing line between upper and lower layers of the OSI model,Data Sent in segments ,TCp/UDP"
Network Documentation
"Document your network. Keep it up to date. Contact info as well. Maps ,policies, and vendors. Wiring and standard operating procedures and instructions"
IPv6 Address Structure
"Each hexadecimal digit is 4-bits,128-bits in an IPv6 address,No more than 32 hexadecimal digits. If you have zerros you can shorten the IPV6 by putting a double colon where the zeros were.",
Time-Division Multiplexing (TDM)
"Each session takes turns, using time slots, to share the medium between all users,Statistical Time-Division Multiplexing (StatTDM),More efficient version of TDM, it dynamically allocates time slots on an as-needed basis instead of statically assigning. Time-division multiplexing (TDM) is a method of putting multiple data streams in a single signal by separating the signal into many segments, each having a very short duration. Each individual data stream is reassembled at the receiving end based on the timing. The circuit that combines signals at the source (transmitting) end of a communications link is known as a multiplexer. It accepts the input from each individual end user, breaks each signal into segments, and assigns the segments to the composite signal in a rotating, repeating sequence. The composite signal thus contains data from multiple senders. At the other end of the long-distance cable, the individual signals are separated out by means of a circuit called a demultiplexer, and routed to the proper end users. A two-way communications circuit requires a multiplexer/demultiplexer at each end of the long-distance, high-bandwidth cable."
Quality of Service (QoS)
"Enables strategic optimization of network performance for different types of traffic,Identifies types of traffic needing priority,Determines how much bandwidth required,Efficiently uses WAN link�s bandwidth,Identifies types of traffic to drop during network congestion ie Voice (VoIP) and Video should have higher priority levels (less latency)"
Virtual Private Networks (VPNs)
"Enables work in remote offices or telecommuting. Allows users to securely connect to the corporate network over an untrusted network"
Integrity
"Ensures data has not been modified in transit,Verifies the source that traffic originates from,Integrity violations,Defacing a corporate web page,Altering an e-commerce transaction,Modifying electronically stored financial records"
Carrier Sense Multiple Access/ Collision Detect (CSMA/CD)
"Ethernet devices transmit based on a principle called carrier sense multiple access/collision detect (CSMA/CD), if Collision is detected then each with wait a different amount of time until they would try again. Based on algorithm "
Collision Domains with Switches
"Ethernet switches increase scalability of the network by creating multiple collision domains,Each port on a switch is a collision domain, no chance of collisions, and increases speed,Switches can operate in full-duplex mode"
Best Practices
"Examine the technical goals,Identify the budget to fund high availability features,Categorize business applications into profilesWW(Each requires a certain level of availability),Establish performance standards for high-availability solutions(Performance standards will drive how success if measured),Define how to manage and measure the high-availability solution(Metrics help quantify success to decision makers-Remember-Existing networks can be retrofitted, but it reduces the cost by integrating high availability practices and technologies into your initial designs"
Wireless Access Point (AP or WAP)
"Expands wired LAN into the wireless domain,Does not interconnect two networks (not a router),All clients on an access point are on a single collision domain. It is like connecting to a HUB. 1 Collision domain. Also can be considered a media converter.",
Border Gateway Protocol (BGP)
"External Gateway Protocol,Path vector using the number of autonomous system hops instead of router hops,Widespread utilization, this protocol runs the backbone of the Internet,Does not converge quickly, though, when the topology changes. How many systems you go thru. BGP make internet run. Convergence is slow.",
Additional Ethernet Switch Features
"Features to enhance network performance, redundancy, security, management, flexibility, and scalability,Virtual LANs (VLANs),Trunking,Spanning Tree Protocol (STP),Link aggregation,Power over Ethernet,Port monitoring,User authentication"
Something You Are-Security Access
"Fingerprints,Retina acans, Voice scan. Inhertance factor."
Firewall Zones
"Firewall interfaces can be defined as zones,You set up rules based on those zones,Typical zones-Inside-connects to your corporate LAN, Outside-Typically connects to internet,DMZ(Demilitarized Zone)-Connects to devices that should have restricted access from outside zone(like a webserver email servers) semi trusted zone"
Governing Policy
"Focused toward technicians and managers,High level document that focuses the organization"
User Authentication (802.1x)
"For security purposes, switches can require users to authenticate themselves before gaining access to the network,Once authenticated, a key is generated and shared between the supplicant (device wanting access) and the switch (authenticator),Authentication server checks the supplicant�s credentials and creates the key,Key is used to encrypt the traffic coming from and being sent to the client 802.1x is a network authentication protocol that opens ports for network access when an organization authenticates a user's identity and authorizes them for access to the network. The user's identity is determined based on their credentials or certificate, which is confirmed by the RADIUS server."
Data Formatting
"Formats data for proper compatibility between devices,ASCII,GIF & JPG,Ensures data is readable by receiving system,Provides proper data structures,Negotiates data transfer syntax for the Application Layer (Layer 7)"
Asset Management
"Formilized system to tracking network components and managing the components life cycle. Prepare, plan, design, implemanet, operate and maintain and support."
Layer 3 (Network)
"Forwards traffic (routing) with logical address. Uses IPV4 and 6. Logical addressing,Logical addressing,Connection services,Bandwidth usage. Routing of IP's"
Hyper Text Transfer HTTP
"Foundation of data communication for WWW,Unsecure web browsing Port 80"
GSM
"GSM offers wider international roaming capabilities than other U.S. network technologies and can enable a�cell phone�to be a �world phone."" With GSM, switching�SIM cards�activates different phones to the same network account. In addition, GSM allows for simultaneous data and voice operation�something CDMA cannot manage. At&T,Tmobile",
Wireless Router
"Gateway device and base station for wireless devices to communicate with each other and connect to the Internet,Gateway device and base station for wireless devices to communicate with each other and connect to the Internet Often combines many features into one device:Wireless Access Point (WAP or AP),Router , Switch,firewall fiber,cable or dsl modem.",
SRV Record
"Generalized service location record, newer protocol that soesn't require specific protocols record like MX,Cname etc. Has not been fully taken off in the field. SRV (Service) records are custom DNS records. They are used to establish connections between a service and a hostname. When an application needs to find the location of a specific service, it will search for a related SRV record. If it finds one, it will sift through the list of services and their connecting hostnames to find the following: Hostname Ports Priority and Weight IP Addresses, if relevant Creating an SRV record can potentially save you time later on.",
Somewhere You Are-Security
"Geotagging,Geofencing. Based off of your GPS from the phone . Geofencing if you leave an area you may not be able to access."
IPv6 Address Types
"Globally routable unicast addresses,Begins with 2000 to 3999,",
Parts of a Security Policy
"Governing Policy, Technical Policy & End -User Polices, Standards, Guidelines, Procedures"
First-Hop Redundancy
"HSRP(hot standby router protocol),GLBP(gateway load balancing Protocol),VRRP(virtual router redundancy protocol) & CARP(common address redundancy protocol)"
Examples at Layer 6
"HTML, XML, PHP, JavaScript,ASCII, EBCDIC, UNICODE,GIF, JPG, TIF, SVG, PNG,MPG, MOV,TLS, SSL"
Port Monitoring or Mirroring
"Helpful to analyze packet flow over network,Connect a network sniffer to a hub and it sees all,But, switches require port monitoring for network analyzer to see all the traffic,Port mirroring makes a copy of all traffic destined for a port and sends it to another port"
Fiber-optic cable
"High bandwidth, long distance, and no EMI-FIOS and Google",
Drawbacks of Client/Server
"Higher cost,Requires dedicated resources,Requires network operating system"
Layer 3 Redundancy Protocols
"Hot Standby Router Protocol(HSRP),Common Address Redundancy Protocol(CARP),Virtual Router Redundancy Protocol(VRRP),Gateway Load Balancing Protocol(GLBP),Link Aggregation Control Protocol(LACP)"
Incident Response
"How will you react to a security violation? Prosecuting computer crimes can be difficult.Successful prosecution relies on-Means(Did suspect have technical skills to perform the attack?),Motive(Why would they perform the attack?)Opportunity(Do they have the time and access?). If they have all 3 they are most likely the one. We will gather the data. "
Something You Do-Network Security
"How you sign your name, how you draw a particular pattern, how you say a certain passphrase. Are thing that are unique by the user."
Satellite
"Hughsnet Gen 5, Very Small Aperture terminal (VSAT), Used for remote areas, Shipboard use, Expensive in comparison to cellular,cable or fiber connection. ",
Cable Modems
"Hybrid Fiber-Coax (HFC) distribution network is a cable television infrastructure containing both coaxial and fiber-optic cabling,pecific frequency ranges are used for upstream and downstream data transmission as determined by Data-Over-Cable Service Interface Specification (DOCSIS),Upstream (5 MHz to 42 MHz),Downstream (50 MHz to 860 MHz),Transmits and receives over cable television infrastructure. Tranmit and recive over this cable."
Partial-Mesh Topology
"Hybrid of the full-mesh and the hub-and-spoke topologies,Provides optimal routes between some sites, while avoiding the expense of connecting every site"
Frequencies-802.11
"IEEE 802.11 standards are differentiated by their characteristics, such as frequency range used: 2.4 GHz band-2.4 to 2.5 range- 5 GHz band range 5.75 to 5.875 GHz.",
Shortest Path Bridging (SPB
"IEEE 802.1aq-It is the replacement for the older spanning tree protocols: IEEE 802.1D, IEEE 802.1w, IEEE 802.1s. These blocked any redundant paths that could result in a layer 2 loop, whereas SPB allows all paths to be active with multiple equal cost paths, provides much larger layer 2 topologies,[4] supports faster convergence times, and improves the efficiency by allowing traffic to load share across all paths of a mesh network.[5][6][7][8] It is designed to virtually eliminate human error during configuration and preserves the plug-and-play nature that established Ethernet as the de facto protocol at layer 2. For large scale netoworks."
Virtual Router Redundancy Protocol(VRRP)
"IETP open-standard variant of HSRP,Allows for active router and standby router,Creates virtual router as the default gateway"
Components of an IP Address
"IP address, Subnet mask,default gateway DNS and WINS(converts netbios name to ip) optional.",
IKE Modes
"IPsec uses the Internet Key Exchange (IKE) to create a secure tunnel,IKE uses encryption between authenticated peers. Ipsec uses this to perform security. Main-3 separate exchange occurs, aggressive-more quickly achieves results to main mode using only 3 packets, quick-negotiates parameters of ipsec session."
Do you need DHCP for IPv6?
"IPv6 uses auto configuration to discover the current network and selects its own host ID based on its MAC using the EUI64 process,If you want to still use DHCP, there is a DHCPv6 protocol,IPv6 uses Neighbor Discovery Protocol (NDP) to learn the Layer 2 addresses on the network. you do not need dhcp.",
IEE802.3
"Iee802.3 is the standard which Ethernet operates by. It is the standard for CSMA/CD (Carrier Sense Multiple Access with Collision Detection). This standard encompasses both the MAC and Physical Layer standards.CSMA/CD is what Ethernet uses to control access to the network medium (network cable). If there is no data, any node may attempt to transmit, if the nodes detect a collision, both stop transmitting and wait a random amount of time before retransmitting the data.
Route Believability
"If a network is using more than one routing protocol, how does it choose which routing protocol to make decisions from?Some routing protocols are considered more believable than others, so routers use an index of believability called administrative distance (AD),If a route has a lower the administrative distance (AD), the route is more believable. Protocols are more believable . Lower the number the better of belivable. Directly Conneted Network-AD -0, Statically Configured Network-AD-1, EIGRP-AD90, OSPF-AD-110, RIP-120, External EIGRP-AD170, Unknown or Unbelivable -AD-255",
PIM Dense Mode: Pruning
"If a router receives multicast traffic in the initial flood and the traffic is not needed, then the router sends a prune message asking to be removed from the source distribution tree.",
Metrics
"If a routing protocol knows multiple paths to reach a network, how does it choose its path? Metrics are the values assigned to a route, Lower metrics are preferred over higher metrics, Metrics calculated differently for each protocol RIP(Routing Information Protocol), OSPF(Open Shortest Path First), IS-IS(Intermediate System to Intermediate System), EIGRP(Enhanced Interior Gateway Routing Protocol), and BGP (Border Gateway Protocol),Hop count, bandwidth, reliability delay and other metrics",
Collision detect
"If two devices transmit at the same time, a collision occurs,Back off, wait a random time, and try again"
Wide Area Networks (WANs)
"In the early 1990s, computer-networking design guides commonly invoked the Pareto principle (80-20 rule),Concept is that 80% of traffic stays on the LAN, while only 20% of traffic goes to WAN,Today, most network traffic leaves the LAN and travels across the WAN. Now we depend on cloud based applications. A wide area network is a telecommunications network that extends over a large geographic area for the primary purpose of computer networking. Wide area networks are often established with leased telecommunication circuits.."
WLAN Service Sets
"Independent Basic Service Set(iBSS), Basic Service Set (BSS) & Extended Service Set (ESS)",
Wireless Network Topology-Infrastructure Mode
"Infrastructure Mode,Requires centralized management,Uses a wireless access point as a centralized point like a star topology,Supports wireless security controls"
PIM Sparse Mode (PIM-SM
"Initially uses a shared distribution tree, which may be suboptimal, but Eventually creates an optimal distribution tree through shortest path tree (SPT) switchover",
DHCP (dynamic Host configuration protocol)
"Initially, clients on networks needed IP addresses manually configured (or statically assigned) to communicate. This is used to assign an IP according to vlan and segment setup on the DHCP server. 4 step discover , offer , request then ackowlegde. You will get IP, GW,SM and DNS server ip. DORA-Ports 67 & 68",
Names of NAT IP addreses
"Inside Local, Inside Private, outside local & outside global",
Other Security Threats
"Inside Threats,Phising,Ransomware,Logic Bombs,Deauthentication, Vlan Hopping"
Stateful Firewalls
"Inspects traffic as part of a session,Recognizes whether traffic originated from inside or outside the LAN. Session requests bases on session if a user requests it if another session is created by the destination it will be denied . Only requests by users. A phising email enables this session request when a user clicks on the link once that session is opened by the user then it has access to your network. we can combine a packet filtering and stateful firewall to create a good firewall."
Classless Interdomain Routing (CIDR)
"Instead of advertising multiple individual routes, the routes can be summarized and advertised as a single route,Used to summarize contiguous networks,Called route aggregation",
Coaxial Cable (Coax)
"Insulated conductor or center wire passes data,
Wireless Network Topology-Wireless Mesh Topology
"Interconnection of different types of nodes or devices ,Consists of clients, routers, and gateways,Utilizes different radio frequencies to extend and expand access IE when you use multiple connections such as micro wave , wifi or Cellular to complete network"
Enhanced Interior Gateway Routing Protocol (EIGRP)
"Interior Gateway Protocol,Advanced distance-vector protocol using bandwidth and delay making it a hybrid of distance-vector and link-state,Proprietary Cisco protocol that is popular in Cisco-only networks",
Routing Information Protocol (RIP)
"Interior Gateway Protocol,Distance-vector protocol using hop count,Maximum hops of 15, 16 is infinite,Maximum hops of 15, 16 is infinite,Easy to configure and runs over UDP. Will drop packet after 16 hops",
Intermediate System to Intermediate System (IS-IS)
"Interior Gateway Protocol,Link-state protocol using cost,Cost is based on link speed between routers,Cost is based on link speed between two routers,Functions like OSPF protocol, but not as popular or widely utilized",
Open Shortest Path First (OSPF)
"Interior Gateway Protocol,Link-state protocol using cost,Cost is based on link speed between routers. More efficeint and faster.",
Routing Protocols
"Internal and Exterior Routing Protocols(IGP),Exterior Gateway Protocols (EGP)",
IGMPv3
"Internet Group Management Protocol-Client can request multicast from only specific server,Called source-specific multicast (SSM),Allows multiple video streams to single multicast. There are three versions of IGMP.[6] IGMPv1 is defined by RFC 1112, IGMPv2 is defined by RFC 2236 and IGMPv3 was initially defined by RFC 3376 and has been updated by RFC 4604 which defines both IGMPv3 and MLDv2. IGMPv2 improves IGMPv1 by adding the ability for a host to signal desire to leave a multicast group. IGMPv3 improves IGMPv2 by supporting source-specific multicast[7] and introduces membership report aggregation. These versions are backwards compatible. A router supporting IGMPv3 can support clients running IGMPv1, IGMPv2 and IGMPv3. IGMPv1 uses a query-response model. Queries are sent to 224.0.0.1. Membership reports are sent to the group's multicast address. IGMPv2 accelerates the process of leaving a group and adjusts other timeouts. Leave-group messages are sent to 224.0.0.2. A group-specific query is introduced. Group-specific queries are sent to the group's multicast address. A means for routers to select an IGMP querier for the network is introduced. IGMPv3 introduces source-specific multicast capability. Membership reports are sent to 224.0.0.22.",
Simple Mail Transfer Protocol SMTP
"Internet standard for sending electronic mail, Send Emails port 25"
IDS
"Intrusion Detection System,Passive device, operates parallel to network monitors all traffic and send alerts. Analyze all incoming packets. It alerts you that there is an issue . Iwill log all packets if setup . Connected to the network."
IPS
"Intrusion Prevention System-Active device, Operates in-line to the network, Monitors all traffic, sends alerts, and drops or blocks the offending traffic. Has to have all the data go thru the device . Will actively prevent attack according to signature. could get a false positive which will drop needed packets."
Dynamic NAT (DNAT)
"Ip address automatically assigned from a pool, one to one translation. Shared pool matching a internal to a n external scope. Shared pool of Public IP's so Private ip'd devices can get out using this pool of shared IP's.",
How is communication synchronized?
"Isochronous,Synchronous & Asynchronous L2"
Problem Reporting
"Issue s are either reported either by the end user, by administrators or by automated systems"
RC4 Rivest Cipher 4
"It is a variable key-size stream cipher with byte-oriented operations. It uses either 64 bit or 128-bit key sizes. It is generally used in applications such as Secure Socket Layer (SSL), Transport Layer Security (TSL), and also used in IEEE 802.11 wireless LAN std.�",
TCP Transmission Control Protocol
"It is one of the main protocols in TCP/IP networks. TCP provides error-checking and guarantees delivery of data and that packets will be delivered in the order they were sent. File transfers,ssh,email smtp,imap pop3 & FTP"
Confidentiality
"Keeping the data private and safe,Encryption,Authentication to access resources. Encryption ensures that data can only be read (decoded) by the intended recipient-Symmetric encryption & Asymmetric encryption"
Lightweight Directory Access LDAP
"LDAP provides the communication language that applications use to communicate with other directory services servers. Directory services store the users, passwords, and computer accounts, and share that information with other entities on the network.Active Directory also uses this port. Port 389"
Security Policy
"Lack of a security policy, or lack of enforcement of an existing policy, is a major reason for security breaches,Security policies serve multiple purposes-Protecting an organization�s assets,Making employees aware of their obligations,Identifying specific security solutions,Acting as a baseline for ongoing security monitoring. Acceptable Use Policy (AUP) is a common component of a corporate security policy,Security policies contain a myriad of other complementary policies,Larger organizations have complex policies"
Electrical Disturbance
"Launched by interrupting or interfering with electrical service available to a system,Uninterruptable power supply (UPS), line conditioners, and backup generator can help to combat these threats ie Power spikes, electrical surges, power faults, blackouts, power sag and brownout"
Synchronous Optical Network (SONET)
"Layer 1 technology using fiber as media,Transports Layer 2 encapsulation (like ATM),High data rates (155 Mbps to 10 Gbps),Covers large distances (20 km to 250 km),Physical topology can be a bus or ring. FIDDI . ATM is used on this like frame but uses Cells. and use a fixed size."
VPN Types: L2F
"Layer 2 Forwarding (L2F) was developed by Cisco to provide for tunneling of PPP (point to Point),Lacks native security features, like L2TP(Layer 2 Tunneling Protocol-In computer networking, Layer 2 Tunneling Protocol is a tunneling protocol used to support virtual private networks or as part of the delivery of services by ISPs. It does not provide any encryption or confidentiality by itself.)"
VPN Types: L2TP
"Layer 2 Tunneling Protocol (L2TP) lacks security features like encryption,Can be used for secure VPN if combined with additional protocols for encryption services. Only if you have the extra layer of encryption."
Asynchronous Transfer Mode (ATM)
"Layer 2 WAN technology operating using Permanent Virtual Circuits (PVCs) and Switched Virtual Circuits (SVCs),Similar to Frame Relay, except all frames are transferred as fixed-length (cells) as its protocol data unit (PDU),Fixed-length cells of 53-bytes used to increase speed of transmissions,Contains 48-byte payload and 5-byte header,Generic Flow Control (GFC),Virtual Circuit Identifier (VCI),Virtual Path Indicator (VPI),Payload Type Indicator (PTI),Cell Loss Priority (CLP),Header Error Control (HEC). Fixed size of 53 bytes is what makes it fast."
Switch
"Layer 2 device used to connect multiple network segments together,Essentially a multiport bridge,Switches learn MAC addresses and make forwarding decisions based on them,Switches analyze source MAC addresses in frames entering the switch and populate an internal MAC address table based on them"
Logical topology
"Layer 2 devices view networks logically,Ring, bus, star, mesh, hub-and-spoke, "
Layer 3 Switch
"Layer 3 device used to connect multiple network segments together,Can make Layer 3 routing decisions and interconnect entire networks (like a router), not just network segments (like a switch). Unless told a layer 3 switch it will always be layer 2 switch no routing."
Router
"Layer 3 device used to connect multiple networks together,Make forwarding decisions based on logical network address information such as IP addresses ( IPV4 and Ipv6),Routers are typically more feature rich and support a broader range of interface types than multilayer switches,Each port is a separate collision domain,Each port is a separate broadcast domain"
Dynamic Routing Protocols
"Learned by exchanging information between routers automatically based on protocols. When they share there routing tables. Dynamic routing is a easier way to administrator like a home router . More then one route can exist for a network. Based on hops, and link speeds. Border Gateway Protocol (BGP). RIP Routing information Protocol, EIGRP Enhanced Interior Gateway Routing Protocol, Intermediate System to Intermediate System (IS-IS) and OSPF Open Shortest path First are all interior gateway protocols (IGP) while BGP is an exterior gateway protocol (EGP)
Link Efficiency: LFI
"Link Fragmentation & Interleaving (LFI),Fragments large data packets and interleaves smaller data packets between the fragments, Utilized on slower-speed links to make the most of limited bandwidth. It reduces delay and jitter on links by fragmenting large packets and interleaving delay-sensitive packets with the resulting smaller packets for simultaneous transmission across multiple links of a multilink bundle.."
Redundant Network with Now Single Points of Failure
"Link Redundancy (Multiple connections between devices),Redundancy of Components (Switches and Routers)"
Dedicated Leased Line
"Logical connection that connects two sites through a service provider�s facility or telephone company�s central office,More expensive than other WAN technologies because a customer doesn�t share bandwidth with other customers. Directed line site.",
Single-Mode Fiber (SMF)
"Longer distances than multimode fiber,Smaller core size allows for only a single mode of travel for the light signal,Core size: 10 microns Routers to switches switches to switches"
Specialized IPs
"Loopback addresses (127.x.x.x range),Refers to the device itself and used for testing,Most commonly used as 127.0.0.1.Automatic Private IP Addresses (APIPA),Dynamically assigned by OS when DHCP server is unavailable and address not assigned manually,ange of 169.254.x.x. Assigned by the OS dynamically when DHCP is not available.",
Frame Relay
"Losing market share due to cable and DSL,Frame Relay sites connected to virtual circuits (VC),VCs are point-to-point or point-to-multipoint,Low cost and widely available,Always-on or on-demand,Layer 2 technology. Due to lower cost of Cable and FIOS Frame relay is not used as much. Frame relay is a packet-switching telecommunication service designed for cost-efficient data transmission for intermittent traffic between local area networks (LANs) and between endpoints in wide area networks (WANs).
iSCSI (IP Small Computer System Interface)
"Lower cost, built using Ethernet switches (<10 Gbps),Relies on configuration allowing jumbo frames over the network. Low cost max at 10gbps.",
Benefits of Peer-to-Peer
"Lower cost,No dedicated resources required,No specialized operating system required"
MIC (Message Intergrity Check)
"MIC is able to protect both the data payload and header of the respective network packet.The check helps network administrators avoid attacks that focus on using the bit-flip technique on encrypted network data packets.MIC helps prevent this type of attack by adding a MIC field to the respective wireless network frame.Additionally, MIC adds a sequence number field to a wireless frame. If frames are received out of order by a wireless access point, then they are subsequently dropped.",
problem Diagnosis
"Majority of troubleshooters efforts are spent diagnosing the problem-collect information, examine collected information, eliminate potential causes, hypothesize underlying cause and verify hypothesis."
Rogue Access Point
"Malicious user setup an WAP to lure legitimate users to connect to the AP. Such Malicious users can then capture the packets(data) going thru the rogue Access point. Such data as user name, PW and credit card information. Man in the middle",
Static
"Manually assign the ip to the device. Simple,time consuming ,prone to human error and impractical for large networks.",
Static Routes
"Manually configured by an administrator,Default static route (0.0.0.0/0) is a special case(if you do not know wheere to go). An admin can put a static route to make it easier. ",
HTTPS and Management URLS
"Many systems provide a management system that is accessed through a web browser. Ie. WAP's, Modems, routers and firewalls."
Remote Access
"Manyways to access data remotely and either control a client , Server or other device over a network connection. Telnet,SSH,RDP,Virtual Network Computing(VNC),HTTPS,Remote File access(FTP,SFTP,FTPS&TFTP),VPN's, Out of Band Management,"
Symmetric DSL (SDSL)
"Maximum distance to DSLAM: 12,000 feet,No simultaneous voice and data on same line,Downstream: 1.168 Mbps,Upstream: 1.168 Mbps Dedicated"
Asymmetric DSL (ADSL)
"Maximum distance to DSLAM: 18,000 feet,Voice and Data on same line,Downstream: Up to 8 Mbps,Upstream: Up to 1.544 Mbps. Shared"
Very High Bit-Rate DSL (VDSL)
"Maximum distance to DSLAM: 4,000 feet,Downstream: Up to 52 Mbps,Upstream: Up to 12 Mbps- DSLAM-Digital-Subscriber-Line-Access-Multiplexe provider CO or main distribution location."
Mesh Topology
"May not use a centralized control,Range of combined wireless defines network,Uses WiFi, Microwave, Cellular, and more. Like ESS (extended Service Set-An extended service set (ESS) is one or more interconnected basic service sets (BSSs) and their associated LANs. Each BSS consists of a single access point (AP) together with all wireless client devices (stations, also called STAs) creating a local or enterprise 802.11 wireless LAN (WLAN). To the logical link control layer (part of layer 2 of the 7-layer OSI Reference Model) the ESS appears as a solitary BSS at any one of the STAs.) but using multiple networks. Used in Disaster recovery setup.",
Availability
"Measures accessibility of the data,Increased by designing redundant networks,Compromised by,Crashing a router or switch by sending improperly formatted data,Flooding a network with so much traffic that legitimate requests cannot be processed,Denial of Service (DoS),Distributed Denial of Service. Creating redundant system so this will not occur"
Hashing Algorithms (Integrity)
"Message digest 5 (MD5),Secure Hash Algorithm 1 (SHA-1),Secure Hash Algorithm 256 (SHA-256),Challenge-Response Authentication Mechanism Message Digest 5 (CRAMMD5)"
Microsoft Challenge-Handshake Authentication Protocol (MS-CHAP)
"Microsoft Challenge-Handshake Authentication Protocol,Microsoft-enhanced version of CHAP, includes two-way authentication-Best one",
Direct-Sequence Spread Spectrum (DSSS)
"Modulates data over an entire range of frequencies using a series of signals known as chips,More susceptible to environmental interference,Uses entire frequency spectrum to transmit. Slower BW. Uses specific channel.In telecommunications, direct-sequence spread spectrum is a spread-spectrum modulation technique primarily used to reduce overall signal interference. The direct-sequence modulation makes the transmitted signal wider in bandwidth than the information bandwidth",
Star Topology
"Most popular physical LAN topology,If the central device fails, the entire network fails,Most commonly used with Ethernet cabling, but wireless or fiber are also used"
Full-Mesh Topology
"Most redundant topology,Every node connects to every other node,Optimal routing is always available,x= n(n - 1) / 2, not used in many office areas maybe used in governement facilities if needed"
Multicast Routing
"Multicast sender sends traffic to a Class D IP Address(224.0. 0.0 to 239.255. 255.255), known as a multicast group. Send the traffic only to the devices that want it, 2 primary protocols Internet Group Management Protocol (IGMP) & Protocol Independent Multicast (PIM) and OSFP- Open Short Path First ",
Weakness of Password
"Multifactor Authentication,Using common passwords,Weak and short passwords. Change the default password from the vendor."
Active-Active-Cluster
"Multiple NICs are active at the same time,NICs have their own MAC address,Makes troubleshooting more complex. An active-active cluster is typically made up of at least two nodes, both actively running the same kind of service simultaneously. The main purpose of an active-active cluster is to achieve load balancing."
Port Address Translation (PAT)
"Multiple private IP addresses share one public IP, Many to one translation, common in small networks. Multiple private addresses using 1 public ip. It utilizes port. What it does is attach a port to the Internet IP that is associated to that device on the private network so when it comes back it will know where to forward that info to.",
NAT
"Network Address Translation (NAT) is used to conserve the limited supply of IPv4 addresses,NAT translates private IP addresses to public IP addresses for routing over public networks.",
Examples at Layer 2
"Network Interface Cards (NIC),Bridges,switches"
TCP/IP Model
"Network Interface1-OSI LAYER 1 and 2,Internet2- OSI Layer 3.Transport3-OSI Layer 4, Application4-OSI Layer 5,6 and 7"
4 Models of Cloud Computing
"Network as a Service (NaaS),Infrastructure as a Service (Iass),Software as a Service (SaaS) & Platform as a Service (PaaS)",
Synchronous
"Network devices agree on clocking method to indicate beginning and end of frames,Uses control characters or separate timing channel. Happening real time. All at the same time. Ie.Party line, instant messaging VOIP conferencing L2"
Isochronous
"Network devices use a common reference clock source and create time slots for transmission,Less overhead than synchronous or asynchronous L2"
Network Security Fundamentals
"Networks are increasingly dependent on interconnecting with other networks, Risks exist not just on the untrusted Internet, but also inside our own organizations networks and must be minimized or eliminated, Understanding the various threats facing our networks is important in order to best defend the network against the onslaught of cyber-attacks they are constantly facing"
Need for Quality of Service (QoS)
"Networks carry data, voice, and video content,Convergence of media on the network requires high availability to ensure proper delivery,Optimizing the network to efficiently utilize the bandwidth to deliver useful solutions to network users is crucial to success and cost savings"
Zero Configuration (Zeroconf)
"Newer technology based on APIPA providing:,Assigning link-local IP addresses,Non-routable IP usable only on local subnet,Resolving computer names to IP addresses without the need for DNS server on local network,mDNS - Multicast Domain Name Server,Locating network services-Provides service discovery protocols,Service Location Protocol (SLP),Microsoft�s Simple Service Discovery Protocol (SSDP),Apple�s DNS-based Service Discovery (DNS-SD). Enables you to access local file share on your network.",Zero-configuration networking (zeroconf) is a set of technologies that automatically creates a usable computer network based on the Internet Protocol Suite (TCP/IP) when computers or network peripherals are interconnected. It does not require manual operator intervention or special configuration servers.
Congestion Avoidance
"Newly arriving packets would be discarded if the devices output queue fills to capacity, Random Early Detection (RED) is used to prevent this from occurring-As the queue fills, the possibility of a discard increases until it reaches 100%,If at 100%, all traffic of that type is dropped, RED instead drops packets from selected queues based on defined limits. If TCP traffic, it will be retransmitted. If UDP, it will simply be dropped"
Port States
"Non-designated ports do not forward traffic during normal operation, but do receive bridge protocol data units (BPDUs),If a link in the topology goes down then the port might be set to forward to help with the connection going down.
OM3
"OM3. Optical Multimode 3 (ISO/IEC; fiber with 50/125 Micron dimensions and high bandwidth),OM3 Fiber. OM3 fiber comes with an aqua color jacket. Like the OM2, its core size is 50 m, but the cable is optimized for laser based equipment. OM3 supports 10 Gigabit Ethernet at lengths up to 300 meters."
Application (Layer 4)
"OSI -5,6 &7,Defines TCP/IP application protocols,Defines how programs interface with the transport layer service,Layer with which the user interacts ie.HTTP, TELNET, FTP, SNMP, DNS, SMTP, SSL, TLS,"
Internet (Layer 2)-TCP/IP Model
"OSI Layer 3,Packages data into IP datagrams,Contains source and destination Ips,orwards datagrams between hosts across the networks,Routes IP datagrams across networks ieIP, ICMP, ARP, RARP"
Transport (Layer 3)
"OSI Layer 4 ,Provides communication session management between hosts,Defines level of service and status of connection used for transport ie TCP UDP & RTP"
Network Interface (Layer 1)
"OSI-1,Physical and electrical characteristics,Describes how to transmit bits across the network (1�s and 0�s),Determines how interface uses network medium,Coaxial, Optical fiber, or Twisted-pair copper cabling ie.Ethernet, Token Ring, FDDI, RS-232"
Drops QOS
"Occurs during link congestion,Router�s interface queue overflows and causes packet loss"
Active-Standby
"One NIC is active at a time,Client appears to have a single MAC address"
LDAP Secure LDAPS
"Open, vendor-neutral, industry standard for accessing and maintaining distributed directory information services,Like LDAP(The Lightweight Directory Access Protocol is an open, vendor-neutral, industry standard application protocol for accessing and maintaining distributed directory information services over an Internet Protocol network.) but more secure using tls or ssl. Port 636"
Common Address Redundancy Protocol (CARP)
"Open-source protocol-CARP works by allowing a group of hosts on the same network segment to share an IP address. This group of hosts is referred to as a ""redundancy group"". The redundancy group is assigned an IP address that is shared amongst the group members. Within the group, one host is designated the ""master"" and the rest as ""backups"". The master host is the one that currently ""holds"" the shared IP; it responds to any traffic or ARP requests directed towards it. Each host may belong to more than one redundancy group at a time.One common use for CARP is to create a group of redundant firewalls. The virtual IP that is assigned to the redundancy group is configured on client machines as the default gateway. In the event that the master firewall suffers a failure or is taken offline, the IP will move to one of the backup firewalls and service will continue unaffected."
Virtual Router Redundancy Protocol (VRRP)
"Open-source protocol-The Virtual Router Redundancy Protocol (VRRP) is an election protocol that dynamically assigns responsibility for one or more virtual routers to the VRRP routers on a LAN, allowing several routers on a multiaccess link to utilize the same virtual IP address. Similiar to HSRP except HSRP is proprietary to Cisco"
Common Address Redundancy Protocol(CARP
"Open-standard variant of HSRP,Allows for active router and standby router,Creates virtual router as the default gateway"
Logs
"Operating systems running on network clients and servers can also produce logs,Microsoft Windows provides an Event Viewer application to view logs-Application ,Security & system logs are all in Event viewer for MS"
Wired Equivalent Privacy(WEP)
"Original 802.11 wireless security standard,Claimed to be as secure as wired networks,Static 40-bit pre-shared encryption key,Upgraded to 64-bit and 128-bit key over time,Uses 24-bit Initialization Vector (IV),sent in clear text , brute force attack within minutes using AirCrack-ng and other tools can get the key. not secure anymore. The IV send portions of the Key.",
Virtual Network Computing(VNC)
"Originally used in thin client architectures. Operates much like RDP, But a cross platform solution for windows, linux and OS X."
Specialized Network Devices
"Others devices serve specific functions to improve usability, performance, and security. VPN concentrators,Firewalls,DNS servers,DHCP servers, Proxy Servers and content engines and switches",
PIM Modes
"PIM Dense Mode (PIM-DM),PIM Sparse Mode (PIM-SM)",
Layer 2 (Data Link)
"Packages data into frames and transmitting those frames on the network, performing error detection/correction, and uniquely identifying network devices with an address (MAC), and flow control, MAC ,Physical Addressing logical topology, method of transmission "
Attacks on Confidentiality
"Packet capture(sniff Network),Wiretapping(tap onto existing cables and monitor),Dumpster diving(going thru the trash),ping sweep(looking for devices),port scans(scan for open ports),wireless interception(capture the data from an WAP), man in the middle(put youself between user and destination),social engineering(get it directly from people-phishing emails) & Malware/spyware(if attacked with malware it can record keystrokes)"
Attacks on Confidentiality
"Packet capture,Wiretapping,dumpster diving,ping sweep, port scan,wireless interception,emi interception,Mann in the middle,social engineering malware"
How should data be forwarded or routed ?
"Packet switching (known as routing),Circuit switching & Message Switching"
PPP Authentication Methods
"Password Authentication Protocol (PAP),Challenge-Handshake Authentication Protocol (CHAP) & Microsoft Challenge-Handshake Authentication Protocol (MS-CHAP). The PPP authentication protocols are Password Authentication Protocol (PAP) and Challenge-Handshake Authentication Protocol (CHAP). Each protocol uses a secrets database that contains identification information, or security credentials, for each caller that is permitted to link to the local machine. PPP Point to Point
Technical Policies
"Password, E-mail, Wireless, Remote Access, and Bring Your Own Device (BYOD). "
Peer-to-Peer Model
"Peers (PCs) share resources (files/printers) with each other directly,Administration and backup are more difficult since resources are located on a many PCs which adds to the administrative burden"
Password Authentication Protocol (PAP)
"Performs one-way authentication between client and server,Credentials sent in clear-text. Not secure",
Vulnerability Scanners
"Periodically test the network to verify that network security components are behaving as expected and to detect known vulnerabilities,Vulnerability scanners are applications that conduct these tests ie Nessus(hosts and patches),Zenmap(open ports) & Nmap"
MAC Filtering
"Permits or denies traffic based on a device�s MAC address to improve security,LAYER 2. "
Packet-Filtering Firewalls
"Permits or denies traffic based on packet header, Source IP address/port number, Destination IP address/port number. Looks at each packet individually and makes a decision on the access deny rules on the firewall."
VPN
"Permits secure connection to different parts of the network for management and access. Different types-IPSEC,ssl/tls/dtls,site to site VPN and client to site VPN. Uses IKE for key exchange to encrypt and decrypt packets."
Wide Area Network (WAN) Link
"Physically connects networks together,Numerous WAN links are available: leased lines, DSL, Cable, Fiber Optic, Satellite, Cellular, Microwave, �Connects internal network to external networks, such as a SOHO network to Internet"
Command Line tools-Windows
"Ping, arp(shows MAC to IP Matches),IPCONFIG(ip info on Device),PING (uses icmp to check connectivity),Tracert(uses ICMP to rout and give you the hops to your far end device),nbtstat(displays Netbios info for ip based networks,netstat(displays IP based connections on PC including current sessions, source and destination ip addreses and port numbers.),nslookup(ip to FQDN),route(used to find current PC route. shhow metric)"
VPN Types: PPTP
"Point-to-Point Tunneling Protocol (PPTP) is an older protocol that supports dial-up networks,Lacks native security features, but Windows added some features in their implementation. Stands for "Point-to-Point Tunneling Protocol." PPTP is a networking standard for connecting to virtual private networks, or VPNs. VPNs are secure networks that can be accessed over the Internet, allowing users to access a network from a remote location."
Dedicated Leased Line
"Point-to-point connection between two sites,All bandwidth on line is available all the time,Digital circuits are measured in 64-kbps channels called Digital Signal 0 (DS0) Depending you have payed for would depend howmny chanenels you get.,Channel Service Unit / Data Service Unit (CSU/DSU) terminates the digital signals at customer location,Common digital circuits include T1, E1, T3, and E3 circuits use CSU's and DSU's remember this",
Policing and Shaping
"Policing-Typically discards packets that exceed a configured rate limit (speed limit),Dropped packets result in retransmissions,Recommended for higher-speed interfaces,Shaping-Buffers (delays) traffic exceeding configured rate,Recommended for slower-speed interfaces"
Data Loss Prevention
"Policy that seeks to minimal accidental or malicious data losses,Policy should cover the entire network, not just email or file storage,How will your organization guard sensitive data at the� ie-Client level (data in operation),Network level (data in transit),Storage level (data at rest). What is acceptable and what is not."
AES (Advanced Encryption Standard)
"Preferred symmetric encryption standard,Used by WPA2,Available in 128-bit, 192-bit, and 256-bit keys,Sender and receiver use the same key to encrypt and decrypt the messages. Bitlocker uses this as well."
PBX
"Private Branch Exchange PBX stands for Private Branch Exchange, which is a private telephone network used within a company or organization. The users of the PBX phone system can communicate internally (within their company) and externally (with the outside world), using different communication channels like Voice over IP, ISDN or analog. PBX's can also be virtualized utilizing SIP.",
Cloud Computing
"Private Cloud,Public cloud and Hybrid Cloud",
Private IPs
"Private IP�s can be used by anyone,Not routable outside your local area network,Network Address Translation (NAT) allows for routing of private IPs through a public IP. Private IP's Class A 10.0.0.0 to 10.255.255.255 ,Class B 172.16.0.0 to 172.31.255.255 Class C-192.168.0.0 to 192.168.255.255.",
Listening
"Processes BPDUs,Switch determines its role in the spanning tree, it is determining if it needs to be blocking or forwarding. If all is ok it will turn up to forwarding only if needed."
Hot Standby Router Protocol(HSRP)
"Proprietary first-hop redundancy by Cisco,Allows for active router and standby router,Creates virtual router as the default gateway"
Gateway Load Balancing Protocol(GLBP)
"Proprietary first-hop redundancy by Cisco,Focuses on load balancing over redundancy,Allows for active router and standby router,Creates virtual router as the default gateway"
PIM Sparse Mode: Shared Distribution Tree
"Protocol Independent Multicast-An optimal path between the source and last-hop routers is not initially created. Instead, a multicast source sends traffic directly to a rendezvous point (RP). All last-hop routers send join messages to the RP. Most usedexplicitly builds unidirectional shared trees rooted at a rendezvous point (RP) per group, and optionally creates shortest-path trees per source. PIM-SM generally scales fairly well for wide-area usage. PIM Dense Mode (PIM-DM) uses dense multicast routing.",
Dynamic Host Control Protocol (DHCP)
"Provides Ip,SM,GW , DNS and WINs ( a variable if a VOIP device-TFTP Server IP),Each IP is leased for a given amount of time and given back to the pool when lease expires (TTL) ports 67 and 68",
Platform as a Service (PaaS)
"Provides a development platform for companies that are developing applications without the need for infrastructure,Dion Training uses PaaS for our courses ie Pivotal,openshift Apprenda. Used for coding anf programming.Platform as a service or application platform as a service or platform-based service is a category of cloud computing services that provides a platform allowing customers to develop, run, and manage",
Remote Desktop Protocol RDP
"Provides a user with a graphical interface to connect to another computer over a network connection,A protocol developed by Microsoft,Remotely control desktop as a GUI. Port 3389"
Layer 7 (Application)
"Provides application level services,Not Microsoft Word or Notepad,Layer where the users communicate with the computer,Application services,Service advertisement,ie-pop3,imap smtp not actual application it is protocols"
Telnet
"Provides bidirectional interactive text-oriented communication facility using a virtual terminal connection, unsecure port 23"
Simple Network Management SNMP
"Provides collection and organization of information about managed devices on IP networks,Can modify that information to change device behavior, commonly used in network devices,Simple Network Management Protocol (SNMP) is a way for different devices on a network to share information with one another. It allows devices to communicate even if the devices are different hardware and run different software. Port 161"
SSH File Transfer Protocol SFTP
"Provides file access, file transfer, and file management over any reliable data stream port 22"
Server
"Provides resources to the rest of the network ,Different servers provide different functions such as an E-mail server Web server File server Chat server and Print server"
Z-Wave
"Provides short-range, low-latency data transfer at rates and power consumption lower than Wi-Fi. Home automation"
Session Initiation Protocol SIP
"Provides signaling and controlling multimedia communication sessions in applications,Used for Internet telephony for voice and video calls, VOIP, and instant messaging. VOIP, Video calling or instant messaging. port 5060 & 5061"
Software Defined Networking (SDN)
"Provides the administrator an easy to use front end to configure physical and virtual devices throughout the network. All configurations can be defined on the SDN controller and sent out to all active devices. All the configurations are automatically done, Provides administrator and overview of the entire network. The SDN layer essentially acts a virtual software switch or router in place of (or in conjunction with) the physical network devices.
Proxy Server
"Proxy server checks and allows users to access the internet to see if it is allowed. Caches information for all users.",
Plain Old Telephone Service (POTS)
"Public switched telephone network (PSTN) consists of telephone carriers from around the world,Analog connections (voice and/or data) using the PSTN are called POTS connections,Dial-up modems have a maximum bandwidth of 53.3-kbps because they can only access one 64-kbps channel at a time. 1 channel of a t1. T1 24 channels."
Routable IPs
"Publicly routable IP addresses are globally managed by ICANN,Internet Corporation for Assigned Names and Numbers,groups under ICANN-RIN, LACNIC, AFNIC, APNIC, and RIPE NCC.Public IP�s must be purchased before use through your Internet Service Provider.",
QoS Categorization
"Purpose of Qos,Categorization of Traffic,Ways of Categorizing Traffic,Methods of Catergorizing Traffic"
Coaxial cable
"RG-6 cabling,cable modem-optimum",
Twisted Pair Connectors
"RJ-45. RJ-11 ,DB9 and DB25 (RS232)"
RTP
"Real Time Protocol this is a network protocol for delivering audio and video RTP is generally used with a signaling protocol, such as SIP, which sets up connections across the network."
Physical Controls-Security
"Reduce unauthrized access,mantrapos,keypads,lock facility,authenticated access(badges,biometrics,key fobs,password/pins),cameras"
Fibre Channel over Ethernet (FCoE)
"Removes need for specialized hardware,Runs over your Ethernet networks.FCoE (Fibre Channel over Ethernet) is a storage protocol that enables Fibre Channel (FC) communications to run directly over Ethernet. FCoE makes it possible to move Fibre Channel traffic across existing high-speed Ethernet infrastructure and converges storage and IP protocols onto a single cable transport and interface. The goal of FCoE is to consolidate I/O (input/output) and reduce switch complexity, as well as to cut back on cable and interface card counts. Adoption of FCoE has been slow, however, due to a scarcity of end-to-end FCoE devices and a reluctance on the part of many organizations to change the way they implement and manage their networks.",
Wi-Fi Protected Access (WPA)
"Replaced WEP and its weaknesses,Temporal Key Integrity Protocol (TKIP),48-bit Initialization Vector (IV) instead of 24-bit IV,Rivest Cipher 4 (RC4) used for encryption,Uses Message Integrity Check (MIC),Confirms data was not modified in transit,Enterprise Mode WPA,Users can be required to authenticate before exchanging keys,keys between client and AP are temporary.",
Troubleshooting Methodology
"Report Problem, Problem Diagnosis and problem Resolution"
Link State
"Requires all routers to know about the paths that all other routers can reach in the network,nformation is flooded throughout the link-state domain (OSPF or IS-IS) to ensure routers have synchronized information,Faster convergence time and uses cost or other factors as a metric,Each router constructs its own relative shortest-path tree with itself as the root for all known routes in the network",
Layer 6 (Presentation)
"Responsible for formatting the data exchanged and securing that data with proper encryption,Data formatting,Encryption"
Logical Address
"Routed protocols such as AppleTalk. Internetwork Packet Exchange-IPX, Internet Protocol (IP). The dominant is IP Internet Protocol which is IPV4 and 6. The logical address is a 32-bit IP address that is not embedded in the network card but it is assigned to it for the purpose of routing between networks. This type of address operates at Layer 3 (network) of the OSI Model."
Network Infrastructure devices
"Router and Switches are the primary used in our networks"
Buffering
"Router will buffer or store the information depending on incoming traffic and out going BandWidth.When available, it transmits the contents of the buffer If the buffer overflows, segments will be dropped"
Route Discovery and Selection
"Routers maintain a routing table to understand how to forward a packet based on destination IP address,Manually configured as a static route or dynamically through a routing protocol ie. RIP,OSPF & EIGRP-BGP"
Examples at Layer 3
"Routers,Multilayer switches,IPv4 & 6 protocol & Internet Control Message Protocol (ICMP)"
Protocol Independent Multicast (PIM)
"Routes multicast traffic between multicast-enabled routers. Multicast routing protocol forms a multicast distribution tree. Protocol-Independent Multicast (PIM) is a family of multicast routing protocols for Internet Protocol (IP) networks that provide one-to-many and many-to-many distribution of data over a LAN, WAN or the Internet. ... PIM does not build its own routing tables. PIM uses the unicast routing table for reverse path forwarding.
Routing Table
"Routing Decisions,Layer 3 to Layer 2 Mapping,Router�s use ARP caches to map an IP address to a given MAC address,Make packet-forwarding decisions based upon their internal routing tables.Routing Tables-Table kept by the router to help determine which route entry is the best fit for the network A route entry with the longest prefix is the most specific network. Routing tables use the ip address it uses a prefix . Which then uses route cost to determine the fastes route.",
RIP
"Routing Information Protocol ,Routing Information Protocol (RIP) is a dynamic routing protocol which uses hop count as a routing metric to find the best path between the source and the destination network. "
Fiber Connectors
"SC-Subscriber Connector, ST-Straight tip Connector, LC-Lucent Connector MTRJ-Mechanical Transfer Register Jack"
SNMP Versions
"SNMP v1,v2,v3"
SNMP v3
"SNMPv3 addressed the weakness of community strings with three enhancements,Hashes message before transmitting (integrity),Validates source of message (authentication),DES-56 to provides confidentiality and privacy (encryption)"
SSL
"SSL (Secure Sockets Layer)�SSL/TLS works by binding the identities of entities such as websites and companies to cryptographic key pairs via digital documents known as X.509 certificates or SSL certificates. Each key pair consists of a private key and a public key. The private key is kept secure, and the public key can be widely distributed via a certificate."
Distance Vector
"Sends full copy of routing table to its directly connected neighbors at regular intervals,Slow convergence time,Time it takes for all routers to update their routing tables in response to a topology change,Holding-down timers speeds up convergence,Prevents updates for a specific period of time,Uses hop count as a metric",
Metro Ethernet
"Service providers are beginning to offer Ethernet interfaces to their customers, Less expensive and more common than specialized serial ports used in a CSU/DSU, Technology used by service provider is hidden from customer and they only need to connect their networks router to a Smart Jack",
SIP (Session Initiation Protocol)
"Session Initiation Protocol (SIP) is an application-layer control protocol that can establish, modify, and terminate multimedia sessions (conferences). A session is considered as an exchange of data between an association of participants, such as Internet telephony calls and video telephony. Maitains consistancy ",
Access Control List (ACL)
"Set of rules typically applied to router interfaces that permit or deny certain traffic,ACL filtering criteria includes:Source & Destination IP, Port, or MAC "
Ephemeral Ports
"Short-lived transport port that is automatically selected from a predefined range,Ports 1025 to 65,536"
Detection Methods-IDS-IPS
"Signature-based detection,Policy-based detection,Anomaly-based detection"
Hub-and-Spoke Topology
"Similar to Star, but with WAN links instead of local area network connections,Not redundant, if central office (hub) fails, the whole network can fail"
Something You Have-Security Access
"Smartcard-Stores digital certificates on the card which are accessed once a valid PIN is provided,key fobes and RFID tags. RSA fobe."
Botnets
"Software robot that lies on a compromised computer,Collection of computers (called zombies) can be controlled by a remote server to perform various attacks/functions for the criminals. You can use the zombie PC to do a ddos attack on a website."
Service Advertisement
"Some applications send out announcements,States the services they offer on the network,Some centrally register with the Active Directory server instead,ie Printers & File Servers"
Multifactor Authentication
"Something you know,have,are,do and Somewhere You Are"
Plenum cable
"Special UTP/STP cable that has a fire-retardant outer insulator,Special UTP/STP cable that has a fire-retardant outer insulator,Safe for use in ceilings, walls, and raised floors used for cables not seen"
Wireless Range Extenders
"Specialized device that overcomes distance limitations of wireless networks,Amplifies the signal and extends reachability or a wireless cell,Wireless repeater receives signal on one antenna and repeats it on other. Receive signal from an existing network then transmitted out. ",
SOA
"Start of Authority Provides authoritative info about DNS zone contact information,primary name server refresh times. Contact info and address book info. A start of authority (SOA) record is information stored in a domain name system (DNS) zone about that zone and about other DNS records. A DNS zone is the part of a domain for which an individual DNS server is responsible.",
Anomaly-based detection
"Statistical anomaly,Watches traffic patterns to build baseline.Non-statistical anomaly-Administrator defines the patterns/baseline. Watch for traffic patterns and anything out of the normal base line it will be flagged. An anomaly-based intrusion detection system, is an intrusion detection system for detecting both network and computer intrusions and misuse by monitoring system activity and classifying it as either normal or anomalous.
Class A
"Subnet 255.0.0.0 - 16,777,214 assignable ips",
Unshielded twisted-pair (UTP)
"Supports analog/digital,Examples (T1, DSL, Dial-up, ISDN)",
Integrated Services Digital Network (ISDN)
"Supports multiple 64-kbps B (Bearer) channels,Older technology designed to carry voice, video, or data over B channels,D channel (data or delta channel) existed for 64-kbps signaling data,Circuits classified as a basic rate interface (BRI) or primary rate interface (PRI):,BRI: Offers a two 64-kbps B-channels with a 16kbps D-channel,PRI: Offers a 1.472-Mbps data path over 23 B-channels and a 64-kbps D-channel- Bind Channels up to get speeds of a t1 which is 24 channels."
Multiprotocol Label Switching (MPLS)
"Supports multiple protocols on the same network (used by service providers),Support both Frame Relay and ATM on the same MPLS backbone,Allows traffic to be dynamically routed based on load conditions and path availability,Label switching is more efficient than Layer 3 IP address routing,Used by service providers for forwarding data in the backend, the customer remains unaware of the details. traffic can be sent depending on load condition and path way avaialbilty. BACKBONE SERVICE provider."
Network Logging
"Syslog-Routers, switches, and servers can send their log information to a common syslog server,Allows administrators to better correlate events and see trends,Two primary components-Syslog Server and syslog clients"
Public Cloud
"Systems and users interact with devices on public networks, such as the Internet and other clouds. Access anywhere. Ie. Google drive accessible thru internet and you can then if given access , get to another users information.",
Honey Pots and Honey Nets
"Systems designed as an attractive target,Distraction for the attacker,Attackers use their resources attacking the honey pot and leave the real servers alone,Honey pot is a single machine,Honey net is a network of multiple honey pots,Used to study how attackers conduct attacks."
Flow Control
"TCP uses a flow control mechanism that ensures a sender is not overwhelming a receiver by sending too many packets at once. TCP stores data in a�send buffer�and receives data in a�receive buffer. When an application is ready, it will read the data from the receive buffer. If the receive buffer is full, the receiver would not be able to handle more data and would drop it. To maintain the amount of data that can be sent to a receiver, the receiver tells the sender how much spare room�in the receive buffer there is (receive window). Every time a packet is received, a message is sent to the sender with the value of the current receive window. UDP has not floow control."
Temporal Key Integrity Protocol (TKIP
"TKIP (Temporal Key Integrity Protocol) is an encryption protocol included as part of the IEEE 802.11i standard for wireless LANs (WLANs). It was designed to provide more secure encryption than the notoriously weak Wired Equivalent Privacy (WEP), the original WLAN security protocol.",
Tag Protocol Identifier (TPI)
"Tag protocol identifier (TPID) A 16-bit field set to a value of 0x8100 in order to identify the frame as an IEEE 802.1Q(multiple vlans on 1 trunked interface)-tagged frame. This field is located at the same position as the EtherType field in untagged frames, and is thus used to distinguish the frame from untagged frames.Tag�control information (TCI)",
Internet of Things IoT
"The Internet of Things (IoT) describes the network of physical objects things that are embedded with sensors, software, and other technologies for the purpose of connecting and exchanging data with other devices and systems over the internet. Devices that are always connected to Internet without any user interaction. IE connecting thru WIFI, Bluetooth RFID,NFC, IR (infrared)"
OSPF
"The OSPF is a dynamic (Open Shortest Path First) protocol. Is one of a family of IP Routing protocols, and is an Interior Gateway Protocol (IGP) for the Internet, used to distribute IP routing information throughout a single Autonomous System (AS) in an IP network. Uses path costs after Router exchanges routing info.
RTP (real time protocol)
"The Real-time Transport Protocol is a network protocol for delivering audio and video over IP networks. RTP is used in communication and entertainment systems that involve streaming media, such as telephony, video teleconference applications including WebRTC, television services and web-based push-to-talk features",
Tag control information (TCI)
"The remaining two bytes contain the TCI (tag control information), of which 12 bits correspond to the VID (VLAN identifier, described below) and 4 bits contain metadata used for quality of service management.",
Enterprise Authentication Protocol (EAP)
"The standard authentication protocol used on encrypted networks is Extensible Authentication Protocol (EAP), which provides a secure method to send identifying information over-the-air for network authentication. 802.1x is the standard that is used for passing EAP over wired and wireless Local Area Networks (LAN). It provides an encrypted EAP tunnel that prevents outside users from intercepting information.
Layer 5 (Session)
"Think of a session as a conversation that must be kept separate from others to prevent intermingling of the data,Setting up sessions,Maintaining sessions,Tearing down sessions.In the seven-layer OSI model of computer networking, the session layer is layer 5. The session layer provides the mechanism for opening, closing and managing a session between end-user application processes."
NextGen Firewalls (NGFW)
"Third generation firewalls that conduct deep packet inspection and packet filtering,Operates at higher levels of the OSI model than traditional stateful firewalls,Web Application Firewalls are a good example of these, as they inspect HTTP traffic. This is packet filtering which works on layer 5 6 and 7. it can be denied based on rule sets setup on the firewall."
Type 2 Hyper Visor
"This is the typical hyper visor and this runs on a host OS such as Windows, Linux or any Mac OS for example. This is usually used for small amounts of servers. And the covenince is that you do not need a console to connect to it.You can run the console righ on the OS.https://phoenixnap.com/kb/what-is-hypervisor-type-1-2",
Delay QOS
"Time a packet travels from source to destination,Measured in milliseconds (ms)"
Purpose of QoS
"To categorize traffic, apply a policy to those traffic categories, and prioritize them in accordance with a QoS policy"
Management Access and Authentication
"To configure and manage switches, you can use two options: SSh and a console cable"
Protecting the Network
"To successfully defend a network attacks use,Physical controls,user training,patching,Vulnerbility scanners, honey pots and honey nets,remote access secuurity,security policies and incedent responses"
Classification of Traffic
"Traffic is placed into different categories,For example, the E-mail class might contain various types of traffic ie-POP#,IMAP,SMTP & Exchange,Classification does not alter any bits in the frame or packet"
Routing Fundamentals
"Traffic is routed to flow between subnets,Each subnet is its own broadcast domain,Routers are the layer 3 devices that separate broadcast domains, but multilayer switches are also used. Multilayer switches also send Arp to switch and then the Router will say it is not on the network and send it to me. Once on the router it will switch it from MAC layer 2 to IP layer 3. then once it goes to router to router the router will strip the IP and bring it down to MAC layer 2.",
Maintaining a Session
"Transfer the data,Transfer the data & Acknowledging receipt of data"
TCP
"Transmission Control Protocol- 3 way handshake, Sync,sync acknowledge ,Acknowledgements received for successful communications. Used for all network data that needs to be assured to get to its destination"
Layer 1 (Physical)
"Transmission of bits across the network,Physical and electrical characteristics,TIA/EIA-568-B is standard wiring for RJ-45 cables and ports,cables connected Bus,Ring ,Star, hub&spoke,full mesh, partial mesh ie ethernet,fiber optics,wifi blutooth,hubs Media converters or transcievers ."
Trivial File Transfer TFTP
"Transmits files in both directions of a client-server application, sending OS to device-stripped down FTP. Unsecure there is no encryption used.Port 69"
VPN Types: TLS
"Transport Layer Security (TLS) has mostly replaced SSL,If you are using an HTTPS website, you are probably using TLS"
TLS
"Transport Layer Security�(TLS), and its now-deprecated predecessor, Secure Sockets Layer (SSL), are cryptographic protocols designed to provide communications security over a computer network.Transport Layer Security (TLS) is a protocol that provides authentication, privacy, and data integrity between two communicating computer applications. It's the most widely-deployed security protocol used today and is used for web browsers and other applications that require data to be securely exchanged over a network, such as web browsing sessions, file transfers, VPN connections, remote desktop sessions, and voice over IP (VoIP)."
TLS
"Transport Layer�Security�(TLS) is the successor protocol to SSL. TLS is an improved version of SSL. It works in much the same way as the SSL, using encryption to protect the transfer of data and information. The two terms are often used interchangeably in the industry although SSL is still widely used."
Examples at Layer 4
"Transport layer-TCP,UDP,WAN Accelerators, Load Balancers and firewalls"
Jitter QOS
"Uneven arrival of Packets, Especially harmful to VOIP"
IPv6 Data Flows
"Unicast,Multicast & Anycast new to ipv6.",
IPv4 Data Flows
"Unicast,Multicast & Broadcast.",
WAN Physical Media
"Unshielded twisted-pair (UTP),Coaxial cable,Fiber-optic cable,Fiber-optic cable,Electric power lines",
Cable Distribution
"Use an organized system that is hierarchical,components-MDF,IDF Backbone wiring,telecommunications closet,horizantal wiring,patch panels and work area"
SNMP v1 and v2
"Use community strings to gain access to a device,Default community strings of public (read-only) or private (read-write) devices are considered a security risk."
Internet Group Management Protocol (IGMP)
"Used by clients and routers to let routers known which interfaces have multicast receivers,Used by clients to join a multicast group, versions-IGMPv1,2 & 3. Requests only to be part of the Multicast Group.",
110 block
"Used for higher-speed network wiring, required cat 5 and higher"
Satellite Modems
"Used in remote, rural, or disconnected locations where other connections are not available,Provides relatively fast speeds like a DSL modem, but contain low bandwidth usage limits and charge high costs for over limit usage,Potential issues with Satellite communications:,Delays - Time to satellite and back ( > 1/4 second),Weather conditions,Thunderstorms and snow can cause loss of connectivity between satellite and receiver"
IPv6 uses Neighbor Discovery Protocol (NDP)
"Used to learn Layer 2 addresses on network,Router Solicitation,Hosts send message to locate routers on link to find Default GW,Router advertise their presence periodically and in response to solicitation,Neighbor Solicitation-Used by nodes to determine link layer addresses,Neighbor Advertisement-Used by nodes to respond to solicitation messages,Redirect-Routers informing host of better first-hop routers",
Encryption
"Used to scramble the data in transit to keep it secure from prying eyes,Provides confidentiality of data,TLS to secure data between your PC and website"
Internet Control Message Protocol (ICMP)
"Used to send error messages and operational information about an IP destination,Used in troubleshooting (ping and traceroute)"
Automatic Private IP Address (APIPA)
"Used when device does not have a static IP address and cannot reach a DHCP server,Allows a network device to self-assign an IP address from the 169.254.0.0/16 network,Designed to allow quick configuration of a LAN without need for DHCP,Non-routable but allows for network connectivity inside the local subnet. Assigned by OS.",
UDP-User Datagram Protocol
"User Datagram Protocol (UDP) is a connectionless protocol that works just like TCP but assumes that error-checking and recovery services are not required. Instead, UDP continuously sends datagrams to the recipient whether they receive them or not. No error checking primarily used for Voice and video to speed up process. Layer 4 on OSI"
UDP
"User Datagram Protocol, Connectionless protocol, Unreliable transport of segments, If dropped, sender is unaware, No retransmission, usually used for audio and VOIP"
Software as a Service (SaaS)
"User interacts with a web-based application,Details of how it works are hidden from users. Ie Google drive and Office 365. Web based are in the cloud",
Something you know
"Username,password,pin,answer personal questions. If you know and I can figure out I can break it."
User training
"Users present one of the greatest vulnerabilities to the network,Training should include:Social engineering awareness,Virus transmission dangers,Password security,E-mail security,Physical security. Need users to help us."
Virtual Desktops
"User�s desktop computer is run in browser, Used from web, laptop, tablet, or phone, Easier to secure and upgrade for the admins. Known as VDI (Virtual Desktop Infrastructure) . A new desktop every time you log in. High performance VDI is not good. But newer technology is enabling this .",
Media Access Control (MAC)
"Uses 48-bit address assigned to a network interface card (NIC) by manufacturer,1st 24 bit vendor code next 24 bit is a unique value.A media access control address is a unique identifier assigned to a network interface controller for use as a network address in communications within a network segment. This use is common in most IEEE 802 networking technologies, including Ethernet, Wi-Fi, and Bluetooth. L2"
Ring Topology
"Uses a cable running in a circular loop,Each device connects to the ring, but data travels in a singular direction,FDDI (Fiber networks) used two counter-rotating rings for redundancy,FDDI Ring equals redundancy. When they talk ring they are talking this."
Bus Topology
"Uses a cable running through area that required network connectivity,Each device �taps� into the cable using either a T connector or vampire tap"
Firewalls
"Uses a set of rules defining the types of traffic permitted or denied through the device,Can be either software or hardware,Also, can perform Network Address Translation (NAT) or Port Address Translation (PAT). "
Client/Server Model
"Uses dedicated server to provide access to files, scanners, printers, and other resources,Administration and backup are easier since resources are located on a few key servers"
Asymmetric Encryption (Confidentiality)
"Uses different keys for sender and receiver, RSA is the most popular implementation, RSA algorithm is commonly used with a public key infrastructure (PKI),PKI is used to encrypt data between your web browser and a shopping website, Can be used to securely exchange emails, Sender and receiver use different keys to encrypt and decrypt the messages. Public Key and private key . Use receivers public key to send and it is unencrypted using the users private key to unencrypted it. "
Fiber
"Uses light from an LED or laser to transmit information through a glass fiber,Immune to EMI,Uses light instead of electricity,greater distances with greater data."
PIM Dense Mode (PIM-DM)
"Uses periodic flood and prune behavior to form optimal distribution tree,Causes a negative performance impact on the network,Rarely used in modern networks",
Orthogonal Frequency Division Multiplexing (OFDM)
"Uses slow modulation rate with simultaneous transmission of data over 52 data streams,Allows for higher data rates while resisting interference between data streams. More BW resists interference.",
PIM Dense Mode: Flooding
"Uses source distribution tree (SDT) to form an optimal path between source router and lap-hop router. Before the optimal path is formed, entire network is initially flooded and consumes unnecessary bandwidth.",
3DES (Triple DES)
"Uses three 56-bit keys (168-bit total),Encrypt, decrypt, encrypt. Using 3 different 56 bit key. Need 3 keys stop gap .It is called "Triple DES" because it applies the DES cipher three times when encrypting data. Introduced in 1998, 3DES, also known as Triple DES, Triple DEA, TDEA, or the Triple Data Encryption Algorithm, is a cryptographic cipher. It is a symmetric key block cipher, meaning that the same key is used to encrypt and decrypt data in fixed-length groups of bits called blocks."
Ant+
"Usually used with Sensors.Collection and transfer of sensor data. Ie Used with remote control systems (tire pressure, TVs, lights)"
TCP SYN Flood
"Variant on a Denial of Service (DOS) attack where attacker initiates multiple TCP sessions, but never completes the 3-way handshake. Syn - SYN-ACK but never respond with a syn taking up resources. You can use a spoof IP because that ip was not expecting that response so it ignores it."
Deterministic Access
"Very organized and orderly, Need an electronic token to transmit. For example, Token Ring networks. Deterministic access employs token passing, a protocol in which a token, which consists of a specific bit pattern, indicates the status of the network -- available or unavailable. The token is generated by a centralized master control station and transmitted across the network.
VMM Software
"Virtual Machine Manager.Vmware ESXi,Microsoft Hyper v,Virtual Box and Vmware workstation",
Carrier Sense Multiple Access/Collision Avoidance(CSMA/CA)
"WLAN uses CSMA/CA to control access to medium, where wires Ethernet uses CSMA/CD,Listens for transmission to determine if safe to transmit,If channel is clear, transmits Request to Send (RTS),Device waits for acknowledgment,If received an RTS, responds with Clear to Send (CTS),If not received, device starts random back off timer.",
Origins of Ethernet
"Was first run over coax cables (10Base5, 10Base2),Ethernet has changed to using twisted pair cables,Ethernet has changed to using twisted pair cables-max speed 10mbps at 100 meters"
QoS Mechanisms
"Ways of Categorizing Traffic,Classification of Traffic,Marking of Traffic,Congestion Management,Congestion Avoidance,Policing and Shaping,Link Efficiency: Compression,Link Efficiency: LFI. QoS mechanisms can be categorized into two groups based on how the application traffic is treated: 1) traffic handling mechanisms, and 2) bandwidth management mechanisms"
Weighted fair queuing-QOS Congestion Management
"Weighted fair queueing is a network scheduling algorithm. WFQ is both a packet-based implementation of the generalized processor sharing policy, and a natural extension of fair queuing. Each category that is setup takes it turn and then the next one and so on . then it will go to the beginning and start again. "
Weighted round-robin-QOS Congestion Management
"Weighted round robin (WRR) is a scheduling discipline that addresses the shortcomings of PQ and FQ. The basic concept of WRR is that it handles the scheduling for classes that require different bandwidth. WRR accomplishes this by allowing several packets to be removed from a queue each time that queue receives a scheduling turn. WRR also addresses the issue with PQ in which one queue can starve queues that are not high-priority queues. WRR does this by allowing at least one packet to be removed from each queue containing packets in each scheduling turn. At first glance, it may seem that WRR is very similar to WFQ. The difference between the two is that WFQ services bits at each scheduling turn, whereas WRR handles packets in each scheduling turn. The number of packets to be serviced in each scheduling turn is decided by the weight of the queue. The weight is usually a percentage of the interface bandwidth, thereby reflecting the service differences between the queues and the traffic classes assigned to those queues."
Internet Protocol Version 6 (IPv6)
"We�ve essentially ran out of IPv4 addresses due to proliferation of networked devices,IPv6 addressing provides enough IP addresses for generations to come,Enough IPv6 addresses for every person on the planet (5 x 1028), 2 to the 128 which is 340 undecillion addresses. Undecillion=1 with 36 zerros. Much larger, no broadcasts and no fragmentation, coexist with ipv4 during transition. Simplified header. We use hexadecimal. ",
Congestion Management
"When a device receives traffic faster than it can be transmitted, it buffers the extra traffic until bandwidth becomes available Called queuing,Queuing algorithm empties the packets in specified sequence and amount,Queuing algorithms types-Weighted fair queuing,Low-latency queuing,Weighted round-robin"
Tearing Down a Session-TCP
"When transmission is completed either a mutual acknowledgment disconnects . or the party,Due to mutual agreement,After the transfer is done & Due to other party disconnecting"
Design Considerations for Redundant Network
"Where will redundancy be used?,What software redundancy features are appropriate?,What protocol characteristics affect design requirements?,What redundancy features should be used to provide power to an infrastructure device?,What redundancy features should be used to maintain environmental conditions?"
Infrastructure wireless
"Wireless devices communicate with other wireless or wired devices through a wireless router or access point. Most commonly used. Traditional wifi in home and Offices.. Like a Star topology it uses infrastructure such as switches, WAP and router to get to the internet.",
Wireless Security
"Wireless networks offer convenience, but also many security risks,Encryption of data transferred is paramount to increasing security. IE WEP, WPA & WPA2 ",
Wireless Site Survey
"Wireless survey to determine coverage areas,Produces a heat map with coverage. This is used for determining coverage of existing WAP. You can create a heat map which will determine placement.",
STP-Shielded Twisted Pair
"Wires are twisted in pairs and surrounded in a metallic shielding to minimize EMI.Outer shielding minimizes EMI, but makes STP cost more than UTP"
Configuration Management
"You Need Asset management, Baseline, cable management, change management and network documentation. Configuration management (CM) is a systems engineering process for establishing and maintaining consistency of a product's performance, functional, and physical attributes with its requirements, design, and operational information throughout its life."
System Lifecycle
"You are responsible for your systems from cradle to grave�ie-Conceptual Design,Preliminary design,detailed Design,production and installation, operations and support,phase out and disposal. 70% is operations and support."
Multimeter
"checking with copper cabling to verify contunity, or voltage and used to test source power to the device or devices own power"
Out of Band Management
"connect to device using a modem, console router, or direct cable for configuration. Seperation of data and management networks provides additional security to the network. Requires additional configuration and equipment to implement"
Change Management
"coordinated system to account for upgrades, installs and network outages or repairs. Pre-coordinate this action with the site for the right time and day with least impact."
Copper vs Fiber Optic Cables
"copper cheaper ,fiber more data longer distances and more expensive to install and buy"
Hashing (Integrity)
"ender runs string of data through algorithm,Result is a hash or hash digest,Data and its hash are sent to receiver,Receiver runs data received through the same algorithm and obtains a hash,Two hashes are compared,If the same, the data was not modified"
Server Message Block SMB
"network protocol used by�Windows-based computers that allows systems within the same network to share files,Shared access of files printers and other communications devices . Like NETBIOS auth and SMB sending.
Problem Resolution
"occurs once problem is fixed, notate it in your trouble ticket system and verify user is happy with the resolution."
Multimode Fiber (MMF)
"shorter distances than single-mode fiber,larger core 62.5 and 50 microns,Routers to switches,switches to switch and server to switch"
Message digest 5 (MD5)
128-bit hash digest. The key space is only 128 bits and may need to reuse a hash which can cause a collision.
Secure Hash Algorithm 1 (SHA-1)
160-bit hash digest. Because this is 160 bit and it also ran out of hashes causing collisions. cryptograph hash is used to secure data from user to Website. Hash is sent then data is verified using hash.
gigabit ethernet
1Gbps-Depending on cable type
ESD(electrostatic discharge strap) Strap
Allows static buildup in your body to be discahrged into a grounded object instead of dmaging the electrical components.
toner probe
Allows technician to generate a tone at one end of the connection and use a the probe to audibly detect the wire pair conneted to the tone generator. Also known as fox and hound
Low-latency queuing-QOS Congetion Mnagement
Assign priorities to the catergories but the lower your catergory the more you might have to wait .Low-latency queuing is a feature developed by Cisco to bring strict priority queuing to class-based weighted fair queuing. LLQ allows delay-sensitive data to be given preferential treatment over other traffic by letting the data to be dequeued and sent first.
Temperature
Attacker disturbs the HVAC to overheat your systems
VLAN hopping
Attacker physically connects to different switch port to access a different vlan. Manually assigning switch ports and using NAC(network access control),through group policy on devices, can help prevent this.
Smurf (ICMP Flood)
Attacker sends a ping to subnet broadcast address and devices reply to spoofed IP (the victim) using up bandwidth and processing. Ping to broadcast ip.
Deauthentication
Attackers send a deautentication frame a victim to disconnect them from the network. Often a wireless hacking attack
Phishing
Attackers send emails to get them to click a link.
2.4ghz Placement
BGN wireless we will want an overlapping coverage of 10 to 15%. Need to be on separated channels. If same channel will cause collision.,
CoAX connectors
BNC and F-Connector
Patch Panels (Copper)
Back has punch downs like a 110 block to connect wiring to wall jacks in building front is RJ45
Classeless subnet
Breaking up an existing subnet into smaller contiguous subnets. Usually breaking up Classful subnet which is the standard setting using the standard subnets of 255.0.0.0 ,255.255.0.0,255.255.255.0
Bridges
Bridges analyze source MAC addresses in frames entering the bridge and populate an internal MAC address table. Make intelligent forwarding decisions based on destination MAC address in the frames. Bridges can separate hubs and make separate collision domains but the whole is then considered a broadcast domain.
CCMP(Counter Mode with Cipher Block Chaining Message Authentication Code Protocol)
CCMP employs 128-bit keys and a 48-bit initialization vector that minimizes vulnerability to replay attacks. The Counter Mode component provides data privacy. The Cipher Block Chaining Message Authentication Code component provides data integrity and authentication.CCMP offers enhanced security compared with similar technologies such as Temporal Key Integrity Protocol (TKIP).The CCMP algorithm is based on the U.S. federal government's Advanced Encryption Standard (AES).,
Baselining
Collection of data under normal condition . If there is an issue this is what normal look likes .
Hybrid Cloud
Combination of private and public. Take a little bit of private and public. Portions of data are accessible through company specific people. Hybrid cloud refers to a mixed computing, storage, and services environment made up of on-premises infrastructure, private cloud services, and a public cloud—such as Amazon Web Services (AWS) or Microsoft Azure—with orchestration among the various platforms.
Challenge-Response Authentication Mechanism Message Digest 5 (CRAMMD5)
Common variant often used in e-mail systems and authentication. Common variant of MD5
RG-6-COAX
Commonly used by local cable companies to connect individual homes
Full Backup
Complete backup is the safest and most comprehensive; Time consuming and costly
MAC address Filtering
Configure an AP with a list of permitted MAC addresses (Like an ACL). You can spoof a mac to change it to access it.,
Site to Site VPN
Connect one network to another
Application Log
Contains information about software applications running on a client or server
Security Log
Contains information about the security of a client or server. Contains logs of successful/failed logins and other pertient security information.
Independent Basic Service Set(iBSS)
Contains only 1 device/client with no AP's Adhoc WLAN. IBSS (Independent Basic Service Set) is frequently referred to as Ad-Hoc or Peer-to-Peer mode. In this mode, no hardware AP is required. Any network node that is within range of any other can communicate if both nodes agree on a few basic parameters. If one of those peers also has a wired connection to another network, it can provide access to that network.
Denial of Service-DOS attack
Continually floods the victim system with requests for services and causes the system to run out of memory and crash. To much info causing a crash of the web server
DNS (Domain Name Server)
Converts domain names to IP's and IP's to Domain Names.,
Humidity
Create a high level of moisture/humidity
VPN Concentrator
Creates a secure virtual network over an untrusted network. This creates a tunnel for security. Now a VPN concentrator will enable multple connections.,
Dynamic Host Control DHCP
DHCP server dynamically assigns an IP address and other network configuration parameters to a client. Port 67 and 68
Packet Switching
Data is divided into packets and forwarded one that is used. Packet switching is a networking communication method used in telecommunications systems, whereby data is grouped into blocks called packets and routed through a network using a destination address contained within each packet. By breaking the communication information down into packets, it allows the same path to be shared among many users in a network. It also means that each packet can take a different route to its destination. This form of connection (between sender and receiver) is known as connectionless (as opposed to dedicated). Regular voice telephone networks are often circuit-switched rather than packet switched; whereby for the duration of the call connection, all the resources on that circuit are unavailable to other users.
Broadband
Divides bandwidth into separate channels on 1 cable ie cable tv L1
Inside threats
Employees or other trusted insiders who use their network access to harm company. Dangerous since system has authnticated on your system. Observation of the person.
remote connectivity software
Enables you to access a network client via a PC that is located on a remote network. Examples: Remote Desktop, VNC and Dameware
Tunnel mode
Encapsulates entire packet to provide new header.New header has the source and destination of the VPN termination devices at the different sites.Used for site-to-site
Ipsec
Ensures authentication integrity and confidentiality . IPSEC stands for IP Security. It is an Internet Engineering Task Force (IETF) standard suite of protocols between 2 communication points across the IP network that provide data authentication, integrity, and confidentiality. It also defines the encrypted, decrypted and authenticated packets.IPsec is a group of protocols that are used together to set up encrypted connections between devices. It helps keep data sent over public networks secure. IPsec is often used to set up VPNs, and it works by encrypting IP packets, along with authenticating the source where the packets come from. Uses IKE Internet Key Exchange
Error detection
Frames containing errors can be detected and discarded_benefit of PPP,
Virtual Routers/Firewalls
Fully virtualized devices of you favorite devices from that manufacture. These can be introduced into your virtual setup. Different manufactures are offering there favorite device. Symbol will have a dash line around them. Will always need a physical handoff.,
Site to Site
Interconnects two sites and provides an inexpensive alternative to a leased line. This connects the remote office to HQ . VPN is less expensive then a Point to point circuit.
IDF
Intermediate Distribution Frame- Usually Users attached to these so they can gain access to the network
IP Address
Internet Protocol-Used on layer 3 and are used by routers to send data from one network to another. IPV4 or 6. IP address stands for internet protocol address; it is an identifying number that is associated with a specific computer or computer network. When connected to the internet, the IP address allows the computers to send and receive information.
Converged Network-STP
Is a network where Convergence is completed. Since convergencey can cause slow downs in the network you can manually set the Hld Down time to make convergency occur less frequent. At Converged condition, the Root Ports and the Designated ports are in forwarding state, and all other ports are in blocking state.
SSL
Just to reiterate SSL stands for Secure Sockets Layer. It's a protocol used to encrypt and authenticate the data sent between an application (like your browser) and a web server. This leads to a more secure web for both you and the visitors to your website. SSL is closely tied to another acronym
Looped link detection
Layer 2 loop can be detected and prevented-Benefit of PPP,
Directly Connected Routes
Learned by physical connection between routers. It is the connection that are directly connected. ,
LCP
Link Control Protocol-Layer 3 PPP -In computer networking, the Link Control Protocol (LCP) forms part of the Point-to-Point Protocol (PPP), within the family of Internet protocols. In setting up PPP communications, both the sending and receiving devices send out LCP packets to determine the standards of the ensuing data transmission. The LCP is used to automatically agree upon the encapsulation format options, handle varying limits on sizes of packets, detect a looped-back link and other common misconfiguration errors, and terminate the link.
Time domin reflectometer(TDR)
Locates breaks in the copper cable and provide an estimate of severity and distance to break.
Mean Time Between Failures (MTBF)
Measures the average time between failures of a device. Average time between failures. Should be a large number
MTTR(Mean time to Repair)
Measures the average time it takes to repair a network device when it breaks. How long it will be down. Should be a low number.
Network-based NIDS/NIPS
Network device to protect entire network. Hangs off of the network. NIDS (Network Intrusion Detection System) and NIPS (Network Intrusion Prevention System) NIDS and NIPS (Behavior based, signature based, anomaly based, heuristic) An intrusion detection system (IDS) is software that runs on a server or network device to monitor and track network activity.
Asynchronous
Network devices reference their own internal clocks and use start/stop bits. In asynchronous communication, parties do not actively listen for messages. Example: email is sent to email provider from a retailer and the retailer is not waiting for an immediate response. texting send a text and user is not aware or waiting for immediate response to text. L2
Firewalls
Network security appliance at your boundary's . They allow in and out of your network either software or hardware. They use software signatures to validate traffic. Setup by admin to perform specific inspections. Layer 3 or 4,
Open
No security,
War Driving
Occurs when users perform reconnaissance looking for unsecureed wireless networks.,
Hubs
Old technology and are considered a collision domain and a layer 1 device. So what ever is connected to that hub are all on the same collision domain. If multiple hubs are connected theay are all considered 1 collision doamin which will cause slow downs in the network.
Basic Service Set (BSS)
Only 1 AP connected to the network (SOHO network). Hardwire to switch then to router and out to the internet.,
Differential
Only backups data since the last full backup
Interior Gateway Protocols (IGP)
Operate within an autonomous system. Within the system. An interior gateway protocol (IGP) is a type of protocol used for exchanging routing information between gateways (commonly routers) within an autonomous system (for example, a system of corporate local area networks). This routing information can then be used to route network-layer protocols like IP.
Exterior Gateway Protocols (EGP)
Operated between autonomous systems. Between the exterior systems. Internet, ie BGP(Border Gateway Protocol)
Network Security Attacks
Our security goals CIA (Confidentiality, integrity and Accessibility) are subject to attack. Network security attacks are unauthorized actions against private, corporate or governmental IT assets in order to destroy them, modify them or steal sensitive data.
Link Efficiency: Compression
Packet payload is compressed to conserve bandwidth,VoIP payload can be reduced by 50%,Payload size from 40 bytes to 20 bytes,VoIP header can be reduced by 90-95%-Uses RTP header compression (cRTP),Header size goes from 40 bytes to 2 to 4 bytes,Utilized on slower-speed links to make most of limited bandwidth
Packet-Switched Connection
Packet switching is a networking communication method used in telecommunications systems, whereby data is grouped into blocks called packets and routed through a network using a destination address contained within each packet. By breaking the communication information down into packets, it allows the same path to be shared among many users in a network. It also means that each packet can take a different route to its destination. This form of connection (between sender and receiver) is known as connectionless (as opposed to dedicated). Regular voice telephone networks are often circuit-switched rather than packet switched; whereby for the duration of the call connection, all the resources on that circuit are unavailable to other users.
Split Horizon
Prevents a route learned on one interface from being advertised back out of that same interface. Split horizon is a method of preventing a routing loop in a network. The basic principle is simple: Information about the routing for a particular packet is never sent back in the direction from which it was received.,
Hold down timer
Prevents updates for a specific period of time and speeds up convergence. Another feature used by distance vector routing protocols (such as RIP) to prevent routing loops is the holddown timer. This feature prevents a router from learning new information about a failed route until the timer expires.
Outside Local
Private IP address referencing an outside device - IP of the Router or GW on your private network,
Inside Local
Private Ip address referencing an inside device-PC on your private network.,
Cable Management
Process of documenting the network existing cable infrastructure. Use a standard naming convention.
Listening
Processes BPDUs Switch determines its role in the spanning tree protocol. It is determining if it needs to be in blocking or forwarding mode. If all is ok it will turn up to forwarding only if needed.
Network Time Protocol NTP
Provides clock synchrornization between computer systems over packet switched variable latency data networks. Port 123
NetBIOS Network basic input/output system
Provides services allowing applications on separate computers to communicate over a local area network for file and printer sharing port 139
Bluesnarfing
Provides unauthorized access to wireless through Bluetooth
Inside global
Public IP address referecing an inside address.-Router IP that is recived from the ISP.,
Outside Global
Public IP address referncing an outside device- Device you trying to access ie Google,
SSH
Remote adminstaration program that allows you to connect to the switch over the network.Port 22 is used
Internet Mail Application IMAP
Retrieve email over a tcp connection. synchronizing all devices what you do on client it does on server. So all sync'd. port 143
VPN Types: SSL
Secure Socket Layer (SSL) provides cryptography and reliability for upper layers of the OSI model (Layers 5-7),Largely replaced by TLS in current networks, Provides for secure web browsing via HTTPS. TLS(transport Layer Security) is now the primary used. . SSL VPNs arose as a response to the complexity of the Internet Protocol security (IPsec) framework, and the inability to support every end user—particularly remote users—from every platform available. An SSL VPN generally provides two things: secure remote access via a web portal, and network-level access via an SSL-secured tunnel between the client and the corporate network. The primary benefit of an SSL VPN is data security and privacy. Because an SSL VPN uses standard web browsers and technologies, it gives users secure remote access to enterprise applications without requiring the installation and maintenance of separate client software on each user's computer. Most SSL VPNs also integrate with multiple authentication mechanisms.
Signature-based detection
Signature contains strings of bytes (a pattern) that triggers detection. Signature-based detection is a process where a unique identifier is established about a known threat so that the threat can be identified in the future. In the case of a virus scanner, it may be a unique pattern of code that attaches to a file, or it may be as simple as the hash of a known bad file.
Hypervisor
Software that enables virtulizations to occur and emulates the physical hardware. It is also called a VMM Virtual Machine Monitor.,
Host-based (HIDS/HIPS)
Software-based and installed on servers/clients. HIPS (Host-base Intrusion Prevention System): An IPS installed on a host or virtual machine that blocks activity it identifies as malicious.
Fibre Channel
Special purpose equipment that can provide speeds up to 1-16Gbps,
Wireless Analyzer
Specialized software that can conduct wireless surveys to ensure proper coverage and prevent non-desired overlap. Sometimes need specialized adapter depending on software.
Logic Bomb
Specific type of malware that is tied to a time or logic event. This is done by an insider. You can set a date and time of when the malware will occur.
IGMPv2
The Internet Group Management Protocol is a communications protocol used by hosts and adjacent routers on IPv4 networks to establish multicast group memberships. IGMP is an integral part of IP multicast and allows the network to direct multicast transmissions only to hosts that have requested them.
The Server Message Block Protocol (SMB protocol)
The Server Message Block Protocol (SMB protocol) is a client-server communication protocol used for sharing access to files printers, serial ports and other resources on a network. Port 445"
Ethernet Standards
The original 802.3 standard is 10 Mbps (Megabits per second). 802.3u defined the 100 Mbps (Fast Ethernet) ,802.3z/802.3ab defined 1000 Mbps Gigabit Ethernet, and 802.3ae define 10 Gigabit Ethernet.
IPS (Intrusion Prevention System)
This system will log it and also prevent it by blocking the intrusion . Stop and respond to it .An intrusion prevention system works by actively scanning forwarded network traffic for malicious activities and known attack patterns. The IPS engine analyzes network traffic and continuously compares the bitstream with its internal signature database for known attack patterns. Based on how admin setup device.
Protocol Analyzer
Traffic can be captured from the network and then reviewed for problems in the communications between devices.Wireshark or ethereal
IP Security (IPSec)
VPNs most commonly use IPsec to provide protections for their traffic over the internet. Data encryption and ensures data by verifying hashes authentication by verifying the parties. IPsec is a group of protocols that are used together to set up encrypted connections between devices. It helps keep data sent over public networks secure. IPsec is often used to set up VPNs, and it works by encrypting IP packets, along with authenticating the source where the packets come from. Within the term "IPsec," "IP" stands for "Internet Protocol" and "sec" for "secure." The Internet Protocol is the main routing protocol used on the Internet; it designates where data will go using IP addresses. IPsec is secure because it adds encryption* and authentication to this process.
Speed test
Verifies throughput from client to internet and determines overall connection speed to the internet by downloading and uploading a file.
Captive Portal
Web page before you are able to access the wifi. Askes you for credidentals to access the network,
Punch Down Blocks
66 blocks and 110 blocks to punch down wiring to
Geofencing
GPS or RFID defines real worlds boundaries where barriers can be active or passive. Device can send alerts if it leaves area. ACTIVE is a message to user passive just logs it. Starbucks might use this to verify if in building.,
NAS
Network Attached Storage is storage delivered over IP. Hardrives attached to the network.,
Frequency-Hopping Spread Spectrum (FHSS)
"Devices hop between predetermined frequencies, increases security as hops occur based on a common timer. Slows down due to jumping around different channels.",
Hardware Redundancy
"Devices with two network interface cards (NICs), hard drives, or internal power supplies,Often found in strategic network devices,Routers, Switches, Firewalls, and Servers,Not often found in clients due to costs and administrative overhead involved in management,Active-Active,Active-Standby"
VOIP (Voice over IP)
"Digitizes voice traffic so that it can be treated like other data on the network. One way is to an ATA analog to digital converter.Uses the SIP (Session Initiation Protocol) to setup, maintain, and tear down calls,VoIP can save a company money and provide enhanced services over a traditional PBX solution. Communicates using the RTP Protocol Real-time protocol",
Sources Of routing Decisions
"Directly Connected Routes,Static Routes & Dynamic Routing Protocols",
Address Translation
"Dynamic NAT (DNAT),Static NAT (SNAT),Port Address Translation (PAT)",
Assigning IP Addresses
2 ways of assigning IP addresses Static and Dynamic,
Extended Service Network (ESS)
Contains multiple AP's to provide coverage . Multiple WAP's to completely cover the site. Ie: College Campus,
Unicast
Data travels from a single source device to a single destination device .,
Unicast
Data travels from a single source device to a single destination device. Send out packet using ip to specific devices,
Broadcast
Data travels from a single source device to all devices on a destination network. Everyone on the network. Everyone on that subnet will get the broadcast..In computer networking, broadcasting refers to transmitting a packet that will be received by every device on the network. ... Broadcasting a message is in contrast to unicast addressing in which a host sends datagrams to another single host identified by a unique address.
Multicast
Data travels from a single source device to multiple (but specific) destination devices. Begins with FF,
Multicast
Data travels from a single source device to multiple (but specific) destination devices. Send it out to a specific multicast group.,
Data Types in the OSI Model
Data-Layer 5-7 Segments Layer 4 Packets layer 3 frames -layer 2 Bits Layer 1
Circuit Switching
Dedicated communications link established between 2 devices. Not Commonly used
NetBIOS
Used by computers to share files over a network
Post Office Protocol v3 POP3
Used for downloading email over a tcp/ip connection from a remote server. Port 110
66 block
Used now primarily for Telephone was used originally for LAN. Does not support high speed.
Private Cloud
Systems and users only have access with other devices inside the same private cloud or system. Same system access. Ie. Cloud.gov only government employees can access this.,
BNC
Termed Bayonet Neill-Concelman or British Naval Connector. Was used for 10BASE2(10mbps) Ethernet networks
Most Common Ethernet Topology
The star Topology.
Baseband
Uses all available frequency on a medium (cable) to transmit data and uses a reference clock to coordinate the transmissions by both sender and receiver ie ethernet L1
Confidentiality with HTTPS
Uses asymmetrically encrypted messages to transfer a symmetric key
FQDN (Fully-Qualified Domain Name)
"Domain name under a Top-Level Domain and represents a web, mail, or file server. IE WWW.GOOGLE.COM (WWW indicaates web server) FTP.GOOGLE.COM (FTP indicates a FTP server) and so on.. .COM top level..",
Ethernet Fundamentals
"Due to Ethernet�s popularity, it is important to understand the fundamentals of Ethernet. Currently, Ethernet is dominant for Layer 1"
Examples at Layer 7
"E-mail (POP3, IMAP, SMTP),Web Browsing (HTTP, HTTPS),DNS,File Transfer Protocol (FTP, FTPS),Remote Access (TELNET, SSH),Simple Network Management Protocol (SNMP)"
Channels-WAP
"Each band has specific frequencies or channels to overlapping other signals. Channels 1, 6, and 11 will avoid overlapping frequencies in 2.4 GHz band. Every other or neighboring AP's with overlapping coverage will have different channels to avoid collisions.",
Designated Port
"Every network segment has a designated port,Port closest to the root bridge in terms of cost,All ports on root bridge are designated ports. This port will forward the traffic."
Personal Area Network (PAN)
"Smallest type of wired or wireless network,IE Bluetooth, USB printer Firewire video camera to PC"
Categorization of Traffic-QOS
"Determine network performance requirements for various traffic types (Voice, Video, Data),Categorize traffic into specific categories:Low delay-Voice & Streaming Video,Low priority-Web Browsing & Non-Mission Critical Data.Document your QoS policy and make it available to your users"
COMPtia Troubleshooting Methodology
"Define Problem, hypothesis the probable cause ,test hypothesis, create action plan ,implement action plan, verify problem resolution and create post-mortem report."
Categories of QoS
"Delay, Jitter & Drops"
Patching
"Designed to correct a known bug or fix a known vulnerability in programs and apps. Should be implemented as they become available, Updates add new features, but patches fix known vulnerabilities. Test first then roll it out to your network."
Anycast
"Designed to let one host initiate the efficient updating of router tables for a group of hosts,IPv6 can determine which gateway host is closest and sends the packets to that host as though it were a unicast communication,That host can anycast to another host in the group until all routing tables are updated,Data travels from a single source device to the device nearest to multiple (but specific) destination devices",
Client
"Device end-user accesses the network with Any device connected to network, Workstation laptop tablet smartphone television server"
Wireless Access Point (WAP)
"Device that allows wireless devices to connect into a wired network,Commonly used in home, small business, and even some large enterprise networks,Acts as a wireless hub Layer 2"
Transceivers
"Device that sends and receives data,Bidirectional,Devices take turns communicating,Known as half-duplex,Duplex-Devices can both communicate at the same time (full duplex)ie-sfp & gbics"
classful subnet
"when borrowed bits are zero. Or subnet ends in zero /24,/8 & /16 are classful",
non-designated port
detects the failure and determines whether it needs to transition to a forwarding state To get to the forwarding state, though, it has to transition through four states"
CAT 5e Throughput
1000 mbps max length 100 meters
Disable SSID Broadcast
1st line of defense of wifi,
Backup and Recovery
"Full, incremental, differential and Snapshots"
RJ-45
"pin connector in Ethernet networks,Most Ethernet use only 4-pins"
CAT 6a Throughput
10000 mbps max legth 100 meters
System log
Contains information about operating system events.
IEEE 802.3
"Ethernet Wired network, 100 meters CAT 5,5e,6,6a & 7"
Carrier sense
"Listen to the wire, verify it is not busy"
APC
Angled Physical Connector-Tip is cut on an angle-Green Head
Client to Site
Connects a remote user with a site and commonly called remote access.
Authentication
Device on another end can authenticate the link,
Jumbo Frame
Jumbo frame is bigger then 1500 MTU Maxium transmission unit.,
OSI
Open Systems Interconnection
802.1x
"802.1x is a network authentication protocol that opens ports for network access when an organization authenticates a user�s identity and authorizes them for access to the network. The user�s identity is determined based on their credentials or certificate, which is confirmed by the RADIUS server. The RADIUS server is able to do this by communicating with the organization�s directory, typically over the LDAP or SAML protocol.",
DB-9 & DB-25
"9-pin or 25-pin D-subminiature,Used for asynchronous serial communications and connecting to an external modem"
Broadcast domain
"A broadcast domain is a logical division of a computer network, in which all nodes can reach each other by broadcast at the data link layer. A broadcast domain can be within the same LAN segment or it can be bridged to other LAN segments. A switch would be part of a broadcst domain along with a bridge connecting 2 different hubs which create a collision domain."
Cellular (Phones and Hot Spots)
"LTE, 4G, 3G, 2G-GSM vs CDMA,Tethering or ICS (Internet Connection Sharing). Bluetooth or wireless tethering to cell phone.",
Steps for an IPSec VPN Session
1-PC1 sends traffic to PC2 and then 2- RTR1 initiates creation of IPsec tunnel.2-RTR1 and RTR2 negotiate Security Association (SA) to form IKE Phase 1 tunnel (ISAKMP tunnel). 3-IKE Phase 2 tunnel (IPsec tunnel) is negotiated and setup.4-Tunnel is established and information is securely sent between PC1 and PC2.5-IPsec tunnel is torn down and the IPsec SA is deleted
Ethernet
10mbps-Depending on cable type
10 gigabit Ethernet
10 Gbps-Depending on cable type
CAT 7 Throughput
10 gbps max legth 100 meters
CAT 3 Throughput
10 mbps max length 100 Meters
100 gigabit ethernet
100 Gbps-Depending on cable type
Fast-ethernet
100 mbps Depending on cable type
CAT 5 Throughput
100 mbps max length 100 meters
CAT 6 Throughput
1000 mbps max length 100 meters
Secure Hash Algorithm 256 (SHA-256)
256-bit hash digest. Better since it is larger
PIN out standards
568A and 568B
Spanning Tree Protocol (STP)
802.1D- Permits redundant links between switches and prevents looping of network traffic. Without STP Mac corruption and Broadcast storms.
Multiple access
All devices have access at any time
Console port
Allows local administration of a switch using a separate laptop and a rollover cable(DB9 to RJ45) they also use USB to RJ45
Multilink interface
Allows multiple physical connections to be bonded together into a logical interface. Link T1's together using this aggregation,
Looking glass site
Allows users to connect to view the routing information from a server perspectives. A Looking Glass is a piece of software running on a web server that allows external users to get a look at routing and network behavior as it originates from the remote network.
Type 1 HyperVisor
Also called Bare Metal. This is the Hypervisor software is the actually OS on the server. The VM software is not loded ontop of an existing OS. So Hyper-V ,Vmware ESXI or Vmware vshere are the actual OS running on the Hardware. Need Console to access.
Incremental
Backup only data changed since last backup
802.11b
Band 2.4ghz DSSS transmission method max BW 11mbps 32 m indoor 140m outdoor. Inexpensive used early on in homes.,
802.11
Band is 2.4ghz DSS(direct sequence spread spectrum) and FHSS(frequency hopping spread spectrum) method of transmission max BW 1 to 2 mbps. 20 m indoor and 100 m outdoor range,
Content Engine
Caching engine. Dedicated appliances that perform the caching functions of a proxy server. Used to save on bandwidth. It is primarily used at sites with slower bandwidth so that they do not have to go to the Internet every time for content. How this might work is that it might update over night from a HQ site to a branch site so that when people try to access content from the internet it is cached on the content engine. this is so you they do not have to use there slow internet pipe every time.,
CNAME Record
Canonical name is an alias for existing record: google.com= WWW.GOOGLE.COM,
IGMPv1
Clients requests joining the group and is asked every 60 seconds if it wants to remain in the group. Causes a lot of traffic due to 60 second request.. The Internet Group Management Protocol (IGMP) manages the membership of hosts and routing devices in multicast groups. IP hosts use IGMP to report their multicast group memberships to any immediately neighboring multicast routing devices.
NS Record
Denotes the Authoritive name server for the domain. The NS is the main servers to let all Domain servers in the internet.,
HTTP Secure HTTPS
Designed for adding security to the insecure HTTP protocol. Port 443
Syslog Client
Device that send log information.
Long STP
Due to Values new speeds such as 10 Gbps this has been accepted for the additional path cost for determining STP .
EIGRP
EIGRP (Enhanced Interior Gateway Routing Protocol) is a network protocol that lets routers exchange information more efficiently than with earlier network protocols. EIGRP evolved from IGRP (Interior Gateway Routing Protocol) and routers using either EIGRP and IGRP can interoperate because the metric (criteria used for selecting a route) used with one protocol can be translated into the metrics of the other protocol. EIGRP can be used not only for Internet Protocol (IP) networks but also for AppleTalk and Novell NetWare networks.
Layer 2 Switch
Each port is a collision domain and all the ports make the same broadcast domain
Loopback
Ethernet Pinout-pins 1 to 3 and 2 to 6.
Loopback
Ethernet Pinout-pins 1 to 3 and 2 to 6. Loop back fiber going into one end to the other
Ethernet Packet
Ethernet networks transmit data in packets, or small bits of information. A packet can be a minimum size of 72 bytes or a maximum of 1518 bytes.
Forwarding
Forwards frames for operations. It will be the root port .
Forwarding -STP
Forwards frames for operations. It will be the root port .A port in the forwarding state forwards frames across the attached network segment. In a forwarding state, the port will process BPDUs , update its MAC Address table with frames that it receives, and forward user traffic through the port. Forwarding State is the normal state.
"Standards
Guidelines and Procedures ",There are going to tell you what things are done in the organization. Standards dictate encryption. How to do things step by step.
Examples at Layer 5
H.323(transmits audio, voice and video) & Netbios (communications for win PC's to win PC. Network Basic Input/Output)
Hot Standby Router Protocol (HSRP
Hot Standby Router Protocol (HSRP) uses virtual IP and MAC addresses to provide a �active router� and a �standby router�. This is 2 physical routers acting as 1 for redundancy. Users with only see the virtual ip. The virtual IP will send it to the primary router that is active.
Static NAT (SNAT)
IP address manually assigned one to one translation. Private to Public IP statically assigned.
Class D
IP class used for Multicast,
Radio-Internet Connection
Implementation varies country to country based on frequencies. You can run dial up at 6kps. Higher end of frequency from Ham user frequency. Used int emergency.,
Gas Attack
Inject gas into an environment that could ignite. This is a physical attack on your systems.
non-designated port
It is a switch port that is blocked, so it is not forwarding data. this is determined by the cost of the port.
DDOS
It is when you use many machines to attack a site and causes it to be overwhelmed. What are distributed denial-of-service attacks (DDoS)? Distributed denial-of-service attacks target websites and online services. The aim is to overwhelm them with more traffic than the server or network can accommodate.
IDS (Intrusion Dection System)
It will only log intrusion. & alert you of the intrusion.
Redundant Network with Single Points of Failure
Link Redundancy (Multiple connections between devices)-Redundancy of Components (Switches and Routers)
Content Switch
Load Balancers . Utilizes a server farm with all contents and figures out which server is not as busy. Filtering out work request and pushing to different servers to best support the users. Used for caching user data accessed on the WEB to save bw.
Most Common Authentication algorithm
MD5 and SHA-256 most common
1000base-sx
MMF 1gbps 220meters SX=Shortwave
MX Record
Mail exchange record maps domain name to email server. A mail exchanger record specifies the mail server responsible for accepting email messages on behalf of a domain name. It is a resource record in the Domain Name System. It is possible to configure several MX records, typically pointing to an array of mail servers for load balancing and redundancy.
MDF
Main Distribution Frame- Main Room may contain the WAN circuit and MAIn equipment-Router and servers and switches
A Record
Maps hostname to IPV4 ip.,
AAAA Record
Maps hostname to a IPV6 IP,
50 microns Fiber
Max length OM3 550 meters at 1gbps can run 10gps at OM3 or higher
62.5 micron fiber
Max length at OM1 275 meters at 1 gbps
Transceivers
Media Converter and Transceivers. The term transceiver does describe a separate network device, but it can also be technology built and embedded in devices such as network cards and modems. In a network environment, a transceiver gets its name from being both a transmitter and a receiver of signals—thus the name transceivers. Technically, on a LAN, the transceiver is responsible for placing signals onto the network media and also detecting incoming signals traveling through the same wire. Given the description of the function of a transceiver, it makes sense that that technology would be found with network cards.
Frequency-Division Multiplexing (FDM)
Medium is divided into various channels based on frequencies and each session is transmitted over a different channel
Enviromental monitoring
Monitors enviroment. Send alerts if the temperature or humidity in a room changes above/below configured level.
Types of Fiber
Multimode fiber-MMF & single Mode Fiber-SMF
Virtual Servers
Multiple virtual instances exist on a single physical server,Multiple Windows and Linux servers running simultaneously,Considerable cost savings for an IT budget,Allows for consolidation of physical servers & Multiple NICs increase bandwidth available. able to run multiple OS's on 1 server. Very budget friendly. They can use link Aggregation .
5ghz Placement
NAC wireless we don�t want to have the channels 2 cells away. With a 10 to 15% overlapping,
Address Translation
NAT & PAT,
Network and Host-based can work together for more complete protection
NIPS might prevent a DoS attack whereas a HIPS solution could focus on the protection of applications on a host from malware and other attacks
UTP -Unshielded Twisted Pair
Number of twists determines how much EMI can be blocked CAT 6 has more twists per inch than CAT 5. UTP is cheaper and more widely used. Cheaper due to no need of shielding.
OM1
OM1 Fiber.�OM1 fiber�typically comes with an orange jacket and have a core size of 62.5 �m. It can support 10 Gigabit Ethernet at lengths of up to 33 meters. It is most commonly used for 100 Megabit Ethernet applications. This type commonly uses a LED light source
Out of Band
OOB management involves keeping all network configuration device on a separate network. Ie you can use a modem to connet to the console port.
"Power Over Ethernet (PoE 802.3af
PoE+ 802.3at)","Supplies electrical power over Ethernet,Requires CAT 5 or higher copper cable,Provides up to 15.4 watts of power to device,PoE+ provides up to 25.5 W of power to device.Two device types-Power Sourcing Equipment (PSE) & Powered Device (PD)"
PTR record
Pointer record refers to canonical name:used for reverse DNS lookups. Usually a cname and prt record for each,
SFTP
Port 22 file tranfer over SSH to increase security. SSH File Transfer Protocol
PAT
Port Address Translation (PAT) is a variation of address translation that utilizes port numbers instead of IP addresses for translation,
Non-Designated Port
Ports that block traffic to create loop-free topology. These will be blocked so no loops.
Flow control
Prevents sender from sending data faster than receiver can get it
Omnidirectional Antenna
Radiates power equally in all directions. It is like ripples in the water when a stone is dropped into it.,
Snapshot
Read-only copy of data frozen in time (VMs)
Syslog Server
Receives and stores Logs from Clients
Hub
Receives information in one port and rebroadcasts it out all the other ports Older technology to connect networked devices, devices clients and servers Layer 1. It is 1 collision domain.
Policy-based detection
Relies on specific declaration of the security policy.Example: No Telnet allowed
Virtualized Storage Solutions
SAN (storage Area Network) NAS (Network Attached Storage),
1000base-lx
SMF 1Gbps 5 KM
1000base-zx
SMF 1Gbps 70 km
Simple Network Management Protocol (SNMP)
SNMP manager sends/receives messages to managed devices (routers, switches, servers),SET sends information, GET requests information, TRAP receives unsolicited information from managed devices. Agent and Management information base-MIB-Port 161
Bluejacking
Sending of unauthorized messages over Bluetooth
SSID
Server Set ID . Name of wireless network.
QOS Quality of Service
Setting a higher priority based on device such os video and or Phone since these are UDP and need a higher quality of service so no packet loss
Loop Prevention Methods are
Split horizon is a method of preventing a routing loop in a network. The basic principle is simple: Information about the routing for a particular packet is never sent back in the direction from which it was received. Poison Loops-Another method employed by distance vector routing protocols to prevent routing loops is route poisoning. When a router detects that one of its directly connected routes has failed, it will advertise a failed route with an infinite metric ("poisoning the route"). Routers who receive the routing update will consider the route as failed and remove it from their routing tables. RIP uses 16 as the infinite.
SAN
Storage Area Network is storage that utilizes a specialized designed LAN to transfer and store. You can have high speed transfers. Utilize Fibre Channel. Localized storage it uses a block storage not TCP, uses a private network to access.
Class B
Subnet 255.255.0.0 -65534 assignable ips. 128.0.0.0 to 191.255.255.255,
Class C
Subnet 255.255.255.0 -254 assignable ips,
TXT record
TXT records are a type of Domain Name System (DNS) record that contains text information for sources outside of your domain. You add these records to your domain settings. You can use TXT records for various purposes. Google uses them to verify domain ownership and to ensure email security.
EAP Protocol
The EAP protocol can be configured for credential (EAP-TTLS/PAP and PEAP-MSCHAPv2) and digital certificate (EAP-TLS) authentication and is a highly secure method for protecting the authentication process."
File Transfer Protocol FTP
Transfers computer files between a client and server on a computer network Port 20 and 21
Next Generation Firewall (NGFW)
These work on layer 7 it detects and prevents attacks and is much more powerful then basic firewall which can do IP. This firewall actually learns and will update information on the latest attacks from a internet source . This will look thru your traffic.,
F-connector
Typically used for cable TV and cable modem connections
RG-59-COAX
Typically used to carry composite video between two nearby devices ie-cable tv
Twisted Pair Cables Types
UTP-Unshieled Twisted Pair STP-Shielded twisted pair
UPC-Fiber Connector
Ultra Physical Connector-Tip at a 90 degree to connector base.flush no angle cut.-Blue Head
Bluebugging
Unauthorized backdoor to connect Bluetooth back to attacker
SSL/TLS/DTLS
Use of Web browser for secure VPN connection
WPA Enterprise Mode
Users can be required to authenticate before an exchange of keys. Keys between client and AP are temproary and can not be reused if found out.,
WEP
Uses 24-bit Initialization Vector (IV). Wired Equivalent Privacy. Sends portions of the key in the initialization vector which is sent in clear form text. so if you create enough traffic you can hack the key. Not secure.
WPA2
Uses CCMP and AES,AES uses CCMP encryption protocol which is a stronger algorithm for message integrity and confidentiality. WPA has, as of 2006, been officially superseded by WPA2. One of the most significant changes between WPA and WPA2 is the mandatory use of AES algorithms and the introduction of CCMP (Counter Cipher Mode with Block Chaining Message Authentication Code Protocol) as a replacement for TKIP. However, TKIP is still preserved in WPA2 as a fallback system and for interoperability with WPA.
WPA
Uses TKIP and RC4,
Transport mode
Uses packet�s original IP header.Used for client-to-site VPNs.Approach works well if increasing the packet size could cause issues
Structure Approach-Troubleshooting
Using a a structure approach saves time and money. Also this will from hunting and pecking for a solution.
InfiniBand
Virtualized storage switched fabric topology for high performance computing which comes with a very high throughput (.600Gbps) and low latency of .5micor seconds. Very expensive and used in high speed data centers. Enterprise solution. InfiniBand is a computer networking communications standard used in high-performance computing that features very high throughput and very low latency. It is used for data interconnect both among and within computers.
IEEE 802.11
WIFI network Wireless access point
Ad Hoc Wireless
Will directly communicate with each other without need for a centralized access point. Peer to Peer ie. Bluetooth ,
Unidirectional Antenna
Yagi is one type which will focus its power in 1 directions good for Building to building if you have a direct line of site.,
Uniform Resource Locator (URL)
You should use a FQDN and the protocol HTTP or HTTPS..,
straight thru cable
a straight thru is when both ends are either 568a or 568b. Computers router to modem
802.11n
band 2.4 & 5 ghz OFDM transmission method Max BW 300 mbpd 70 indoor 250 outdoor 108 mbps on 2.4 300 mbps on 5ghz,
802.11g
band 2.4ghz OFDm or DSSS transmission method max BW 54mbps 32 m indoor 140m outdoor. ,
802.11ac
band 5ghz of transmission method max BW up to 3gps 70m indoor 250 outdoor,
100-base-tx
cat5 or higher 100 mbps 100 meter
1000base-tx
cat6 or higher 1 Gbps 100meter
Switching Loop
causes broadcast storms. Which causes you network is consumed by that 1 device looking for that device. A switching loop or bridge loop occurs in computer networks when there is more than one Layer 2 (OSI model) path between two endpoints (e.g. multiple connections between two network switches or two ports on the same switch connected to each other).
Client to site vpn
connects 1 single client to a network.
Crimper
crimp rj11 and rj45
Subnet Mask
defines the network portion all 1's are the network and the zeros define the host portion. Unless borrow the subnet from the host to break it up in more useable segments.
Punch down tool
either 66 block or 110 block.
Virtual Switches
fully virtualized switch so that will be introduced into your virtual network so we can utilize trunking , vlans and any other options a layer 2 switch offers.,
Bit-Error Rate tester
generates patterns at one end of the link and anylyzees the received patterens for errors.
War chalking
occurs when users write symbols on a wall to notify other of AP characteristics.,
IPV4
internet protocol version 4. seperated into 4 separate numbers called octets (8bits) max of 254,
IPV6
internet protocol version 6,128 bit IP
1000base-lx
mmf 1gbps 550 meters-LX=Long wave
throughput tester
network appliance that typically has multiple network interfaces and can generate high volumes of pseudo-random data for wired and wireless networks
H.323
operates over rtp. Skype telecommunications . Video or voice.
NAC Network Admission Control
permits or denies access to the network based on characteristics of the device instead of checking user credentials. Ie checking OS and Antivirus version to make sure all is correct.,
568B
pin 1 -white orange pin2-orange pin3-white green pin4-blue pin5 white blue pin6 green pin7 white brown pin 8 brown
568A
pin1-white green pin2-green pin3-white orange pin 4-blue pin 5 white blue pin 6 orange pin 7 white brown pin 8 brown
Secure Shell Protocol (SSH)
port 22-Works like telnet but uses encryption to create a secure channel between the cliet and server. SSH should be used instead of telnet
Telnet
port 23-Permits sending commands to remote device. Information is sent in plain text . Very unsecure.
Remote Desktop protocol(RDP)
port 3389-Allows remote access to machines over the network as if you were sitting in front of the equipment. Provides GUI access through a rdp client
TFTP
port 69-Trivial file transfer protocol- UDP version of FTP that sacrifices reliability for speed.
FTP (file transfer protocol)
ports 20/21-Unencrypted file transfer(unsecure)
FTPS (File transfer protocol secure)
ports 20/21-adds SSL/TLS to FTP to secure data.
FTPS (File transfer protocol secure)
ports 20/21-adds SSL/TLS to FTP to secure data. Basically a VPN to send files. Very secure.
crossover cable
send and receive pins are swapped. Usually a 568a on 1 side and 568b on the other. If switch supports MDIX then not crossover is needed. Usually auto sense switches.
Butt set
test equipment tools used by telephone technicians to check for dial tone or verify that a call can be placed from the line.
cable tester
test the cable to verify that pins are pined out right and that they are not broken.
optical time domain reflectometer(otdr)
thi is used like TDR BUT FOR FIBER-OPTICS CABLE. Tester for Fiber optics can give you probable location of issue.
Traffic Filtering
this blocks it from a router or multilayer switch via IP traffic Layer 3. Or port filtering layer 4
Root Port
this is the closest port to the root bridge. Assigned on all none root bridge. If the cost is equal the lowest port number is then chosen.
Cable certifier
used with existing cable to determine it category or test data throughput. Also can be used as a cable tester.