A+ Chapter 6
Basic Firewall Settings
- Anti Spoofing to protect users inside of your network -Denial of service to stop your network from being overwhelmed -Add access rules to restrict certain traffic for specific users by IP address -Internet access policies to allow or block (always or on a schedule) to websites to specific computers
More Advanced Firewall Settings Configuration
->Networking tab ->Lan Tab ->DMZ host -Enable and set the host IP address ->Firewall ->Single port forwarding -Check what application ports (HTTP, HTTPS) you want activated
Connecting Wired Devices to the Internet
1. Connect a network cable to the device. 2. Connect the device to a switch port. 3. Connect a network cable to the wireless router internet port. 4. Connect the wireless router to the modem. 5. Connect to the service provider's network. 6. Power all devices and verify physical connections.
Connecting Wireless Devices to the Internet
1. Connect our computers Ethernet port using a network cable, to one of our LAN ports on the back. 2. Take the computers Ethernet cable, plug it in to one of our LAN ports. 3. Take my internet cable from my modem and plug that into my WAN port on the back to connect it to the internet. 4. Go to the computers web browser and type in the IP address of the CISCO wireless router. If you do not know the default IP address of your wireless router, you can look it up in the documentation that came with it, or you can use some command line tools on your user device.
The 6 step troubleshooting process
1. Identify the problem 2. Establish a theory 3. Test the theory 4. Establish a plan of action 5. Verify full functionality 6. Document findings
Basic Network Setup
1. Log into the router 2. Change the default password 3. Log in with new password 4. Change the DHCP IPV4 addresses 5. Renew IP address 6. Log in at the new IP address
Basic Wireless Settings
1. View the WLAN defaults 2. Change the network mode 3. Configure the SSID 4. Configure the channel 5. Configure the security mode 6. Configure the passphrase
Slash Notation
A shorthand method for denoting the distinction between network and host bits in an IP address. In binary form, the amount of network ID bits will be shown at the end of the IP address with a /# So out of 32 bits, if 16 of those represent the network ID the IP address might look like 192.168.2.0/16
Demilitarized zone (DMZ)
A network that provides services to an untrusted network. An email, web, or FTP server is often placed into the DMZ so that the traffic using the server does not come inside the local network.
169.254.x.x
APIPA address, If your Windows computer cannot communicate with a DHCP server to obtain an IPv4 address, it will be assigned a Automatic Private IP Addressing
MAC address (Media Access Control address)
Hard-coded onto every Ethernet or wireless network interface card (NIC) by the manufacturer. The address stays with the device regardless of what network the device is connected to. A MAC address is 48 bits and can be represented in one of the three hexadecimal
Users are experiencing slow transfer speeds, weak signal strength, and intermittent connectivity on the wireless network.
P: Wireless security has not been implemented allowing unauthorized users access. S: Implement a wireless security plan. P: There are too many users connected to the access point. S: Add another access point or a repeater to strengthen signal. P: User is too far away from access point. S: Move the access point and ensure it is centrally located. P: The wireless signal is experiencing interference from outside sources. S: Change the channels on the wireless network.
The ipconfig /release or ipconfig /renew command results in the following message: "No operation can be performed on the adapter while the media is disconnected."
P: The network cable is unplugged. S: Reconnect the network cable. P: The computer has been configured with a static IP address. S: Reconfigure the NIC to obtain IP addressing automatically.
The computer cannot Telnet into a remote computer.
P: The remote computer has not been configured to accept Telnet connections. S: Configure the remote computer to accept Telnet connections P: Telnet services are not started on the remote computer. S: Start the Telnet service on the remote computer.
User cannot use secured shell (SSH) to access a remote device.
P: The remote device is not configured for SSH access. S: Configure the remote device for SSH access. P: SSH is not allowed from the user or a particular network. S: Allow SSH access from the user or the network.
An IP address conflict message displays when connecting a new device to the network.
P: The same IP address is assigned to two devices on the network. S: Configure each device with a unique IP address. P: Another computer has been configured with a static IP address that was already assigned by the DHCP server. S: Configure the DHCP to exclude the static IP address from assignments and reboot all affected devices.
A device cannot access a specific HTTPS site.
P: The site is not on that computer's browser's list of trusted sites. S: Decide whether to add the security certificate to the browser's list of trusted sites.
Port Triggering
Port triggering allows the router to temporarily forward data through inbound ports to a specific device. You can use port triggering to forward data to a computer only when a designated port range is used to make an outbound request.
The network is fully functional, but the wireless device cannot connect to the network.
P: The wireless capability of the device is turned off. S: Enable wireless capability of the device . P: The device is out of wireless range. S: Move closer to the wireless router/access point. P: There is interference from other wireless devices using the same frequency range. S: Change wireless router to a different channel.
Universal Plug and Play (UPnP)
Protocol that enables devices to dynamically add themselves to a network without the need for user intervention or configuration. The UPnP protocol has no method for authenticating devices so it is very unsecure.
MAC Address filtering
Specifies exactly which device MAC addresses are allowed to or blocked from sending data on your network.
Device cannot detect the wireless router.
P: The wireless router/access point is configured with a different 802.11 protocol. S: Configure the wireless router with a compatible protocol for the laptop. P: The SSID is not being broadcast. S: Configure the wireless router to broadcast the SSID. P: The wireless NIC in the laptop is disabled. S: Enable the wireless NIC in the laptop
A device on one network cannot ping a device on another network
P: There is a broken link between the two networks. S: Use tracert to locate which link is down and fix the broken link. P: Internet Control Message Protocol (ICMP) is blocked at the router. S: Configure the router to allow ICMP echo requests and echo replies. P: ICMP is blocked at the Windows firewall. S: Configure Windows firewall to allow ICMP echo req
Remote device does not respond to a ping request
P: Windows firewall disables ping by default. S: Set the firewall to enable the ping protocol. P: The remote device is configured to not respond to ping requests. S: Configure the remote device to respond to the ping request.
Binary notation
The binary number system is base two, having only two digits, zero and one. for 1 byte, there are 8 bits which will represent a 1 or a 0. 1 means that number place holder is on and 0 means it is off. Tach of the 8 place holders represent 0,1,2,4,8,16,32,64. So if I have a byte that looks like 00100100 rhe 2 and the 16 place holder are on, which means that byte adds up to 18. So 00100100 = 18
The 2 parts of a MAC address
The first 24 bits represent the organizationally unique identifier or OUI. This is the vendor or manufacturer portion of the address. The second 24 bits are assigned by the vendor and unique to that particular OUI
The 2 parts of an IP address
The first 3 octets of an IP address are the Network ID and the last octet is the host ID.
2 parts of the IPV6 address
The first 64 bits represent the network ID and the second 64 bits represent the host ID
The 2 IPV6 rules
The first rule is that leading zeros of any 16 bit segment can be omitted The second rule is that a single string of contiguous all-zero segments can be replaced by a single double colon. 2001:0000:0000:0000:a730:0000:0000:a100 can be rewritten as 2001::a730:0000:0000:a100)Notice that two segments in red with all zeros can be replaced by a single double colon. This rule cannot be used twice
Hexadecimal
The hexadecimal system is base 16, having 16 digits, zero through nine, plus A, B, C, D, E, and F, which equate to decimal base 10, 10 through 15
Logging into the router
To gain access to the wireless router's configuration GUI (graphical user interface), open a web browser. In the address field, enter the default IP address for your wireless router. The default IP address can be found in the documentation that came with the wireless router or you can search the internet.
ICMP (Internet Control Message Protocol)
Used by devices on a network to send control and error messages. Does things like announcing network errors, announcing network congestion, and troubleshooting.
Dynamic Address
A DHCP server automatically assigns IP addresses, which simplifies the addressing process. A DHCP server can automatically assign the host a: IPv4 address Subnet mask Default gateway Optional values, such as a DNS server address
ipconfig /all
A command prompt command that will display all of your computer's network information such as your MAC address, IPV4 address, and other addresses that your device will use.
DHCP (Dynamic Host Configuration Protocol)
A network service that provides automatic assignment of IP addresses and other TCP /IP configuration information. Used for IPV4 and IPV6
IPV4 (decimal)
An IP version 4 (IPv4) address is 32 bits and represented in dotted decimal. There are 4 sets of 8 bits separated by decimal points
IPV6 (Hexadecimal)
An IP version 6 (IPv6) address is 128 bits and is represented in hexadecimal format. Each hexadecimal digit is four bits, which means each segment of four hexadecimal digits will be 16 bits. There are eight 16 bit segments with each segment separated by a colon.
Internet of Things (IOT)
Any device that has internet access. From computers to thermostats, any device that can access the internet falls under the IOT
QoS (Quality of Service)
By configuring QoS, you can guarantee that certain traffic types, such as voice and video, are prioritized over traffic that is not as time-sensitive, such as email and web browsing.
Ping
Command prompt command that works by sending an ICMP echo request to the IP address you entered. If the IP address is accessible, the receiving device then sends back an ICMP echo reply message to confirm connectivity.
NAT (network address translation) for IPV4
Converts private IPv4 addresses to Internet-routable IPv4 addresses. With NAT, a private (local) source IPv4 address is translated to a public (global) address. The router is able to translate many internal IPv4 addresses into public addresses, by using NAT.
IP Address (Internet Protocol Address)
IP addressing is assigned by network administrators based on the location within the network. When a device moves from one network to another, its IP address will most likely change. An IP version 4 (IPv4) address is 32 bits and represented in dotted decimal notation.
Default Gateway
Identifies the router that this device uses to access the internet or another network. The router will have an IP address which a device will communicate with to access anything outside of your network
Static Address
In a small network, you can manually configure each device with proper IP addressing. You would assign a unique IP address to each host within the same network. This is known as static IP addressing.
Network Components
Includes wired and wireless network interface cards (NIC) and network devices such as switches, wireless access points (APs), routers, multipurpose devices, and more.
Configuring a NIC
Install drivers, configure the IP address by either using DHCP or use static IP addressing
Network Designs
Involves knowing how networks are interconnected to support the needs of a business. For instance, the needs of a small business will differ greatly from the needs of a large business.
Subnet Mask
Is used to identify the network on which this device is connected. IPv4 addresses have a 32-bit subnet mask, also represented in dotted decimal notation. Subnet masks are a continuous string of ones, with the rest of the mask being all zero bits. This means that there are specific values that a subnet mask will have, such as 225.255.255.0
Local resources such as file shares or printers are unavailable.
P: Could be a number of issues: Bad cabling, switch or router not functioning, firewall blocking traffic, DNS name resolution not working, or service failed. S: Establish the scope of the problem such as trying to connect from a different host.
A user cannot access the FTP server.
P: FTP is being blocked by the firewall at the router. S: Ensure that ports 20 and 21 are allowed through the router's outbound firewall P: FTP is being blocked by the Windows firewall. S: Ensure that ports 20 and 21 are allowed through the Windows outbound firewall. P: The maximum number of users has been reached. S: Increase the maximum number of simultaneous FTP users on the FTP server.
A device can connect to a network device by the IP address but not by the host name.
P: Incorrect host name. S: Re-enter the host name P: Incorrect DNS settings. S: Re-enter the IP address of the DNS server. P: DNS server is not operational. S: Restart the DNS server
The nslookup command reports "Can't find server name for address {ip-address}: timed out", where ipaddress can be any IP address.
P: The DNS server is not responding. S: Resolve connectivity issues to the DNS server and/or restart the DNS server. P: The DNS records are incorrect. S: Configure the DNS server with the correct records
The FTP client software cannot find the FTP server
P: The FTP client has an incorrect server/domain name or port setting. S: Enter the correct server/domain name and port settings in the FTP client. P: The FTP server is not operational or is offline. S: Restart the FTP server. P: The DNS server is not operational and not resolving names. S: Restart the DNS server. P: The FTP client has an incorrect server/domain name or port setting. S: Enter the correct server/domain name and port settings in the FTP client.
The ipconfig /release or ipconfig /renew command results in the following message: "The operation failed as no adapter is in the state permissible for this operation."
P: The computer has been configured with a static IP address. S: Reconfigure the NIC to obtain IP addressing automatically
The device does not obtain or renew the IP address on the network.
P: The computer is using a static IP address from a different network. S: Enable the computer to obtain an IP address automatically. P: Firewall is blocking DHCP. S: Change the firewall settings to allow DHCP traffic. P: DHCP server is not operational. S: Restart the DHCP server. P: Wireless NIC is disabled. S: Enable Wireless NIC
A device has network access but does not have internet access.
P: The gateway IP address is incorrect. S: Configure the correct gateway IP address on the device or on the DHCP server. P: A router is configured incorrectly. S: Reconfigure the router settings. P: DNS server is not operational. S: Restart the DNS server
A user can access the local network but cannot access the internet.
P: The gateway address is incorrect or not configured. S: Ensure the correct gateway address is assigned to the NIC. P: The ISP is down. S: Call ISP to report outage.
NIC LED lights are not lit
P: The network cable is unplugged or damaged. S: Reconnect or replace the network connection to the computer. P: The NIC is damaged. P: Replace the NIC.
Windows computer has an IPv4 address of 169.254.x.x.
P: The network cable is unplugged. S: Reconnect the network cable. P: The router is powered off or the connection is faulty. S: Ensure the router is powered on and is properly connected to the network. Then release and renew the IPv4 address on the computer. P: The NIC is damaged. S: Replace the NIC.
Port Forwarding
When specific ports must be opened so that certain programs and applications can communicate with devices on different networks, port forwarding is a rule-based method of directing traffic between devices on separate networks.
White Listing and Black Listing
Whitelisting and blacklisting specify which IP addresses are allowed or denied on your network. Whitelisting is a good tool for allowing your users, access only to those IP addresses you approve. You can also blacklist or explicitly block known sites.