CTS 110
computer components are grounded inside a computer case, and computer power cables all use a
three-prong plug for this purpose. the third prong is grounded
don't allow patches
to be automatically installed in the OS
internetwork
to traverse more than one LAN segment and more than one type of network through a router
OC-24
1244.16 Throughput. Primarly used by ISPs and large enterprises
Class B
128.0.x.y to 191.255.x.y
DKIM (DomainKeys identified Mail)
An authentication method that uses encryption to verify the domain name of an email's sender
hybrid routing protocol
BGP is classified as this implying that it exhibits characteristics of both distance-vector and link-state routing protocols
VIP (virtual ip address)
represents an entire cluster. To access websites, web clients direct requests to a single VIP.
three common types of multiplexing used on copper lines are:
TDM (time division multiplexing), STDM (statistical time divison multiplexing), FDM (frequency division multiplexing)
TX/RX reverse
when the TX (transmission) and RX (receive) wires are crossed
xDSL (extended DSL)
refers to all DSL varieties
minimizing cable clutter can
help prevent airflow blockages and heat buildup
router misconfiguration
Other router configuration issues to consider when Internet connectivity fails might include blocked ports that should be open, speed or duplex mismatches, incorrect IP address range or subnet mask, incorrect default gateway, and STP issues.
recursive query
a query that demands a resolution or the answer "It can't be found." For example, the initial request the resolver makes to the local server is a recursive query. The local server must provide the information requested by the resolver
fail open
allows access during the failure
neighbors
two or more nodes on the same link
Steps on how to reset a SOHO router
1. Disconnect all data cables and unplug the power cable 2. using the end of a paper clip, depress the rest button while you plug the power cable back in 3. Continue holding down the button for at least 30 seconds 4. Release the button; at this point, the router's values should be reset to the manufacturer's defaults
allowed-mac command
Allowed MAC addresses are configured with this command
public relations specialist
If necessary, this team member learns about the situation and the response and then acts as official spokesperson for the organization to the public or other interested parties.
Cat 6a (Augmented Category 6)
Maximum throughput - 10 Gbps Bandwidth/Signal rate - 500 MHz Reduces attenuation and crosstalk and allows for potentially exceeding traditional network segment length limits. Can reliably transmit data at multigigabit per second rates. Backward compatible with Cat 5, Cat 5e, and Cat 6 cabling, which means that it can replace lower-level cabling without requiring connector or equipment changes
wide area network (WAN)
a group of LANs that spread over a wide geographical area
metropolitan area network (MAN) or campus area network (CAN)
a group of connected LANs in the same geographical area
BSS (basic service set)
a group of nodes that share an access point. The identifier for this group of nodes is known as a BSSID (basic service set identifier).
most common netowrking modes
bridged, NAT, and host-only
elevated Command Prompt
command prompt with administrative privileges
SMF (single mode fiber)
consists of a narrow core of 8 to 10 microns in diameter. Laser-generated light travels a single path over the core, reflecting very little. Because it reflects little, the light does not disperse as the signal travels along the fiber. This continuity allows SMF to accomodate the highest bandwidths and longest distances (without requiring repeaters) of all network transmission media. The internet backbone depends on single mode fiber. However, because of its relatively high cost, SMF is rarely used for short connections, such as those between a server and switch
MMF (Multimode Fiber)
contains a core with a larger diameter than SMF, usually 50 or 62.5 microns, over which many pulses of light generated by a laser or LED light source travel at various angles. Signals traveling over multimode fiber experience greater attenuation thant hose traversing single mode fiber. Therefore, MMF is not suited to distances longer than a few kilometers. On the other hand, MMF is less expensive to install and, therefore, typically used to connect routers, switches, and servers on the backbone of a network or to connect a desktop workstation to the network.
padding
contains filler bits to ensure that the size of the TCP header is a multiple of 32 bits
VoIP gateway device
converts signals from a campus's analog phone equipment into IP data that can travel over the Internet, or which converts VOIP data from an internal IP network to travel over a phone company's analog telphone lines
multicast address
delivers packets to all nodes in the targeted, multicast group
A network begins at the ___ and ends at the __
demarc and workstation
topology
describes how the parts of a whole work together
radiation pattern
describes the relative strength over a three-dimensional area of all the electromagnetic energy the antenna sends or receives. Radiation patterns can be used to classify antennas into two basic categories: undirectional antenna and omnidirectional antenna
occupational safety and health administration (OSHA)
electrical and tool safety in workplaces is generally regulated by this federal agency. it is charged with safety and health in the workplace.
vNIC (virtual NIC)
every VM has its own virtual network adapter that can connect the VM to other machines, both virtual and physical. Just like a physical NIC this operates at the Data Link Layer and provides the computer with network access. Each VM can have several vNICs, no matter how many NICs the host machine has. The maximum number of vNICs on a VM depends on the limits imposed by the hypervisor.
notice that, with the ipconfig command, you need to type ____ before a parameter, rather than a hyphen as you do with the ping command
forward slash (/)
keep the installation instructions and vendor documentation
handy as you implement the change
crossover cable
has the transmit and receive wires received and was used to connect a PC to a PC or a switch to a switch. Modern devices have an autosense function that enables them to detect the way wires are terminated in a plug and then adapt their transmit and receive signaling accordingly. This means crossover cables are now largely obsolete, except when they are needed to support older devices.
anycast address
identifies multiple destinations, with packets delivered to the closest destination
netmask
indicates the bits of an IP address that identify the larger network, while the subnet mask indicates the bits of an IP address that identify a smaller subnet within the larger network.
routing metrics
information about each route. the smaller the metrics number, the better the route
switch
receives incoming data from one of its ports and redirects it to another port or multiple ports that will send the data to its intended destination
probes
repeated trial messages
B
represents bytes
device hardening
securing devices from network or software supported attacks
console port
used to communicate with the router itself, such as when making configuration changes to the device
dual stacked
when a network is configured to use both IPv4 and IPv6 protocols.
Class C
192.0.0.x to 223.255.255.x
mac address
48 bits, written as six hex numbers separated by colons. Nodes on a LAN find each other using their MAC addresses
layer 3, Network layer
Packet. L3PDU
When a computer is struggling to establish a network connection, check its
TCP/IP configuration settings
netstat -n
lists current connections, including IP addresses and ports
root guard
prevents switches beyond the configured port from becoming the root bridge
how to safeguard sensitive information, logged data, and other legal evidence
1. Secure the area—To prevent contamination of evidence, each device involved must be isolated. This means it should be disconnected from the network (remove the Ethernet cable or disable the Wi-Fi antenna) and secured, to ensure that no one else has contact with it until the response team arrives. Ideally, you should leave the device running without closing any applications or files. Different OSes require different shutdown procedures to preserve forensic data, so the shutdown process should be left to incident response experts. However, if a destructive program is running that might be destroying evidence, the fastest and safest solution is to unplug the power cord from the back of the machine (not just from the wall). Treat the entire work area as a crime scene. In some cases, such as with a physical break-in, an entire room, or possibly multiple rooms, must be secured to protect the evidence. 2. Document the scene—Creating a defensible audit trail is one of the highest priorities in the forensics process. An audit trail is a system of documentation that makes it possible for a third party to inspect evidence later and understand the flow of events. A defensible audit trail is an audit trail that can be justified and defended in a court of law. Document everything you or your team does, noting the time and the reason for each action. For example, if you unplugged the machine because a virus was wiping the hard drive, document the time and describe the symptoms you observed that led you to unplug the machine. Also make a list of everyone found in the area and their access to the computer in question. Make sure no one else enters the area until the response team arrives, and don't leave the area unattended even for a few moments. 3. Monitor evidence and data collection—Record all items collected for evidence. Take care to preserve all evidence in its original state. Do not attempt to access any files on a computer or server being collected for evidence, as this action alters a file's metadata and could render it inadmissible in court. 4. Protect the chain of custody—All collected data must be carefully processed and tracked so it does not leave official hands at any point in the forensics process. Typically, documentation used to track chain of custody describes exactly what the evidence is, when it was collected, who collected it, its condition, and how it was secured. If at any point in the process you have custody of evidence, be sure to sign off on a chain of custody document, and obtain a signature from the next person in line when you hand over custody of the evidence. 5. Monitor transport of data and equipment—Generally, the incident response team is responsible for transporting all evidence to the forensics lab or other authority. Every item should be carefully documented so the exact same configuration can be replicated in the lab. The response team might even have the capability to do a hot seizure and removal, which means they can use specialized devices that transfer a computer from one power source to another without shutting down the computer. This can be especially critical if it's possible that the computer or its data will become inaccessible after power is turned off—perhaps because a password is unknown or data is currently in memory. 6. Create a report—Be prepared to report on all activities that you observed or participated in during the course of the incident response. It's best to take notes along the way, and to write your report in full as soon as possible after the event while it's still fresh on your mind. All of this information will likely be included in the final forensics report, so it's important to be thorough and accurate.
netstat -b
Lists the name of each process using a connection and information about the connection. Requires an elevated Command Prompt.
patch management
The process of monitoring the release of new patches, testing them for use on networked devices and installing them
169.254.9.1 through 169.254.255.254
Used to create an APIPA (automatic private IP addressing) address when a computer configured for DHCP first connects to the network and is unable to lease an IPv4 address from the DHCP server
host-based anti-malware software
you address the most likely point of entry but ignore the most important files that might be infected on the server. Also provides insufficient coverage when a significant portion of the network is virtualized
square symbol
switch
IPv6 supports these three types of IP addresses
unicast address, multicast address, and anycast address
DTE (data terminal equipment)
customer's endpoint device on the WAN
TCP header length
4 bits long. indicates the length of the TCP header in bytes. the header can be a minimum of 20 bytes to a maximum of 60 bytes in 4-byte increments. It's also called the Data offset field because it indicates the offset from the beginning of the segment until the start of the data carried by the segment
SAN (storage area network)
a distinct network of storage devices that communicate directly with each other and with other networks. SANs are not only extremely fault tolerant, they are also extremely fast. To do this, SANs use one of these technologies: • FC (Fibre Channel) is a storage networking architecture that runs separately from Ethernet networks to maximize speed of data storage and access. Although FC can run over copper cables, fiber-optic cable is much more commonly used. Fibre Channel requires special hardware, which makes it an expensive storage connection technology. FC switches connect servers with each other and the outside network. Instead of NICs, FC devices communicate through HBAs (host bus adapters). At the time of this writing, FC networks use an alternative to link aggregation called MPIO (Multipath I/O) to achieve speeds as high as 128GFC (Gbps Fibre Channel). Specifications are approved for speeds up to 256GFC, and expected to be available on the market in 2019. Figure 11-26 shows a Fibre Channel SAN connected to a traditional Ethernet network. Besides being expensive, Fibre Channel requires extensive training for IT personnel to support it. • FCoE (Fibre Channel over Ethernet) is a newer technology that allows FC to travel over Ethernet hardware and connections. To do this, the FC frame is encapsulated inside an FCoE frame, which is then encapsulated inside an Ethernet frame. This preserves much of the higher speed capabilities of FC, along with the convenience and cost-efficiency of using existing Ethernet network equipment. With the installation of CNAs (converged network adapters), FCoE switches can connect to network servers and to switches for both the LAN and the SAN. • iSCSI (Internet SCSI), pronounced "i-scuzzy," is a Transport layer protocol that runs on top of TCP to allow fast transmissions over LANs, WANs, and the Internet. It can work on a twisted-pair Ethernet network with ordinary Ethernet NICs. iSCSI is an evolution of SCSI (Small Computer System Interface), which is a fast transmission standard used by internal hard drives and operating systems in file servers. The advantages of iSCSI over Fibre Channel are that it is not as expensive, can run on the already established Ethernet LAN by installing iSCSI software (called an iSCSI initiator) on network clients and servers, and does not require as much special training for IT personnel. Some network administrators configure iSCSI to use jumbo frames on the Ethernet LAN. iSCSI architecture is very similar to FC. The primary difference is that Ethernet equipment and interfaces can be used throughout the storage network. In fact, this is the primary advantage of iSCSI over other options, making it relatively straightforward to implement. • IB (InfiniBand), like FC, requires specialized network hardware. Although it's very fast, InfiniBand tends to serve a few niche markets rather than being widely available. IB falls on the difficult end of the installation and configuration spectrum, and runs on the expensive side as well. A SAN can be installed in a location separate from the LAN it serves. SANs are highly scalable and have a very high fault tolerance, massive storage capabilities, and fast data access. SANs are best suited to environments with huge quantities of data that must always be quickly available.
TFTP (Trivial File Transfer Protocol)
Most commonly used by computers (without user intervention) as they are booting up to request configuration files from another computer on the local network. TFTP uses UDP, whereas normal FTP uses TCP
EF (expedited forwarding)
A data stream is assigned a minimum departure rate from a given node. This technique circumvents delays that slow normal data from reaching its destination on time and in sequence.
incorrect gateway
An incorrect IP address for the default gateway can have the opposite effect: the incorrectly configured client might be able to communicate directly with devices on its network, but it will not be able to communicate with any devices outside the local network
TRILL (Transparent Interconnection of Lots of Links)
a multipath, link-state protocol (using IS-IS) developed by the IETF
ad hoc
a small number of nodes closely positioned transmit directly to each other without an intervening connectivity device
OC-96
4976.64 throughput. Primarily used by ISPs
QSFP (quad small form-factor pluggable)
Complies with the 802.3ba standard, squeezing four channels in a single tranceiver and supporting data rates up to 40 Gbps (4x10 Gbps)
hertz or Hz
one cycle per second
grounding
means that a device is connected directly to the earth, so that, in the event of a short circuit, the electricity flows into the earth, rather than out of control through the device and back to the power station, which can cause an electrical fire
a band used by a wireless device is defined by its
overall frequency range
RDP (remote desktop protocol)
proprietary protocol used by Windows Remote Desktop and Remote Assistance client/server utilities to connect to and control a remote computer
network-based firewall
protects an entire private network
interface ID or interface identifier
the last 64 bits or four blocks of an IPv6 address which identify the interface
throughput (also called payload rate or effective data rate)
the measure of how much data is actually transmitted during a given period of time
emergency alert system
typically generate loud noise and flashing lights. some send text and voice message alerts to key personnel, and post alerts by email, network messages, and other means
management URL
where the user can make changes directly to the device
SaaS (software as a service)
applications are provided through an online user interface and are compatible with a variety of devices and operating systems.
refraction
as a wave travels into and through a different transmission medium, such as when traveling through glass or other solids, the wave's direction, speed, and wavelength are altered, or refracted.
FEXT (far end crosstalk)
crosstalk measured at the far end of the cable from the signal source
alien crosstalk
crosstalk that occurs between two cables
NEXT (near end crosstalk)
crosstalk that occurs between wire pairs near the source of a signal
PDoS (permanent DoS) attack
damages a device's firmware beyond repair. This is called "bricking" the device because it effectively turns the device into a brick. Usually target routers or switches
network
group of computers and other devices (such as printers) that are connected by some type of transmission media.
CIR (committed information rate)
guaranteed minimum amount of bandwidth from service provider
default route
the route to use if no other route is a match
loss-tolerant
when occasional loss of data can be tolerated
DHCP scope or DHCP pool
a range of IP addresses to be assigned to clients when they request an address
zero-day exploit
one that takes advantage of a software vulnerability that hasn't yet or has only very recently become public.
0.0.0.0
Currently unassigned
two types of DNS requests
recursive query and iterative query
unshielded twisted pair (UTP)
a type of copper-based cable that consists of one or more insulated twisted-pair wires encased in a plastic sheath
FHSS (frequency hopping spread spectrum)
short burts of data are transmitted on a particular frequency within the band and the next burst goes to the next frequency in the sequence. Frequency hopping can happen undreds of times a second. FHSS is cheaper to implement than DSSS and performs better than DSSS in crowded, indoor environments
ACL (access control list)
can decline to forward certain packets depending on their content. An ACL acts like a filter to instruct the router to permit or deny traffic according to one or more of the following variables: *Network layer protocol *Transport layer protocol *Source IP address *Destination IP address *TCP or UDP port number Each statement or test in the ACL specifies either a permit or deny flag. The router starts at the top of the list and makes a test based on the first statement. If a packet's characteristics match a permit statement, the packet moves on to the network. If the packet's characteristics match a deny statement, the packet is immediately discarded. If the packet's characteristics match a deny statement, the packet is immediately discarded. If the packet's characteristics don't match the statement, the router moves down the list to the next statement in the ACL. If the packet does not match any criteria given in the statements in the ACL, the packet is dropped. This last decision is called the implicit deny rule, which ensures that any traffic the ACL does not explicitly permit is denied by default. On most routers, each interface must be assigned a separate ACL, and different ACLs may be associated with inbound and outbound traffic. When ACLs are installed on routers, each ACL is assigned a number or name. An acceless list is not automatically installed on a router. Common errors include listing the ACL statements in the wrong order, using the wrong criteria when defining a rule, and constructing a rule incorrectly.
determine whether the change should apply to some or all users, network segments, or devices. Also decide whether it will be distributed
centrally or machine by machine
knowledge base
collection of accumulated insights and solutions to the problems encountered on a particular network
step 3, ACK (connection established)
computer A issues a segment with the following information: The sequence number because this is what computer B indicated it expects to receive The acknowledgement number field equals the sequence number that computer B sent, plus 1 The ACK bit is set to 1 The connection has now been established, in the next message, computer A will begin data transmission
racks one or more KVM (keyboard, video, and mouse) switches which
connect to a single console to provide a central control portal for all devices on the rack
firewall
dedicated device or software on a computer that selectively filters or blocks traffic between networks. Might be placed internally, residing between two interconnected private networks. More commonly, it is placed on the edge of the private network, monitoring the connection between a private network and a public network (such as the Internet).
SHA-1
due to an undisclosed flaw in SHA-0 this was created. SHA-1 has also since been retired in favor of the next two iterations of SHA, although many systems still rely on the easily cracked SHA-1
choose labels that are
durable and that are designed to stick to plastic and metal, not paper
bend radius
each type of cable has a prescribed bend radius, which is the radius of the maximum arc into which you can loop a cable without impairing data transmission. Generally, a twisted pair cable's bend radius is equal to or greater than four times the diameter of the cable.
VDSL (very high bit rate DSL or variable DSL)
faster than ADSL and is also asymmetric, with faster download speeds than upload speeds. A VDSL line that carries 50-60 Mbps in one direction and 5-10 Mbps in the opposite direction can extend only a maximum of 1.6 km before dropping to speeds similar to ADSL21. VDSL2 offers throughput speeds nearing 100 Mbps in both directions but drops off quickly at even shorter distances. These limitations might suit businesses located close to a telephone company's CO (for example, in the middle of a metropolitan area), but it won't work for most individuals.
ghosts
frames that are not actually data frames, but aberrations caused by a device misinterpreting stray voltage on the wire. Unlike true data frames, ghosts have an invalid pattern at the beginning of the frame pattern
speed and duplex mismatch
if you specify a particular speed and duplex that's not supported by the neighboring device and results in slow or failed transmissions
spoofing
impersonation of a MAC address. security risk
CLI (command-line interface)
in Windows, commands can be entered that does not provide the Windows graphics normally offered in a GUI. network technicians need to be comfortable with the CLI because it is quicker and often more powerful and flexible than a GUI. In Windows 10, a CLI can be accessed through a Command Prompt, PowerShell, or the new WSL (Windows Subsystem for Linux).
type 1 hypervisor
installs on a computer before any OS and is therefore called a bare-metal hypervisor. It partitions the hardware computing power to multiple VMs, each with their own OS. ex: XenServer, ESXI, and Hyper-V
SDN controller
integrates configuration and management control of all network devices, both physical and virtual, into one cohesive system that is overseen by the network administrator through a single dashboard. Instead of reconfiguring each network device individually, the SDN controller can be used to reconfigure groups of network devices all at one time. It can even make configuration changes automatically in response to changing network conditions.
association
involves a number of packet exchanges between the access point and your computer. Association is another function of the MAC sublayer described in the 802.11 standard.
physical layer
is the simplest layer of all and is responsible only for sending bits via a wired or wireless transmission. These bits can be transmitted as wavelengths in the air, voltage on a copper wire, or light
protocols designed to replace STP, such as SPB, operate at
layer 3 instead of or in addition to layer 2, making them more compatible with various types of technologies such as the connection protocols used on storage networks.
read the vendor's documentation regarding the patch or upgrade to
learn its purpose, and make sure you understand how it will affect the system, whether or not it is compatible with current hardware and software, and how to apply or undo the change
essential documentation covers
logical and physical connections on a network; inventory management; IP address utilization; vendors (such as contact information, warranty information, service agreements, and troubleshooting instructions); and internal operating proceduries, policies, and standards
stateless firewall
manages each incoming packet as a stand-alone entity without regard to currently active connections. Faster than stateful firewalls, but are not as sophisticated
Cat 5
max supported throughput - 100 Mbps Bandwidth/signal rate - 100 MHz required minimum standard for Fast Ethernet
installation
new software, such as CRM (customer relationship management) software for sales reps or a financial software package for accountants, must be installed on the relevant devices and incorporated with network resources
classful addressing
older method of managing IP address ranges, the dividing line between the network and host portions is determined by the numerical range the IP address falls in. Classful IPv4 addresses are divided into five class: Class A, Class B, Class C, Class D, and Class E
Nmap
originally designed for Linux as a command-line utility, but has since been expanded for compatibility on several other OSes. It's now available in a GUI form called Zenmap. Designed to scan large networks quickly and provide information about a network and its hosts. Nmap began as a simple port scanner, which is an application that searches a device for open ports indicating which insecure service might be used to craft an attack.
packet loss
packets lost due to an unknown protocol, unrecognized port, network noise, or some other anomaly. Lost packets never arrive at their destination
punchdown block
precursor to the patch panel. it is another kind of termination point. This is a panel of voice or data receptors into which twisted-pair wire is inserted, or punched down, using a punchdown tool, to complete a circuit.
common types of DNS servers
primary, secondary, caching, and forwarding
protocol analyzer
program that collects and examines network messages
SNR (signal-to-noise ratio)
proportion of noise to the strength of a signal
personal protective equipment (PPE)
protects yourself as you work
exterior router
refers to any router outside the organization's AS, such as a router on the Internet backbone. Sometimes a technician might refer to her own edge router as an exterior router because it communicates with routers outside the AS.
firmware
refers to programs embedded into hardware devices. This software does not change unless a firmware upgrade is performed
inventory management
refers to the monitoring and maintaining of all the assets that make up a network. the first step is to list all the components on the network, which include: hardware- configuration files, model number, serial number, location on the network and technical support contact software- version number, vendor, licensing, and technical support contact.
control frames
related to medium access and data delivery; examples of this type of frame include ACk and RTS/CTS frames
WPA2 (Wi-Fi protected Access, Version 2)
replaced WPA. CCMP which is short for Counter Mode with CBC (Cipher Block Chaining) MAC (Message Authentication Code) Protocol, improves wireless security for newer devices that can use WPA2. Whereas TKIP was meant to be backward-compatible as much as possible, CCMP is more future-focused. It helps ensure data confidentiality with both encryption and packet authentication by providing: * message integrity - CCMP uses CBC-MAC which ensures incoming packets are in fact, coming from their declared source, and does so using the block cipher algorithm AES * encryption - CCMP also uses AES (Advanced Encryption Standard), which provides faster and more secure encryption than TKIP for wireless transmissions. AES relies on a more sophisticated family of ciphers along with multiple stages of data transformation
quarantine network
separate from sensitive network resources and might limit the amount of time the device can remain connected to the network, until remediation steps can be completed
community cloud
service shared between multiple organizations, but not available publicly. Organizations with common interests, such as regulatory requirements, performance requirements, or data access, might share resources in this way
mesh
several access points work as peer devices on the same network, where the AP devices cooperate to provide more fault tolerant network access to clients. A wireless controller might be used only initially to configure the APs, or the APs might remain connected to the wireless for continued management. A wireless controller might be a physical device installed locally, or it might be cloud-based, VM-based, or embedded in one of the APs.
advantages of peer to peer networks
simple to configure. less expensive to set up and maintain than other types of networks.
onboard and expansion ports
sometimes called network controllers or network interface controllers (NICs)
unicast address
specifies a single node on a network. the two types of unicast addresses are global address and link local address
IR (Infrared or infrared radiation)
technology has found new life in the world of IoT, where it's used primarily to collect data through various sensors. IR exists just below the spectrum that is visible to the human eye, with longer wavelengths than red light. An LED in a device creates the invisible radiation, which is then detected by a sensor's semiconductor material that converts t he signals into electrical current. IR sensors are used to collect information such as: presence or level of liquid, variations in reflections from skin caused by variations in blood flow, proximity to the device, and commands from a control device. Nearby light sources or dust in the air can reduce the accuracy of collected data.
bandwidth
the amount of data that could theoretically be transmitted during a given period of time
DMZ or demilitarized zone
the area between two firewalls
latency
the delay that takes place between the instant when data leaves the source and when it arrives at its destination. the length of the cable affects latency as does the existence of any intervening connectivity device.
extension identifier or device ID
the last 24 bits of the MAC address which identify the device itself.
RTT (round trip time)
the most common way to measure latency on data networks is by calculating this from a packet. it is the length of time it takes for a packet to go from sender to receiver, then back from receiver to sender. RTT is usually measured in milliseconds.
ethernet
the most important data link layer standard. it is adaptable, capable of running on a variety of network media, and offers excellent throughput at a reasonable cost. Because of its many advantages it is the most popular network technology used on modern LANs.
private IP address
to conserve its public IP address, a company can use this on its private networks. IANA recommends that the following IP addresses be used for private networks: 10.0.0.0 through 10.255.255.255 172.16.0.0 through 172.31.255.255 192.168.0.0 through 192.168.255.255
TKIP (temporal key integrity protocol)
to improve security for legacy WEP-based devices. TKIP accomplished three significant improvement: *message integirty - uses a message integrity code, called Michael, that ensures incoming packets are, coming from their declared source. This is also called packet authentication * key distribution - assigns every transmission its own key encryption - includes encryption originally provided by RC4 (Rivest Cipher 4), a now insecure encryption cipher that is still widely used Was designed more as an integrity check for WEP transmissions than as a sophisticated encryption protocol
network monitor
tool that continually monitors network traffic. Spiceworks is a type of network monitoring software because it can be configured to monitor multiple devices on a network at one time
When a network is segmented into multiple smaller networks,
traffic on one network is separated from another network's traffic and each network is its own broadcast domain.
BPDUs (Bridge Protocol Data Units)
transmits STP information between switches.
EAP-TLS
uses TLS encryption to protect communication. Also uses PKI (public key infrastructure) certificates to exchange public keys and authenticate both the supplicant and the server through mutual authentication. While these certificates can be a challenge to set up, the resulting authentication strength is often worth the trade-off in convenience.
fragmentation
when a network layer protocol is aware that a packet is larger than the maximum size for its network, it will divide the packet into smaller packets in a process called this
scattering
when a wireless signal encounters an object that has small dimensions compared with the signal's wavelength, it's diffused or scattered in multiple directions. It is also related to the roughness of the surface a wireless signal encounters. The rougher the surface, the more likely a signal is to scatter when it hits that suffice. ex: chairs, books, computers, doors, rain, mist, hail, snow
scope options:
* a time limit, called a lease time * the default gateways IP address * the primary and secondary DNS server addresses
options
0-32 bits. specifies special options, such as the maximum segment size a network can handle
a trace test might stop before reaching the destination for one of three reasons
1. the device the trace is attempting to reach is down 2. its too busy to process lower-priority messages such as UDP or ICMP 3. a firewall blocks UDP and ICMP transmissions, especially if it receives several in a short period of time
5GBase-T
5000 Mbps, requires Cat 6 or better
ESS (extended service set)
A group of access points connected to the same LAN. BSSes that belong to the same
iterative query
A query that does not demand resolution. For example, when the local server issues queries to other servers, the other servers only provide information if they have it
reassociation
As devices are moved between BSSes within a single ESS, connecting to a different AP requires this. This is an automatic process that occurs when: a mobile user moves out of one AP's range and into the range of another; The initial AP is experiencing a high rate of errors. On a network with multiple APs, network managers can take advantage of the nodes' scanning feature to automatically balance transmission loads between access points.
multiplexer
Combines multiple signals from a LAN for transport over the T-carrier line and separates an incoming T-carrier line's combined channels into individual signals that can be interpreted on the LAN. After being demultiplexed, an incoming T-carrier signal passes on to devices collectively known as terminal equipment. Examples of terminal equipment include switches, routers, or telephone exchange devices that accept only voice transmissions (such as a telephone switch).
port 67 and 68
DHCP for IPv4 servers listen at port ___ and DHCPv4 clients receive responses at port ___
In Europem the standard high-speed carrier connections are
E1 and E3. Like T1s and T3s, E1s and E3s use time division multiplexing. However, an E1 allows for 32 channels and offers 2.048 Mbps throughput. An E3 allows for 512 channels and offers 34.368 Mbps throughput.
CPE (customer premise equipment)
Equipment located on the customer's premises, regardless of who owns it and who is responsible for it. Equipment belonging to the ISP should only be serviced by the ISP's technicians regardless of where it is located. Equipment owned by the customer is the responsibility of the customer and will not be serviced by the ISP
SMB (Server Message Block)
First used by earlier Windows OSes for file sharing on a network. Unix uses a version of SMB in its Samba Software, which can share files with other operating systems, including Windows systems.
NS (Name Server) record
Indicates the authoritative name server for a domain. It's mostly used for delegating subdomains to other name servers
management frames
Involved in association and reassociation; examples of this type of frame include probe and beacon frames
MTRJ (Mechanical Transfer-Registered Jack)
Most common type of MMF connector Polish - N/A Full-duplex - Yes Unique because it contains two strands of fiber in a single ferrule. With two strands per ferrule, a single MTRJ connector provides full-duplex signaling.
PPPoE (PPP over Ethernet)
PPP running over an Ethernet network. It might be used to connect a computer to a modem by way of an Ethernet network adapter and patch cable. Similarly PPPoA is PPP over ATM (asynchronous transfer mode)
giants
Packets that exceed the medium's maximum packet size. For example an Ethernet packet larger than 1518 bytes
event log
Stores results from devices monitoring conditions in Windows-based networks. results can be seen with the Event Viewer application
site prefix or global routing prefix
The first four blocks or 64 bits that normally identify the network of an IPv6 address. The last four blocks or 64 bits identify the interface.
BIND (Berkeley Internet Name Domain)
The most popular DNS server software. BIND is free, open source software that runs on Linux, UNIX, and Windows platforms.
manager
The team member who coordinates the resources necessary to solve the problem. If in-house technicians cannot handle the incident, the manager finds outside assistance. The manager also ensures that the security policy is followed and that everyone within the organization is aware of the situation. As the response ensues, the manager continues to monitor events and communicate with the public relations specialist.
Wave 3 (8 data streams)
5 GHz, 6.93 Gbps, Indoor: 70 m, Outdoor: 250 m
802.11ac Wave 1 (3 data streams)
5 Ghzm 1.3 gbps. Indoor: 70 m Outdoor 250 m. 802.11ac is the first Wi-Fi standard to approach Gigabit Ethernet capabilities, providing better support for more wireless clients at a time. In fact, 802.11ac access points function more like a switch than a hub in that they can handle multiple transmissions at one time over the same frequency spectrum. 802.11ac does a better job of providing faster transmissions throughout its geographic range.
ip helper-address
A Cisco command that can be configured to create and send helper messages to support several types of UDP traffic, including DHCP, TFTP, DNS, and NetBIOS.
PAP (Password Authentication Protocol)
A client uses PAP to send an authentication request that includes its credentials. The server compares the credentials to those in its user database. If the credentials match, the server responds to the client with an acknowledgment of authentication and grants the client access to secured resources. If the credentials do not match, the server denies the request to authenticate. It is a simple authentication protocol that is not secure and sends the client's credentials in cleartext, without encryption
Routers rate the reliability and priority of a routing protocol's data based on these criteria:
AD (administrative distance), convergence time, and overhead
Problems with firmware updates
Updates to a NIC or access point's firmware can help patch vulnerabilities and increase functionality. The flip side of this issue is that updates should be tested before being rolled out system-wide
MAC reservation, IP reservation, or DHCP reservation
When other nodes on the network frequently need to know the IP address of a particular client, you can have DHCP offer that client the same IP address every time it requests one. The DHCP server recognizes the client based on its MAC address and the reserved IP address is called these variety of names
domain
When windows Server controls network access to a group of computers it is a logical group called this
broadcast domain
a Lan, which consists of all the nodes a broadcast reaches, can be referred to as this.
upset failure
can shorten the life of a component and/or cause intermittent errors
TCP characteristics
connection-oriented, sequencing and checksums, and flow control
neighbor discovery
how routers learn about all devices on their network. This process can go awry when changes are made to the network, or when a problem is developing but is only producing sporadic symptoms.
netstat -f
lists current connections, including IP addresses, ports, and FQDNs
three factors that can degrade network performance
noise, attenuation, and latency
propagation
refers to the way in which a wave travels from one point to another.
server-based anti-malware software
resides on the server and checks every file and transaction, you will protect important files, but slow your network performance considerably
TLD (top-level domain)
the last part of an FQDN
data storage quantities
typically expressed in multiple of bytes
AAAA ( address) record (called a "quad-A record")
Holds the name-to-address mapping for IPv6 addresses
client-to-site VPN
Remote clients, servers, and other hosts establish tunnels with a private network through a VPN gateway at the edge of the LAN. Each remote client on a client-to-site VPN must run VPN software to connect to the VPN gateway. The t unnel created between them encrypts and encapsulates data. This is the type of VPN typically associated with remote access. As with site-to-site VPNs, clients and hosts on the protected LAN communicate with remote clients by the way of the VPN gateway and are not required to run VPN software. To establish a client-to-site VPN, only the VPN gateway location needs a static public IP address.
ARP poisoning
Similar to DNS caches, ARP tables can be altered. ARP works in conjunction with IPv4 to discover the MAC addresses of a node on the local network. This information is stored in a database called the ARP table or ARP cache, which maps IP addresses to MAC addresses on the LAN. However, ARP performs no authentication, and so is highly vulnerable to attack. When attackers use faked ARP replies to alter ARP tables in the network, the attacker is called ARP poisoning. ARP vulnerabilites contribute to the feasibility of serveral other exploits, including DoS (denial-of-service) attacks, MitM (man-in-the-middle) attacks, and MAC flooding. MAC flooding involves overloading a switch with ARP replies
in-band management
Telnet, SSH, RDP, VNC, and a management URL all rely on the existing network infrastructure for a network administrator to remotely control the device. Before he or she can configure these devices they must already be booted up, and they must already have configuration software installed. It inherently limits troubleshooting capabilities.
IANA (Internet Assigned Numbers Authority)
The organization responsible for tracking the assignments of IP addresses, port numbers, and domain names. It is a department of ICANN (Internet Corporation for assigned Names and Numbers).
technical support specialist
The team member who focuses on only one thing: solving the problem as quickly as possible. After the situation has been resolved, the technical support specialist describes in detail what happened and helps the manager find ways to avert such an incident in the future. Depending on the size of the organization and the severity of the incident, this role may be filled by more than one person.
on-boarding
Users or network technicians install a specific app, called an agent, on a user's device, whether the device is a smartphone, laptop, or tablet. This gives the device trusted access to certain portions of the network. Access to email services, file-sharing services, and certain network administrative features might all be controlled by the device's permission levels enabled by on-boarding that device
IKEv2
a component of the IPsec protocol suite, offers fast throughput and good stability when moving between wireless hotspots. It's compatible with a wide variety of devices and is often recommended by VPN provided as the most secure option among the VPN protocols they support
patch
a correction, improvement, or enhancement to software. It corrects a bug, closes a vulnerability, or adds minor enhancements to only parts of the software, leaving most of the code untouched.
security token
a device or application that stores or generates information, such as a series of number or letters, known only to its authorized user
worm
a program that runs independently of other software and travels between computers and across networks. They may be transmitted by any type of file transfer, including email attachments. Worms do not alter other programs in the same way that viruses do, but they can carry viruses. Because they can transport and hide viruses, you should be concerned about picking up worms when you exchange files on the Internet, via email, or on flash drives
port mirroring also called SPAN (switched port analyzer)
a technique that NIDS might use to monitor traffic carried by a switch. One port on a switch is configured to send a copy of all the switch's traffic to the device connected to that port. The device runs a monitoring program, which can now see all traffic the switch receives. This monitoring program can be located on either the local network or at a remote location.
shielded twisted pair (STP)
a type of copper-based cable containing twisted pair-wires that are not only individually insulated, but also surrounded by a shielding made of a metallic substance such as foil
route command
allows you to view a host's routing table. Linux or Unix - enter route at the hsell prompt Windows - enter route print at the command prompt Ciscos IOS - enter show ip route at the CLI in enable mode
infrastructure
an intervening connectivity device, a WAP (wireless access point) or AP (access point), accepts wireless signals from multiple nodes and retransmits them to the rest of the network. To cover its intended range, an access point must have sufficient power and be strategically placed so that all connected nodes can communicate with it. most small wireless LANs use the infrastructure topology, requiring one or more APs.
OpenVPN
an open-source VPN protocol that uses a custom security protocol called OpenSSL for encryption. OpenVPN has the ability to cross many firewalls where IPsec might be blocked. It is both highly and highly configurable
H.323
another signaling protocol used to make a connection between hosts prior to communicating multimedia data. H.323 has largely been replaced by SIP, which is easier to use.
company standards and stock
besides adhering to structured cabling hierarchies and standards, you or your network manager should specify standards for the tpes of cable used by your organization and maintain a list of approved cabling vendors. Keep a supply room stocked with spare parts so you can easily and quickly replace defective parts
BPDU guard
blocks BPDUs on any port serving network hosts, such as workstations and servers, and thereby ensures these devices aren't considered as possible paths. BPDU guards also enhance security by preventing a rogue switch or computer connected to one of these ports from hijacking the network's STP paths
bluetooth device pairing
bluetooth devices must be connected or paired. The steps are to turn on the bluetooth antenna for each device, make at least one of the devices discoverable. On the other device, select the discoverable device to connect to. Enter a PIN if required.
::
used in an IP address to replace blocks that contain all 0s. Using the fewest amount of 0s is the recommended method
edge routers or border routers
connect an autonomous system with an outside network, also called an untrusted network
127.0.0.1 through 127.255.255.254
Used for research or can indicate your own computer, in which case it is called the loopback address.
Range of host IP addresses for subnet B
129 through 254
layer 2, data link layer
Frame. L2PDU
black hat hacker
These groups or individuals use their skills to bypass security systems to cause damage, steal data, or compromise privacy. They're not concerned with legal restrictions, and are intent on achieving personal gain or executing a personal agenda against an individual or an organization. Some black hat hackers and groups are also available for hire to serve someone else's agenda.
802.11b
2.4 GHZ, 11 Mbps, 100 m. Separates 2.4 GHz band into 22 MHz channels. It was the first of the 802.11 standards to take hold. It is also the least expensive. Most network administrators have replaced it with the faster 802.11n standard
802.11n
2.4 GHz or 5 GHz, 600 Mbps, Indoor: 70 m Outdoor: 250 m. The primary goal of IEEE's 802.11n committee was to create a wireless standard that provided much higher effective throughput than the earlier 802.11 standards, and they succeeded. It is a realistic platform for telephone and video signals because of its maximum throughput of 600 Mbps. IEEE also specified that the 802.11n standard must be backward compatible with the 802.11a, b, and g standards. This is made possible because 802.11n uses both the 2.4 GHz and the 5.0 GHz frequency bands.
DNS poisoning or DNS spoofing
by altering DNS records on a DNS server, an attacker can redirect Internet traffic from a legitimate web server to a phishing website. Because of the way DNS servers share their cached entries, poisoned DNS records can spread rapidly to other DNS servers, ISPs, home and business networks, and individual computers.
Switching
determines how connections are created between nodes on a network. Although switching as we know it is a Layer 2 f unction, the term switching here is also applied to Layer 3, when explanining how circuits are created between endpoints on different networks.
NIST (National Institute of Standards and Technology)
developed a standard definition for Cloud computing services categories.
PDs ( powered devices)
devices that receive power from PSE
FTPS (FTP Security or FTP secure)
An added layer of protection for FTP using SSL/TLS that can encrypt both the control and data channels. Recall that FTP listens at port 21, which is the command channel. Data is usually transferred over port 20, which is the data channel. FTPS is typically configured to listen at port 21 but requires two data channels. By default, those data channels are at port 989 and 990. However, FTPS can also be configured to negotiates its data ports within a predefined range each time it makes a connection. FTPS can be difficult to configure through a firewall. You can configure the vsftpd app to support FTPS, as they are both based on the original FTP standards
dynamic and private ports
Range from 49152 to 65525 and are open for use without restriction
ICMPv6
IPv6 networks use this version of ICMP
Interference
if Intermittent and difficult-to-diagnose wireless communication errors occur, interference might be the culprit. Check for sources of EMI, such as fluorescent lights, heavy machinery, cordless phones, and microwaves in the data transmission path
When the host receives a request to communicate on TCP port 23 it _____ or _______ a session. When the TCP session is complete, the socket is _____ or ______
establishes/open and closed/dissolved
traffic analysis
examines the flow of network traffic for patterns and exceptions to those patterns. For example, locations of network bottlenecks, such as an outdated device that should be replaced or a network service that needs more resources
security audit
if a company is accredited by an agency that sets network security standards and performs a posture assessment, the assessment counts as this
segments
if a message is too large to transport on the network TCP divides it into smaller messages called this
DNAT or Destination Nat (Destination Network Address Translation)
hosts outside the network address a computer inside the network by a predefined public IP address. When a message sent to the public IP address reaches the router managing DNAT, the destination IP address is changed to the private IP address of the host inside the network. The router must maintain a translation table of public IP addresses mapped to various hosts inside the network. DNAT changes the destination IP address of incoming messages and is often used by large organizations that provide services to the Internet. The various servers can use private IP addresses for security and also to allow network administrators more freedom to manage these servers.
security policy
identifies your security goals, risks, levels of authority, designated security coordinator and team members, responsibilities for each team member, and responsibilities for each employee. In addition, it specifies how to address security breaches. It should not state exactly which hardware, software, architecture, or protocols will be used to ensure security, nor how hardware or software will be installed and configured. These details change from time to time and should be shared only with authorized network administrators or managers.
calculating the number of hosts formula
2^h - 2 = Z h = the number of bits remaining in the host portion Z = the number of hosts available in each subnet
sequence number
32 bits long. Identifies the data segment's position in the stream of data segments being sent.
packet-switched
Data is broken into packets before it's transported. Packets can travel any path to their destination because, as you already know, each packet contains the destination address and sequencing information. Consequently, packets can attempt to find the fastest circuit available at any instant. When packets reach their destination node, the node reassembles them based on control information included in the packets. The greatest advantage to packet switching lies in the fact that it does not waste bandwidth by holding a connection open until a message reaches its destination, as circuit switching does. Ethernet networks and the Internet are the most common examples of packet-switched networks. LAN always uses packet-switched connections but a WAN can use both.
Four addressing methods
Data link layer MAC address, Network layer IP Address ( IPv4 and Iv6), transport layer ports, and application layer FQDNs, computer names, and host names
QSFP+
Generally the same technology as QSFP while supporting data rates over 40 Gbps. Total theoretical maximum data rate of 112 Gbps (4x28 Gbps).
The most thorough security employs both of the IDS implementations listed as follows in order to detect a wider scope of threats and provide multiple levels of defense:
HIDS (Host-based intrusion detection system) and NIDS (network-based intrusion detection system)
Port 546 and 547
Ipv6 which is called DHCPv6, DHCP servers listen at port __ and clients receive responses at port ___
layer 4, Transport layer
Segment (TCP) or datagram (UDP). L4PDU
Organizations tend to follow a single cabling standard formulated by
TIA (Telecommunications Industry Association) and its former parent company EIA (Electronic Industries Alliance).
TIA/EIA recognizes three possible cabling types for horizontal cabling:
UTP, STP, or fiber-optic cable
three common types of crosstalk are
alien, NEXT, FEXT
dynamic IP address
request and receive (or lease) an IP address from a DHCP server each time a device connects to a network
OSHA regulations for electrical safety
require that electrical devices be turned off and the electrical supply locked out before employees work near these devices
exploit
the act of taking advantage of a vulnerability
incident
Any event, large or small, that has adverse effects on a network's availability or resources. This could be a security breach, such as a hacker gaining access to a user's account, an infection, such as a worm or virus, or an environmental issue, such as a fire or flood.
lifting heavy objects guidelines
1. decide which side of the object to face so that the load is the most balanced 2. stand close to the object with your feet apart 3. keeping your back straight, bend your knees and grip the load 4. lift with your legs, arms, and shoulders, and not with your back or stomach 5. keep the load close to your body and avoid twisting your body while you're holding it 6. to put the object down, keep your back as straight as you can and lower the object by bending your knees
Social Engineering attack cycle
Phase 1 - research. The most important and often requires the most time investment Phase 2 - building trust Phase 3 - exploit. the point of action on the part of the victim that gives the attacker the access he desires Phase 4 - exit, the attacker executes an exit strategy in such a way that does not leave evidence or raise suspicion.
convergence time
Routing protocols are also rated on the time it takes to recognize a best path in the event of a chance or network outage
OUI (Organizationally Unique Identifier)
The first 24 bits of the 48 bit long MAC Address. It identifies the NIC's manufacturer. It is assigned by the IEEE (Institute of Electrical and Electronics Engineers).
Host-only mode
VMs use the DHCP service in the host's virtualization software to obtain IP address assignments. Host-only mode is appropriate for test networks or if you simply need to install a different operating system on your workstation to use an application that is incompatible with your host's operating system. Because host-only mode prevents VMs from exchanging data with a physical network, this configuration cannot work for virtual servers that need to be accessed by clients across a LAN. Nor can it be used for virtual workstations that need to access LAN or WAN services, such as email or web pages. Host-only networking is less commonly used than NAT or bridged mode networking.
GRE (Generic Routing Encapsulation)
a layer 3 protocol used to transmit PPP, IP, and other kinds of messages through a tunnel. Like L2TP, GRE is used in conjunction with IPsec to increase the security of the transmissions
wireless range extender
can amplify a wireless signal by increasing the power of the transmission or extending it by repeating the signal from a closer broadcast point
back reflection
measured as optical loss in dB (decibels).
MMF connectors are classified by
the number of fibers
FCC (Federal Communications Commission)
defines the use of the wireless spectrum.
in a typical rack system, airflow through the chasses is designed to move from
front to back
two types of damage in an electronic component that static electricity causes
catastrophic failure and upset failure
load balancer
a device dedicated to the task of distributing traffic intelligently among multiple computers. It can determine which among a pool of servers is experiencing the most traffic before forwarding the request to a server with lower utilization. This server pool might be configured as a cluster
IPv4 (internet protocol version 4)
have 32 bits and are written as four decimal numbers called octets. Each octet, when written in binary, consists of exactly 8 bits. The largest possible 8 bit number is 11111111 which is equal to 255 in decimal.
resource records
hold specific types of information. DNS administrators need to be familiar with the various types.
IP exclusion
if you have one or more clients on the network with static IP addresses, you need to configure this on the DHCP server. This excludes one or more IP addresses from the IP address pool so the server doesn't offer those IP addresses to other clients.
fractional T1
Allows organizations to use only some of the channels on a T1 line and be charged according to the number of channels they use. Thus, fractional T1 bandwidth can be leased in multiples of 64 Kbps. A fractional T1 is best suited to businesses that expect their traffic to grow and that may require a full T1 eventually, but can't currently justify leasing a full T1 right away.
PPP (point-to-point) protocol
a data link layer protocol that directly connects two WAN endpoints. One example might be when a DSL or cable modem connects to a server at the ISP. PPP headers and trailers create a PPP frame that encapsulates Network layer packets. The frames total only 8 or 10 bytes, the difference depending on the size of the FCS field. PPP can: -Negotiate and establish a connection between the two endpoints -Use an authentication protocol, such as MS-CHAPv2 or EAP, to authenticate a client to the remote system - Support several Network layer protocols, such as IP, that might use the connection - Encrypt the transmissions, although PPP encryption is considered weak by today's standards
routing table
a database that holds information about where hosts are located and the most efficient way to reach them. A router has two or more network ports and each port connects to a different network; each network connection is assigned an interface ID, and logically, the router belongs to every network it connects to. A router relies on its routing table to identify which network a host belongs to and which of the router's interfaces points towards the best next hop to reach that network.
spectrum analyzer
a device that can assess the quality of a wireless signal. Spectrum analysis is useful to ascertain where interference is greatest
redundant power circuits
a fail safe for if a circuit breaker trips, the servers can keep running on the other power circuit. Racks often have multiple UPSes installed as well.
QoS (quality of service)
a group of techniques for adjusting the priority a network assigns to various types of transmissions. To do this, network administrators need to be aware of the applications used on a network, including the application protocols they use and the amount of bandwidth they require. A network that handles a lot of VoIP traffic would need to prioritize that traffic in order to avoid problems with jitter.
war driving
a hacker searches for unprotected wireless networks by driving around with a laptop or smartphone configured to receive and capture wireless data transmissions. It is surprisingly effective for obtaining private information.
hidden node problem
a node is not visible to other nodes on the other side of the coverage area. one way to ensure that packets are not inhibited by other transmissions is to reserve the medium for one node's use. In 802.11 this can be accomplished t hrough the optional RTS/CTS (request to send/clear to send) protocol.
caching DNS server
a server that accesses public DNS data and caches the DNS information it collects. This server receives DNS queries from local network clients and works to resolve them by contacting other DNS servers for information. Caching DNS servers do not store zone files (which is why they must rely on their caches and resolution efforts), and therefore do not participate in zone transfers, which further helps to reduce network traffic on the intranet
bridged mode
a vNIC accesses a physical network using the host machine's NIC. In other words, the virtual interface and the physical interface are bridged. If your host machine contains multiple physical adapters you can choose which physical adapter to use as the bridge when you configure the virtual adapter. Although a bridged vNIC communicates through the host's adapter, it obtains its own IP address, default gateway, and subnet mask from a DHCP server on the physical LAN. VMs that must be available at a specific IP address, such as mail servers or web servers, should be assigned bridged network connections. However, VMs that other nodes do not need to access directly can be configured to use the NAT networking mode
PUA (privileged user agreement)
addresses the specific concerns related to privileged access given to administrators and certain support staff. It outlines guidelines, rules, restrictions, and consequences of violations, all of which help minimize the risk involved in allowing privileged access to some users. When accessing a privileged account, the user is advised to stay signed into the account only as long as is necessary to perform the needed tasks, and then sigh off, not relying on the time-out feature to sign her off.
EAP-FAST (EAP-flexible authentcation via secure tunneling)
also a form of tunneled EAP. developed by CISCO and works similarly to PEAP, except faster. The most important difference is that it uses PACs (Protected Access Credentials), which are somewhat similar to cookies that websites store on a user's computer to track their activities. A PAC is stored on thes upplicant device for speedier establishment of the TLS tunnel in future sessions
FIM (file integrity monitoring)
an HIDS solution that alerts the system of any changes made to files that shouldn't change, such as operating system files. It works by generating a baseline checksum of the monitored files, and then recalculating the checksum at regular intervals to determine if anything has changed
wireless spectrum
commonly called airwaves, it is the frequency range of electromagnetic waves used for data and voice communication. FCC (Federal Communications Commission) controls its use. The spectrum spans frequency ranges or bands between 9 kHz and 300 GHz.
VPN Tunneling Protocols
complete frames are encrypted, encapsulated, and transported inside normal IP packets and Data Link layer frames. In other words, a frame travels across the network as the payload inside another frame. Once the frame is released on the other side of the tunnel, it acts as it would have on the network where it originated, allowing the user to access network resources as if she were locally logged onto the network. Many VPN tunneling protocols operate at the Data Link layer to encapsulate the VPN frame inside a Network layer packet. Some VPN tunneling protocols work instead at Layer 3, which enables additional features and options, especially for site-to-site VPN traffic. Most tunneling protocols rely on an additional encryption protocol to provide data security.
Disadvantages of Virtualization
compromised performance - when multiple VMs contend for finite physical resources, one VM could monopolize those resources and impair the performance of others on the same computer. In addition to multiple guest systems vying for limited physical resources, a hypervisor also requires some overhead increased complexity - although virtualization reduces the number of physical machines to manage, it increases complexity and administrative burden in other ways. increased licensing costs - because every instance of commercial software requires its own license, every VM that uses such software comes with added cost. In some cases, the added cost brings little return. single point of failure - if a host machine fails, all its guest machines will fail, too.
DSSS (direct sequence spread spectrum)
data streams are divided and encoded into small chunks, called chips, which are spread over all available frequencies within one of three, wide channels, all at the same time. The process of dividing and encoding the data is called chipping, and the spreading ratio used to transform the data is called the chipping code, which is unique to each device. DSSS uses the available bandwidth more efficiently than FHSS and tends to have a higher throughput
intermediate distribution frame (IDF)
provides an intermediate connection between the MDF and end-user equipment on each floor and in each building. There is only one MDF per campus but there can be many IDFs connecting internal portions of the network. The TIA/EIA standard specifies at least one IDF per floor, although large organizations may have several data rooms or closets per floor to better manage the data feed from the main data facilities. Connections from an IDF branch out to workstations in an extended star topology
rack diagram
show the devices stacked in a rack system and are typically drawn to scale. they are helpful when planning a rack installation and invaluable for tracking and troubleshooting equipment installed in a rack
emergency power-off switch
shuts electricity off. don't use a power off switch unless you really need to; improper shutdowns are hard on computers and their data.
IP (Internet protocol)
specifies where data should be delivered, identifying the data's source and destination IP addresses. IP is the protocol that enables TCP/IP to internetwork. It is a connectionless protocol, meaning IP does not establish a session to send its packets. Each IP packet travels separately from all other packets in its series, where some messages might take a different route than others, even though they're going to the same place. Once IP delivers the message to the correct host, it depends on TCP to ensure the messages are put back in the right order, if that's necessary. It also relies on either TCP or UDP to ensure each message reaches the correct application on the receiving host.
syslog (system log)
standard for generating, storing, and processing messages about events on a system. Records information running Linux or UNIX. It describes methods for detecting and reporting events and specifies the format and contents of messages. It also defines two possible roles for computers participating in logging events: *generator - the computer that is monitored by a syslog-compatible application and that issues event information *collector - the computer that gathers event messages from generators
authoritative server
the authority on computer names and their IP addresses for computers in their domains.
HTTPS (HTTP Secure)
the result of HTTP being layered on top of an encryption protocol such as SSL (Secure Sockets Layer) or TLS (Transport Layer Security), which gives a secure transmission
SMF connectors are classified by
the size and shape of the ferrule. they are designed to reduce back reflect, which is the return of the light signal back into the fiber that is transmitting the signal. They are typically available with a 1.25 mm ferrule or a 2.5 mm ferrule.
impedance
the telltale factor for ascertaining where faults in a cable lie. A certain amount of impedance is required for a signal to be properly transmitted and interpreted. However, very high or low levels of impedance can signify a damaged wire, incorrect pairing, or a termination point. In other words, changes in impedance can indicate where current is stopped or inhibited.
BiDi transceivers
use WDM technology to separate the data traveling in each direction on different wavelengths of light, and so sometimes they're called WDM transceivers. To work, they must be deployed in pairs with a BiDi transceiver on each end of the cable. BiDi trasceivers are more expensive than their duplex cousins, but reduce by half the amount of fiber cabling needed for the same data throughput, making them more economical.
how to reverse operating system patch
use the patch's automatic uninstall utility
jitter or PDV (packet delay variation)
when packets experience varying amounts of delay and arrive out of order. This might cause streaming video or voice transmissions to pause repeatedly, jump around, or stall out completely.
MAC address table
where acceptable MAC addresses are stored. it can be configured manually or dynamically from its default of 1 up to a maximum number of devices as determined by the network administrator. Once the MAC address table is full, a security violation occurs if another device attempts to connect to the port. By default, the switch will shut down the port, or it can be configured to restrict data from the rogue device. Either way, the switch generates an SNMP notification.
common criteria by which a packet-filtering firewall might accept or deny traffic include the following:
• Source and destination IP addresses • Source and destination ports (for example, ports that supply TCP/UDP connections, FTP, Telnet, ARP, ICMP, and so on) • Flags set in the TCP header (for example, SYN or ACK) • Transmissions that use the UDP or ICMP protocols • A packet's status as the first packet in a new data stream or a subsequent packet • A packet's status as inbound to or outbound from your private network Furthermore he could disable or block certain well known ports such as the insecure NetBIOS ports (137,138, and 139).
peer-to-peer model
can be achieved using any assortment of desktop, mobile, or tablet operating systems. The operating system of each computer on the network is responsible for controlling access to its resources without centralized control. The computers called nodes or hosts, form a logical group of computers and users that share resources. Each computer on a P2P network controls its own administration, resources, and security. Examples of OS that might be installed on computer in p2p network are Windows, Linux, macOS and iOS, Android, and BlackBerry.
network operating systems
control access to the entire network. examples: Windows Server 2016, Ubuntu Server, and Red Hat Enterprise Linux responsible for: managing data and other resources for a number of clients, ensuring that only authorized users access the network, controlling which types of files a user can open and read, restricting when and from where users can access the network, controlling which types of files a user can open and read, restricting when and from where users can access the network, dictating which rules computers will use to communicate, in some situations, supplying application and data files to clients
payload
data that is passed between applications or utility programs and the operating system. it includes control information
physical topology
mostly refers to a network's hardware and how computers, other devices, and cables fit together to form the physical network
round symbol
router
web service
serves up web pages to clients
network layer
sometimes called the Internet layer, is responsible for moving messages from one node to another until they reach the destination host. The principal protocol this layer uses is the IP (internet protocol).
frame
the entire data link layer message
small office-home office networks (SOHO)
typically have fewer than 10 computers. a consumer-grade router is used to connect the LAN to the Internet
virus
a program that replicates itself with the intent to infect more computers, either through network connections when its piggybacks on other files or through the exchange of external storage devices. A virus might damage files or systems, or it might simply annoy users by flashing message or picture on the screen
ferrule
the extended tip of a connector that makes contact with the receptacle in the jack or other connector
no shutdown command (undo shutdown on Huawei devices)
enable devices that were disabled
attenuation
loss of a signal's strength as it travels away from its source
b
represents bits
flow control
the process of gauging the appropriate rate of transmission based on how quickly the recipient can accept data.
network services
the resources a network makes available to its users include applications and the data provided by these applications
delay-sensitive
voice and video transmissions are considered this
ARP (Address Resolution Protocol)
works in conjunction with IPv4 to discover the MAC address of a node on the local network and to maintain a database that maps local IP addresses to MAC addresses. ARP is a Layer 2 protocol that uses IP in Layer 3. It's sometimes said to function at Layer 2.5 because it touches information (IP addresses and MAC addresses) at both layers. It operates only within its local network bound by routers. It relies on broadcasting, which transmits simultaneously to all nodes on a particular network segment.
NGFWs (Next Generation Firewalls) also called Layer 7 firewalls
• application aware—Monitor and limit the traffic of specific applications, including the application's vendor and digital signature. This includes built-in Application Control features. • user aware—Adapt to the class of a specific user or user group. • context aware—Adapt to various applications, users, and devices. This more granular control of configuration settings enables network administrators to fine-tune their security strategies to the specific needs of their companies. Popular choice for larger enterprises that need to customize their security policies.
runts
packets that are smaller than the medium's minimum packet size. For instance, any Ethernet packet that is smaller than 64 bytes is considered a runt
ISN (Initial Sequence Number)
part of the first SYN message in the three-way handshake that appears to be random but in reality is calculated by a specific, clock-based algorithm, which varies by operating system.
rollback
process of reverting to a previous version of software after attempting to patch or upgrade it
determine whether the patch or upgrade
is necessary
OPM (optical power meter) also called a light meter
measures the amount of light power transmitted on a fiber-optic line. The device must be calibrated precisely, following highly accurate optical power standards set by the NIST (National Institute of Standards and Technology), which is a nonregulatory agency of the U.S> Department of Commerce. The surrounding room temperature, connection type, and skill of the technician conducting the test all affect the accuracy of the final test results.
servers that have an NOS installed require more
memory, processing power, and storage capacity than clients because servers are called on to handle heavy processing loads and requests from multiple clients. for example, a server might use a RAID (redundant array of independent disks) configuration of hard drives, so that if one hard drive fails, another hard drive can take its place
skip-counting
method of adding on the same number over and over
protocols
methods and rules for communication
VoIP endpoints
might be telephones sitting at each user's location or applications hosted on a user's computer or other device
licensing restrictions
might define who is allowed to use an application and for how long, how many users are allowed to install or access it, whether the application can be made available over a company's network or the Internet, and how many backup copies of the application may be stored
modem
modulation/demodulation device that converts between digital and analog signals
brownout
momentary decrease in voltage; also known as a sag. An overtaxed electrical system can cause brownouts, which you might recognize in your home as a dimming of the lights. Such voltage decreases can cause computers or applications to fail and potentially corrupt data.
VTP (VLAN Trunk Protocol)
most popular protocol for exchanging VLAN information over trunks. VTP allows changes to a VLAN database on one switch, called the stack master, to be communicated to all other switches in the network. This provides network administrators with the ability to centrally manage all VLANs by making changes to a single switch. Other switches besides the stack master in the same VTP domain can also communicate VLAN updates, such as the addition of a new VLAN.
Apache
most popular web server application which primarily runs on UNIX systems
square-hole racks
most recent attachment innovation, allowing for bolt-free mounting
MAC (mandatory access control)
most restrictive method of access control. Resources are organized into hierarchical classifications, such as "confidential" or "top secret." resources are also grouped into categories, perhaps by department. Users, then, are also classified and categorized. If a user's classification and category matches those of a resource, then the user is given access.
twist ratio
the number of twists per meter or foot
endpoint vulnerability
the point when data is accessed, stored, or otherwise manipulated in its unencrypted form.
IN addition to labeling cabels, also label
the ports and jacks that cables connect to. Place the labels directly on patch panels, switches, routers, wall plates, and computers, and be sure that labels are used to identify systems, circuits, and connections
encapsulation
the process of adding a header to the data inherited from the layer above
name resolution
the process of discovering the IP address of a host when its FQDN is known
port monitoring
program a switch to use port monitoring, whereby all traffic sent to any port on the switch is also sent to the mirrored port. then connect the port to a computer running monitoring software
gateway of last resort
the router that accepts unroutable messages from other routers
data frames
responsible for carrying data between nodes.
presentation layer
responsible for reformatting, compressing, and/or encrypting data in a way that the application on the receiving end can read.
Transport layer
responsible for transporting Application layer payloads from one application to another. The two main Transport layer protocols are TCP, which guarantees delivery, and UDP, which does not
DNS server
servers that are responsible for tracking computer names and their IP addresses
802.3af
specifies a method for supplying electrical power over twisted-pair Ethernet connections, also known as PoE (Power over Ethernet). The amount of power provided is relatively small - 15.4 watts for standard PoE devices and 25.5 watts for the newer PoE+ devices, defined by the 802.3at standard. The PoE standard specifies two types of devices: PSE (power sourcing equipment) and PDs (powered devices). PoE requires Cat 5 or better copper cable. Inside the cable, electric current may run over an unused pair of wires or over the pair of wires used for data transmission. The standard allows for both approaches; however, on a single network, the choice of current-carrying pairs should be consistent between all PSEs and PDs. A switch or router that is expected to provide power over Ethernet must support the technology. Also, the end node must be capable of receiving PoE. The PSE device first determines whether a node is PoE-capable before attempting to supply it with power. On networks that demand PoE but don't have PoE capable equipment, you can add PoE adapters, called an injector or midspan.
establish a theory of probable cause
step 2 of troubleshooting. as you observe the extent of the problem make your best guess as to the source of hte problem. troubleshooters generally follow the bottom-to-top OSI model by first suspecting and eliminating hardware, before moving on to software as the cause of a problem.
verify functionality and implement preventative measures
step 6 of troubleshooting. at the time you implement your solution, you'll test the system for full system functionality. it's also a good idea to return a few days later and make sure all is working as you expected. also consider what you can do to make sure the problem doesn't reappear.
difference between stream ciphers and block ciphers
stream ciphers encrypt 1 byte (or possibly 1 bit) at a time, while block ciphers encrypt much larger chunks, or blocks, in each calculation
to allow multiple devices to share the same band it is
subdivided into channels and channels are further subdivided into narrowband channels. Most wireless devices implement one of two technologies to take advantage of the frequencies within its band to avoid interference: FHSS and DSSS
Classless addressing
subnetting, which alters the rules of classful IPv4 addressing. To create a subnet, you borrow bits that would represent host information in classful addressing and use those bits instead to represent network information. By doing so, you increase the number of bits available for the network ID, and you also reduce the number of bits available for identifying hosts. Consequently, you increase the number of networks and reduce the number of usable host addresses in each network or subnet. The more bits you borrow for network information, the more subnets you can have, but the fewer hosts each subnet can have.
voice VLAN
supports VoIP traffic, which requires high bandwidths, priority over other traffic, flexible routing, and minimized latency
If the computer is not obtaining an IP address and related information from a DHCP server, the static settings might be using the wrong information. Try
switching to DHCP, at least temporarily
SIEM (Security Information and Event Management)
systems can be configured to evaluate all of this data, looking for significant events that require attention from the IT staff according to predefined rules. When one of these rules is triggered, an alert is generated and logged by the system. If programmed to do so, a notification is then sent to IT personnel via email, text, or some other method. The challenge is to find the right balance between sensitivity and workload. The effectiveness is partly determined by how much storage space is allocated for the generated data, and by the number of events it processes per second. As for the amount of data storage space, consider all the devices, such as switches, routers, servers, and security systems, that will feed data to the SIEM, and allow for future growth of this traffic as well. The network administrator can fine-tune a SIEM's rules for the specific needs of a particular network by defining which events should trigger which responses. The system can also be configured to monitor particular indicators of anticipated problems or issues. These rules should be reevaluated periodically. Also, network technicians should review the raw data on a regular basis to ensure that no glaring indicators are being missed by existing rules. Examples of SIEM software include AlienVault OSSIM, IBM Security QDAR SIEM, SolarWinds Log and Event manager, and Splunk ES.
NAC (network access control)
takes authentication, authorization, and accounting to a new level. A NAC system employs a set of rules, called network policies, which determine the level and type of access granted to a device when it joins a network. A popular NAC solution by Cisco includes Cisco firewalls, routers, switches, and ASA devices that all collectively perform NAC functions. In addition, Microsoft offers NAP (Network Access Protection) software that functions as a NAC solution in Windows Server. NAC systems authenticate and authorize devices by verifying that the device complies with predefined security benchmarks, such as whether the device has certain system settings, or whether it has specific applications installed. On some networks, software called an agent must be installed on the device before the device can be authenticated. The agent monitors the device's status regarding the security benchmarks to determine the device's compliance. Two types of agents are commonly used: a nonpersistent agent and a persistent agent.
remote desktop
the Windows Remote desktop application uses RDP (remote desktop protocol) to provide secure, encrypted transmissions that allow a technician to remote in
APC (Angle Polished Connector)
the latest advancement in ferrule technology uses the principles of reflection to its advantage. The APC still uses a polished curved surface, but the end faces are placed at an angle to each other. The industry standard is 8 degrees.
difference between a packet sniffer and a protocol analyzer
the level of interpretation and analysis the tool provides for the data captured from the network interface
MAC sublayer
the lower portion of the Data link layer that is specifically involved with managing MAC addresses in message frames.
application programming interface (API) call
the method an application uses when it makes a request of the OS
incorrect VLAn assignment
This can happen due to a variety of situations, including misconfigurations of the client authentication process in which a VLAN is assigned to the device before the authentication process is complete
steps of change management document
1.submit a change request document 2. understand and follow the approval process 3. the change is project-managed 4. provide additional documentation - network administrators should pay particular attention to updating their own documentation regarding the network. These network documentation updates might include: network configuration, IP address utilization, additions to the network, and physical location changes. 5. close the change
Class A
1.x.y.z to 126.x.y.z
It only take ___ volts to damage a component
10
source port
16 bits long. Indicates the port at the source node. The port allows a process to be available for incoming or outgoing data
dynamic port
Number assigned by a client or server as the need arises
the fundamental difference between a switch and a router is that
a switch belongs only to its local network and a router belongs to two or more local networks
star topology
all devices connect to one central device
Benefits of subnetting:
• Network documentation is easier to manage. • Problems are easier to locate and resolve. • Routers can more easily manage IP address spaces that don't overlap. • Routing is more efficient on larger networks when IP address spaces are mathematically related at a binary level.
differences between data backups and network storage technologies:
• Network storage technologies don't necessarily save multiple copies of the same data. • Network storage technologies don't usually store data in different geographical locations. • If there are multiple copies of the data, network storage technologies save those copies in the same format and on the same type of media (such as hard drives).
troubleshooting steps
1. identify the problem and its symptoms 2. establish a theory of probable cause 3. test your theory to determine the cause 4. establish a plan for resolving the problem 5. implement the solution or escalate the problem 6. verify functionality and implement preventative measures 7. document findings, actions, and outcomes
the path of an ADSL connection from a home computer through the local loop
1. request connection with web server 2. send signal to ISP 3. forward to Internet 4
destination port
16 bits long. Indicates the port at the destination node
checksum
16 bits long. allows the receiving node to determine whether the TCP segment became corrupted during transmission
urgent pointer
16 bits long. indicates a location in the data field where urgent data resides
sliding-window size (or window)
16 bits long. indicates how many bytes t he sender can issue to a receiver before acknowledgment is received. This field performs flow control, preventing the receiver's buffer from being deluged with bytes
ethernet frame maximum size
18-byte frame + 1500 bytes maximum data size = 1518 bytes maximum frame size
802.11g
2.4 GHz, 54 Mbps, 100 m. Designed to be just as affordable as 802.11b while increasing its maximum theoretical throughput with different data modulation techniques. In addition, 802.11g benefits from being compatible with 802.11b networks. This was a significant advantage at the time when network administrators were upgrading their wireless access points to the 802.11g technology while still needing to offer wireless access to their older computer.
VPN (Virtual Private Network)
A VPN is a network connection encrypted from end to end that creates a private connection to a remote network. A VPN is sometimes referred to as a tunnel. Based on the kind of endpoints they connect, VPNs can be loosely classified according to three models: site-to-site VPN, client-to-site VPN, and host-to-host VPN. They can be tailored to a customer's distance, user, and bandwidth. All share the characteristics of privacy achieved over public transmission facilities using encapsulation and encryption. The software or hardware required to establish VPNs is typically inexpensive, and in some cases, is included in the OS or a networking device's hardware. Many routers and firewalls have embedded VPN solutions. A router-based VPN is the most common implementation of VPNs on UNIX-based networks, as opposed to the server-based VPNs that Windows networks often use. Third-party solutions also work with Windows, Unix, Linux, and macOS Server network operating systems.
tips for making passwords secure
Always change system default passwords after installing new software or equipment. Do not use familiar information, such as your name, nickname, birth date, anniversary, pet's name, child's name, spouse's name, user ID, phone number, address, favorite color, favorite hobby, or any other words or numbers that often might associate with you Do not use any word that might appear in a dictionary, even an "urban" or "slang" dictionary. Hackers can use programs that try a combination of your user ID and every word in a dictionary to gain access to the network. This is known as a dictionary attack, and it is typically the first technique a hacker uses when trying to guess a password Make the password longer than eight characters. To maximize the benefit of a longer password: choose a combination of letters and numbers, use a combination of uppercase and lowercase letters, add special characters if allowed, do not repeat words or number sequences, do not use a single letter, number, or symbol more than twice in succession, and do not use easily recognized phrases such as a line from a famous song, poem, or movie Do not write your password or share it with others Change your password at least every 60 days or more frequently. Do not reuse passwords after they have expired Use different passwords for different applications Make it easier to keep a secure record of long, random passwords by installing and using password management software
IEEE terminology includes a couple of notable variations to the standard SSID configuration:
BSS (basic service set), ESS (extended service set), ESSID (extended service set identifier)
connection-oriented
Before TCP transmits data, it ensures that a connection or session is established, similar to making sure someone is listening on the other end of a phone call before you start talking. Only after TCP establishes a connection does it transmit the actual data, such as an HTTP request for a web page
horizontal cabling
Cabling that connects workstations to the closest data room and to switches housed in the room. The maximum allowable distance for horizontal cabling is 100 m. This span includes 90 m to connect the network device in the data room to a data jack on the wall in the work area, plus a maximum of 10 m to connect the wall jack to a workstation
hot site
Computers, devices, and connectivity necessary to rebuild a network exist, and all are appropriately configured, updated, and connected to match your network's current state. For example, you might use server mirroring to maintain identical copies of your servers at two WAN locations. In a hot site contingency plan, both locations would also contain identical connectivity devices and configurations, and thus be able to stand in for the other at a moment's notice. As you can imagine, hot sites are expensive and potentially time consuming to maintain. For organizations that cannot tolerate downtime, however, hot sites provide the best disaster recovery option.
DNS issues
Correct DNS server information—and a functioning DNS server— are critical requirements for enabling Internet access. Computers can be programmed to use DNS servers on a corporate network or the ISP's DNS servers, or alternatively, they can be pointed to public DNS servers such as those run by Google.
A centrally managed DHCP server can provide DHCP to multiple VLANs by configuring a ___________.
DHCP relay agent. The following steps describe this process: 1. A router, firewall, or Layer 3 switch programmed to support relay agent software receives the DHCP request from a client in one of its local broadcast domains. 2. The Layer 3 device creates a message of its own and routes this transmission to the specified DHCP server in a different broadcast domain 3. The DHCP server notes the relay agent's Ip address and assigns the DHCP client an IP address on the same subnet
PaaS (platform as a service)
Developers often require access to multiple latforms during the development process. A platform includes the operating system, the runtime libraries or modules the OS provides to applications, and the hardware on which the OS runs. Rather than purchasing and maintaing a separate device for each platform, another option is to subscribe to PaaS services. Developers can build and test their applications within these virtual, online environments, which are tailored to the specific needs of the project. Alternatively, an organization's entire network might be built on platform services porivded by a vendor. Any platform managed by a vendor resides on the vendor's hardware and relies on their uptime and accessibility to meet performance parameters. However, customers are responsible for their own applications and/or data storage, including maintaining backups of the data.
AF (Assured Forwarding)
Different levels of router resources can be assigned to data streams. AF prioritizes data handling, but provides no guarantee that on a busy network messages will arrive on time and in sequence.
netstat -s
Displays statistics about each message, transmitted by a host, separated according to protocol type (TCP,UDP, IP, or ICMP)
netstat -e
Displays statistics about messages sent over a network interface, including errors and discards
notable exceptions to Ethernet frame size limitations
Ethernet frames on a VLAN (virtual LAN) can have an extra 4-byte field between the Source address field and the Type field, which is used to manage VLAN traffic. If this field exists, the maximum frame size is 1522 bytes. Some special-purpose networks use a proprietary version of Ethernet that allows for a jumbo frame, in which the MTU can be as high as 9198 bytes, depending on the type of Ethernet architecture used.
CNAME (Canonical Name) record
Holds alternative names for a host. These names can be used in place of the canonical name, which is the complete and properly formatted name
TXT (Text) record
Holds any type of free-form text. It might contain text designed to be read by humans regarding network, server, or accounting issues. Most often it's used by: SPF (Sender Policy Framework) and DKIM (DomainKeys Identified mail)
Each line, or record, contains the text ____, which indicates the record can be used by DNS servers on the Internet
IN
network layer IP address
IP address assigned to nearly every interface, which is a network connection made by a node on a network. An IP address can be used to find any computer in the world if the IP address is public on the Internet. Applications such as browsers can store and retrieve IP addresses. But for routing purposes, an IP address is used only at the Network layer. The two kinds are IPv4 and IPv6
internet control message protocol (ICMP) and address resolution protocol (ARP)
IP relies on several supporting protocols to find the best route for a packet when traversing several networks on its way to its destination such as these
Cloud computing risks and limitations
ISP's uptime ISP-imposed bandwidth limitations Cloud provider's uptime Cloud provider's backup and security systems Misconfiguration that exposes one client's data to another client Unauthorized access to data by cloud provider employees or by illegitimate users Breaches of confidentiality agreements when data is stored online Data security regulations Questions over ownership of intellectual property stored in the cloud Questions over data maintenance if a payment is not made on time Risks to the network, proprietary data, or customer information caused by BYOC (bring your own cloud) services on users' personal devices Reduced consumer confidence, fines, lawsuits, and possibly criminal charges when cloud breaches occur
SRV (service) record
Identifies the hostname and port of a computer that hosts a specific network service besides email, such as FTP or SIP
Type 2 hypervisor
Installs in a host OS as an application and is called a hosted hypervisor. Client Hyper-V and VirtualBox are examples as are the popular VMware Player and Linux KVM. A type 2 hypervisor is not as powerful as a Type 1 hypervisor because it is dependent on the host OS to allot its computing power. VMs hosted by a Type 2 hypervisor also are not as secure or as fast as a Type 1 hypervisor's VMs.
WLANs (Wireless local area networks)
LANs that transmit signals through the air via RF (radio frequency) waves. Work at OSI Layers 1 and 2. Support the same TCP/IP higher-layer OSI protocols (such as IP, TCP, and UDP) and operating systems (such as UNIX, Linux, or Windows) as wired LANs.
Centralized wireless management is made possible by a lightweight wireless protocol, such as Cisco's proprietary
LWAPP (lightweight access point protocol), or Cisco's newer CAPWAP (control and provisioning of wireless access points), both of which direct all wireless frames to the controller by adding extra headers to the frames. The wireless controller can provide centralized authentication for wireless clients, load balancing, and channel management so that neighboring APs don't try to use overlapping channels. The controller manages AP redundancy by directing wireless traffic to alternate APs when an AP fails. Wireless controllers can also detect the presence of unauthorized APs, called rogue access points, by recognizing when an unauthorized AP attempts to connect to the network. In addition to connecting multiple nodes within a LAN, wireless technology can be used to connect two different parts of a LAN or two separate LANs. Such connections typically use a fixed link with directional antennas between two access points. Because point to point links only have to transmit in one general direction, they can apply more energy to signal propagation through a unidirectional antenna. This allows them to achieve a greater transmission distance t han mobile wireless links can offer.
Fields of an Ethernet II frame
Preamble - 7 bytes. Synchronizes the recipient's receiver clock. SFD (start frame delimeter) - 1 byte. Indicates the frame is about to begin Header - 1. Destination address - 6 bytes. Provides the recipient's MAC address. 2. Source address - 6 bytes. Providers the sender's MAC address. 3. Type field - 2. bytes. Specifies the upper-layer protocol carried in the frame. Data - 46 bytes to 1500 bytes. If the data is not at least 46 bytes, padding is added to meet the minimum. Trailer - FCS (frame check sequence) - 4 bytes. Ensures that the data at the destination exactly matches the data issued from the source using the CRC (cyclic redundancy check) algorithm.
standby UPS also called an SPS (standby power supply)
Provides continuous voltage to a device by switching virtually instantaneously to the battery when it detects a loss of power from the wall outlet. Upon restoration of power, the standby UPS switches the device back to AC power. The problem with standby UPSes is that, in the brief amount of time it takes the UPS to discover that power from the wall outlet has faltered, a device may have already detected the power loss and shut down or restarted. Technically, a standby UPS doesn't provide continuous power; for this reason, it is sometimes called an offline UPS. Nevertheless, standby UPSes may prove adequate even for critical network devices, such as servers, routers, and gateways. They cost significantly less than online UPSes.
registered ports
Range from 1024 to 19151 and can be used to temporarily by processes for nonstandard assignments for increased security. Default assignments of these registered ports must be registered with IANA.
private cloud
Service established on an organization's own servers in its own data center, or established virtually for a single organization's private use and made available to users over a WAN connection through some type of remote access. If hosted internally, this arrangement allows an organization to use existing hardware and connectivity, potentially saving money. If hosted virtually, the organization benefits from the usual advantages of virtual services, such as scalability and accessibility.
Wi-Fi analyzer
Software that can evaluate Wi-Fi network availability as well as help optimize Wi-Fi signal settings or help identify Wi-Fi security threats. Identifying the wireless channels being used nearby helps you optimize the wireless channel utilization in your vicinity.
A (Address) record
Stores the name-to-address mapping for a host. This resource record provides the primary function of DNS - to match host names to IP addresses, using IPv4 addresses
DIA (dedicated Internet access)
The cable itself or a portion of its available bandwidth is dedicated to a single customer; this is more common for business customers and comes with an SLA-defined (service-level agreement) guarantee of minimum uptime percentages and maximum recovery times if the service goes down. Bandwidth is symmetrical or synchronous, meaning download and upload speeds are the same. This is especially important for businesses that back up large amounts of data online. The subscription will also often include a number of static IP addresses.
active directory (AD)
The centralized directory database that contains user account information and security for the entire group of computers
OC (optical carrier)
The data rate of a particular SONET connection is indicated by this level, a rating that is internationally recognized by networking professionals and standards organizations. OC levels in SONET are analogous to the digital signal levels of T-carriers
MIB (management information base)
The list of objects managed by the NMS, as well as the descriptions of these objects, are kept in the MIB (Management Information Base). The MIB also contains data about an object's performance in a database format that can be mined and analyzed. The MIB is designed in a top- down, hierarchical tree structure, where the root is unnamed.
Metasploit
This popular penetration testing tool combines known scanning and exploit techniques to explore potentially new attack routes.
SNMPv2 (Simple Network management Protocol version 2)
This version improved on SNMPv1 with increased performance and slightly better security, among other features
SNMPv3 (Simple Network Management Protocol version 3)
This version is similar to SNMPv2, but adds authentication, validation, and encryption for messages exchanged between managed devices and network management console. It is the most secure version of the protocol. Some administrators have hesitated to upgrade to SNMPv3 because it requires more complex configuration. Therefore, SNMPv2 is still widely used.
OC-12
Throughput 622.08 Mbps. Used by ISPs for WAN connections and by some large enterprises. Consists of four OC-3s.
online UPS
Uses the AC power from the wall outlet to continuously charge its battery, while providing power to a network device through its battery. In other words, a server connected to an online UPS always relies on the UPS battery for its electricity. Because the server never needs to switch from the wall outlet's power to the UPS's power, there is no risk of momentarily losing service. Also, because the UPS always provides the power, it can handle noise, surges, and sags before the power reaches the attached device. As you can imagine, online UPSes are more expensive than standby UPSes.
vulnerability
a weakness of a system, process, or architecture that could lead to compromised information or unauthorized access
L2TP (Layer 2 Tunneling Protocol)
a VPN tunneling protocol based on technology developed by Cisco and standardized by the IETF. L2TP encapsulates PPP data in a similar manner to PPTP, but differs in a few key ways. Unlike PPTP, L2Tp is a standard accepted and used by multiple vendors, so it can connect a VPN that uses a mix of equipment types. Typically, L2TP is implemeted with IPsec for security, and this L2TP/IPsec combination is considered secure and acceptable for most situations
SDN (software-defined networking)
a centralized approach to networking that removes most of the decision-making power from network devices and instead handles that responsibility at a software level with a product called an SDN controller, or network controller.
data link layer mac address
a mac address is embedded on every NIC on the globe and is assumed to be unique to that NIC.
layer 3 switch
a switch that is capable of interpreting Layer 3 data and works much like a router. It supports the same routing protocols and makes routing decisions. Were designed to work on large LANs similar to core routers, except they're faster and less expensive. The primary difference is the way the hardware is built. It's often difficult to distinguish between a Layer 3 switch and router. In some cases, the difference comes down to what the manufacturer has decided to call the device in order to improve sales
throughout the maintenance window, prevent users from
accessing the system or the part of the system being altered
proxy server
acts as an intermediary between the external and internal networks, screening all incoming and outgoing traffic. Manages security at the application layer of the OSI model. Examples include Squid and WinGate. Proxy servers can improve performance for users accessing resources external to their network by caching files. Firewall and proxy server features are often combined in one device.
Terminal emulation also called remote virtual computing
allows a user on one computer, called the client, to control another computer, called the host or server, across a network connection. Examples of command-line software that can provide terminal emulation include Telnet and SSH, and some GUI-based software examples are Remote Desktop for Windows, TeamViewer, VNC, and join.me. A host may allow clients a variety of privileges, from merely viewing the screen to running programs and modifying data files on the host's hard disk. After connecting, if the remote user has sufficient privileges, she can send keystrokes and mouse clicks to the host and receive screen output in return. To the remote user, it appears as if she is working on the LAN or WAN connected host.
EIGRP (Enhanced Interior Gateway Routing Protocol)
an IGP, it is an advanced distance-vector protocol that combines some of the features of a link-state protocol and is sometimes referred to as a hybrid protocol. With a fast convergence time and low network overhead, it's easier to configure and less CPU-intensive than OSPF. EIGRP also offers the benefits of supporting multiple protocols and limiting unnecessary network traffic between routers. It accomodates very large and heterogeneous networks, but it is still optimized for Cisco routers and not many manufacturers have made the transition.
companies can take measures to reduce people-related security risks by:
background checks for new hires and, where relevant, for contractors. principle of least privilege - meaning employees and contractors are only given enough access and privileges to do their jobs, and these privileges are terminated as soon as the person no longer needs them. checks and balances on employee behavior, such as scheduled access, mandatory vacations, and job rotations DLP (data loss prevention) - solution that identifies sensitive data on the network and prevents it from being copied, such as downloading to a flash drive, or transmitted off the network, such as emailing or posting to cloud storage
managed switches
can be configured via a command-line interface or a web-based management GUI and sometimes can be configured in groups. VLANs can only be implemented through managed switches, whose ports can be partitioned into groups.
global address
can be routed on the Internet and is similar to public IPv4 addresses. Most begin with the prefix 2000::/3, although other previxes are being released. The /3 indicates that the first three bits are fixed and are always 001.
suppression agent
can consist of a foaming chemical, gas, or water that sprays everywhere to put out the fire
blackout
complete power loss. A blackout could cause significant damage to your network. For example, if a server loses power while files are open and processes are running, its NOS might be damaged so extensively that the server cannot restart and the NOS must be reinstalled from scratch. A backup power source, however, can provide power long enough for the server to shut down properly and avoid harm.
frame header
contains the hardware addresses of the source and destination NICs
trailer
control information attached to the end of a packet in the data link layer
Many establishments
create a separate guest network through their Wi-Fi router/access point. This is a smart security precaution, as it gives guests access to Internet service through an open network without opening the doors to the entire LAN on that router.
dynamic ARP table entries
created when a client makes an ARP request for information that could not be satisfied by data already in the ARP table; once received, the new information is recorded in the table for future reference
hypervisor
creates and manages a VM, and manages resource allocation and sharing between a host and any of its guest VMs. Together, all the virtual devices on a single computer share the same CPU, hard disks, memory, and physical network interfaces
MX (mail exchanger) record
identifies an email server and is used for email traffic
native VLAN
receives all untagged frames and untagged ports. By default, this is the same as the default VLAN. However, this configuration poses a security risk when untagged traffic is allowed to travel in a VLAN-managed network. To protect the network from unauthorized traffic, the native VLAN should be changed to an unused VLAN so that untagged traffic essentially runs into a dead-end. Switch ports on each end of a trunk should agree on the native VLAN assignment. If the ports don't agree, this is called a native VLAN mismatch, or just VLAN mismatch, and will result in a configuration error
Malware (short for malicious software)
refers to any program or piece of code designed to intrude upon or harm a system or its resources. Included in this category are viruses, Trojan horses, worms, bots, and ransomeware.
TCP/IP suite of protocols
the suite of all protocols an OS uses for communication on a network
ipconfig
utility in a Command Prompt window to find out the current TCP/IP settings. This is especially helpful when using DHCP, because an automatically assigned IP address is not reported in the IPv4 properties dialog box. Two ways to use ipconfig are 1. in a Command prompt window, enter the ipconfig command to view IP configuration information. Notice which local connections are available on your computer and which ones are currently connected. Also locate your active connection's IPv4 or IPv6 address, subnet mask, and default gateway. 2. The ipconfig command shows an abbreviated summary of configuration information. To see a more complete summary, use the command ipconfig/all.
link, sometimes called the local link
any LAN bounded by routers
Class D addresses
begin with octets 224 through 239 and are used for multicast transmissions, in which one host sends messages to multiple hosts
Class D and Class E IP addresses are
not available for general use
host-based firewalls
only protect the computer on which they are installed
incident response policies
specifically define the characteristics of an event that qualifies as a formal incident and the steps that should be followed as a result. Qualifying incidents take into account the full spectrum of possible events, which might include a break-in, fire, weather-related emergency, hacking attack, discovery of illegal content or activity on an employee's computer, malware outbreak, or a full- scale, environmental disaster that shuts down businesses throughout the city or state. The policy is written with the intent of keeping people safe; protecting sensitive data; ensuring network availability and integrity; and collecting data to determine what went wrong, who is responsible, and what actions should be taken in the future to prevent similar damage. An incident response is a six-stage process, which actually begins before the incident occurs: Stage 1, Preparation: The response team brainstorms possible incidents, and plans procedures for handling them. This includes installing backup systems, and compiling all the information required to restore the network, such as passwords, configurations, vendor lists and their SLAs, locations of backup data storage, emergency contact information, and relevant privacy laws. Stage 2, Detection and identification: Because security and environmental alarm systems can detect incidents of all kinds, staff not directly involved with incident response planning are educated about what qualifies as an incident and what to do if they notice a potential problem. Any system or staff alerts are routed to assigned personnel to determine whether the event requires escalation—that is, if it should be recognized as something other than a normal problem faced by IT technicians. Each company will have its own criteria for which incidents require escalation, as well as its own chain of command for notification purposes. Make sure you're familiar with your company's requirements. Stage 3, Containment: The team works to limit the damage. Affected systems or areas are isolated and response staff are called in as required by the situation. Stage 4, Remediation: The team finds what caused the problem and begins to resolve it so no further damage occurs. Stage 5, Recovery: Operations return to normal as affected systems are repaired and put back in operation. Stage 6, Review: The team determines what can be learned from the incident, and uses this information to make adjustments to prepare for and perhaps prevent future threats. The response policy should identify the members of a response team, all of whom should clearly understand the security policy, risks to the network, and security measures that have already been implemented. The responsibilities assigned to each team member should be clearly spelled out, and the team should regularly rehearse their roles by participating in security threat drills.
CIDR block
the forward slash, plus the number of bits used for the network ID - for example/24
port numbers range from 0 to 65535 and are divided by IANA into three types called
well-known ports, registered, ports, dynamic and private ports
802.11ac wave 2 (4 data streams)
5 GHz. 3.47 Gbps. Indoor: 70 m Outdoor: 250m
process
an application or a service, that can receive data
punching a hole in the firewall
creating an exception to the filtering rules
decapsulation
removing a header and trailer from a lower layer's PDU
before deploying the patch or upgrade
test it in a testing lab to make sure it acts as expected.
Wi-Fi AP (access point)
the central connectivity device for Wi-Fi clients on a network
wrong passphrase
you must use a security key or passphrase that matches the access point's. If incorrect, your client cannot authenticate with the access point
User access to network resources categories:
1) the privilege or right to execute, install, and uninstall software, and 2) permission to read, modify, create, or delete data files and folders.
4-tiered array of options for business security
1. Internet - provides the simplest and cheapest option, but with high and unpredictable latency as well as significant security concerns 2. remote access connections - uses tunneling or terminal emulation technologies to increase security 3. leased line - relies on private WAN options to reserve a dedicated amount of bandwidth between the cloud provider and the customer's premises. Depending on the respective locations of provider and customer, this might require the cooperation of multiple ISPs in order to reach the cloud provider's servers. Hybrid pay-per-use models are available where the customer reserves a portion of anticipated bandwidth needs, and then is invoiced for additional bandwidth used during the pay period 4. dedicated connection - maximizes predictability and minimizes latency, and of course comes with a high price tag. Some of the larger cloud service providers maintain multiple PoP (points of presence) around the world. This means the provider rents space at a data center facility, called a colocation facility or carrier hotel that is shared by a variety of providers. This is more cost effective when an organization subscribes to multiple cloud providers who all use the same colocation.
How to check current setting on your AP and change them if necessary
1. Right-click the Wi-Fi connection icon in the taskbar and click Open Network and Sharing Center 2. Under View your active networks, click the Wi-Fi connection, then click Wireless Properties. 3. In the Wireless Network Properties dialog box, look for the following information on both the Connection and the Security tabs. a. What are the network's Name and SSID? b. Is the connection configured to connect automatically when the wireless network is in range? c. What are the networks' Security and Encryption types
Data exists generally in three states:
1. at rest - data is most secure when it's stored on a device that is protected by a firewall, anti-malware software, and physical security. 2. in use - For data to be used, it must be accessible, which brings inherent risk. Tightly controlling access to the data and reliable authentication of users help reduce these risks 3. in motion - This is when data is most vulnerable. Especially when data must leave your own, trusted network, it's exposed to a multitude of potential gaps, intrusions, and weak links
OC-192
9953.28 throughput. Used for internet backbone connections. Consists of four OC-48s.
SFTP (Secure FTP)
A file-transfer version of SSH that includes encryption and authentication. Note that SFTP is an extension of the SSH protocol, not of FTP. SFTP uses only a single connection - both inbound and outbound communications ar eusually configured to cross SSH's port 22. SFTP and FTPS are incompatible with each other. While SFTP uses a similar acronym to vsftpd, these two standards are not compatible with each other
VoIP PBX (private branch exchange) equipment
A dedicated telephone switch or a virtual switching device that connects and manages calls within a private organization, and manages call connections that exit the network through a VoIP gateway
jabber
A device that handles electrical signals improperly, usually affecting the rest of the network. A network monitor will detect a jabber as a device that is always retransmitting, effectively bringing the network to a halt. Usually results from a bad NIC. Occasionally, it can be caused by outside electrical interference
hot-swappable
A hardware component that can be changed without disrupting operations is known as ____. Using hot-swappable tranceivers means you don't have to purchase a new switch, open the chassis of the existing switch (causing network downtime and risking hardware damage), or even turn off the switch to upgrade the network. Modular interfaces can also be installed on some expansion board NIC's and media converters. refers to identical components that can be changed (or swapped) while a machine is still running (hot). There are two approaches to this: • hot spare—A duplicate component that is already installed in a device and can assume the original component's functions in case that component fails. • cold spare—A duplicate component that is not installed, but can be installed in case of a failure. Relying on a cold spare results in an interruption of service.
SPF (Sender Policy Framework)
A validation system that helps fight spam by identifying the email servers allowed to send email on behalf of a domain
T1
Commonly leased by businesses to connect branch offices or to connect to a carrier, such as an ISP. The cost of T1s varies from region to region. Leasing a full T1 might cost anywhere from $200 to $1200 per month in access fees. The longer the distance between the subscriber and the provider (such as an ISP or a telephone company), the higher a T1's monthly charge. T-carrier standards, also called T-CXR standards, use TDM (time division multiplexing) over two wire pairs (one for transmitting and one for receiving) to divide a single channel into multiple channels. Multiplexing enables a single T1 circuit to carry 24 channels, each capable of 64-Kbps throughput; thus, a T1 has a maximum capacity of 24 3 64 Kbps, or 1.544 Mbps. Each channel may carry data, voice, or video signals.
warm site
Computers, devices, and connectivity necessary to rebuild a network exist, with some pieces appropriately configured, updated, or connected. For example, a service provider that specializes in disaster recovery might maintain a duplicate of each of your servers in its data center. You might arrange to have the service provider update those duplicate servers with your backed-up data on the first of each month because updating the servers daily is much more expensive. In that case, if a disaster occurs in the middle of the month, you would still need to update your duplicate servers with your latest weekly or daily backups before they could stand in for the downed servers. Recovery using a warm site can take hours or days, compared with the weeks a cold site might require. Maintaining a warm site costs more than maintaining a cold site, but not as much as maintaining a hot site.
FTP service
FTP is a client-server application that transfers files between two computers, and it primarily uses FTP (File Transfer Protocol). FTP does not provide encryption and is not secure. Web browsers can be FTP clients, although dedicated FTP client applications such as FileZilla and CuteFTP offer more features for file transfer than a browser.
white hat hacker
IT security experts hired by organizations to assess their security and risks. They're sometimes called ethical hackers. Their goal is to identify security vulnerabilities of all kinds so the organization can make changes to increase their security. The extent of their efforts is usually cleared defined in a written contract before they begin their testing, and their activities are limited by existing laws and restrictions. At no point is private data compromised outside of that trusted relationship.
channel bonding
In 802.11n, two adjacent 20-MHz channels can be combined, or bonded, to make a 40-MHz channel. In fact, bonding two 20-MHz channels more than doulbes the bandwidth available in a single 20-MHz c hannel. That's because the small amount of bandwidth normally reserved as buffers against interference at the top and bottom of the 20-MHz channels can be assigned to carry data instead. Because the 5-GHz band contains more channels and is less crowded, it's better suited to channel bonding than the 2.4 GHz band, which is another factor contributing to 802.11ac's improved performance over 802.11n. The newer 802.11ac standard takes channel bonding to a higher level by supporting 20-, 40-, and 80- MHz channels, with optional use of 160 MHz channels.
Reasons for using VLANs instead of routers
Isolating connections with heavy or unpredictable traffic patterns, such as when separating heavy VoIP traffic from other network activities. Identifying groups of devices whose data should be given priority handling, such as executive client devices or an ICS (industrial control system) that manages a refrigeration system or a gas pipeline Containing groups of devices that rely on legacy protocols incompatible with the majority of the network's traffic, such as a legacy SCADA (supervisory control and data acquisition) system monitoring an oil refinery Separating groups of users who need special or limited security or network functions, such as when setting up a guest network Configuring temporary networks, such as when making specific network resources available to a short-term project team Reducing the cost of networking equipment, such as when upgrading a network design to include additional departments or new types of network traffic
Cat 5e (enhanced category 5)
Maximum supported throughput - 1000 Mbps (1Gbps) Bandwidth/signal rate - 350 MHz A higher-grade version of Cat 5 wiring that contains high-quality copper, offers a higher twist ratio, and uses advanced methods for reducing crosstalk
Cat 7a (Augmented Category 7) not included in TIA/EIA standards
Maximum supported throughput - 40-100 Gbps Bandwidth/Signal rates - 1000 MHz ISO standards for Cat 7a cabling are still being drafted and simulations conducted
Satellite Orbits
Most satellites circle the Earth 22,300 miles above the equator in a geosynchronous orbit. GEO (geosynchronous earth orbit) means that satellites orbit the Earth at the same rate as the Earth turns. A special case of geosynchronous orbit, called geostationary orbit (because it appears stationary from Earth), stays directly above the equator. This is especially common with communications satellites. Consequently, at every point in their orbit, the satellites maintain a constant distance from a specific point on the Earth's equator. Because satellites are generally used to relay information from one point on Earth to another, information sent to Earth from a satellite first has to be transmitted to the satellite from Earth in an uplink from an Earth-based transmitter to an orbiting satellite. Often, the uplink signal information is scrambled (in other words, its signal is encoded) before transmission to prevent unauthorized interception. At the satellite, a transponder receives the uplink signal, then transmits it to an Earth-based receiver in a downlink. A typical satellite contains 24 to 32 transponders. Each satellite uses unique frequencies for its downlink. These frequencies, as well as the satellite's orbit location, are assigned and regulated by the FCC. Back on Earth, the downlink is picked up by a dish-shaped antenna. The dish shape concentrates the signal so that it can be interpreted by a receiver. Geosynchronous earth orbiting satellites are the type used by the most popular satellite data service providers. This technology is well established, and is the least expensive of all satellite technology. Also, because many of these satellites remain in a fixed position relative to the Earth's surface, stationary receiving dishes on Earth can be counted on to receive satellite signals reliably, weather permitting.
diffraction
a wireless signal is diffracted, or split into secondary waves, when it encounters an obstruction. The secondary waves continue to propagate in the direction in which they were split. If you could see wireless signals being diffracted, they would appear to be bending around the obstacle. Objects with sharp edges cause diffraction.
IP address
an address assigned to each node on a network, which the Network layer uses to uniquely identify them on the network. The Network layer header identifies the sending and receiving hosts by these.
wavelength mismatch
SMF,MMF, and POF (plastic optical fiber) each use different wavelengths for transmissions. A wavelength mismatch occurs when transmissions are optimized for one type of cable but sent over a different type of cable
iwconfig outputs
lo indicates the loopback interface eth0 represents an interface that is not wireless (that is a wired NIC) eth1 represents the wireless interface; on your computer, the wireless NIC might have a different desgination iwconfig also reveals characterstics of the AP signal, including its frequency, power, and signal level man iwconfig will give more detailed information.
core routers (interior routers)
located inside networks within the same autonomous system. An AS (autonomous system) is a group of networks, often on the same domain, that are operated by the same organization. An AS is sometimes referred to as a trusted network because the entire domain is under the organization's control. Core routers communicate only with routers within the same AS.
ping6
on Linux computers running IPv6, use this to verify whether an IPv6 host is available. When you ping a multicast address, you get responses from all IPv6 hosts on that subnet
ifconfig
on Unix and Linux systems use this utility to view and manage TCP/IP settings. As with ipconfig on Windows systems you can use this to modify TCP/IP settings and to release and renew the DHCP configuration
ping -6
on Windows computers this is used to verify connectivity on IPv6 networks
mac-limit command
on a Juniper switch this command restricts the number of MAC addresses allowed in the MAC address table.
open circuit
one where needed connections are missing, such as when a wire breaks
trunking
a single switch can support traffic belonging to several VLANs across the network thanks to this technique. A trunk is a single physical connection between networking devices through which many logical VLANs can transmit and receive data. Trunking protocols assign and interpret the VLAN tags in Ethernet frames, thereby managing the distribution of frames through a trunk.
RTS/CTS (request to send/clear to send) protocol
a source node issues an RTS signal to the access point requesting the exclusive opportunity to transmit. If the access point agrees by responding with a CTS signal, the access point temporarily suspends communication with all nodes in its range and waits for the source node to complete its transmission. When used RTS/CTS decreases network efficiency. However it can be worthwhile when transmitting large packets.
when a circuit breaker fails, there is a break in the circuit and is said to be
open. the breaker opens the circuit to protect it from out-of-control electricity. therefore, it is a fail-close system
SSH (Secure Shell)
a collection of protocols that does both authentication and encryption. With SSH, you can securely log on to a host, execute commands on that host, and copy files to or from that host. SSH encrypts data exchanged throughout the session. It guards against a number of security threats, including unauthorized access to a host, IP spoofing, interception of data in transi, and DNS spoofing, in which a hacker forges name server records to falsify his host's identity. To form a secure connection, SSH must be running on both the client and server. SSH allows for password authentication or authentication using public and private keys. For authentication using keys, you first generate a public key and a private key on your client workstation by running the ssh-keygen command. They keys are saved in two different, encrypted files on your hard disk. Next, you will transfer the public key to an authorization file on the host to which you want to connect. When you connect to the host via SSH, the client and host exchange public keys, and if both can be authenticated, the connection is completed. SSH listens at port 22, and is highly configurable. It can be configured to perform port forwarding, which means it can redirect traffic that would normally use an insecure port (such as FTP) to a SSH-secured port. This allows you to use SSH for more than simply logging on to a host and manipulating files. With port forwarding, you could exchange HTTP traffic with a web server via a secured SSH connection.
master service agreement (MS)
a contract that defines the terms of future contracts between parties, such as payment terms or arbitration arrangements
LED (light-emitting diode)
a cool burning, long-lasting technology used on shorter fiber-optic connections, such as between floors in a building or between a switch and a router
racks
a large data center can contains rows of these to hold various network equipment. Rack systems make good use of space in data rooms and ensure adequate spacing, access, and ventilation for the devices they house. they may be wall or ceiling mounted, freestanding on the floor, or bolted to the floor. other features might include power strips, rack fans for cooling, cable trays, or drawers. Carefully consider a rack's dimensions when purchasing racks, as follows: height - rack heigh is measured in rack units (RU or U) with the industry standard being 42U tall - about 6 feet. Half-racks are usually 18U-22U tall. width - equipment racks come in a standard 19-inch frame, meaning that the front is 19 inches wide. You might also come across 23-inch racks. Depth - rack depths vary considerably between manufacturers
baiting
a malware-infected file, such as a free music download, or device, such as a USB flash drive, is seemingly left unguarded for someone to take and attempt to use on their own computer. The malware then infects the computer and gives the attacker access to the victim's computer, data, or online accounts.
Modal bandwidth
a measure of the highest frequency of signal a multimode fiber can support over a specific distance and is measured in MH2-km. It is related to the distortion that occurs when multiple pulses of light, although issued at the same time, arrive at the end of a fiber at slightly different times. The higher the modal bandwidth, the longer a multimode fiber can carry a signal reliably. Only one repeater may be used between segments. Therefore 1000Base-Sx is best suited for shorter networks than 1000Base-LX.
biometrics
a more expensive physical security solutions involves biorecognition access, in which a device scans an individual's unique physical characteristics, such as the color patterns in the iris or geometry of the hand.
static routing
a network administrator configures a routing table to direct messages along specific paths between networks. however, static routes can't account for occasional network congestion, failed connections, or device moves, and they require human interaction
dynamic routing
a router automatically calculates the best path between two networks and accumulates this information in its routing table. If congestion or failures affect the network, a router using dynamic routing can detect the problems and reroute messages through a different path. When a router is added to a network, dynamic routing ensures that the new router's routing tables are updated
NDA (non-disclosure agreement)
a security policy that defines what confidential and private means to an organization. In general, information is confidential if it could be used by other parties to impair an organization's functioning, decrease customers' confidence, cause a financial loss, damage an organization's status, or give a significant advantage to a competitor.
NAT (Network Address Translation)
a technique designed to conserve the number of public IP addresses needed by a network. A gateway device that stands between a private network and other networks substitutes the private IP addresses used by computers on the private network with its own public IP address when these computers need access to other networks on the Internet. The process is called address translation. Besides requiring only a single public IP address for the entire private network, another advantage of NAT is security; the gateway hides the entire private network behind this one address.
Telnet
a terminal emulation utility used by Telnet client/server applications that allow an administrator or other user to control a computer remotely. Telnet provides little security for establish a connection (poor authentication) and no security for transmitting data (no encryption)
hybrid topology
a topology that combines topologies
stateful firewall
able to inspect each incoming packet to determine whether it belongs to a currently active connection and is a legitimate packet
incorrect netmask
ac omputer needs a netmask to identify which bits in its IP address identify the network portion and which bits identify its own host ID. an incorrect netmask will result in a failed or extremely limited connection to the network. Depending on the exact misconfiguration, the computer might have outgoing connectivity with other network devices and even with the Internet. But most other network devices won't be able to find the misconfigured node for purposes of normal network communication
RAS (remote access) server
accepts a remote connection and grants privileges to the network's resources. Software must be installed on both the remote client and the remote access server to negotiate and maintain this connection. There are two types of remote access servers: dedicated devices - devices such as Cisco's AS5800 access servers are dedicated solely as an RAS to run software that, in conjunction with their operating system, performs authentication for clients. An ISP might use a dedicated device to authenticate client computers or home routers to access the ISP resources and the Internet. Software running on a server - the remote access service might run under a network operating system to allow remote logon to a corporate network.
IPv6 (internet protocol version 6)
addresses have 128 bits and are written as eight blocks of hexadecimal numbers. Each block contains 16 bits
traditional cloud computing service model
all the hardware, software, and everything else is located and managed at your location.
SKA (shared key authentication)
all wireless access clients use the same key, which can then be used for encrypted transmissions. However, the key can be cracked, compromising the security of all clients on the network
VLSM (Variable Length Subnet Mask)
allows subnets to be further subdivided into smaller and smaller groupings until each subnet is about the same size as the necessary IP address space. Often referred to as "subnetting a subnet." To create VLSM subnet, you create the largest subnet first. Then you create the next largest subnet, and then the next one and so on.
node
any computer or device on a network that can be addressed on the local network
fading
as signals run into various obstacles, its energy will gradually fade, which causes the strength of the signal that reaches the receiver to be lower than the transmitted signal's strength. It can cause dropped connections or slow data transmission
HSPA+ (High speed packet access plus)
began as a 3G technology released in 2008 that uses MIMO and sophisticated encoding techniques to achieve a maximum 168 Mbps downlink throughput and 22 Mbps uplink throughput in its current release. To achieve such speeds, HSPA1 uses limited channels more efficiently and incorporates more antennas in MIMO transmission. However, faster and more flexible technologies, such as LTE, are overtaking HSPA1 in popularity.
NIPS (network-based intrusion prevention system(
can protect entire networks while an HIPS (host-based intrusion prevention system) protects a specific host. Using these together increases the network's security.
Layer 4 switches
capable of interpreting Layer 4 data. They operate anywhere between Layer 4 and Layer 7 and are also known as content switches or application switches. Among other things, the ability to interpret higher layer data enables switches to perform advanced filtering, keep statistics, and provide security functions. The features of Layer 3 and Layer 4 switches vary widely depending on the manufacturer and price and can cost signifcantly more than Layer 2 switches. This variability is exacerbated by the fact that key players in the networking trade have not agreed on standards for these switches. They are typically used as part of a network's backbone and are not appropriate on a single LAN. In general, however, Layer 4, Layer 3, and Layer 2 switches are all optimized for fast Layer 2 data handling.
Data VLAN
carries user-generated traffic, such as email, web browsing, or database updates
domain local groups
centrally managed for the entire network. Active Directory gives additional options for creating these
BNC connector
crimped, compressed, or twisted onto a coaxial cable. BNC stands for Bayonet Neill-Concelman, a term that refers to both an older style of connection and its two inventors. A BNC connector connects to another BNC connector via a turn-and-lock mechanism. This is the bayonet coupling referenced in its name. Unlike an F-connector, a male BNC connector provides its own conducting pin. BNC connectors are used with RG-59 coaxial cables, and less commonly, with RG-6. F-connectors are much more common.
RSTP (Rapid Spanning Tree Protocol)
defined in IEEE's 802.1W standard, and MSTP (multiple spanning tree protocol), originally defined by the 802.1s standard, can detect and correct for link failures in milliseconds
DNS (Domain Name System or Domain Name service)
designed to associated computers names with IP addresses. DNS is an Application layer client-server system of computers and databases made up of these elements, which we will explore in more detail in the following sections: namespace - the entire collection of computer names and their associated IP addresses stored in databases on DNS name servers around the globe name servers - Computers that hold these databases, organized in a hierarchical structure resolvers - a DNS client that requests information from DNS name servers
proximity card
do not require direct contact with a proximity reader in order to be detected. In fact, a reader can be concealed inside a wall or other enclosure and requires very little maintenance. With a typical range of about 5-10 cm, the card can be detected even while it's still inside a waller or purse
Application layer FQDNs, computer names, and host names
every host on a network is assigned a unique character-based name called the FQDN (fully qualified domain name), for example susan.mycompany.com. Collectively, the last two parts of a host's name (for example, mycompany.com) are called the domain name, which matches the name of the organization's domain or network. The first part (for example, www) is the host name, which identifies the individual computer on the network. Ftp is the host name usually given to an FTP server, and www is typically the host name assigned to a computer running a web server. Technically, an FQDN ends in a period.
Fiber-optic cable advantages over copper cabling
extremely high throughput, very high resistance to noise, excellent security, and ability to carry signals for much longer distances before requiring repeaters
tcpdump utility
free command-line packet sniffer that runs on Linux and other Unix operating systems. Like Wireshark, this captures traffic that crosses a computer's network interface.The output can be saved to a file that you can filter or play back. You must either use the sudo command or log in as root to access tcpdump.
master license agreement (MLA)
grants a license from a creator, developer, or producer, such as a software producer, to a third party for the purpose of marketing, sublicensing, or distributing the product to consumers as a stand-alone product or as part of another product
wiring schematic
graphical representation of a network's infrastructure. In its most detailed form, it shows every wire necessary to interconnect network devices and the locations of those wires
network diagrams
graphical representations of a network's devices and connections. These diagrams may show physical layout, logical topology, IP address reserves, names of major network devices, and types of transmission media
VLAN (virtual local area network or virtual LAN)
groups ports on a Layer 2 switch so that some of the local traffic on the switch is forced to go through a router, thereby limiting the traffic to a smaller broadcast domain. As virtual LANs, VLANs abstract the broadcast domain from the networking hardware. This is similar to how VMs abstract computing functions from a computer's hardware. When using VLANs, the boundaries of the broadcast domain can be virtually defined anywhere within a single physical LAN.
network management
refers to the assessment, monitoring, and maintenance of all aspects of a network. It can include controlling user access to network resources, monitoring performance baselines, checking for hardware faults, ensuring optimized QoS for critical applications, maintaining records of network assets and software configurations, and determining what time of day is best for upgrading hardware and software.
redundancy
helps protect against faults and failures through the use of two or more of the same item, service, or connection filling the same role on the network. It also refers to an implementation in which more than one component is installed and ready to use for storing, processing, or transporting data. It is intended to eliminate single points of failure. To maintain high availability, you should ensure that critical network elements, such as your connection to the Internet or your file server's hard disk, are redundant.
different types of traffic might be assigned priority classes such as
high, normal, low, or slow; alternatively it can be prioritized from 0 (lowest priority) to 7 (highest priority)
examples of routing metrics used to determine the best path include:
hop count, which is the number of segments crossed. theoretical bandwidth and actual throughput on a potential path. delay or latency, on a potential path, which results in slower performance. load, which is the traffic or processing burden sustained by a router in the path. MTU, which is the largest IP packet size in bytes allowed by routers in the path without fragmentation (excludes the frame size on the local network) Routing cost, which is a value assigned to a particular route as judged by the network administrator; the more desirable the path, the lower its cost. Reliability of a potential path, based on historical performance. A network's topology.
packet analysis
identifies protocols, errors, and misconfigurations
difference between tracert and traceroute
in tracert the probes sent from the source are ICMP echo request messages. Second, the final reply from the destination node is an ICMP echo reply rather than an ICMP port unreachable error message
T-carrier technology
includes T1s, fractional T1s, and T3s, provides a dedicated logical circuit that is used only by the customer. AT&T developed T-carrier technology in 1957 in an effort to digitize voice signals and thereby enable such signals to travel longer distances over the PSTN. Before that time, voice signals, which were purely analog, were expensive to transmit over long distances because of the number of connectivity devices needed to keep the signal intelligible. In the 1970s, many businesses installed T1s to obtain more voice throughput per line. In the 1990s, with increased data communication demands, such as Internet access and geographically dispersed offices, T1s became a popular way to connect WAN sites via leased lines. The medium used for T-carrier signaling can be specially conditioned copper wire, fiber-optic cable, or wireless links, with fiber-optic being the most common by far.
immediately before the change is made
inform system administrators, help desk personnel, and affected users about the change and the maintenance window
social engineering
involves manipulating social relationships to gain access
LTE (Long-Term Evolution)
is a 4G technology that uses a different access method than HSPA1. While the latest version, LTE-Advanced, can theoretically achieve downlink data rates of up to 1 Gbps and uplink rates up to 100 Mbps, actual speeds are significantly less. LTE is currently the fastest wireless broadband service available in the United States.
UPS (uninterruptible power supply)
is a battery-operated power source directly attached to one or more devices and to a power supply, such as a wall outlet, that prevents undesired fluctuations of the wall outlet's AC power from harming the device or interrupting its services. A power supply issue may be long in developing, with on-again, off-again symptoms for some time before the power issue finally solidifies and reveals itself. A good UPS in each data closet will help prevent these kinds of problems from affecting the entire network at once. Each critical workstation should also be equipped with a UPS or some other battery backup, which can also help to protect the computers themselves. UPSes are classified into two general categories: standby and online. UPSes vary widely in the type of power aberrations they can rectify, the length of time they can provide power, and the number of devices they can support. Of course, they also vary widely in price. UPSes intended for home and small office use are designed merely to keep your workstation running long enough for you to properly shut it down in case of a blackout. Other UPSes perform sophisticated operations such as line filtering or conditioning, power supply monitoring, and error notification. To decide which UPS is right for your network, consider a number of factors: • amount of power needed—The more power required by your device, the more powerful the UPS must be. Electrical power is measured in VAs (volt-amperes), also called volt-amps. A VA is the product of the voltage and current (measured in amps) of the electricity on a line. To determine approximately how many VAs your device requires, you can use the following conversion: 1.4 volt- amps51 watt (W). A desktop computer, for example, may use a 200 W power supply, and, therefore, requires a UPS capable of at least 280 VA to keep the CPU running in case of a blackout. A medium-sized server with a monitor and external tape drive might use 402 W, thus requiring a UPS capable of providing at least 562 VA power. Determining your power needs can be a challenge. You must account for your existing equipment and consider how you might upgrade the supported device(s) over the next several years. Consider consulting with your equipment manufacturer to obtain recommendations on your power needs. • period of time to keep a device running—The longer you anticipate needing a UPS to power your device, the more powerful your UPS must be. For example, a medium-sized server that relies on a 574 VA UPS to remain functional for 20 minutes needs an 1100 VA UPS to remain functional for 90 minutes. To determine how long your device might require power from a UPS, research the length of typical power outages in your area. • line conditioning—A UPS should offer surge suppression to protect against surges, and line conditioning (a type of filtering) to guard against line noise. A UPS that provides line conditioning includes special noise filters that remove line noise. The manufacturer's technical specifications should indicate the amount of filtration required for each UPS. Noise suppression is expressed in dB levels (decibel) at a specific frequency (KHz or MHz). The higher the decibel level, the greater the protection. • cost—Prices for good UPSes vary widely, depending on the unit's size and extra features. A relatively small UPS that can power one server for 5 to 10 minutes might cost between $100 and $300. A large UPS that can power a sophisticated router for three hours might cost up to $5000. Still larger UPSes, which can power an entire data center for several hours, can cost hundreds of thousands of dollars. On a critical system, you should not try to cut costs by buying an off- brand, potentially unreliable, or weak UPS.
SONET (synchronous optical network)
is a high-bandwidth WAN signaling technique developed for fiber-optic cabling by Bell Communications Research in the 1980s, and later standardized by ANSI and ITU. SONET specifies framing and multiplexing techniques at the Physical layer of the OSI model. Its four key strengths are that it: • Can integrate many other WAN technologies • Offers fast data transfer rates • Allows for simple link additions and removals • Provides a high degree of fault tolerance The word synchronous as used in the name of this technology means that data being transmitted and received by nodes must conform to a timing scheme. A clock maintains time for all nodes on a network. A receiving node in synchronous communications recognizes that it should be receiving data by looking at the time on the clock. The most important advantage it provides is interoperability. Before SONET, telcos that used different signaling techniques (or even the same technique but different equipment) could not be assured that their networks could communicate. Now, SONET is often used to aggregate multiple T1s or T3s. SONET is also used as the underlying technology for ATM transmission. Furthermore, because it can work directly with the different standards used in different countries, SONET has emerged as the best choice for linking WANs between North America, Europe, and Asia. The international implementation of SONET is known as SDH (Synchronous Digital Hierarchy). Unlike the other Layer 1 WAN technologies we've studied so far in this section, SONET is not primarily used as a last mile service. Instead, SONET more often traverses multiple ISP networks, connecting these networks through the Internet backbone. While SONET functions on fiber-optic cabling, it must interact with other types of media, because transmissions rarely begin and end on fiber. On the transmitting end, SONET multiplexers accept input from different network types (for example, a T1 line) and format the data in a standard SONET frame. This means that many different devices might connect to a SONET multiplexer, including, for example, a private telephone switch, a T1 multiplexer, and an ATM data switch. The multiplexer combines individual SONET signals on the transmitting end, and a demultiplexer on the receiving end separates combined signals, translating incoming signals back into their original format. SONET's transmissions rely on a carefully orchestrated timing scheme. SONET frames are sent out on a regular schedule, whether or not they contain data. Similar to a city's bus system that continues to run whether passengers are on board or not, SONET's frames will travel without data rather than disrupt the schedule. And yet, it's impossible to keep all SONET devices synced perfectly. Therefore, SONET frames are a consistent size and include information indicating where the payload begins. This overhead information is not collected at the beginning of a transmission like you've seen with other protocols' frames. Instead, the information is interleaved among the data bits SONET technology is typically not implemented by small or medium-sized businesses because of its high cost. Instead, it's commonly used by large companies; long-distance companies linking metropolitan areas and countries; ISPs that want to guarantee fast, reliable access to the Internet; or telephone companies connecting their COs. SONET is particularly suited to audio, video, and imaging data transmission. As you can imagine, given its reliance on fiber-optic cable and its redundancy requirements, SONET technology is expensive to implement.
GSM (global system for mobile communications)
is an open standard that is accepted and used worldwide. Digital communication of data is separated by timeslots on a channel using TDMA (time division multiple access), which is similar to TDM (time division multiplexing). The primary difference is that multiplexed TDM signals all come from the same source (such as a router), while multiplexed TDMA signals come from several sources (such as several smartphones in the same vicinity). First introduced with the release of 2G devices, GSM initially only provided voice communications but added data services with the evolution of GPRS (General Packet Radio Services) and EGPRS (Enhanced GPRS), also called EDGE (Enhanced Data rates for GSM Evolution). GSM networks require that a cellular device have a SIM (Subscriber Identity Module) card that contains a microchip to hold data about the subscription a user has with the cellular carrier.
vSwitch (virtual switch) or bridge
logically defined device that operates at the Data Link Layer to pass frames between nodes. Thus, it can allow VMs to communicate with each other and with nodes on a physical LAN or WAN. One host can support multiple virtual switches, which are controlled by the hypervisor. VMs can go through a virtual switch on the host computer to reach the physical network and can communicate with physical or virtual routers, other network devices, and other hosts on the local or another network.
NFC (Network Functions Virtualization)
merging physical and virtual network architecture. NFV provides flexible, cost-saving options for many types of network devices, including virtual servers, data storage, load balancers, and firewalls. You will need: Licesnes for each of the virtualized devices as well as for the Type 1 hypervisor that will host them. Fortunately, the cost of these licenses amounts to a fraction of the cost of similarly featured hardware devices. The interaction between physical and virtual devices introduces a small degree of latency as data passes through the hypervisor and its connections. Usually, this delay is negligible. Even some of the most die-hard virtualization fans are uncomfortable using a virtual firewall to protect the entire network. The server hosting a virtual firewall occasionally needs to be restarted in the course of regular maintenance or some kind of failure, and in that event, the hosted firewall goes down with the server. Instead, many network admins believe that virtual firewalls are only appropriate for security virtual-only portions of the network, or serving as a backup to physical firewall devices.
OSA (Open System Authentication)
no key is used at all. The wireless access client, knowing only the access point's SSID, requests authentication. The AP generates a single-use code for that session only, and the computer accepts the code. However, no encrypted data can be sent over this temporary connection, and any device can be authenticated. In fact, no real authentication occurs
ICANN (Internet Corporation for Assigned Names and Numbers)
nonprofit organization charged with setting many policies that guide how the Internet works
private port
number assigned by a network administrator that is different from the well-known port number for that service
NIDS (network-based intrusion detection system)
protects a network or portion of a network, and is usually situated at the edge of the network or in a network's protective perimter, known as the DMZ, or demilitarized zone. Here, it can detect many types of suspicious traffic patterns, such as those typical of denial-of-service or smurf attacks. Sits off to the side of network traffic and is sent duplicates of packets traversing the network
iptables
software that enable a computer to act as a packet-filtering firewall. (a command-line firewall utility for Linux systems), ZoneAlarm, and Comodo Firewall.
insider
someone who is or was trusted by an organization, such as an employee, former employee, contractor or other associate
hacker
someone who masters the inner workings of computer hardware and software in an effort to better understand them. Today it is used to describe individuals who gain unauthorized access to systems or networks with or without malicious intent.
incorrect port mode
switch ports connected to endpoints such as workstations and servers, should nearly always use access mode. Switch ports connected to other network devices should be configured in trunk mode only if that connection must support multiple VLANs
range
the geographical area that an antenna or wireless system can reach
scanning
the process when a wireless node is on and has its wireless protocols running and it periodically surveys its surroundings for evidence of an access point. A node can use either active scanning or passive scanning
patch tuesday
the second Tuesday of the month when Microsoft schedules regular security updates to Windows
work area
this area encompasses workstations, printers, and other network devices, and all the patch cables, wall jacks, and horizontal cabling necessary to connect these devices to a data room
vulnerability scanning
this technique is used to identify vulnerabilities in a network. It's often performed by a company's own staff and does not attempt to exploit any vulnerabilities. This might also be the first step in other attack simulations or in a real attack. During attack simulations, there are two types of vulnerability scans: authenticated - the attacker is given the same access to the network as a trusted user would have, such as an employee or an intruder who has somehow hacked into a user's account unauthenticated - the attacker begins on the perimter of the network, looking for vulnerabilities th at do not require trusted user privileges
bus topology
three switches daisy-chained together in a single line.
maintenance window
time period in which a change will be implemented
MS-CHAPv2 (microsoft challenge handshake authentication protocol, version 2)
to address the problems with MS-CHAP, MS-CHAPv2 uses stronger encryption, does not use the same encryption strings for transmission and reception, and requires mutual authentication. In mutual authentication, each computer verifies the credentials of the other.
PTR (Pointer) record
used for reverse lookups, which provide a host name when you know its IP address. PTR records are usually created by ISPs and stored in a specially formatted reverse lookup zone file, or reverse zone. Reverse zones differ from a typical forward lookup zone file, or forward zone, that holds A records, in that the IP addresses must be stored in reverse - with the last octet listed first - plus the domain .in-addr.arpa
pathping
windows utility that combines elements of both ping and tracert to provide deeper information about network issues along a route. It sends multiple pings to each hop along a route, then compiles the information into a single report
tools you need to terminate twisted-pair cable
wire cutter makes a clean cut through a cable, wire stripper pulls off the protective covering without damaging the wires inside. and a crimper pushes on the pins inside an RJ-45 connector so they pierce the wire's insulation, thus creating contact between the two conductors. You will also need an RJ-45 connector, which might come with a boot which is a plastic cover to protect the wires where they enter the connector
quid pro quo
a free gift or service is offered in exchange for private information or "temporary" access to the user's computer system. This tactic is surprisingly effective with employees who have not been adequately trained to detect social engineering attempts
bot (short for robot)
a process that runs automatically, without requiring a person to start or stop it. Bots can be beneficial or malicious. Especially when used for ill intent, it does not require user interaction to run or propagate itself. Instead, it connects to a central server (called a command-and-control server) which then commands an entire botnet of similarly infected devices. Bots can be used to damage or destroy a computer's data or system files, issues objectionable content, launch DoS attacks, or open back doors for further infestation. Bots are especially difficult to contain because of their fast, surreptitious, and distributed dissemination.
patch cable
a relatively short (usually between 3 and 25 feet) length of cabling with connectors at both ends.
OSPF (Open Shortest Path First)
an IGP and a link-state routing protocol used on core or edge routers. It was introduced as an improvement to RIP and can coexist with RIP or RIPv2 on a network. Characteristics include the following: supports large networks - Imposes no hop limits on a transmission path Complex algorithms - calculates more efficient best paths than RIP. Under optimal network conditions, the best path is the most direct path between two points. If excessive traffic levels or an outage prevent data from following the most direct path, a router might determine that the most efficient path actually goes through additional routers Shared data - maintains a database of the other routers' links. If OSPF learns of the failure of a given link, the router can rapidly compute an alternate path Low overhead, fast convergence - Demands more memory and CPU power for calculations, but keeps network bandwidth to a minimum with a very fast convergence time, often invisible to users Stability - uses algorithms that prevent routing loops Multi-vendor routers - Supported by all modern routers. It is commonly used on autonomous systems that rely on a mix of routers from different manufacturers
VLAN isolation
by grouping certain nodes into a VLAN, you are not merely including those nodes - you are excluding other groups of nodes. This means you can potentially cut off an entire group from the rest of the network. VLANs must be connected to and configured on a router or Layer 3 switch to allow different VLANs to exchange data outside their own broadcast domain
bidirectional transmission
each fiber cable carries data in both directions
SDSL (symmetric DSL)
has equal download and upload speeds maxing out around 2 Mbps. Symmetrical transmission is suited to users who both upload and download significant amounts of data—for example, a bank's branch office that sends large volumes of account information to the central server at the bank's headquarters and, in turn, receives large amounts of account information from the central server at the bank's headquarters. SDSL cannot use the same wire pair that is used for voice signals. Instead, this type of DSL uses the extra pair of wires contained in a telephone cable (which are otherwise typically unused).
hashing
means to transform data through an algorithm that generally reduces the amount of space needed for the data. It is not the same thing as encryption. Encrypted data can be encrypted but hashed data cannot. It is mostly used to ensure data integrity.
slack in cable runs
measure first, measure again, and always leave some slack in cable runs. stringing cable too tightly risks connectivity and data transmission problems
identify the problem and its symptoms
step 1 of troubleshooting. begin by identifying the symptoms, questioning the user, finding out what has recently changed, and determine the scope of hte problem. if possible, duplicate the problem. for multiple problems, approach each problem individually.
backup
copy of data or program files created for archiving or safekeeping. they are essential or providing fault tolerance and reliability. When designing and configuring your backup system, keep these points in mind: Step 1: Decide what to back up. Besides the obvious folders used to hold user and application data, you might also want to back up user profile folders and folders that hold configuration files for your applications, services, routers, switches, access points, gateways, and firewalls. Step 2: Select backup methods. Consider cloud backups, where third-party vendors manage the backup hardware and software somewhere on the Internet. In general, cloud backups are more expensive and reliable than other methods. Because cloud backups are not stored at your local facility, you have the added advantage that backups are protected in case your entire facility is destroyed. For on-site backups, use only proven and reliable backup software and hardware. For your backup system, now is not the time to experiment with the latest and greatest technology. • Verify that backup hardware and software are compatible with your existing network hardware and software. • Make sure your backup software uses data error-checking techniques. • Verify that your backup storage media or system provides sufficient capac- ity, with plenty of room to spare, and can also accommodate your network's growth. • Be aware of how your backup process affects the system, normal network functioning, and your users' computing habits. • As you make purchasing decisions, make sure you know how much the backup methods and media cost relative to the amount of data they can store. • Be aware of the degree of manual intervention required to manage the back- ups, such as exchanging backup media on a regular basis or backing up operat- ing systems on servers that run around the clock. • Make wise choices for storage media, considering advantages and disadvan- tages of media types. For example, optical media (DVDs and Blu-ray) require more frequent human intervention to exchange disks than exchanging tapes in tape drives or exchanging removable hard drives. • When storing data to hard drives, recognize that the drives can be installed on computers on the local network, on a WAN, in NAS devices, or even on a sophisticated SAN. You'll learn more about NAS and SAN options shortly. • Keep your backups secure, including keeping backup media off-site in the event of a major disaster such as fire or flooding. Step 3: Decide what types of backup will be done regularly (see Figure 11-20): • full backup—Backs up everything every time a backup is done • incremental backup—Backs up only data that has changed since the last backup • differential backup—Backs up data that has changed since the last full backup Step 4: Decide how often backups are needed. In general, you want to back up data after about four hours of actual data entry. Depending on user habits, this might mean you back up daily or weekly, although, by default, Windows 10 performs incremental backups hourly. Most organizations perform daily backups, which happen in the middle of the night when there's less network activity. Step 5: Develop a backup schedule. For example, you might perform a full backup every Thursday night and an incremental backup daily. You might take backup media off-site every Friday and overwrite backups (or destroy or rotate your backup media) every six months. You also must establish policies governing who is responsible for the backups, what information should be recorded in backup logs, and which backup logs are retained and for how long. Be sure to check relevant laws and regulations, as some types of data (such as medical or financial data) must be kept for a number of years. Step 6: Regularly verify backups are being performed. From time to time, depending on how often your data changes and how critical the information is, you should attempt to recover some critical files from your backup media. Many network administrators attest that the darkest hour of their career was when they were asked to retrieve critical files from a backup, and found that no backup data existed because their backup system never worked in the first place!
unmanaged switch
- Provides plug-and-play simplicity with minimal configuration • Has no IP address assigned to it - Not very expensive but capabilities are limited and cannot support VLANs
transport layer ports
a port is a number used by the Transport layer to find an application. It identifies one application among several that might be running on a host.
netstat -a
lists all current TCP connections and all listening TCP and UDP ports
2^n = Y
n = number of bits that must be switched from the host address to the network ID Y = the number of subnets that result
well-known ports
range from 0 to 1023 and are assigned by IANA to widely used and well-known utilities and applications, such as Telnet, FTP, and HTTP
Trojan horse
A program that disguises itself as something useful but actually harms your system. They are not considered viruses because they do not replicate themselves.
ransomware
A program that locks a user's data or computer system until a ransom is paid. In most cases, the infection encrypts data on the computer, and can also encrypt data on backup devices, removable storage devices, and even cloud storage accounts connected to the computer, such as Dropbox or OneDrive.
The most significant drawback to fiber is that
it is more expensive than twisted-pair cable. Also, fiber-optic cable requires special equipment for splicing, or joining, which means that quickly repairing a fiber-optic cable in the field can be difficult
___ clusters of root servers hold information used to locate the TLD (top-level domain) servers
13. These TLD servers hold information about the authoritative servers owned by various organizations
ethernet frame minimum size
18-byte frame + 46 bytes minimum data size = 64 bytes minimum frame size
acknowledgment number
32 bits long. confirms receipt of data via a return message to the sender
circuit-switched
A connection is established between two nodes before they begin transmitting data. Bandwidth is dedicated to this connection and remains available until the users terminate communication between the two nodes. While the nodes remain connected, all data follows the same path initially selected by networking devices. This is similar to telephone circuits created when you make a phone call. As you can deduce, based on your knowledge of how IP packets are assembled and routed, circuit switching is not common today for data networks.
network management agent
Each managed device runs a network management agent, which is a software routine that collects information about the device's operation and provides it to the NMS. For example, on a server, an agent can measure how many users are connected to the server or what percentage of the processor's resources are used at any given time. So as not to affect the performance of a device while collecting information, agents demand minimal processing resources.
CFP (centum form-factor pluggable)
Intended for 100 Gbps network connections, with each succeeding generation (CFP, CFP2, CFP4) becoming smaller and more energy-efficient.
crosstalk
Occurs when a signal traveling on one wire or cable infringes on the signal traveling over an adjacent wire or cable. The resulting noise, or crosstalk, is equal to a portion of the second line's signal.
dispatcher
The person on call who first notices or is alerted to the problem. The dispatcher notifies the lead technical support specialist and then the manager. He or she also creates a record for the incident, detailing the time it began, its symptoms, and any other pertinent information about the situation. The dispatcher remains available to answer calls from clients or employees or to assist the manager.
PAT (Port Address Translation)
assigns a separate TCP port to each session between a local host and an Internet host. When the internet host responds to the local host, the gateway uses PAT to determine which local host is the intended recipient
disadvantages of peer to peer networks
not scalable, as a peer-to-peer network grows larger, adding or changing significant elements of the network may be difficult. Not necessarily secure, meaning that in simple installations, data and other resources shared by network users can be easily discovered and used by unauthorized people. They are not practical for connecting more than a few computers because it's too time consuming to manage the resources on the network.
fail close
deny access during the failure
T568A pinouts
1. White/Green 2. Green 3. White/orange 4. Blue 5. White/blue 6. Orange 7. White/brown 8. Brown
802.11a
5 GHz, 54 Mbps, 50 m. It was released after 802.11b. The higher throughput compared with 802.11b is attributable to its use of higher frequencies, its unique method of modulating data, and more available bandwidth. Perhaps most significant is that the5 GHz band is not as congested as the 2.4 GHz band. Less likely to suffer interference. However, higher frequency signals require more power to transmit, and they travel shorter distances than lower-frequency signals. As a result, 802.11a networks require a greater density of access points to cover the same distance that 702.11b networks cover. The additional access points, as well as the nature of 802.11a equipment, make this standard more expensive than either 802.11b or 802.11g.
TCP/IP model
A four-layer model similar to the OSI model. The application, presentation, and session layers are wrapped together and are called the application layer. The physical layer is so simple, it's ignored, which makes for four layers: application layer, transport layer, internet layer, and link layer
SIP (Session Initiation Protocol)
A signaling protocol that is used to make an initial connection between hosts but that does not participate in data transfer during the session. After SIP establishes the connection, other protocols kick in.
multimeter
A simple instrument that can measure multiple characteristics of an electric circuit, including its resistance, voltage, and impedance. Might be used to measure voltage to verify that a cable is properly conducting electricty- that is whether its signal can travel unimpeded from one node on the network to another. It can also be used to check for the presence of noise on a wire (by detecting extraneous voltage). Test for short or open circuits in the wire (by detecting unexpected resistance or loss of voltage).
NTP (Network Time Protocol)
A simple protocol used to synchronize clocks on computers throughout a network. The genius of NTP is how it can almost completely account for the variable delays across a network, even on the open Internet.
LDAP (Lightweight Directory Access Protocol)
A standard protocol for accessing network-based directories. LDAPS (Lightweight Directory Access Protocol over SSL) uses SSL to encrypt its communications. The mechanisms of LDAP dictate some basic requirements for any directory it accesses, and so there is a lot of commonality in how directory servers are configured, regardless of the software used. LDAP can query the database, which draws information out of the database. It can also be used to add new information or edit existing data. By default, AD is configured to use the Kerberos protocol. However, AD can use LDAP instead or use both side by side. When supporting AD together, Kerberos provides authentication with the database, and then LDAP provides authorization by determining what the user can do while they're on the network.
simultaneous wired and wireless connections
A workstation is designed to transmit either via a wired or a wireless connection, but not both at the same time. When troubleshooting connection issues, consider whether the computer is making conflicting attempts to communicate with the network through both types of connections. You can resolve the issue by disabling the Wi-Fi adapter or by unplugging the ethernet cable
managed device
Any network node monitored by the NMS is a managed device. Each managed device may contain several managed objects, which is any characteristic of the device that is monitored, including components such as a processor, memory, hard disk, or NIC, or intangibles such as performance or utilization. Each managed object is assigned an OID (object identifier).
three-way handshake step 1, SYN (request for a connection)
Computer A issues a message to computer B with the following information: In its sequence number field computer A selects and sends a random number that will be used to synchronize communication. Its SYN bit is set to 1, which means the SYN flag is activated. This indicates the desire to communicate and synchronize sequence numbers. It's as if computer A is offering a hand to computer B to see if there will be a response. The ack bit is usually set to 0 for this first transmission because there is no information yet from computer B to acknowledge.
line driver
Essentially a repeater, a line driver can be installed either on copper lines (in which case, it is called a copper line driver) or fiber lines (in which case, it is called a fiber line driver) to boost the signal across greater distances. The device might be placed on either side of the demarc and, if located on the customer's side, might be owned by either party.
XaaS(anything as a service or everything as a service)
In this model the X represents an unknown. Here, the cloud can provide any combination of functions depending on a client's exact needs.
255.255.255.255
Used for broadcast messages by TCP/IP background processes. A broadcast message is ready by every node on the network
Incorrect antenna type
You might think that omnidirectional antennas would nearly always be the best choice when setting up Wi-Fi coverage. THe idea is to place the AP in the center of its coverage area, then send the signal out in all directions. However, installing unidirectional antennas instead will enhance a signal's availability, directing the signal right where you need it while not wasting a signal in areas where you don't.
Group policy utility
a Windows console that controls what users can do and how the system can be used. Group policy works by making entries in the Registry; applying scripts to Windows start-up, shutdown, and logon processes; and adjusting security setting. Policies can be applied to the computer or to the user
SPB (Shortest path bridging)
a descendent of STP and is defined in IEEE's 802.1aq standard. SPB differs from earlier iterations of STP in that it keeps all potential paths active while managing the flow of data across those paths to prevent loops. By utilizing all network paths, SPB greatly improves network performance.
frame relay
a group of Layer 2 protocols defined by ITU and ANSI in 1984. It was originally designed as a fast packet-switched network over ISDN, although today frame relay can be used as the Data Link layer protocol for various virtual circuit interfaces and media. The name, frame relay, is derived from the fact that data is separated into variable-length frames, which are then relayed from one node to another without any verification or processing. Routers establish a PVC (permanent virtual circuit) and frames carry an identifier, called a DLCI (data-link connection identifier), that routers read to determine which circuit to use for the frame. Therefore, frame relay is a connection-oriented protocol. An organization might use frame relay for communication among the LANs at each branch office—each LAN, then, has a PVC from the branch office to the ISP. Frame relay equipment consists of DCE (data circuit-terminating equipment) at the ISP's location and DTE (data terminal equipment) at the customer's location, which might be a frame relay-capable router or switch, or a specialized FRAD (frame relay access device). The advantage to leasing a frame relay circuit over leasing a dedicated service is that you pay for only the amount of bandwidth required. Another advantage is that frame relay is less expensive than some other WAN technologies, depending on your location and its network availability. However, frame relay has been superseded by newer technologies, and many ISPs no longer support it.
NAT mode
a vNIC relies on the host machine to act as a NAT device. In other words, the VM obtains IP addressing information from its host, rather than a server or router on the physical network. To accomplish this, the hypervisor acts as a DHCP server. A vNIC operating in NAT mode can still communicate with other nodes on the network and vice versa. However, other nodes communicate with the host machine's IP address to reach the VM; the VM itself is invisible to nodes on the physical network. NAT is the default network connection type selected when you create a VM in VMware, Virtual Box or KVM. In Hyper-V, the NAT connection type is created by assigning VMs to an internal network. Once you have selected the NAT configuration type, you can configure the pool of IP addresses available to the VMs on a host. The NAT network connection type is appropriate for VMs that do not need to be accessed at a known address by other network nodes.
cloud-based anti-malware software
already employ cloud-based resources within their programming. Provides the same kinds of benefits as other cloud-based solutions, such as scalability, cost efficiency, and shared resources. These cloud vendors are still working out bugs, and it can be a challenge to ensure that coverage soaks the entire network with no blind spots. Cloud solutions also increase the amount of Internet traffic in order to perform their duties.
material safety data sheet (MSDS)
also called an SDS (safety data sheet), explains how to properly handle substances such as chemical solvents and how to dispose of them. includes information such as physical data, toxicity, health effects, first aid, storage, shipping, disposal, and spill procedures. it typically comes packages with the chemicals
Ethernet ports
allow for network communications and are the type of port used to create LANs through the router
data room
also called data closet, data center, equipment room, or telecommunications room, it is the enclosed space that holds network equipment. These spaces might have requirements for size, clearance around equipment, wall materials, and physical security. Larger data centers and smaller data closets both require good cooling and ventilation systems for maintaining a constant temperature
session
an ongoing conversation, with the Telnet service
remote application
application that is installed and executed on a server and is presented to a user working at a client computer. Windows Server 2008 and later versions include Remote Desktop Services to manage remote applications. Remote applications are becoming popular because most of the computing power (memory and CPU speed) and technical support (for application installations and updates and for backing up data) are focused on the server in a centralized location, which means the client computers require less computing power and desk-side support.
FDM (frequency division multiplexing)
assigns different frequencies to create multiple frequency bands, each used by a subchannel, so that multiple signals can transmit on the line at the same time. Signals are modulated into different frequencies, then multiplexed to simultaneously travel over a single channel, and demultiplexed at the other end. Telephone companies once used FDM for all phone lines and now still use multiplex signals on residential phone lines for the last leg before entering a residence.
STDM (statistical time division multiplexing)
assigns time slots to nodes (similar to TDM), but then adjusts these slots according to priority and need. This approach uses all slots rather than leaving some unused, which maximizes available bandwidth on a network
dig (domain information groper) utility
available on Linux and macOS and provides more detailed domain information than nslookup. Use dig to query DNS nameservers for information about host addresses and other DNS records. dig is newer than nslookup; it uses more reliable sources of information to output its results and makes more advanced options available for complex queries.
protect cables
avoid laying cable across a floor where it might sustain damage from rolling chairs or foot traffic. at the very least, cover the cable with a cable protector or cord cover. when possible, install cable through cable conduits and seal the ends of these pipes to reduce the risk of damage from pests or water
access port
connects the switch to an endpoint, such as a workstation. The computer connected to an access port does not know which VLAN it belongs to, nor can it recognize other VLANs on the same switch
UTP (unshielded twisted pair)
consists of one or more insulated wire pairs encased in a plastic sheath. As its name implies it does not contain additional shielding for the twisted pairs. As a result it is both less expensive and less resistant to noise than STP and is more popular than STP because of its lower cost.
cable broadband
based on the coaxial cable wiring used for TV signals. Cable broadband was standardized by an international, cooperative effort orchestrated by CableLabs that yielded a suite of specifications called DOCSIS (Data Over Cable Service Interface Specifications). Cable broadband service is typically offered at asymmetric speeds, such as up to 70 Mbps download and 7 Mbps upload. However, the newest DOCSIS standard, 3.1, allows for full duplex, or symmetric, speeds up to 10 Gbps in both directions, thus rivaling some fiber-optic Internet service options. In fact, many cable companies employ fiber cabling for a significant portion of their physical infrastructure. HFC (hybrid fiber coaxial) networks use fiber-optic cabling, which supports high throughput and high reliability, to connect the cable company's distribution center, or head-end, to distribution hubs and then to optical nodes near customers. Either fiber-optic or coaxial cable then connects a node to each customer's business or residence via a connection known as a cable drop. Like DSL, cable broadband provides a dedicated and always-up, or continuous, connection that does not require dialing up a service provider to create the connection. Unlike DSL, cable broadband requires many subscribers to share the same local line, thus raising concerns about security and actual (versus theoretical) throughput. Moreover, the throughput of a cable line is fixed. As with any fixed resource, the more one person uses, the less that is left for others. In other words, the greater the number of users sharing a single line, the less throughput available to each individual user. Cable companies counter this perceived disadvantage by rightly claiming that at some point (for example, at a remote switching facility or at the DSLAM interface), a telephone company's DSL bandwidth is also fixed and shared among a group of customers. In the United States, cable broadband access costs approximately $30-$60 per month when bundled with cable TV and/or digital voice services. Cable broadband is less often used in businesses than DSL, primarily because most office buildings do not contain a coaxial cable infrastructure.
backbone cabling
consists of the cables or wireless links that provide interconnection between the entrance facility and MDF, and between the MDF and IDFs. One component is the vertical cross connect, which runs between a building's floors
twisted-pair
cable consists of color-coded pairs of insulated copper wires, each with a diameter of 0.4 to 0.8 mm. Every two wires are twisted around each other to form pairs, and all the pairs are encased in a plastic sheath. the more twists per foot in a pair of wires, the more resistant the pair will be to crosstalk or noise. Higher-quality, more-expensive twisted-pair cables contains more twists per foot. Because twisting the wire pairs more tightly requires more cable, a high twist ratio can result in greater attenuation.
EMI (electromagnetic interference)
caused by motors, power lines, televisions, copiers, fluorescent lights, microwave ovens, manufacturing machinery, and other sources of electrical activity (including a severe thunderstorm). One type of EMI is RFI (radio frequency interference), or electromagnetic interference caused by radio waves. (Often you'll see EMI referred to as EMI/RFI). Strong broadcast signals from radio or TV antennas can generate RFI
data
contains data sent by the source host. the data field is not part of the TCP header- it is encapsulated by the TCP header. The size of the data field depends on how much data needs to be transmitted, the constraints on the TCP segment size imposed by the network type, and the limitation that the segment must fit within an IP packet at the next layer
private key encryption
data is encrypted using a single key that only the sender and the receiver know. Private key encryption is also known as symmetric encryption because the same key is used during both the encryption and decryption of the data. A potential problem with private key encryption is that the sender must somehow share the key with the recipient without it being intercepted
shutdown command
disables unused physical and virtual ports on switches and other network devices
netstat -r
displays routing table information
failure
deviation from a specified level of system performance for a given period of time. In other words, a failure occurs when something doesn't work as promised or as planned. For example, if your car breaks down on the highway, you can consider the breakdown to be a failure.
TDM (time division multiplexing)
divides a channel into multiple intervals of time, or time slots. Time slots are reserved for their designated nodes regardless of whether the node has data to transmit. This can be inefficient if some nodes on thenetwork rarely send data
schedule the change for completion
during off-hours.
LAN (local area network)
each node on the network can communicate directly with others on the network. LANs are usually contained in a small space, such as an office or building.
characters that make malware harder to detect and eliminate
encryption - some malware is encrypted to prevent detection. Most anti-malware searches files for a recognizable string of characters that identify the virus. However, encryption can thwart the anti-malware program's attempts to detect it. stealth - some malware disguises itself as legitimate programs or replaces part of a legitimate program's code with destructive code polymorphism - polymorphic malware changes its characteristics (such as the arrangement of bytes, size, and internal instructions) every time it's transferred to a new system, making it harder to identify. time dependence - some malware is programmed to activate on a particular date. This type of malware can remain dormant and harmless until its activation date arrives. Time-dependent malware can include logic bombs, or programs designed to start when certain conditions are met.
data transmission quantities
expressed in multiples of bits per second
UPC (Ultra Polished Connector)
extensive polishing of the tips creates a rounded surface on a UPC, which allows the internal fibers to meet and increases efficiency over older types of connections
dual power supplies
giving each server at least one backup in case a power supply fails. Each power supply is capable of handling the full power demands of the server if needed.
distributed switching
in a server cluster, a single, distributed vSwitch can service VMs across multiple hosts. it centralizes control of the VMs, simplifies network operations, and minimizes the chances for configuration error. To do this, an agent is installed on each physical host and is then controlled by a supervisor module in the distributed switch.
layers 2 and 1 are responsible for
interfacing with the physical hardware only on the local network. the protocols at these layers are programmed into the firmware of a computer's NIC and other networking hardware
RBAC (role-based access control)
most popular authorization method. A network administrator receives from a user's supervisor a detailed description of the roles or jobs the user performs for the organization. The administrator is responsible for assigning the privileges and permissions necessary for the user to perform only these roles. In addition, all users may require access to certain public resources on the network. These public rights are very limited. With role-based access control, a network administrator creates user groups associated with these roles and assigns privileges and permissions to each user group. Each user is assigned to a user group that matches a requirement for his job, and in most cases, a user can belong to more than one user group. In some situations, however, a checks and balances safety net is enforced by implementing role separation; this means each user can only be a member of a single group in order to perform any tasks at all. If a user is listed in more than one group, all privileges and permissions are locked down for that user.
availability
refers to how consistently and reliably a connection, system, or other network resource can be accessed by authorized personnel. It's often expressed as a percentage, such as 98% or 99.5%
if the change was successful, reenable access to the system. if it was unsuccessful
revert to the previous version of the software or hardware
IGP (Interior Gateway protocols)
routing protocols used by core routers and edge routers within autonomous systems. IGPs are often grouped according to the algorithms they use to calculate best paths
HIDS (host-based intrusion detection system)
runs on a single computer to detect attacks to that one host.
tone generator (toner)
small, electronic device that issues a signal on a wire. it should never be used on a wire that's connected to a device's port or network adapter. because a tone generator transmits electricity over the wire, it could damage the device or network adapter
subnet
smaller network within a larger network
test your theory to determine the cause
step 3 of troubleshooting. for more complicated or expensive solutions, test your theory to assure yourself that it will indeed solve the problem before you implement the solution. if your test proves the theory is wrong, move on to another guess or escalate the problem to the next tier of support in your organization.
after the change is implemented
test the system in real time. for hardware devices, put a higher load on the device than it would incur during normal use in your organization
two important NIC settings include
the direction in which signals travel over the media and the number of signals that can traverse the media at any given time. These two settings are combined to create different methods of communication: full duplex, half-duplex, and simplex
off-boarding
the reverse procedure involves removing the agent. For security purposes, network administrators need a feature that allow them to do this remotely, in case a device is lost or stolen. This feature, called a remote wipe, clears a device of all important information, permissions, and apps without having physical access to the device. It might even allow you to completely disable the device, making any network or data access impossible
penetration testing
this attack simulation uses various tools to find network vulnerabilities and then attempts to exploit those vulnerabilities
UDP (User Datagram Protocol)
unreliable, connectionless protocol. The term unreliable does not mean that UDP can't be used reliably. Instead, it means that UDP does not guarantee delivery of data, and no connection is established by UDP before data is transmitted. UDP provides no handshake to establish a connection, acknowledgment of transmissions received, error checking, sequencing, or flow control and is, therefore, more efficient and faster than TCP. It is useful when a great volume of data must be transferred quickly. It's also used for small requests, such as DNS, or in situations when the data changes often and speed is more important than complete accuracy, such as when gaming over the network. In contrast to a TCP header's 10 fields, the UDP header contains only four fields: Source port, destination port, length, and checksum.
patch panels
use patch panels to organize and connect lines. a patch panel does nothing to the data transmitted on a line other than pass the data along through the connection. But patch panels do help keep lines organized as they run from walls to rack to network devices, and they make it easy to switch out patch cables of variable lengths when devices are moved or changed
IS-IS (Intermediate System to Intermediate System)
uses a best-path algorithm similar to OSPF's. It was originally codified by ISO, which is referred to router as "intermediate systems," thus the protocol's name. Unlike OSPF, IS-IS is designed for use on core routers only. Also it is not handcuffed to IPv4 like OSPF is, so it's easy to adapt to IPv6. Service providers generally prefer to use IS-IS in their own networks because it's more scalable than OSPF, but OSPF is still more common.
before touching a component, first ground yourself using one of these methods
wear an ESD strap around your wrist that clips onto the chassis, or computer case, which eliminates any ESD between you and the chassis and its components. be sure to at least touch the case before you touch any components inside the case if you do not have an ESD strap handy. to protect a sensitive component store it inside an antistatic bag when it's not in use. Always shut down and unplug a computer before working inside it
wiki
website that can be edited by users. You can add files and photos, easily create links between pages, group pages by different criteria, and make choices about which users have which privileges on the site
Wireless topologies
ad hoc, infrastructure, mesh
PSE (power sourcing equipment)
device that supplies the power
insider threat
when trusted people have or develop malicious intent
two primary encryption techniques used by VPNs
IPsec and SSL
layer 1, physical layer
Bit or transmission. L1PDU
OC-1
Throughput 51.84 Mbps. Base rate
tunneling
a method of transporting IPv6 packets through or over an IPv4 network.
key fob
provides remote control over locks and security systems.
Networks are commonly segmented according to one of the following groupings:
• geographic locations—For example, the floors of a building connected by a LAN, or the buildings connected by a WAN • departmental boundaries—For example, the Accounting, Human Resources, and Sales departments • device types—For example, printers, desktops, and IP phones
monitoring network's two major factors
• performance management—Monitoring how well links and devices are keeping up with the demands placed on them • fault management—Detecting and signaling of device, link, or component faults
additional network security authentication restrictions:
• time of day—Some user accounts may be active only during specific hours— for example, between 8:00 a.m. and 5:00 p.m. Specifying valid hours for an account can increase security by preventing any account from being used by unauthorized personnel after hours. • total time logged on—Some user accounts may be restricted to a specific number of hours per day of logged-on time. Restricting total hours in this way can increase security in the case of temporary user accounts. For example, suppose that your organization offers an Adobe Photoshop training class to a group of high school students one afternoon, and the Photoshop program and training files reside on your staff server. You might create accounts that could log on for only four hours on that day. • source address—You can specify that user accounts may log on only from certain workstations or certain areas of the network (that is, domains or segments). This restriction can prevent unauthorized use of accounts from workstations outside the network. • unsuccessful logon attempts—Hackers might repeatedly attempt to log on under a valid username for which they do not know the password. As the network administrator, you can set a limit on how many consecutive, unsuccessful logon attempts from a single user ID the server will accept before blocking that ID from even attempting to log on. • geographic location—Geofencing determines a client's geographic location to enforce a virtual security perimeter. In other words, the client must be located within a certain area in order to gain access to the network. With geofencing, GPS (global positioning system) or RFID (radio frequency identification) data is sent to the authentication server to report the location of the device attempting to authenticate to the network.
most common performance metrics:
• utilization—This metric refers to the actual throughput used as a percentage of available bandwidth. No network should operate at maximum capacity. Identify patterns of utilization and ensure that available bandwidth accounts for utilization spikes. • error rate—Bits can be damaged in transit due to EMI or other interference. The calculated percentage of how often this occurs is the error rate. • packet drops—Packets that are damaged beyond use, arrive after their expiration, or are not allowed through an interface are dropped. Packet drops result in delayed network communications while devices wait for responses or have to resend transmissions. Knowing what's normal for your network will help you identify problems when packet drop rates vary. • jitter—All packets experience some latency. When successive packets experience varying amounts of latency, resulting in their arriving out of order, the user experience is degraded. This is called jitter, a problem that can be addressed through traffic management techniques
guidelines for service and protocol device protection
* use secure protocols, such as SSH and SFTP, instead of insecure protocols, such as Telnet and FTP * disable any running services on a computer that are not needed. * minimize the number of startup programs to include only those apps that you really need * close TCP/IP ports on the local firewall that are not used for ongoing activities * disable unneeded connection technologies, such as Bluetooth, Wi-Fi, NFC, and IR * remove known networks if they're no longer needed * disable or uninstall applications that are no longer needed
The following mitigation efforts will reduce the risk of VLAN hopping:
-Don't use the default VLAN. -Change the native VLAN to an unused VLAN ID. -Disable auto-trunking on switches that don't need to support traffic from multiple VLANs. -On switches that do carry traffic from multiple VLANs, configure all ports as access ports unless they're used as trunk ports. -Specify which VLANs are supported on each trunk instead of accepting a range of all VLANs. -Use physical security methods such as door locks to restrict access to network equipment.
Range of host IP addresses for subnet A
1 through 126
Ways server request process can get more complex
1. A client's local caching server typically is not the same machine as the authoritative name server for the organization's domain. Instead, the caching server exists only to resolve names for its own local clients. 2. Name servers within a company might not have access to root servers. The local name server might forward the query to the name server at the company's ISP (Internet service provider), which might forward the query to a name server elsewhere on the Internet. This name server might query a root server; however, if any name server in the process has the requested information, it responds without the involvement of a root server, TLD name server, or authoritative name server. 3. A TLD name server might be aware of an intermediate name server rather than the authoritative name server. When the local name server queries this intermediate name server, it might respond with the IP address of the authoritative name server.
T568B pinout
1. White/orange 2. Orange 3. White/green 4. Blue 5. White/Blue 6. Green 7. White/Brown 8. Brown
variables you will set during installation of SOHo router are
1. administrator password 2. SSID 3. whether or not the SSID is broadcast 4. security options such as type and credentials needed to associate with the AP 5. whether or not DHCP is used; note that most network administrators do not configure their wireless access point as a DHCP server and, in fact, doing so when another DHCP server is already desginated will cause addressing problems on the network
process of properly managing and applying security patches
1. discovery - you investigate what's on your network so that you can protect it. Good documentation will help indicate whether a newly discovered vulnerability and its patch applies to your network, how extensively the issue affects your systems, how urgent the change is, and what you'll need to do to implement the patch correctly. 2. standardization - updating OS and application versions consistently across the network will simplify the change process for future updates 3. layered security - refers to multiple defenses applied to a single network. For layered security to be effective, you need to understand how these various solutions interact, and look for any gaps in coverage 4. vulnerability reporting - identifying and prioritizing relevant security issues and patch releases is essential. 5. implementation - implementing patches includes validating, prioritizing, testing, and applying them. Careful implementation is especially important with security patches which can serve a critical role in protecting a business's interests. Performing patch rollouts in phases, or tiers, requires formal change management processes. 6. assessment - you evaluate the success of patch implementation and the overal effectiveness of the patch 7. risk mitigation - it may not be possible to apply a patch where needed. for example, a new patch might not be compatible with legacy software on a server. To lessen the resulting risk, you should apply other layers of protection to the affected devices and applications
capabilities common to wireless network testing tools:
1. transmitting APs, nodes, and the channels over which they are communicating 2. measure signal strength from and determine the range of an AP 3. indicate the effects of attenuation, signal loss, and noise 4. Interpret signal strength information to rate potential AP locations 5. Ensure proper association and reassociation when moving between APs 6. Capture and interpret traffic exchanged between APs and nodes 7. Measure throughput and assess data transmission errors 8. Analyze the characteristics of each channel within a frequency band to indicate the clearest channels
OC-48
2488.32 throughput. Primarily used as a regional ISP backbone, and occasionally by very large hospitals, universities, or other major enterprises. Consists of four OC-12s.
2.5GBase-T
2500 Mbps, requires Cat 5e or better
To create a straight-through patch cable using Cat 5e twisted pair cabling
1.Using the wire cutter, make a clean cut at both ends of the twisted-pair cable. Cut the cable the length you want the final cable to be, plus a few extra inches. If you're using a boot, slide one onto each end of the cable with the smaller opening facing the length of the cable and the larger opening facing the cut end that you're terminating. 2. Using the wire stripper, remove the sheath off of one end of the twisted-pair cable, beginning at approximately 1 inch from the end. This is easier if you first score the sheath with a pair of scissors or a small knife. Be careful to neither damage nor remove the insulation t hat's on the twisted-pair wires inside. 3. In addition to the four wire pairs, inside the sheat you'll find a string. This string known as a strip string or rip cord, is included to make it possible to remove an additional length of the outer sheath beyond the point where your cutting tool might have nicked the wire pairs. Use a pocketknife, wire cutters, or scissors to start a new cut at the edge of the sheath, then pull the string through the cut to expose an additional inch of the inner wires. Cut off the excess string and sheath. 4. Carefully unwind each pair and straighten each wire. Make a clean cut evenly across the wires about an inch from the opening in the sheath. 5. To make a straight-through cable, align all eight wires on a flat surface, one next to the other, ordered according to their colors and positions. It might be helpful first to groom- or pull steadily across the length of - the unwound section of each wire to straighten it out and help it stay in place. 6. Measure 1/2 inch from the end of the wires, and cleanly cut the wires straight across at this length. It might help to hold the RJ-45 connector next to the wires to determine how short to cut the wires. 7. Keeping the wires in line and in order, gently slide them into their positions in the RJ-45 plug. The plug should be positioned with the flat side facing toward you and the pin side facing away from you, so the appropriate wires enter the correct slots for the wiring standard. The sheath should extend into the plug about 3/8 of an inch. 8. After the wires are fully inserted, place the RJ-45 plug in the crimping tool and press firmly to crimp the wires into place. Be careful not to rotate your hand or the wire as you do this, otherwise only some of the wires will be properly terminated. 9. Remove the RJ-45 connector from the crimping tool. Look through the clear plastic connector to make sure each wire appears to be in contact with its pin. It might be difficult to tell simply by looking at the connector. To test the connection, try to pull the plug off the wire. If it comes out, start over. However, the real test is whether your cable will successfully transmit and receive signals. If the connection appears solid, slide the boot over the connector so it fits snugly over the clip. 10. Repeat steps 2 through 9 for the other end of hte cable. After completing step 9 for the other end, you will have created a straight-through patch cable.
flags
6 bits long. identifies a collection of six 1-bit fields or flags that signal special conditions about other fields in the header. The following flags are available to the sender: URG - if set to 1, the urgent pointer field later in the segment contains information for the receiver. If set to 0, the receiver will ignore the Urgent pointer field. ACK - if set to 1, the acknowledgment field earlier in the segment contains information for the receiver. If set to 0, the receiver will ignore the Acknowledgment field. PSH - if set to 1, data should be sent to an application without buffering RST - if set to 1, the sender is requesting that the connection be reset SYN - if set to 1, the sender is requesting a synchronization of the sequence numbers between the two nodes. This code indicates that no payload is included in the segment, and the acknowledgment number should be increased by 1 in response FIN - if set to 1, the segment is the last in a sequence and the connection should be closed
reserved
6 bits long. indicates a field reserved for later use
virtual circuit
A WAN connection logically appears to the customer to be a dedicated line, but, physically, can be any configuration through the carrier's cloud. One advantage of virtual circuits is that a company can purchase limited bandwidth, and then use the channel only when it needs to transmit data. When that company is not using the channel, it remains available for use by other virtual circuits. Two types of virtual circuits are: ❍❍ PVC (permanent virtual circuit)—Connections that are established before data needs to be transmitted and are maintained after the transmission is complete. Note that in a PVC, the connection is established only between the two points (the sender and receiver); the connection does not specify the exact route the data will travel. ❍❍ SVC (switched virtual circuit)—Connections that are established when parties need to transmit, then terminated after the transmission is complete.
Remote Access Policies
A good remote access policy protects a company's data, network, and liability, no matter what type of remote access is involved. Here are some common requirements: • Devices used for remote access must be kept up to date with patches, anti- malware software, and a firewall. • Device access must be controlled by a strong password or biometric measures, such as fingerprint, retina, or face recognition. The device should lock down automatically after only a few minutes of inactivity. • Passwords must be strong and must be changed periodically. Password best practices are discussed further in later chapters. • Passwords cannot be shared, even with a family member. • The device's internal and external storage devices must be encrypted. Note that some countries require that encrypted storage devices be decrypted or that encryption keys be filed with authorities. Employees who travel abroad should account for this when deciding what data to transport. • Company and customer data that is accessed, transferred, stored, or printed must be kept secure. • The loss or theft of any devices used for remote access or to process remotely accessed data (such as a printer) must be reported to the company immediately (or within a reasonable time frame, such as 72 hours). • Encrypted VPN software must be used to remotely access company network resources. Typically, these options are clearly defined in the policy. • While remotely connected to the company network, the device must not be connected to the open Internet or any other network not fully owned and controlled by the employee. This restriction is usually built into enterprise VPN solutions. • Remote sessions must be terminated when not in use. In most cases, remote sessions should be configured to time out automatically as a precaution.
Metropolitan Ethernet
A growing trend in the ISP offerings for WAN connection services is a fairly recent development in Ethernet technology which began with Metro (Metropolitan) Ethernet and grew into a global scale technology called Carrier Ethernet. You've already learned about LAN-based Ethernet. ISPs are now developing ways to send Ethernet traffic across WAN connections (called Carrier Ethernet) and MAN connections (called Metro Ethernet), as first standardized by the MEF (Metro Ethernet Forum). The MEF is an alliance of over 220 industry organizations worldwide. Where available, virtual Ethernet networks can be established across other types of networks using technologies such as Ethernet over SONET (or SDH), Ethernet over MPLS, Ethernet over DSL, and Ethernet over fiber. In metro settings, end-to-end, carrier- grade Ethernet networks can be established via CET (Carrier-Ethernet Transport), which is an Ethernet-based transport solution designed to overcome the inherent weaknesses of implementing Ethernet outside of the LAN environment. As you can see, Carrier Ethernet, therefore, actually spans both Layers 1 and 2 in the OSI model. For example, where traditional Ethernet, using STP (Spanning Tree Protocol), forwards frames based on MAC addresses, CET adds a transport label to the frame for forwarding purposes and establishes virtual tunnels, or paths, for frames to follow to their destination. Recall that STP blocks certain paths in order to limit potential pathways. CET, on the other hand, predetermines a pathway and tags frames to follow the specified path. Metro Ethernet, as a last-mile service, provides a host of advantages, including: • streamlined connections—Bridging Ethernet LANs with their native Ethernet protocols significantly streamlines the communication processes. • cost efficiency—Metro Ethernet provides higher bandwidth at lower costs than current T-carrier and other options that rely on TDM (such as SONET). Metro Ethernet services at 10 Gbps are available with bandwidths up to 100 Gbps in the works. • scalability—Ethernet services are more easily scaled in finer increments than other high-bandwidth technologies, and can be easily adjusted as subscriber needs change. • familiarity—IT technicians are already familiar with Ethernet protocols and standards, which simplifies maintenance and troubleshooting. • hardware—Ethernet hardware is already widely available and less expensive to obtain the equipment needed for specific situations.
posture assessment
A thorough examination of each aspect of the network to determine how it might be compromised. Should be performed at least annually and preferably quarterly. They should also be performed after making any significant changes to the network.
client saturation or overcapcity
APs vary in the number of device connections they can handle at any given time. A SOHO network's AP might take 10-15 devices before becoming overwhelmed, whereas a high-powered, commercial AP can handle a much larger client load without exceeding its bandwidth saturation limitations. The 802.11ac standard also provides this advantage, in that this newest standard expands available bandwidth while also managing that bandwidth more efficiently to support more clients. Keep in mind, when shopping for a new AP, that the actual, effective capacity in the real world will be significantly less than the AP's advertised capacity
TACAS+ (Terminal Access Controller Access-Control System Plus)
Another AAA protocol. Offers network administrators the option of separating the authentication, authorization, and auditing capabilities. TACAS+ differs from RADIUS in that it: *relies on TCP not UDP at the transport layer *was developed by Cisco Systems for proprietary use *Is typically installed on a router or switch, rather than on a server *Is most often used for device administration access control for technicians although it can be used for network resource access control for users *Encrypts all information transmitted for AAA
frame aggregation
Beginning with 802.11n, networks can use one of two techniques for combining multiple data frames into one larger frame: A-MSDU (Aggregated Mac Service Data Unit) or A-MPDU (aggregated mac protocol data unit). 802.11ac uses A-MPDU for all transmissions by default. Both approaches combine multiple frames to reduce overhead. The advantage of A-MSDU over A-MPDU is that more of the frame's information is combined with other frames transmitted at the same time. The potential disadvantage to using larger frames is the increased probability of errors when transmitting larger blocks of data. Therefore, the advantage of A-MPDU is that each frame added to the mix retains some of its error checking data, resulting in greater reliability.
contrast a broadcast domain and a collision domain
Both types of domains are defined by the group of node that transmissions can reach. Transmissions in a broadcast domain reach all nodes on a LAN, but are not forwarded by routers. Therefore, routers define the borders of a broadcast domain, which is by definition, a LAN. In contrast, transmissions in a collision domain reach only those nodes directly connected to a hub. Therefore, the hub defines the borders of its collision domain.
CSMA/CD (Carrier Sense Multiple Access with Collision Detection)
Carrier Sense refers to an Ethernet NIC listening and waiting until no other nodes are transmitting data. Multiple Access refers to several nodes accecssing the same network media. Collision Detection refers to what happens when two nodes attempt a transmission at the same time. When the transmission of two nodes interfere with each other, a collision happens. After a collision, each node waits a random amount of time and then resends the transmission. A collision domain is the portion of a network in which collisions can occur. Hubs connecting multiple computers in a star-bus topology resulted in massive collisions.
insecure protocols and services
Certain TCP/IP protocols are inherently insecure. IP addresses can be falsified, checksums can be thwarted, UDP requires no authentication, and TCP requires only weak authentication. FTP is notorious for its vulnerabilities. In a well-known exploit, FTP bounce, hackers take advantage of this insecure protocol. When a client running an FTP utility requests data from an FTP server, the client normally specifies its own IP address and FTP's default port number. However, it is possible for the client to specify any port on any host's IP address. By command the FTP server to connect to a different computer, a hacker can scan the ports on other hosts and transmit malicious code. To thwart FTP bounces, attacks, most modern FTP servers will not issue data to hosts other than the clients that originated the request. Other insecure protocols include HTTP (use HTTPS with SSL/TLS instead), Telnet (use along with IPsec), SLIP (use PPP instead), TFTP (use SFTP instead), SNMPv1, and SNMPv2 (use SNMPv3).
public IP addresses
Class A, B, and C licensed IP addresses are available for use on the Internet so they are known as this
overlapping channels or mismatched frequencies
Clients automatically sense the correct channel and frequency. However, if you have instructed your client to use only a channel or frequency different from the one your access point uses, association will fail to occur. Simiarly, using channels or frequencies that are too close to each other on the frequency spectrum can interfere with each other's transmissions
evil twin
Clients running Linux, macOS, or a modern version of Windows will first attempt to associate with a known access point. This feature can result in network devices connecting to rogue access points, or access points installed without the authorization of the network administrator. One type of rogue access point, an evil twin, can be used to trick a device into connecting to the wrong network.
rogue DHCP server
Default trust relationships between one network device and another might allow a hacker to access the entire network because of a single flaw. A rogue DHCP server running on a client device, however, could be used to implement a MitM attack by configuring the attacker's IP address as the victim computers' default gateway. Alternatively, the attacker could give her IP address as the DNS server and then spoof websites. DHCP messages should be monitored by a security feature on switches called DHCP snooping, in which any switch ports connected to clients are not allowed to transmit DHCP messages that should only come from a trusted DHCP server.
SFP+
Developed later than XFP and is the same module size as SFP; theoretical maximum transmission speed is 16 Gbps
Unoptimized access point power levels
Each access point's power level, or the strength of the signal the access point emits, should be optimized for the geographic area covered by that AP. Power levels that are too low will result in dropped signals as clients roam to the peripheral areas of the AP's range. However, maxed out power levels will result in too much overlap between AP coverage areas, causing clients from other coverage areas to attempt to connect with APs that are farther away but transmitting the stronger signal. Begin with a 50 percent power setting and make incremental changes as needed to optimize the amount of overlap between APs. Also keep in mind that even if a client can receive a signal from a high-powered AP installed on the other end of the building, the return signal from the client might not be reliably strong enough to reach the AP, which is called a near-far effect
Satellite Internet Services
Each subscriber uses a small satellite antenna and receiver, or satellite modem, to exchange signals with the service provider's satellite network. Clients may be fixed, such as rural dwellers who are too remote for DSL, or mobile subscribers, such as travelers on ocean-going yachts. Clients are able to exchange signals with satellites as long as they have a line- of-sight path, or an unobstructed view of the sky. To establish a satellite Internet connection, each subscriber must have a dish antenna, which is approximately 2 feet high by 3 feet wide, installed in a fixed position. In North America, these dish antennas are pointed toward the Southern Hemisphere (because many geosynchronous satellites travel over the equator). The dish antenna's receiver is connected, via cable, to a modem. This modem uses either a PCI or USB interface to connect with the subscriber's computer. As with several other wireless WAN technologies, satellite services are typically asymmetrical and bandwidth is shared among many subscribers. Throughputs vary and are controlled by the service provider. Typical downlink rates range from 2 to 3 Mbps and uplink rates reach maybe 1 Mbps. Compared with other wireless WAN options, satellite services are slower and suffer more latency. In addition, the inconsistent latency causes jitter problems, degrading signal quality. Given these drawbacks, satellite data service is preferred only in circumstances that allow few alternatives or in cases where satellite receiving equipment is already installed.
noise
Fluctuation in voltage levels caused by other devices on the network or EMI. Some noise is unavoidable on an electrical circuit, but excessive noise can cause a power supply to malfunction, immediately corrupting program or data files and gradually damaging motherboards and other computer circuits. If you've ever turned on fluorescent lights or a microwave oven and noticed the lights dim, you have probably introduced noise into the electrical system. Power that is free from noise is called clean power. To make sure power is clean, a circuit must pass through an electrical filter.
documentation
Follow these guidelines to manage documentation at your cabling plant: Keep your cable plant documentation in a centrally accessible location. Make sure it includes locations, installation dates, lengths, and grades of installed cable. Label every data jack or port, patch panel or punchdown block, connector or circuit. Use color-coded cables for different purposes and record the color schemes in your documentation. Cables can be purchased in a variety of sheath colors, For example, you might want to use red for patch cables, green for horizontal cabling, purple for DMZ lines, and yellow for vertical (backbone) cabling. Be certain to update your documentation as you make changes to the network. The more you document, the easier it will be to troubleshoot, move, or add cable segments in the future
IPv6 subnetting vs IPv4
IPv6 addressing uses no classes. There are no IPv6 equivalents to IPv4's Class A, Class B, or Class C networks. Every IPv6 address is classless. IPv6 does not use subnet masks. A single IPv6 subnet is capable of supply 18,446,744,073,709,551,616 IPv6 addresses
mismatched standards (802.11 b/a/g/n/ac)
If your access point is set to communicate only via 802.11ac, even if the documentation says it supports 802.11n and 802.11ac, clients must also follow the 802.11ac standard. Clients might also be able to detect and match the correct type of 802.11 standard. However, if they are configured to follow only one standard, they will never find an access point broadcasting via a different standard
RG-6
Impedance - 75 ohms Core - 18 AWG conducting core, usually made of solid copper Uses - Used to deliver broadband cable Internet service and cable TV, particularly over long distances. Cable Internet service entering your home is RG-6.
RG-59
Impedance - 75 ohms. Core - 20 or 22 AWG core, usually made of braided copper. Use - Still used for relatively short connections. for example, when distributing video signals from a central receiver to multiple monitors within a building. It is less expensive, than the more common RG-6 but suffers from greater attenuation
netstat -o
Lists the PID (Process identifier) for each process using a connection and information about the connection
CWDM (coarse wavelength division multiplexing or coarse WDM)
Lowers cost by spacing frequency bands wider apart to allow for cheaper transceiver equipment. Coarse WDM multiplexers typically can support 4, 8, 16, or 18 channels per fiber. The effective distance of coarse WDM is more limited because the signal is not amplified.
Cat 7 (not included in TIA/EIA standards)
Maximum supported throughput - 10 Gbps Bandwidth/Signal rate - 600 MHz Supports higher frequencies because each wire pair is wrapped in its own shielding, then packaged in additional shielding beneath the sheath. Requires more sophisticated connectors, either GG45, which is backward compatible with RJ-45, or TERA, which is not. It's larger and less flexible than earlier versions, and is also less common
Cat 6
Maximum supported throughput - 10 Gbps Bandwidth/signal rate - 250 MHz Includes a plastic core to prevent crosstalk between twisted pairs in the cable. Can also have foil insulation that covers the bundle of wire pairs, and a fire-resistant plastic sheath
10GBase-T 10-Gigabit Ethernet
Maximum transmission speed (Mbps) - 10000 Maximum distance per segment - 100 m Physical media - Cat 6a or Cat 7 (Cat 7 is preferred) Pairs of wires used for transmission - 4 pair This is the fastest Ethernetstandard and achieves dramatic transmission rates on twisted-pair cabling that is comparable to fiber-optic cabling, and is less expensive than fiber-optic. Since the maximum segment length is still 100 meters it means that it is not appropriate for long-distance WANs, but could easily allow the use of converged services, such as video and voice, at every desktop in a LAN
interface error
Misconfigured interfaces, such as an incorrect default gateway or missing DNS server address, can result in interface errors. One possible evaluation technique for bypassing an interface error, which will help confirm that the interface misconfiguration is the issue, is to switch to a different interface on the same device. For example, if your computer's wired connection is having problems, try connecting to the network using the computer's wireless interface.
ICMP (Internet Control Message Protocol)
Network layer, core protocol that reports on the success or failure of data delivery. It can indicate when part of a network is congested, when data fails to reach its destination, and when data has been discarded because the alotted Time to Live has expired. ICMP announces these transmission failures to the sender, but does not correct errors it detects. However, ICMP's announcements provide critical information for troubleshooting network problems. ICMP messages are generated automatically by network devices, such as routers, and by utilities, such as ping. ICMP messages contain both an IP header and an ICMP header.
incorrect antenna placement
On a network, many factors can cause data errors and a resulting decrease in performance. Be sure to check the recommended geographic range for your AP, and keep clients well within that distance. If a client is too far from an AP, communication might occur, but data errors become more probable. Also remember to place your antenna in a high spot for best signal reception
war chalking
Once hackers discover vulnerable access points, they make this information public by drawing symbols with chalk on the sidewalk or wall within range of a wireless network. The symbols, patterned after marks that hobos devised to indicate hospitable places for food or rest, indicate the access point's SSID and whether it's secured. Alternatively, many websites offer maps of these open networks, as reported by war drivers
ST connector
Polish - UPC 2.5 mm Full-duplex - No
SC connector
Polish - UPC, APC 2.5 mm Full-duplex - Can be
Two 2.5 mm ferrules are
SC (subscriber connector or standard connector) and ST (straight tip)
white box switches
SDN controller that handles all the changes at a more abstracted level, and informs the affected networking devices of what to do with the relevant data on the physical level. It is significantly less expensive than their more sophisticated counterparts. In essence, networking devices in an SDN-controlled environment function only at Layer 1 in the OSI model, while the SDN controller can manage functionality at all the other OSI layers.
Two variations of NAT you need to be aware of are:
SNAT and DNAT
CIDR (Classless Interdomain Routing)
Shorthand method for identifying network and host bits in an IP address, also known as CIDR notation or slash notation. CIDR notation takes the network ID or a host's IP address and follows it with a forward slash (/) which is then followed by the number of bits that are used for the network ID.
half-duplex
Signals may travel in both directions over a medium but in only one direction at a time
simplex
Signals may travel in only one direction, and is sometimes called one-way, or unidirectional, communication.
SSL/TLS handshake process
Step 1 - the browser, representing the client computer in this scenario, sends a client_hello message to the web server, which contains information about what level of security the browser is capable of accepting and what type of encryption the browser can decipher. The client_hello message also estabishes a randomly generated number that uniquely identifies the client and another number that identifies the session. Step 2 - the server responds with a server_hello message that confirms the information it received from the browser and agrees to certain terms of encryption based on the options supplied by the browser. Depending on the web server's preferred encryption method, the server might choose to issue to the browser a public key or a digital certificate. Step 3 - If the server requests a certificate from the browser, the browser sends it. Any data the browser sends to the server is encrypted using the server's public key. Session keys used only for this one session are also established.
How to resolve the name
Step 1. The resolver on the client computer first searches its DNS cache, a database stored on the local computer, for the match. If it can't find the information there, the resolver sends a DNS message or query to its local DNS server. Step 2 and 3. The local name server queries a root server with the request. The root server responds to the local name server with a list of IP addresses of TLD name servers responsible for the .edu suffix. Step 4 and 5. The local name server makes the same request to one of the TLD name servers responsible for the .edu suffix. The TLD name server responds with the IP address of the mdc.edu authoritative server. Step 6 and 7. The local name server makes the request to the authoritative name server at Miami Dade Community College, which responds to the Cengage name server with the IP address of the www.mdc.edu host. Step 8 - The local name server responds to the client resolver with the requested IP address. Both the Cengage name server and the Cengage client computer store the information in their DNS caches, and don't need to ask again until that information expires.
How STP selects and enforces switching paths on a network
Step 1: STP selects a root bridge, or master bridge, which will provide the basis for all subsequent path calculations. Only one root bridge exists on a network. From this root bridge, a series of logical branches, or data paths, emanate like branches on a tree. STP selects the root bridge based on its BID (Bridge ID). The BID is a combination of a 2-byte priority field, which can be set by a network admin, and the bridge's MAC address. To begin with, all bridges on the network share the same priority number, and so the bridge with the lowest MAC address becomes the root bridge by default. Step 2: STP examines the possible paths between all other bridges and the root bridge, and chooses the most efficient of these paths, called the least cost path, for each of the bridges. To enforce this path, STP stipulates that on any bridge, only one root port, which is the bridge's port that is closest to the root bridge, can forward frames toward the root bridge. Step 3: STP disables links that are not part of a shortest path. To do this, it enables only the lowest-cost port on each link between two bridges to transmit network traffic. This port is called the designated port. All ports can, however, continue to receive STP information.
XFP (10 Gigabit small form-factor pluggable)
Supports up to 10 Gbps and is slightly larger than SFP with lower power consumption than SFP+
names not resolving
Suppose you have a static IP address, netmask, and default gateway all configured correctly, you open a browser to check the connection, and you can't get to a web page. You open a Command prompt window, ping the gateway, and ping Google's public DNS server, and everything is working. But you still can't navigate to websites. Most likely, you're experiencing a DNS problem. When you set a static IP address, you also must see addresses for the primary and backup DNS servers. This is an easy detail to overlook. On the other hand, if you're using DHCP and still experiencing problems with names not resolving, your default DNS servers might be down. Consider changing to a public, cloud-hosted DNS server. Many public DNS servers are available for free online.
sequencing and checksums
TCP sends a character string called a checksum; TCP on the destination host then generates a similar string. If the two checksums fail to match, the destination host asks the source to retransmit the data. In addition, because messages don't always arrive in the same order they were created, TCP attaches a chronological sequence number to each segment so the destination host can, if necessary, reorder segments as they arrive.
two different methods of inserting twisted-pair wires into RJ-45 plugs
TIA/EIA 568A and TIA/EIA 568B. Functionally there is very little difference between these two standards. You only have to be certain that you use the same standard on every RJ-45 plug and jack on your network, so data is transmitted and received correctly. T568B is more common and is likely what you'll find on home and business networks. However, the federal government requires T568A on all federal contracts.
smart jack
Terminates a T-carrier line at the customer's demarc, either inside or outside the building, and is a type of NIU. The smart jack also functions as a monitoring point for the connection. If the line between the carrier and customer experiences significant data errors, the smart jack will report this fact to the carrier. Technicians can also check the status of the line at the smart jack. Most smart jacks include LEDs associated with transmitted and received signals. For example, a steady green light on the display indicates no connectivity problems, whereas a flickering light indicates data errors. A power light indicates whether or not the smart jack is receiving any signal. The smart jack is not capable of interpreting data, however, and relies on the CSU/DSU for that purpose.
FCC
The airwaves are considered a natural resource . This organizations grants organizations in different locations exclusive rights to use each frequency and specifies which frequency ranges can be used for what purposes. The ITU (international telecommunication union) is a United Nations agency that sets standards for international telecommunications including wireless frequency allocations and satellite orbits. Some bands can only be used with a license. Others such as Wi-Fi bands, are available for public use. In the case of Wi-Fi , you can own and use a Wi-Fi device without acquiring a license granted by the FCC to use.
gray hat hacker
These hackers abide by a code of ethics all their own. Although they might engage in illegal activity, their intent is to educate and assist. They are vulnerable to legal prosecution, and therefore often go to a great deal of effort to remain anonymous
duplicate IP address
This error message indicates that two devices on the same network are trying to use the same IP address. Usually this happens when at least one node is configured with a static IP address, or (2) this IP address was not reserved in DHCP and the server is attempting to assign the IP address to another node
OC-3
Throughput 155.52 Mbps. Popular choice for large businesses, and is equivalent to 100 T1s. A variant of OC-3 is OC-3c, where the c standards for concatenated. OC-3c concatenates three OC-1 lines into a single stream
ICMP packet fields
Type - 8 bits. Indicates the type of ICMP message, such as Destination Unreachable. Code - 8 bits. Indicates the subtype of the message, such as Destination host unknown. Checksum - 16 bits. Allows the receiving node to determine whether the ICMP packet became corrupted during transmission. Rest of header - 32 bits. Varies depending on message type and subtype. Data - Variable. Usually contains the IP header and first 8 bytes of the data portion of the IP packet that triggered the ICMP message
CHAP (Challenge Handshake Authentication Protocol)
Unlike PAP, CHAP encrypts usernames and passwords for transmission. It requires three steps to complete the authentication process. 1. challenge - the server sends the client a randomly generated string of characters 2. response - the client adds its password to the challenge and encrypts the new string of characters. It sends this new string of characters in a response to the server. meanwhile, the server also concatenates the user's password with the challenge and encrypts the new character string, using the same encryption scheme the client used. 3. accept/reject - the server compares the encrypted string of characters it received from the client with the encrypted string of characters it has generated. If the two match, it authenticates the client. But if the two differ, it rejects the client's request for authentication.
OSHA guidelines when using power (electric) tools or other hand tools in the workplace
Wear PPE, keep all tools in good condition and properly store tools not in use, use the right tool for the job and operate the tool according to the manufacturer's instruction sand guidelines, watch out for trip hazards
Fields in an IPv4 Packet
Version - 4 bits. Identifies the version number of the protocol IHL - 4 bits. Indicates the length of the IP header in bytes DiffServ (differentiated services) - 8 bits. Informs routers the level of precedence they should apply when processing the incoming packet. Differentiated services allows up to 64 values and a wide range of priority-handling options. Total length - 16 bits. Identifies the total length of the IP packet, including the header and data, in bytes. An IP packet, including its header and data, cannot exceed 65,535 bytes. Identification - 16 bits. Identifies the message to which a packet belongs and enables the receiving host to reassemble fragmented messages. This field and the following two fields, flags and fragment offset, assist in reassembly of fragmented packets. IP packets that are larger than what the network allows are fragmented into smaller packets for transmission Flags - 3 bits. indicates whether a message is fragmented and, if it is fragmented, whether this packet is the last fragment. The first bit is reserved for future use. When the second bit is set, it prevents the packet from being fragmented. A value of 1 in the third bit indicates more fragments are on the way. Fragment offset - 13 bits. Identifies where the packet fragment belongs in the series of incoming fragments. TTL (Time to Live) - 8 bits. Indicates the maximum duration that the packet can remain on the network before it is discarded. Although this field was originally meant to represent units of time, on modern networks it represents the number of times a packet can still be forwarded by a router, or the maximum number of router hops it has remaining. The TTL for packets varies and can be configured; it is usually set at 32 or 64. Each time a packet passes through a router, its TTL is reduced by 1. When a router receives a packet with a TTl equal to 0, it discards that packet and sends a TTL expired message via ICMP back to the source host Protocol - 8 bits. Identifies the type of protocol that will receive the packet (TCP, UDP, or ICMP) Header checksum - 16 bits. Allows the receiving host to calculate whether the IP header has been corrupted during transmission. If the checksum accompanying the message does not match the calculated checksum when the packet is received, the packet is presumed to be corrupt and is discarded. Source IP address - 32 bits. Indicates the IP address of the source host. Destination IP address - 32 bits. Indicates the IP address of the destination host Options - variable. May contain optional routing and timing information Padding - variable. Contains filler bits to ensure that the header is a multiple of 32 bits. Data - variable. Includes the data originally sent by the source host, plus any headers from higher layers. The data field is not part of the Ip header - it is encapsulated by the IP header.
Fields in an IPv6 Packet
Version - 4 bits. Indicates which Ip version the packet uses Traffic class - 8 bits. Identifies the packet's priority. It is similar to, but not the same as the DiffServ field in IPv4 packets. Flow label - 20 bits. Indicates which flow, or sequence of packets from one source to one or multiple destinations, the packets belongs to. Routers interpret flow information to ensure that packets belonging to the same transmission arrive together. Flow information may also help with traffic prioritization. Payload length - 16 bits. Indicates the size of the payload, or data, carried by the packet. Unlike the total length field in IPv4 packets, the Payload length in IPv6 packets does not refer to the size of the whole packet. Next header - 8 bits. Identifies the type of header that immediately follows the IP packet header, usually TCP or UDP. Hop limit - 8 bits. Indicates the number of times the packets can be forwarded by routers on the network, similar to the TTL field in IPv4 packets. When the hop limit reaches 0, the packet is discarded. Source address - 128 bits. Indicates the full IP address of the source host. Source address - 128 bits. Indicates the full IP address of the destination host. Data - variable. Includes the data originally sent by the source host, plus any headers from higher layers. The data field is not part of the IPv6 header - it is encapsulated by the IPv6 header.
three types of multiplexing technology used with fiber-optic cable
WDM (wavelength division multiplexing), DWDM (dense wavelength division multiplexing or dense WDM), CWDM (coarse wavelength division multiplexing or coarse WDM)
deauth (deauthentication) attack
When a Wi-Fi client is legitimately connected to a wireless access point, the AP or the client can send a deauthentication frame to tell the other device that the authentication session is being terminated. This can happen for any number of reasons, including inactivity, the client is leaving the area, the AP is overwhelmed with too many clients, or an unspecified reason. These frames are unencrypted and are easily spoofed. In a deauth attack, the attacker sends these faked deauthentication frames to the AP, the client, or both (or as a broadcast to the whole wireless network) to trigger the deauthentication process and knock one or more clients off the wireless network. This is essentially a Wi-Fi DoS attack in that valid users are prevented from having normal access to the network. At minimum, it can be a frustrating experience for users. In the hands of a skilled attacker, further information can be collected for more destructive attacks, such as a MitM attack.
step 2, SYN/ACK (response to the request)
When computer B receives this message, it responds with a segment containing the following information: The ACK and SYN bits are both set to 1, essentially saying, "Yes, I'm here and I'm listening" The acknowledgment number field contains a number that equals the sequence number computer A originally sent, plus 1. In its Sequence number field, computer B sends its own random number
WEP (wired equivalent privacy) standard
When configuring WEP, you establish a character string that is required to associate with the access point, also known as the network key. The user must provide the correct key before the client can gain access to the network via the access point. The network key can be saved as part of the client's wireless connection's properties. WEP uses keys both to authenticate network clients and to encrypt data in transit. The first implementation of WEP allowed for 64 bit network keys, and current versions of WEP allow for more secure 128 bit or even 256 bit network keys. Still, WEP's use of the shared key for authenticating all users and for exchanging data makes it more susceptible to discovery than a dynamically generated, random, or single-use key. Even 128 bit network keys can be cracked in a matter of minutes. Moreover, because WEP operates in the physical and data link layers of the OSI model, it does not offer end-to-end data transmission security. WEP was replaced with a quick-fix improvement called WPA, which was later improved yet again with WPA2.
CSMA/CA (Carrier Sense Multiple Access with Collision Avoidance)
Wireless devices are not designed to transmit and receive simultaneously and so cannot prevent collisions. Instead, 802.11 standards specify the use of this to access a shared medium. Compared with CSMA/CD (Carrier Sense Multiple Access with Collision Detection), CSMA/CA minimizes the potential for collisions, but cannot detect the occurence of a collision and so cannot take steps to recover from the collisions that do occur. Step 1: Using CSMA/CA, a node on an 802.11 network checks for existing wireless transmissions before it begins to send data. If the source node detects no transmission activity on the network, it waits a brief, random amount of time, and then sends its transmission. If the source does detect activity, it waits a brief period of time before checking the channel again> Step 2: The destination node receives the transmission and, after verifying its accuracy, issues an ACK (acknowledgment) packet to the source. If the source receives this acknowledgment, it assumes the transmission was properly completed. Interference or other transmissions on the network could impede this exchange. If after transmitting a message, the source node fails to receive acknowledgment from the destination node, it assumes its transmission did not arrive properly, and it begins the CSMA/CA process anew. The use of ACK packets to verify every transmission means that 802.11 networks require more overhead than 802.3 networks.
ESSID (extended service set identifier)
Within an ESS, a client can associate with any one of many APs that use the same ESSID. This allows users to roam about a large office space without losing wireless network service. In practice, many networking professionals don't distinguish between the terms SSID and ESSID. They simply configure every access point in a group or LAN with the same SSID
security type mismatch
Your wireless client must be configured to use the same type of encryption as your access point. Most of the time, this is negotiated automatically between the AP and the client. To configure the security type manually on a Windows 10 client, open the Network and Sharing Center, click Change adapter settings, right-click the active connection and click Status, and then open the connection's properties dialog box. Click the Security tab to change the security type, encryption type, or network security key.
subnet mask (netmask)
a 32-bit number that helps one computer find another. The 32 bits are used to indicate what portion of an IP address is the network portion, called the network ID or network address, and what part is the host portion, called the host ID or node ID. Using this information, a computer can determine if anohter computer with a given IP address is on its own or a different network
DRDoS (distributed reflection DoS) attack
a DDoS attack bounced off of uninfected computers, called reflectors, before being directed at the target. This is achieved by spoofing the source IP address in the attack to make it look like all the requests for response are being sent by the target, then all the reflectors send their responses to the target, thereby flooding the target with traffic
SSO (single sign-on)
a form of authentication in which a client signs on one time to access multiple systems or resources. ex: kerberos. The primary advantage of a single sign-on is convenience. Users don't have to remember several passwords, and network administrators can limit the time they devote to password management. The biggest disadvantage is that once the obstacle of authentication is cleared, the user has access to numerous resources. A hacker needs fewer credentials to gain access to potentially many files or connections. For greater security some systems require clients to supply two or more pieces of information to verify their identity called 2FA (two-factor authentication). An authentication process that requires two or more pieces of information is known as MFA (multifactor authentication). There are five categories of authentication factors: *something you know - password, PIN, or biographical data *something you have - ATM card, smart card, or key *something you are - fingerprint, facial pattern, or iris pattern *somewhere you are - location in a specific building or secured closet *something you do - the way you type, speak, or walk multifactor authentication requires at least one authentication method from two different categories.
ATM (Asynchronous Transfer Mode)
a WAN technology that functions primarily at Layer 2, the Data Link layer, although its protocols can also reach to Layers 1 and 3. Its ITU standard prescribes both network access and signal multiplexing techniques. In this context, asynchronous refers to a communications method in which nodes do not have to conform to any predetermined schemes that specify the timing of data transmissions. In asynchronous communications, a node can transmit at any instant, and the destination node must accept the transmission as it comes. This is in contrast to timed, synchronous communications as used by SONET technology. To ensure that the receiving node knows when it has received a complete frame, asynchronous communications provide start and stop bits for each character transmitted. When the receiving node recognizes a start bit, it begins to accept a new character. When it receives the stop bit for that character, it ceases to look for the end of that character's transmission. Asynchronous data transmission, therefore, occurs in random stops and starts. Like Ethernet and frame relay, ATM specifies Data Link layer framing techniques. What sets ATM apart from Ethernet on a LAN and frame relay on a WAN is its fixed message size. In ATM, a message is called a cell and always consists of 48 bytes of data plus a 5-byte header. This fixed-sized, 53-byte package allows ATM to provide predictable network performance. However, recall that a smaller message size requires more overhead. In fact, ATM's smaller message size does decrease its potential throughput, but the efficiency of using cells helps compensate for that loss. Like frame relay, ATM relies on virtual circuits. On an ATM network, switches determine the optimal path between the sender and receiver and then establish this path before the network transmits data. The use of virtual circuits means that ATM provides the main advantage of circuit switching—that is, a point-to-point connection that remains reliably available to the transmission until it completes. The use of virtual circuits makes ATM a connection-oriented technology. Because ATM packages data into cells before transmission, with each cell traveling separately to its destination, ATM is also considered a packet-switching technology. Establishing a reliable connection allows ATM to guarantee a specific QoS for certain types of transmissions. ATM networks can supply four QoS levels, from a "best effort" attempt for noncritical data to a guaranteed, real-time transmission for time- sensitive data. This is important for organizations using networks for time-sensitive applications, such as video and audio transmissions. ATM is relatively expensive, is rarely used on small LANs, and is almost never used to connect typical workstations to a network. Although ATM was popular in the 1990s, it was initially overshadowed by IP and MPLS, and is now being edged out of the market completely by Metro Ethernet, which is cheaper.
dedicated line
a cable or other telecommunications path has continuously available communications channels and is not shared with other users. Private or dedicated lines are generally more expensive than other options and come in a variety of types that are distinguished by their capacity and transmission characteristics.
iwconfig
a command-line utility for viewing and setting wireless interface parameters, is common to nearly all versions of Linux and Unix. Using the iwconfig command, you can modify the SSID of the access point you choose to associated with, as well as many other variables
gateway
a computer, router, or other device that a host uses to access another network. The default gateway is the gateway devices that nodes on the network turn to first for access to the outside world
cable modem
a device that modulates and demodulates signals for transmission and reception via cable wiring (see Figure 12-14). The cable modem must conform to the correct version of DOCSIS supported by the ISP. Most newer cable modems use DOCSIS 3.0 or 3.1 and are backward compatible, but ISPs might charge extra when later modem models are used. Cable modems operate at the Physical and Data Link layers of the OSI model, and, therefore, do not manipulate higher-layer protocols, such as IP. The cable modem connects to a customer's PC via the NIC's RJ-45, USB, or wireless interface. Alternately, the cable modem could connect to a connectivity device, such as a switch or router, thereby supplying bandwidth to a LAN rather than to just one computer. It's also possible to use a device that combines cable modem functionality with a router; this single device can then provide both the cable broadband connection and the capability of sharing the bandwidth between multiple nodes.
RIP (Routing Information Protocol)
a distance-vector routing protocol, is the oldest routing protocol. Advantages: simplicity - quick and easy configuration stability - prevents routing loops from continuing indefinitely by limiting the number of hops a message can take between its source and its destination to 15. If the number of hops in a path exceeds 15, the network destination is considered unreachable. disadvantages: limited metrics - only considers the number of hops between nodes when determining the best path. excessive overhead - broadcasts routing tables every 30 seconds to other routers, regardless of whether the tables have changed poor convergence time - might take several minutes for new information to propagate to the far reach of the network limited network size - does not work well in very large network environments where data might have to travel through more than 15 routers to reach its destination slower and less secure - outdated by newer routing protocols
NFC (Near Field Communication)
a form of RFID and transfers data wirelessly over very short distances (usually 10 cm or less). A tiny antenna embedded in the device sends its radio signal at a fixed frequency of 13.56 MHz. The signal can also be transmitted one way by an NFC tag, or smart tag, such as when employees need to access a secure area of a building. Other uses of NFC tags include ticketing, cashless payment, shopping loyalty or membership programs, identification, data sharing, and PC logon capabilities. The NFC tags require no power source other than the receiving device's power field. The NFC tag collects power from the smartphone or other device by magnetic induction, which is a form of wireless power transmission. Once power is introduced to the NFC tag by the receiving device's proximity, the tag transmits its data, up to 32 KB depending on the tag's type. Type 1 and Type 2 store 96 and 48 bytes respectively and have a speed of 106 Kbps. They are user-configured for read/write or read-only. Type 3 and Type 4 have a storage of up to 1 Mb or 32 Kb respectively and their speed are 212 Kbps and 106 Kbps - 424 Kbps. They are manufacturer-configured for read/write or read-only. They are very inexpensive and can be purchased blank, ready to be loaded, and integrated into posters, stickers, business cards, keychains, prescription bottles, or equipment labels. They can be programmed to transmit stored data, launch apps, direct a browser to a web page, or change device settings. This makes them useful even for casual, personaly use.
multiplexing
a form of transmission that allows multiple signals to travel simultaneously over one medium. Networks rely on this to increase the amount of data that can be transmitted in a given timespan over a given bandwidth. To carry multiple signals, the medium's channel is logically separated into multiple smaller channels, or subchannels. Many different types of multiplexing are available, and the type used depends on what the media, transmission, and reception equipment can handle. For each type, a device that can combine many signals on a channel, a multiplexer (mux), is required at the transmitting end of the channel. At the receiving end, a demultiplexer (demux) separates the combined signals.
snapshot
a frequently saved, incremental backup of the data's state at a specific point in time, even as the data continues to be modified by users. Unlike true backups, snapshots are not stored in a separate location, and so can't be used to replace a more robust backup system. Sometimes a snapshot only contains information about changes made since the last backup, and so could not fully restore lost data.
SOHO network
a home or small office network, might call for only one AP. This device often combines switching, routing, and other network functions as well. In this case, the device is more accurately called a wireless router or SOHO router, and connects wireless clients to the LAN in addition to serving as their gateway to the Internet. Typical home network: The ISP's signal comes into the premise through a cable or DSL mode. The modem connects to the SOHO router using an RJ-45 cable. This cable is inserted into the SOHO router's WAN port, which is set apart from the other data ports and might be labeled "Internet" or remain unlabeled. The additional ports allow for wired access to the router, which contains switch hardware inside the device to manage connected devices. An AP that does not include routing or switching functions would lack these extra ports and act much like a wireless hub.
upgrade
a major change to software package that enhances the functionality and features of the software, while also correcting bugs and vulnerabilities
interface
a node's attachment to a link. the attachment can be physical using a network adapter or wireless connection, or logical, such as with a virtual machine
AD (administrative distance)
a number indicating the protocol's reliability, with lower values being given higher priority. This assignment can be changed by a network administrator when one protocol should take precedence over a previously higher-rated protocol on that network
patch panel
a panel of data receptors which can be mounted to a wall or a rack and which provides a central termination point when many patch cables coverge in a single loction
tailgating
a person posing as an employee or a delivery or service provider follows an authorized employee into a restricted area
baseline
a report of the network's normal state of operation and might include a range of acceptable measurements. They are obtained by analyzing network traffic information and might include information on the utilization rate for your network backbone, number of users logged on per day or per hour, number of protocols that run on your network, statistics about errors (such as runts, jabbers, or giants), frequency with which networked applications are used, or information regarding which users take up the most bandwidth. They allow you to compare future performance increases or decreases caused by network changes or events with past network performance. Obtaining baseline measurements is the only way to know for certain whether a pattern of usage has changed or whether a network upgrade made a difference. Each network requires its own approach and a reliable schedule for documenting and reviewing baselines to identify unexpected variations. The elements you measure and monitor depend on which functions are most critical to your network and its users. Network traffic patterns can vary considerably over time and must account for two major factors: • Normal variations throughout the day, week, month, and different seasons. For example, a large retail company will have significantly busier traffic patterns during holiday seasons, and this is completely normal for that network. • Changes to the network that might be unpredictable in the resulting impact. For instance, the preceding example assumed that all new users would share the same network usage habits as the current users. In fact, however, the new users might generate a great deal more, or a great deal less, network traffic.
request for proposal (RFP)
a request to vendors to submit a proposal for a product or service your company wants to purchase. Key parts of an RFP include why your company requires the product or service, how the product or service will be used, how and when the proposals will be evaluated, and a list of items a vendor should include in its proposal
overhead
a routing protocol is rated on its overhead, or the burden placed on the underlying network to support the protocol
UTM (Unified Threat Management)
a security strategy that combines multiple layers of security appliances and technologies into a single safety net. A UTM solution can provide a full spread of security services managed from a single point of control. One disadvantage to this arrangement is that the "total" really is the sum of its parts. So, if one layer of coverage in a UTM is low quality, overall protection is significantly compromised. UTM, due to its multiplicity of features, also requires a great deal of processing power. Because this is less of a challenge today than it was in the past, UTM is regaining ground as a leading security strategy, especially for small- to medium-sized businesses that benefit the most from devices needing little configuration or management.
remote access
a service that allows a client to connect with and log on to a server, Lan, or WAN in a different geographical location. After connecting, a remote client can access files, applications, and other shared resources, such as printers, like any other client on the server, LAN, or WAN. To communicate via remote access, the client and host need a transmission path plus the appropriate software to complete the connection and exchange data. three of the most common methods are: 1. point to point remote access over a dedicated (usually leased) line, such as DSL or T1 access to an ISP 2. Terminal Emulation, also called remote virtual computing, which allows a remote client to take over and command a host computer 3. VPN (virtual private network), which is a virtual connection that remotely accesses resources between a client and network, two networks, or two hosts over the Internet or other types of networks.
DiffServ (Differentiated Services)
a simple technique that addresses QoS issues by prioritizing traffic at Layer 3. DiffServ takes into account all types of network traffic, not just the time-sensitive services such as voice and video. That way, it can assign streams a high priority and at the same time assign unessential data streams a low priority. This technique offers more protection for time-sensitive, prioritized services. To prioritize traffic, DiffServ places information in the DiffServ field of an IPv4 packet. The first 6 bits of this 8-bit field are called DSCP (Differentiated Services Code Point). In IPv6 packets, DiffServ uses a similar field known as the Traffic Class field. This information in both IPv4 and IPv6 packets indicates to network routers how the data stream should be forwarded. DiffServ defines two types of forwarding, EF (expedited forwarding) and AF (assured forwarding). Because of its simplicity and relatively low overhead, it is well suited to large, heavily trafficked networks.
TFTP (Trivial FTP)
a simple version of FTP that includes no authentication or security for transferring files and uses UDP at the Transport layer (unlike FTP, which relies on TCP at the Transport layer). TFTP requires very little memory and is most often used by machines behind the scenes to transfer boot files or configuration files. It's not safe for communication over the Internet, is not capable of giving users access to directory information, and limits file transfers to 4 GB. TFTP listens at port 69 and negotiates a data channel for each connection.
fixed frequency
a single frequency for a band
digital certificate
a small file containing that user's verified identification information and the user's public key. It is issued, maintained, and validated by an organization called a CA (certificate authority). The use of certificate authorities to associate public keys with certain users is known as PKI (public-key infrastructure).
testing lab
a small network that is segmented from the rest of the network and contains computers called test beds that represent the typical hardware and OS configurations in your network as well as any specialized equipment your company uses that might interact with the proposed new software or hardware. also determine whether and how the change can be reversed, in case troubles arise
NAS (network attached storage)
a specialized storage device or group of storage devices that provides centralized, fault-tolerant data storage for a network. You can think of NAS as a unique type of server dedicated to data sharing. NAS devices offer some significant advantages on a network: • optimization—Compared to a typical file server, a NAS device contains its own file system that is optimized for saving and serving files. Because of this optimization, NAS reads and writes from its disk(s) significantly faster than other types of servers. • adaptability—Because NAS devices can store and retrieve data for any type of client (providing the client can run TCP/IP), NAS is appropriate for networks that use a mix of different operating systems, multimedia types, and even IoT components that require centralized storage space. • expansion—NAS hardware can be easily expanded without interrupting service. You can physically install a new hard drive without shutting down the system. The NAS device recognizes the added storage and immediately adds it to its pool of available reading and writing space. A NAS server's pool of storage space is provided by multiple hard disk drives. These disks can be configured with a form of RAID (redundant array of inexpensive disks or redundant array of independent disks) for redundancy and improved performance. The four most common types of RAID are: • RAID 0—Data is striped—or written across—multiple disks to improve performance. RAID 0 provides no real redundancy, in that only one copy of data is stored. • RAID 1—Data is mirrored—or duplicated—on multiple disks to provide fault tolerance. If one copy is lost, the other copy is still available. • RAID 5—Data is striped across three or more drives, and parity information is added to the data. Parity checking can be used to recreate data from any one drive if that drive fails, even though only one copy of the data is stored. • RAID 10 (pronounced "RAID one zero")—Using four or more disks, data is mirrored within each pair of disks, and then striped to multiple pairs of disks NAS uses file-level storage for its data. This means there must be some kind of file system formatted on the disks. NAS servers can also be clustered. FOr this to work, the NAS file system is distributed throughout the cluster. Files stored on any device within the cluster can be accessed through the distributed file system and a single connection point. Due to the organizational structure required to manage data by files, more efficient alternatives have been developed. One of these options is block level storage. While block level storage also has a file system, it's a flat storage, not hierarchical. Data is stored as same-size blocks on storage drives. Systems that use block level storage require different connectivity mechanisms for clients to access the data.
Although Ethernet is generally thought of as a layer 2 protocol, it also has layer 1 functions that determine
a transmission's frequency and other electrical characteristics. Part of the function of this layer is to provide signaling between two nodes as they negotiate a common language by which to communicate. Other familiar Layer 2 technologies, such as USB and Wi-Fi, also include physical layer components.
storm control
a type of flood guard that protects against flooding attacks from broadcast and multicast traffic. It monitors network traffic at one-second intervals to determine if the traffic levels are within acceptable thresholds. Any time traffic exceeds the predefined t hreshold, all traffic is dropped for the remainder of the time interval. This feature is managed on all three major vendor's devices using the storm-control command.
DTLS (Datagram Transport Layer Security)
a variant of TLS. It is designed specifically for streaming communications. As the name implies, DTLS relies on UDP instead of TCP, which minimizes delays. However, applications using DTLS must provide their own means of packet reordering, flow control, and reliability assurance. DTLS includes security levels that are comparable to TLS and is commonly used by delay-sensitive applications such as VoIP and tunneling applications such as VPN.
How cellular networks work
all cellular networks share a similar infrastructure in which coverage areas are divided into cells. Each cell is served by an antenna and its base station, or cell site. At the base station, a controller assigns mobile clients frequencies and manages communication with them. In network diagrams, cells are depicted as hexagons. Multiple cells share borders to form a network in a honeycomb pattern. Antennas are positioned at three corners of each cell, radiating and providing coverage over three equidistant lobes. When a client passes from one coverage area to another, his mobile device begins communicating with a different antenna. His communication might change frequencies or even carriers between cells. The transition, which normally happens without the user's awareness, is known as a handoff. Cell sizes vary from roughly 1000 feet to 12 miles in diameter. The size of a cell depends on the network's access method and the region's topology, population, and amount of cellular traffic. An urban area with dense population and high volume of data and voice traffic might use cells with a diameter of only 2000 feet, their antennas mounted on tall buildings. In sparsely populated rural areas, with antennas mounted on isolated hilltop towers, cells might span more than 10 miles. In theory, the division of a network into cells provides thorough coverage over any given area. In reality, cells are misshapen due to terrain, EMF, and antenna radiation patterns. Some edges overlap and others don't meet up, leaving gaps in coverage. each base station is connected to an MSC (mobile switching center), also called an MTSO (mobile telecommunications switching office), by a wireless link or fiber-optic cabling. The MSC might be located inside a telephone company's central office or it might stand alone and connect to the central office via another fiber-optic cabling or a microwave link. At the MSC, the mobile network intersects with the wired network. Equipment at an MSC manages mobile clients, monitoring their location and usage patterns, and switches cellular calls. It also assigns each mobile client an IP address. With 4G cellular services, a client's IP address remains the same from cell to cell and from one carrier's territory to another. In 3G cellular services, however, client IP addresses might change when the user transitions to a different carrier's service area. From the switching center, packets sent from cellular networks are routed to wired data networks through the PSTN or private backbones using WAN technologies.
CARP (Common Address Redundancy Protocol)
allows a pool of computers or interfaces to share one or more IP addresses. This pool is known as a group of redundancy or redundancy group. When using CARP, one device, acting as the group master, receives requests for an IP address, then parcels out the requests to one of several devices in the group. It is a free alternative to VRRP (Virtual Router Redundancy Protocol), or Cisco's propriety version called HSRP (Hot Standby Routing Protcol). Although VRRP and HSRP function somewhat differently than CARP and used solely for routers, the general idea is the same.
nslookup (name space lookup) utility
allows you to query the DNS database from any computer on the network and find the host name of a device by specifying its IP address, or vice versa. This is useful for verifying that a host is configured correctly or for troubleshooting DNS resolution problems. The nslookup utility is available in two modes: interactive and noninteractive. Nslookup in noninteractive mode gives a response for a single nslookup command. This is fine when you're investigating only one server, or when you're retrieving single items of information at a time. To test multiple DNS servers at one time, use hte nslookup utility in interactive mode, which makes available more of the utility's options. To launch interactive mode, enter the nslookup command without any parameters. After you enter the command, the command prompt changes to a greater-than symbol (>). You can then use additional commands to find out more about the contents of the DNS database. You can change DNS servers from within interactive mode with the server subcommand and specifying the IP address of the new DNS server. To exit nslookup interactive mode and return to the normal command prompt, enter exit. To see the options on a UNIX or Linux system, use the man nslookup command. On a Windows based system, use the nslookup/? command.
main distribution frame or main distribution facility (MDF)
also known as the MC (main cross-connect), it is the centralized point of interconnection for an organization's LAN or WAN. It can refer to the racks holding the network equipment or the room that houses both the racks and the equipment. Connections branching out of this include Ethernet cables connecting to nearby work areas, large cables running to IDFs in other buildings or on other floors of the same building, and the incoming connection from the service provider's facility.
IPsec (Internet Protocol Security)
an encryption protocol suite that defines a set of rules for encryption, authentication, and key management for TCP/IP transmissions. It is an enhancement to IPv4 and is native to IPv6. IPsec works at the Network layer of the OSI model. It adds security information to the headers of all IP packets and encrypts the data payload. It creates secure connections in five steps as follows: 1. IPsec initiation - noteworthy traffic, as defined by a security policy, triggers the initiation of the IPsec encryption process 2. Key management - through a key management process, two nodes agree on common parameters fo rhte keys they will use. This phase primarily includes two services: IKE (Internet Key Exchange) - negotiates the exchange of keys, including authentication of the keys; the current version is IKEv2. ISAKMP (Internet Security Association and Key mManagement protocol) - works within the IKE process to establish policies for managing the keys 3. Security negotiations - IKE continues to establish security parameters and associations that will serve to protect data while in transit 4. Data transfer - After parameters and encryption techniques are agreed upon, a secure channel is created, which can be used for secure transmissions until the channel is broke. Data is encrypted and then transmitted. Either AH (authentication header) encryption or ESP (Encapsulating Security Payload) encryption may be used. Both types of encryption provide authentication of the IP packet's data payload through public key techniques. In addition, ESP encrypts the entire IP packet for added security. 5. Termination - IPsec requires regular reestablishment of a connection to minimize the opportunity for interference. The connection can be renegotiated and reestablished before the current session times out in order to maintain communication Ipsec can be used with any type of TCP/IP transmission and operates in two mode: transport mode - connects two hosts tunnel mode - runs on routers or other connectivity devices in the context of VPNs
DMVPN (Dynamic Multipoint VPN)
an enterprise VPN that dynamically creates VPN tunnels between branch locations as needed rather than requiring constant, static tunnels for site-to-site connections. In this configuration a hub router sits at the headquarters location, and each remote office has a spoke router. Usually, when hosting enterprise VPN connections, the involved gateways all need static IP addresses from the ISP. With DMVPN, however, only the hub router needs a static public IP address. The spoke routers can communicate with the hub router to create VPN tunnels as needed, even from a spoke router to a spoke router. A DMVPN configuration is achieved through creative adaptation and use of VPN tunneling protocols.
disaster
an extreme type of incident, involving a network outage that affects more than a single system or limited group of users.
PPTP (Point-to-point Tunneling Protocol)
an older Layer 2 protocol developed by Microsoft that encapsulates VPN data frames. It uses TCP segments at the Transport layer. PPTP supports the encryption, authentication, and access services provided by the VPn server; however, PPTP itself is outdated and is no longer considered secure
forwarding DNS server
an optional server that receives queries from local clients but doesn't work to resolve the queries. Typically, a forwarding server will maintain its own DNS cache from previous queries, and so it might already have the information the client needs. If not, the forwarding server forwards the query to another server to resolve. Several forwarding servers may be strategically placed throughout the organization's network to reduce network traffic on slow links
registry, also known as a domain name registry operator
an organization or country that is responsible for one or more TLDs and that maintains a database or registry of TLD information
first responder
are the people with training and/or certifications that prepare them to handle evidence in such a way as to preserve its admissibility in court.
ISDN (integrated services digital network)
as an international standard was originally established by the ITU in 1984 for transmitting both digital data and voice over the PSTN. ISDN specified protocols at the Physical, Data Link, and Transport layers of the OSI model. These protocols handled signaling, framing, connection setup and termination, routing, flow control, and error detection and correction. Connections could be either dial-up or dedicated. One disadvantage of ISDN was that it could span a distance of only 18,000 linear feet before repeater equipment was needed to boost the signal. For this reason, it was only feasible to use for the local loop portion of the WAN link. All ISDN connections were based on two types of channels: • B channel—"Bearer" channel, employing circuit-switching techniques to carry voice, video, audio, and other types of data over the ISDN connection. A single B channel had a maximum throughput of 64 Kbps. The number of B channels in a single ISDN connec- tion could vary. • D channel—"Data" channel, employing packet-switching techniques to carry information about the connection, such as session initiation and termination signals, caller identity, call forwarding, and conference calling signals. A single D channel had a maximum throughput of 16 or 64 Kbps, depending on the type of ISDN connection. Each ISDN connection used only one D channel. In North America, two types of ISDN connections were commonly used: Basic Rate Interface and Primary Rate Interface. BRI (Basic Rate Interface) used two B channels and one D channel, as indicated by the notation 2B1D. The two B channels were treated as separate connections by the network and could carry voice and data or two data streams simultaneously and separate from each other. In a process called bonding, these two 64-Kbps B channels could be combined to achieve an effective throughput of 128 Kbps— the maximum amount of data traffic that a BRI connection could accommodate. Most consumers who subscribed to ISDN from home used BRI, which was the most economical type of ISDN connection. Although ISDN is a type of digital transmission, it is sometimes needed to connect to analog equipment, such as a regular telephone. To do so, the digital signal passed through a TA (terminal adapter), which converted it into an analog signal for use by analog devices. (Terminal adapters were sometimes called ISDN modems, though they are not, technically, modems.) For a home user, the terminal adapter was most likely an ISDN router, whereas the terminal equipment could be an Ethernet card in the user's workstation plus, perhaps, a phone.
site survey
assesses client requirements, facility characteristics, and coverage areas to determine an AP arrangement that will ensure reliable wireless connectivity within a given area. Study building blueprints to identify potential obstacles, clarify the distances your network needs to span on each floor, and anticipate wireless demand from devices that tend to occupy each floor during the course of business. Consider whether Wi-Fi access points will be used as wireless bridges to extend wired access to remote areas of the network. The throughput demands of a wireless bridge can be significantly higher than typical Wi-Fi clients. Determine whether certain floors require multiple APs. Visually inspecting the floors will also help determine coverage areas and best AP locations. Measure the signal coverage and strength from other WLANs to inform your decision about the optimal strength and frequency for your wireless signals. Test proposed access point locations. In testing a "dummy" Ap is carried from location to location while a wireless client connects to it and measures its range and throughput. Test wireless access from the farthest corners of your space. This testing will reveal unforeseen obstacles, such as EMI issued from lights or heavy machinery. Consider the materials used in objects that aren't always present in the environment, such as stocked inventory in a warehouse. Consider how the wireless portions of the LAN will integrate with the wired portions. Access points connect the two. AirMagnet and inSSIDer are site survey software that can help you site survey. Many programs offer a heat map feature that maps Wi-Fi signals and other noise in your location. An accurate heat map can also pinpoint gaps in Wi-Fi coverage, called dead zones, throughout the building to ensure that employee productivity isn't adversely affected by dropped Wi-Fi connections or unnecessarily slow connections.
NMS (network management system) server
at least one network management console, which may be a server or workstation, depending on the size of the network, collects data from multiple managed devices at regular intervals in a process called polling
F-connectors
attach to coaxial cable so that the pin in the center of the connector is the conducting core of the cable. Therefore, F-connectors require that the cable contain a solid metal core. After being attached to the cable by crimping, connectors are threaded and screwed together like a nut-and-bolt assembly. A corresponding female F-connector, or jack would be coupled with the male connector. F-connectors are most often used with RG-6 cables
loopback adapter
attaches to a port, such as an RJ-45 port, or a cable connector. It crosses the transmit line with the receive line to create a closed loop, tricking a host into thinking, it's connected to a network as it "hears" its own data transmission. This is one way to test a port or cable for connectivity.
cinch cables loosely
avoid cinching cables so tightly with cable ties that you squeeze their outer covering
Wireless USB
based on the UWB (ultra-wideband) radio platform, these products mimic wired USB 2.0 connections with similar speeds, security, easy of use, and compatibility. UWB radios transmit in the range between 3.1 and 10.6 GHz, a relatively uncrowded band that is also commonly used for wireless media streaming. More recent developments for wireless USB include devices that use the Wi-Fi frequencies of 2.4 and GHz or the WiGig grotocol's faster throughput in the 60 GHz band. Wireless USB requires little power and operates within about a 10-m range.
Class E addresses
begin with 240 through 254, are reserved for research
bit rate
bits transmitted per second. used to express throughput and bandwidth
distance-vector routing protocols
calculate the best path to a destination on the basis of the distance to that destination. Some distance-vector routing protocols factor only the number of hops to the destination, whereas others take into account route latency and other network traffic characteristics. Distance-vector routing protocols periodically exchange their route information with neighboring routers. However, routers relying on this type of routing protocol must accept the data they receive from their neighbors and cannot independently assess network conditions two or more hops away. RIP, RIPv2, and EIGRP are distance-vector routing protocols.
amplified DRDoS attack
can be amplified when conducted using small, simple requests that trigger very large responses from the target. Several protocols lend themselves to being used in these kinds of attacks, such as DNS, NTP, ICMP, SNMP, and LDAP
link local address
can be used for communicating with nodes in the same link, and is similar to an autoconfigured APIPA address in IPv4. It begins with FE80::/10. The first 10 bits of the reserved prefix are fixed (1111 1110 10), and the remaining 54 bits in the 64 bit prefix are all zeroes. Therefore, a link local address prefix is sometimes written as FE80::/64. Link local addresses are not allowed past the local link or on the Internet
subnet ID
can be used to identify a subnet on a large corporate network
asset tracking tags
can be used to monitor the movement and condition of equipment, inventory, and people. Can be a simple barcode or a wireless-enabled transmitter. Asset tracking enables constant or periodic collection of information. This data is then reported to a central management application for monitoring, logging, and reporting. As wireless technologies have improved, these asset tracking systems have grown beyond Wi-Fi dependent systems, which tend to be expensive and require frequent battery replacement for each asset being tracked. Today, these systems often use Bluetooth, RFID, cellular, and GPS wireless technologies. These technologies are sometimes also combined with cloud technology, to provide deeper insights through data analytics, and with IoT technology, to increase the security of IoT networks.
management VLAN
can be used to provide administrative access to a switch. By default, this might be the same as the default VLAN; however, this poses a security risk and should be changed
content-filtering firewalls
can block designated types of traffic based on application data contained within packets
noise
can degrade or distort a signal and, on a network, is measured in dB (decibels). two common sources of noise are EMI (electromagnetic interference) and crosstalk
eDiscovery, or electronic discovery
can reveal a great deal of information, called ESI (electronically stored information) or active data, contained on a computer's hard drives and storage media, such as calendars, email, and databases. Computer forensics is a deeper more thorough investigation than eDiscovery - essentially a computer autopsy designed to discover hidden data, such as deleted files and file fragments called ambient data.
brandwidth speed tester
can test a WAN connection to see what the current upload and download speeds are
fault tolerance
capacity for a system to continue performing despite an unexpected hardware or software malfunction. The key to fault tolerance in network design is supplying multiple paths that data can use to travel from any one point to another. Therefore, if one connection or component fails, data can be rerouted over an alternate path. can be realized in varying degrees; the optimal level of fault tolerance for a system depends on how critical its services and files are to productivity. At the highest level of fault tolerance, a system remains unaffected by even the most drastic, such as a regional power outage. In this case, a backup power source, such as an electrical generator, is necessary to ensure fault tolerance. However, less dramatic faults, such as a malfunctioning NIC on a router, can still cause network outages, and you should guard against them
DCE (data circuit terminating equipment)
carrier's endpoint device for the WAN
hybrid cloud
combination of the other service models into a single deployment, or a collection of services connected within the cloud. In the real world, the hybrid cloud infrastructure is a common result of transitory solutions. (In IT, solution refers to a product, service, or combination of products and services, and often includes extra features such as ongoing customer service.)
switchport port-security
command to secure switch access ports. Essentially a MAC filterng f unction that also protects against MAC flooding, which makes it a type of flood guard.
electrostatic discharge (ESD)
commonly known as static electricity. an electrical charge at rest. when your body and component have different static charges and you touch the component, you can discharge up to 1500 volts of static electricity without seeing a spark or feeling the discharge. this can damage sensitive electronic components such as a NIC, motherboard, and memory modules.
ways to limit the potential for noise to degrade a signal include
ensuring that the strength of the signal exceeds the strength of the noise. proper cable design and installation are also critical
Wi-Fi (wireless fidelity)
commonly used for wireless Internet access, uses DSSS. In the United States, the FCC has defined 11 channels within the 2.4-GHz band for Wi-Fi and 24 channels in the 5-GHz band. (Other countries might have 14 Wi-Fi channels for the 2.4 GHz band.) In the U.S, each channel is 20 MHz wide. A Wi-Fi AP is manually configured to use a selected group of channels. Wi-Fi client devices scan the entire band for active channels. It is the most popular OSI physical and data link layer standard used by WLANs. Notable wireless standards developed by the IEEE 802.11 committee and its task groups are 802.11b, 802.11a, 802.11g, 802.11n, and 802.11ac.
ANT+
commonly used in activity monitoring devices, uses a fixed frequency, and therefore, does not use DSSS or FHSS. It is an ad-hoc wireless protocol operating at about 2.4 GHz. While it is a proprietary protocol, it is also open-source and therefore used by many manufacturers in addition to Garmin. ANT+ gathers and tracks information from sensors that are typically embedded in heart rate monitors, GPS devices, and other activity monitoring devices. Garmin's smartwatches track an athlete's activity levels and geographic movement, and then wirelessly sync this data to the person's smartphone, computer, and web-based accounts such as Strava (a social media site for athletic activities) or Facebook. Unlike Bluetooth, ANT+ can also sync data from multiple devices for the same activity, such as a smartwatch, smartphone, bicycle computer or fitness equipment such as a treadmill.
ZigBee
commonly used in industrial, scientific, and medical devices, uses DSSS and 16 channels. Based on the 802.15.4 standard, it is a low-powered, battery conserving wireless technology. It is designed to handle small amounts of data and is therefore ideal for use in ISM sensors. Also used in IoT devices for purposes such as building automation, HVAC control, AMR (automatic meter reading), and fleet management. The protocol is known for its relative simplicity and reliability when compared to other technologies such as Bluetooth, and its level of security, which is accomplished through the use of 128-bit AES encryption.
Bluetooth
commonly used to connet wireless personal devices, uses FHSS to take advantage of the 79 channels allocated to the Bluetooth band. In a network of Bluetooth devices (called a piconet), one device is designated the master and provides a clock the other devices use to coordinate their channel hopping. Because Bluetooth transmissions are constantly hopping channels, interference and collisions are unlikely to cause significant problems . It operates in the radio band of 2.4 GHz to 2.4835 GHz and hops between frequencies within that band (up to 1600 hops/sec) to help reduce interference. Most bluetooth devices require close proximity to form a connection, with the exact distance requirements depending on the class of the device. Class 1 devices provide the greatest flexibility, with their ability to maintain a reliable connection up to 100 meters apart and has a power output of 100 mW and is used for industrial purposes. Class 2 has a range up to 10 m and has a power output of 2.5 mW and is used for mobile devices. Class 3 has a range of up to 1 m and has a power output of 1 mW and is rarely used. Bluetooth power output is measured in mW (milliwatts), which is one-thousandth of a watt. Bluetooth interfaces are susceptible to a range of security risks, especially undesired Bluetooth connections such as bluejacking, in which a connection is used to download data without permission.
repeater
compensates for attenuation. signals are boosted en route by using this device which regenerates a digital signal in its original form without the noise it might have previously accumulated. A switch on an Ethernet network works as a multiport repeater, as the bits transmitted "start over" at each port on the switch
a router's strength lies in its intelligence. although any one router can be specialized for a variety of tasks, all routers can do the following:
connect dissimilar networks, such as a LAN and a WAN, which use different types of routing protocols Interpret Layer 3 and often Layer 4 addressing and other information (such as quality of service indicators) Determine the best path for data to follow from point A to point B. The best path is the most efficient route to the message's destination calculated by the router, based upon the information the router has available to it. Reroute traffic if the path of first choice is down but another path is available. Filter broadcast transmissions to alleviate network congestion. Act as a simple firewall, prevent certain types of traffic from getting to a network, enabling customized segregation and security. Support simultaneous local and remote connectivity. Provide high network fault tolerance through redundant components such as power supplies or network interfaces. Monitor network traffic and report statistics. Diagnose internal or other connectivity problems and trigger alarms.
WAN link
connection between one WAN site (or endpoint) and another site. They can be point-to-point (connects one site to only one other site) or multipoint (connects one site to two or more other sites).
NIU (network interface unit)
connects the ISP's local loop to the customer's network. A more intelligent version of an NIU is a smart jack, or INID (Intelligent NID), which can provide diagnostic information about the interface. For example, a smart jack might include loopback capabilities. Just like the loopback adapter you use to test a port or cable on your computer, the smart jack can loop the ISP's signal back to the CO (central office) for testing. The ISP is responsible for all wiring leading up to the NIU and for the NIU itself. The customer is responsible for everything past the NIU, unless the equipment is owned by the ISP, such as with a line driver, CSU/DSU, or set-top box.
trunk port
connects the switch to a router or another switch (or possibly a server). This interface manages traffic from multiple VLANs. A trunk line (or just "trunk") is a link between two trunk ports
socket
consists of both a host's IP address and a process's TCP or UDP port, with a colon separating the two values
STP (Shielded twisted pair)
consists of twisted-pair wires that are not only individually insulated, but also surrounded by a shielding made of a metallic substance such as a foil. Some STP cables use a braided copper shielding. The shielding acts as a barrier to external electromagnetic forces, thus preventing them from affecting the signals traveling over the wire inside the shielding. It also contains the electrical energy of the signals inside. The shielding must be grounded to enhance its protective effects and prevent reflection issues. The effectiveness of STP's shield depends on these characteristics: level and type of environmental noise, thickness and material used for the shield, grounding mechanism, symmetry and consistency of the shielding
802.11 data frame
contains four address fields; by contrast, the 802.3 (Ethernet) frame has only two. The transmitter and receiver addresses refer to the access point or another intermediary device on the wireless network. Another unique characteristic is its Sequence Control field. This field is used to indicate how a large packet is fragmented. Recall that on wired TCP/IP networks, error checking occurs at the Transport layer of the OSI model and packet fragmentation, if necessary, occurs at the Network layer. However, in 802.11 networks, error checking and packet fragmentation are handled at the MAC sublayer of the Data Link Layer. By handling fragmentation at a lower layer, 802.11 makes its transmission - which is less efficient and more error-prone - transparent to higher layers. This means 802.11 nodes are more easily integrated with 802.3 networks and prevent the 802.11 conversations of an integrated network from slowing down the 802.3 conversations.
Fiber-optic cable or simply fiber
contains one or several glass or plastic fibers at its center, or core. Data is transmitted through the central fibers via pulsing light typically sent from one of two possible sources: laser or LED (light-emitting diode). It comes in a number of different varieties, depending on its intended use and the manufacturer. Because each strand of glass transmits in one direction only, two strands are needed for full-duplex communication. One solution is to use a zipcord cable, in which two strands are combined side by side in conjoined jackets. You'll find zipcords where fiberoptic cable spans relatively short distances, such as connecting a server and switch. A zipcord may come with one of many types of connectors on its ends. Characteristics: throughput - fiber has proved reliable in transmitting data at rates that can reach 100 gigabits per second per channel. Fiber's amazing throughput is partly due to the physics of light traveling through glass. Unlike electrical pulses traveling over copper, light experiences virtually no resistance. Therefore, light-based signals can be transmitted at faster rates and with fewer errors than electrical pulses. Its high throughput capability makes it suitable for network backbones and for supporting applications that generate a great deal of traffic, such as video or audio conferencing. cost - most expensive transmission medium. Becasue of its cost, most organizations find it impractical to run fiber to every desktop. Not only is the cable itself more expensive than copper cabling, but fiber-optic transmitters and connectivity equipment can cost as much as five times more than those designed for UTP networks. In addition, hiring skilled fiber cable installers costs more than hiring twisted-pair cable installer. noise immunity - because fiber does not conduct electrical current to transmit signals, it is unaffected by EMI. Its impressive noise resistance is one reason why fiber can span such long distances size and scalability - depending on the type of fiber-optic cable used, segment lengths vary from 2 to 40,000 meters. The maximum light is due primarily to optical loss, or the degradation of the light signal after it travels a certain distance away from its source (just as the light of a flashlight dims after a certain number of feet). Optical loss accrues over long distances and grows with every connection points in the fiber network. Dust or oil in a connection can further exacerbate optical loss. The distance a cable can carry light depends partly on the light's wavelength. It also depends on whether the cable is single mode or multimode.
AAA (authentication, authorization, and accounting)
controlling user's access to a network and its resources consists of three major elements: authentication, authorization, and accounting. Pronounced triple-A. The three components required to manage access control to a network and its resources are described next: • authentication—Authentication, in this case, user authentication, is the process of verifying a user's credentials (typically a username and password) to grant the user access to secured resources on a system or network. In other words, authentication asks the question, "Who are you?" • authorization—Once a user has access to the network, the authorization process determines what the user can and cannot do with network resources. In other words, authorization asks the question, "What are you allowed to do?" Authorization restrictions affect Layer 2 segmentation, Layer 3 filtering, and Layer 7 entitlements. • accounting—The accounting system logs users' access and activities on the network. In other words, accounting asks, "What did you do?" The records that are kept in these logs are later audited, either internally or by an outside entity, to ensure compliance with existing organizational rules or external laws and requirements.
public key encryption
data is encrypted with a private key known only to the user, and decrypted with a mathematically related public key that can be made available through a third-party source, such as a public key server. This ensures data integrity, as the sender's public key will only work if the data has not been tampered with. Alternatively, data can be encrypted with the public key, and then can only be decrypted with the matching private key. This ensures data confidentiality, as only the intended recipient can decrypt the data. A public key server is a publicly accessible host that freely provides a list of users' public keys, much as a telephone book provides a list of people's phone numbers. The combination of a public key and a private key is known as a key pair. Because the public key encryption requires the use of two different keys, one to encrypt and the other to decrypt, it is also known as asymmetric encryption
honeypot
decoy system that is purposely vulnerable and filled with what appears to be sensitive content, such as financial data. Once hackers access the honeypot, a network administrator can use monitoring software and logs to track the intruder's moves. To fool hackers and gain information, honeypots cannot appear too blatantly insecure, and tracking mechanisms must be hidden. In addition, a honeypot must be isolated from secure systems to prevent a savvy hacker from using it as an intermediate host for other attacks. In more elaborate setups, several honeypots might be connected to form a honeynet. Honeypot software options include KFSensor, Canary, and Honeyd.
Cellular
deliver text messages, web pages, music, and videos to smartphones and handheld devices. This section describes current cellular data technology and explains the role it plays in wide area networking. • First-generation, or 1G, services from the 1970s and 1980s were analog. • Second-generation, or 2G, services, which reigned in the 1990s, used digital transmission and paved the way for texting and media downloads on mobile devices. Still, data transmission on 2G systems didn't exceed 240 Kbps. • Third-generation, or 3G, services were released in the early 2000s. Data rates rose to 384 Kbps and data (but not voice) communications used packet switching. • Fourth-generation, or 4G, services are characterized by an all-IP, packet-switched network for both data and voice transmission. 4G standards, released in 2008, also specify throughputs of 100 Mbps for fast-moving mobile clients, such as those in cars, and 1 Gbps for slow-moving mobile clients, such as pedestrians. • Fifth-generation, or 5G, services don't yet exist. However, industry analysts expect 5G devices to offer download speeds of up to 20 Gbps and upload speeds of up to 10 Gbps. In addition to generation classifications, cellular networks are also grouped by the base technology used to build those networks. Cell phone networks use one of these two competing voice technologies: GSM (Global System for Mobile Communications) and CDMA (Code Division Multiple Access)
TIA/EIA-568 Commercial Building Wiring Standard or structured cabling
describes uniform, enterprise-wide cabling systems, regardless of who manufactures or sells the various parts used in the system. It describes the best way to install networking media to maximize performance and minimize upkeep. The principles of structured cabling apply no matter what type of media, transmission technology, or networking speeds are involved. It is based on a hierarchical design and assumes a network is set up in a star topology.
IPv6 Autoconfiguration
designed so that a computer can autoconfigure its own link local IP address without the help of a DHCPv6 server. This is similar to how IPv4 uses an APIPA address. Step 1- the computer creates its IPv6 address. It uses FE80::/64 as the first 64 bits, called the prefix. Depending on how the OS is configured, the last 64 bits (called the interface ID) can be generated in two ways: 1. The 64 bits are randomly generated - in this case, the IP address is called a temporary address and is never registered in DNS or used to generate global addresses for use on the Internet. The IP address changes often to help prevent hackers from discovering the computer. This is the default method used by Windows 10. 2. The 64 bits are generated from the network adapter's MAC Address- MAC addresses consist of 48 bits and must be converted to the 64-bit standard, called the EUI-64 (extended unique identifier-64) standard, To generate the interface ID, the OS takes the 48 bits of the device's MAC address, inserts a fixed 16-bit value in the middle of the 48 bits, and inverts the value of the seventh bit. Step 2 - The computers checks to make sure its IP address is unique on the network. Step 3 - The computer asks if a router on the network can provide configuration information. This message is called a RS (router solicitation). If a router responds with DHCP information in what's called a RA (router advertisment) message, the computer uses whatever information this might be, such as the IP addresses of DNS servers or the network prefix. The process is called prefix discovery and the computer uses the prefix to generate its own link local or global IPv6 address by appending its interface ID to the prefix. Because a computer can generate its own link local or global IP address, a DHCPv6 server usually serves up only global IPv6 addresses to hosts that require static address assignments.
STP (Spanning Tree Protocol)
designed to eliminate traffic loops. The first iteration was defined in IEEE standard 802.1D and functions at the Data Link layer. It prevents traffic loops by artificially blocking the links that would complete a loop. In addition, STP can adapt to changes in the network.
HVD (hosted virtual desktops)
desktop operating environments running on a different physical computer than the one the user interacts with
catastrophic failure
destroys the component beyond use
tone locator (or probe)
device that emits a tone when it detects electrical activity on a wire
security appliances
devices made by Cisco or Fortinet for enterprise-wide security. They can perform several functions, such as encryption, load balancing, and IPS, in addition to packet filtering.
to avoid a transceiver mismatch
devices must be paired based on supported speeds and protocols. Also consider the cable connectors you'll be using.
Three examples of PSTN-based network technologies that enable users to connect to WANs
dial-up, ISDN, and DSL
CDMA (code division multiple access)
differs from GSM in that it spreads a signal over a wider bandwidth so that multiple users occupy the same channel, a technology called spread-spectrum. Codes on the packets keep the various calls separated. CDMA networks do not require a SIM card in a cellular device because devices are compared against a white list, which is a database of subscribers that contains information on their subscriptions with the provider. However, some CDMA networks (such as Sprint's), still require SIM cards for their LTE (Long Term Evolution) features.
EAP (extensible authentication protocol)
differs from the authentication protocols in that it only provides the framework for authenticating clients and servers. It does not perform encryption or authentication on its own. Instead, it works with other encryption and authentication schemes to verify the credentials of users and devices. The three main EAP entities are: * supplicant - the device requesting authentication, such as a smartphone or laptop *authenticator - the network device that initiates the authentication process, such as a wireless access point * authentication server - the server that performs the authentication Step 0: The wireless device associates with the access point, usually with WPA2. We begin with Step 0 here because association is an essential precursor to the authentication process, but is not part of that process. Step 1: The supplicant requests authentication, and the authenticator initiates the authentication process by asking a newly connected supplicant to verify itself. Step 2: After the supplicant responds, the authenticator forwards that information to the authentication server, such as a RADIUS server. Step 3: The server usually sends more than one request in response. In its first request, it asks the supplicant's identity and indicates what type of authentication to use. In subsequent requests, the server asks the supplicant for authentication information to prove the supplicant's identity. The supplicant responds to each of the server's requests in the required format. Step 4: If the responses match what the server expects, the server authenticates the supplicant. Otherwise, authentication fails. One of EAP's advantages is its flexibility. It is supported by nearly all modern operating systems and can ber used with many different authentication methods. It is also adaptable to new technology. It was adapted to work on both wired and wireless LANs in the 802.1x standard dubbed EAPoL (EAP over LAN). In this case, EAP is carried by Ethernet messages instead of PPP messages. To accomplish this, 802.1x allows only EAPoL traffic over any switch or AP port connected to a wired or wireless client until that client has authenticated with the authentication server. This is called PNAC (port-based network access control), or sometimes port-based authentication. Today 802.1x is primarily used on wireless LANs. The most common versions of EAP are PEAP, EAP-FAST< and EAP-TLS.
BPDU filter
disables STP on specific ports.
netstat
displays TCP/IP statistics and details about TCP/IP components and connections on a host. Information that can be obtained include: the port on which a TCP/IP service is running, which network connections are currently established for a client, how many messages have been handled by a network interface since it was activated, how many data errors have occured on a particular network interface.
factors to consider when deciding where to install a WLAN's access point:
distance - consider typical between the AP and its clients, and distance restrictions for the 802.11 standard your AP is using. If your small office spans three floors, and clients are evenly distributed among the floors, you might choose to situate the AP on the second floor. type and number of obstacles - consider the type and number of obstacles between the AP and its clients. Might need multiple APs if you have a large building or one with massive concrete floors coverage - place the AP in a high spot, such as on a shelf or rack or in a drop ceiling interference - make sure the AP is not close to potential sources of interference, including cordless phones, fluorescent lights, or microwave ovens
TIA/EIA 568 standard
divides twisted-pair wiring into several categories. The categories you will see most often are Cat (category) 3,5,5e,6,6a and 7. Modern Lans use Cat 5e or higher wiring, which is the minimum required to support Gigabit Ethernet. Cat 6 and above are certified for multigigabit transmissions, although Cat 6 cable has shorter distance limitations when supporting 10G.
statement of work (SOW)
documents in detail the work that must be completed for a particular project, and includes specifics such as tasks, deliverables, standards, payment schedule, and work timeline. It is legally binding, meaning it can be enforced in a court of law
memorandum of understanding (MOU)
documents the intentions of two or more parties to enter into a binding agreement, or contract, and is sometimes used between an informal handshake and the legally binding signatures on contracts. It can be helpful in pushing along contract negotiations and in defining specific concerns of each party, but it is usually not a legally binding document, does not grant extensive rights to either party, provides no legal recourse, and is not intended to provide through coverage of the agreement to come
Where labels won't fit on the device itself,
draw a simple diagram of the device that indicates the purpose of each port, slot, and connector
WPA (Wi-Fi Protected Access or Wireless Protected Access)
dynamically assigns every transmission its own key. The encryption protocol is WPA2, which can be enabled on most consumer-grade APs. WPA2 includes support for the previously released WPA protocol. The most secure Wi-FI communication is made possible by combining a RADIUS server with WPA or WPA2, known as WPA-Enterprise or WPA2 Enterprise.
automatic failover
each critical device requires redundant NICs, SFPs, power supplies, cooling fans, and processors, all of which should, ideally, be able to immediately assume the duties of an identical component
TTL (Time to Live)
each resource record begins with this field that identifies how long hte record should be saved in a cache on a server. Administrators can set the TTL based on how volatile is the DNS data (in other words, how often the administrator expects the IP addresses to change). TTL information is included in zone transfers
Pros of Virtualization
efficient use of resources - physical clients or servers devoted to one function typically use only a fraction of their capacity. cost and energy savings - organizations save money by purchasing fewer and less expensive physical machines. fault and threat isolation - in a virtual environment, the isolation of each guest system means that a problem with one guest does not affect the others simple backups, recovery, and replication - virtualization software enables network administrators to save backup images of a guest machine. The images can later be used to recreate that machine on another host or on the same host. This feature allows for simple backups and quick recovery. It also makes it easy to create multiple, identical copies of one VM, called clones. Virtual devices can be quickly and sometimes automatically migrated, or moved, from one server to another in the event of a hardware failure or maintenance. Resources, such as hardware, energy usage, and physical space, are utilized more efficiently. Services can be easily scaled to meet the changing needs of a network.
portable fire extinguishers
electrical fires require a Class C fire extinguisher. extinguishes fire
all wireless signals are carried through the air by
electromagnetic waves
interference
electromagnetic waves in the atmosphere can interfere with wireless communications similar to how EMI (electromagnetic interference) affects wired transmissions. Because wireless signals cannot depend on a conduit or shielding to protect them from extraneous EMI, they are more vulnerable to noise than wired transmissions are.
phishing
electronic communication that appears to come from a legitimate person or organization and requests access or authentication information
cipher locks
electronic keypads are physical or electronic locks that require a code to open the door, which can reduce the inherent risk of lost keys. Changing the cipher lock's code regularly can also help increase security. Cipher locks are not designed solely for physical security so much as for the purpose of controlling access to an area, such as an indoor data room, by logging who comes and goes, enabling or disabling unescorted entry, scheduling open access times, and even responding to access made under duress
virtual firewall
emulates a hardware firewall, and is hosted in a virtualized environment. There must be a hypervisor present (usually Type 1) for a virtual firewall to exist. These distinctions apply to other devices as well, such as routers, switches, and load balancers
link-state routing protocols
enable routers to communicate beyond neighboring routers, after which each router can independently map the network and determine the best path between itself and a message's destination node. These protocols tend to adapt more quickly to changes in the network, but can also be more complex to configure and troubleshoot. OSPF and IS-IS are link-state routing protocols
A network administrator might separate a network's traffic into smaller portions to accomplish the following:
enhance security—Transmissions in broadcast domains are limited to each network so there's less possibility of hackers or malware reaching remote, protected networks in the enterprise domain. At the same time, other devices, such as a web server, can be made more accessible to the open Internet than the rest of the network. For example, a DMZ (demilitarized zone) can provide an area of the network with less stringent security for these purposes. • improve performance—Segmenting limits broadcast traffic by decreasing the size of each broadcast domain. The more efficient use of bandwidth results in Copyright 2019 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s). Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it. Copyright 2019 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203 CHAPTER 8 Subnets and VLANs 437 better overall network performance. The On the Job story at the beginning of this chapter gave an excellent example of how this applies in a real-world situation. • simplify troubleshooting—When troubleshooting, rather than examining the whole network for errors or bottlenecks, the network administrator can narrow down the problem area to a particular, smaller network. For example, suppose a network is subdivided with separate smaller networks for Accounting, Human Resources, and IT. One day there's trouble transmitting data only to a certain group of users—those on the Accounting network. This fact gives the network administrator some significant insight into the nature of the problem.
AUP (acceptable use policy)
explains to users what they can and cannot do while accessing a network's resources. It also explains penalties for violations, and might describe how these measures protect the network's security. Employers should never assume that employees inherently know what is acceptable use of company IT resources and what is not. Some restrictions might be: Don't do anything illegal. Don't try to circumvent network security restrictions Don't market products or services to other network users Don't forward spam email Don't violate the rights of any person or organization Don't violate copyright, trade secret, patent, intellectual property, or other regulations Don't export software, technical information, or encryption technology
a typical fiber termination kit might include the following tools:
fiber stripper - strips off the outer layers of a fiber-optic cable fiber cleaver - cuts a clean slice through the fiber strands
MIMO (multiple input-multiple output)
first available in 802.11n, multiple antennas on the access point and on a client device process incoming or outgoing data simultaneously. There are some multiantenna 802.11g devices available, but these antennas take turns processing the data stream. 802.11n/ac devices, however, simultaneously process data through two or more antennas. Wireless signals propagate in a multipath fashion. Therefore, multiple signals cannot be expected to arrive at the same receiver in concert. MIMO uses this phenomenon to its advantage by adjusting either the phase or amplitude of signals from each antenna. This improves the transmission in two ways: signal quality and range - spatial diversity of the different antennas eliminates noise in the transmission, which also increases the distance it can effectively travel. Each antenna receives a slightly different version of the signal, and the strengths of each signal are summed. signal capacity - spatial multiplexing adds a new data stream between each additional pair of antennas, thereby increasing the amount of data being transmitted and received. This effect increases linearly with the addition of each pair of antennas.
VPN concentrator
for large organizations where more than a few simultaneous VPN connections must be maintained, this specialized device can be used as the VPN server. A VPN concentrator performs the following tasks: authenticates VPN clients, establishes tunnels for VPN connections, manages encryption for VPN transmissions
fiber-optic cable
form of cable that contains one or several glass or plastic fibers in its core and comes in two types: SMF (single-mode fiber) or MMF (multimode fiber). Copper-based cable transmits data via electric signals, and fiber-optic cable transmits data via pulsing light sent from a laser or LED (light-emitting diode)
RIPv2 (Routing Information Protocol version 2)
generates less broadcast traffic and functions more securely than RIPv1. Still RIPv2 cannot exceed 15 hops, and it is also considered an outdated routing protocol.
IaaS (infrastructure as a service)
hardware services are provided virtually, including network infrastructure devices such as virtual servers and end user interfaces such as HVDs (hosted virtual desktops). These devices rely on the network infrastructure at the vendor's site, but customers are responsible for their own application installations, data management, and backup.
media converter
hardware that enables networks or segments running on different media to interconnect and exchange signals. you must select the correct media converter for the type of fiber being connected, whether it's SMF to copper or MMF to copper. Converters are also needed to connect networks using MMF with networks using SMF.
coaxial cable called coax for short
has been replaced by twisted-pair cable and fiber, however a form of coax is still used for cable Internet and cable TV. it has a central metal core (often copper) surrounded by an insulator, a braided metal shielding, and an outer cover, called the sheath or jacket. The core can have a solid metal wire or several thin strands of metal wire and carries the electromagnetic signal. The shielding protects the signal against noise and is a ground for the signal. The plastic insulator can be PVC (polyvinyl chloride) or Teflon and protects the core from the metal shielding because if the two made contact, the wire would short-circuit. The sheath protects the cable from physical damage and might be PVC or a more expensive fire-resistant plastic. It comes in hundreds of specifications, which are all assigned an RG specification number. (RG stands for radio guide, which is appropriate because coaxial cabling can be used by radio frequencies in broadband transmission.) The RG ratings measure the materials used for shield and conducting cores, which in turn influence their transmission characteristics, such as impedance (the resistance that contributes to controlling the signal, as expressed in ohms), attenuation, and throughput. When discussing the size of the conducting core in a coaxial cable, we refer to its AWG (American Wire Gauge) size. The larger the AWG size, the smaller the diameter of the core wire.
ADSL (asymmetric DSL)
has faster download speeds than upload speeds and is the most common form of DSL. was secured. If at any point in the process you have custody of evidence, be sure to sign off on a chain of custody document, and obtain a signature from the next person in line when you hand over custody of the evidence. 5. Monitor transport of data and equipment—Generally, the incident response team is responsible for transporting all evidence to the forensics lab or other authority. Every item should be carefully documented so the exact same configuration can be replicated in the lab. The response team might even have the capability to do a hot seizure and removal, which means they can use specialized devices that transfer a computer from one power source to another without shutting down the computer. This can be especially critical if it's possible that the computer or its data will become inaccessible after power is turned off—perhaps because a password is unknown or data is currently in memory. 6. Create a report—Be prepared to report on all activities that you observed or participated in during the course of the incident response. It's best to take notes along the way, and to write your report in full as soon as possible after the event while it's still fresh on your mind. All of this information will likely be included in the final forensics report, so it's important to be thorough and accurate.
dirty connectors
if fiber connectors get dirty or just a little dusty, signal loss and other errors can start to cause problems. Always keep protectors on fiber connectors and dust covers over fiber jacks when they're not in use
plenum cabling
if you run cable in the plenum, the area above the ceiling tile or below the subflooring, make sure the cable sheath is plenum-rated, and consult with local electric installation codes to be certain you are installing it correctly. A plenum-rated cable is coated with a flame-resistant jacket that produces less smoke than regular cable coated with PVC (polyvinyl chloride), which is made from a cheaper plastic that is toxic when burned
cable continuity tester
in troubleshooting a physical layer problem, you might find the cause of a problem by simply testing a cable's continuity - whether it is carrying a signal to its destination. Tools used to test the continuity of the cable might be called cable checkers, continuity testers, or cable testers. The term cable tester is a general term that might also refer to more sophisticated tools which measure cable performance. Cable continuity testers are battery operated and has two parts: the base unit connects to one end of the cable and generates voltage and the remote unit connects to the other end of the cable and detects the voltage. Most cable testers provide a series of lights that signal pass/fail or other information, and some units also emit an audible noise. Some testers will verify that the wires in a UTP or STP cable are paired correctly following TIA/EIA 568 standards and that they are not shorted, exposed, or crossed. An incorrect pinout can cause excessive crosstalk issues, voltage spikes, reduced performance, and problematic connections, especially with older devices. Continuity testers for fiber-optic cables issue light pulses on the fiber and determine whether they reach the other end of the fiber. Some continuity testers offer the ability to test both copper and fiber-optic cables. Most continuity testers are portable and lightweight and typically use one 9 volt battery. A continuity tester can cost between $10 and $300 and can save many hours of work. Popular manufacturers of these devices include Belkin, Fluke, and Paladin. Do not use a tester on a live network cable. Disconnect the cable from the network, and then test its continuity.
TDR (time domain reflectometer)
included in a sophisticated performance tester. Issues a signal on a cable and then measures the way the signal bounces back (or reflects) to the TDR. Bad connectors, crimps, bends, short circuits, cable mismatches, bad wiring, or other defects modify the signal's amplitude before it returns to the TDR, thus changing the way it reflects. The TDR analyzes the return signal, and based on its condition and amount of time the signal took to return, determines cable imperfections
DWDM (dense wavelength division multiplexing or dense WDM)
increases the number of channels provided by normal WDM to between 80 and 320 channels. Dense WDM can be amplified en route and is typically used on high-bandwidth or long-distance WAN links, such as the connection between a large ISP and its (even larger) NSP (network service provider)
WAN sites
individual geographic locations or endpoints connected by a WAN
LACP (Link Aggregation Control Protocol)
initially defined by IEEE's 802.3ad standard and currently defined by the 802.1AX standard. LACP dynamically coordinates communications between hosts on aggregated connections, kind of like what DHCP does for IP addressing. Most of these devices offer similar configuration options such as: • static configuration—Both hosts are manually configured to handle the division of labor between the redundant links according to particular rules without the ability to compensate for errors. • passive mode—The port passively listens for LACP-defined link aggregation requests, but will not initiate the request. • active mode—The port is set to automatically and actively negotiate for link aggregation using LACP. This allows for fault tolerance should one or more links fail, as LACP will automatically reconfigure active links to compensate. In reality, this is the most common configuration for all ports involved in link aggregation, and provides the most protection against link misconfigurations or failures.
in-line monitoring
install a device, called a network TAP (test access point) or packet sniffer, in line with network traffic. The device usually has four ports: - two ports send and receive all traffic, usually between a switch and a router - a third port mirrors the traffic, sending it to a computer running monitoring software in promiscuous mode, such as Wireshark - The fourth port is used for device configuration
avoid EMI
install cable at least 3 feet away from fluorescent lights or other sources of EMI (electromagnetic interference), which is a type of interference that can be caused by motors, power lines, televisions, copiers, fluorescent lights, or other sources of electrical activity. This will reduce the possibility of noise (interference) that can affect your network's signals
laser
intense focused light that can travel extremely long distances with very high data throughput
traffic shaping
involves manipulating certain characteristics of packets, data streams, or connections to manage the type and amount of traffic traversing a network or interface at any moment. Goal is to ensure timely delivery of the most important traffic while optimizing performance for all users. It can involve any of the following: • Delaying less-important traffic • Increasing the priority of more-important traffic • Limiting the volume of traffic flowing in to or out of an interface during a specified time period • Limiting the momentary throughput rate for an interface The last two techniques belong to a category of traffic shaping known as traffic policing. It helps service providers predict how much capacity it must purchase from its network provider. It also holds down costs because the ISP doesn't have to plan for every client using all available throughput at all times. An ISP that imposes traffic policing might allow customers to choose their preferred maximum daily traffic volume or momentary throughput and pay commensurate fees. A more sophisticated instance of traffic policing is dynamic and takes into account the network's current traffic patterns.
PTSN (public switched telephone network)
is a circuit-switching network of lines and carrier equipment that provides landline telephone service to homes and businesses. Originally, the PSTN carried only analog traffic. All its lines were copper wires, and switching was handled by operators who manually connected calls upon request. Today, switching is computer controlled, and nearly all the PSTN uses digital transmission. Signals may deliver voice, video, or data traffic and travel over fiber-optic or twisted-pair copper cable connections. The telephone company terminates lines and switches calls between different locations at the CO (central office). The portion of the PSTN that connects any residence or business to the nearest CO is known as the local loop, or the "last mile" (though it is not necessarily a mile long). It's the part of the PSTN most likely to still use copper wire and carry analog signals. That's because extending fiber-optic cable to every residence and business is costly. However, fully digital connections are increasingly common, especially for businesses that rely heavily on WANs. No matter what kind of media is used, the end of the local loop—and also the end of the carrier's responsibility for the network—is the customer's demarcation point, where wires terminate at the NIU.
service-level agreement (SLA)
is a legally binding contract or part of a contract that defines in plain language and in measurable terms the aspects of a service provided to a customer, such as the service provided by an ISP. Details specified might include contract duration (minimum or maximum), guaranteed uptime, problem management, performance benchmarks, and termination opions
WPS attack (Wi-Fi Protected Setup)
is a user friendly - but not very secure - security setting available on some consumer-grade APs. Part of the security involves requiring a PIN in order to access the AP's settings or to associate a new device with the network. The problem is that the PIn can be easily cracked through a brute force attack, which means simply trying numerous possible character combinations to find the correct combination. This gives the attacker access to the network's WPA2 key. The PIN feature in WPS should be disabled if possible
short circuit
is an unwanted connection, such as when exposed wires touch each other
omnidirectional antenna
issues and receives wireless signals with equal strength and clarity in all directions. This type is used when many different receivers must be able to pick up the signal in many directions, or when the receiver's location is highly mobile. TV and radio stations use omnidirectional antennas, as do most towers that transmit cellular signals.
unidirectional antenna (also called a directional antenna)
issues wireless signals along a single direction. This type is used when the source needs to communicate with one destination, as in a point-to-point link, or in a specific area. A satellite downlink uses directional antennas.
fiber type mismatch
it is actually more of a fiber core mismatch. Connecting an SMF cable to an MMF cable will prevent the transmission from traversing the connection successfully, though some of the signal can get through. However, even same mode cables can be mismatched, if the cores have different widths
encryption
it is the last line of defense. encryption. Encryption protocols use a mathematical code, called a cipher, to scramble data into a format that can be read only by reversing the cipher. TO protect data, encryption methods are primarily evaluated by three benchmarks: -confidentiality - data can only be viewed by its intended recipient or its intended destination -integrity - data is not modified in the time after the sender transmits it and before the receiver picks it up -availability - data is available and accessible to the intended recipient when needed, meaning the sender is accountable for successful delivery of the data Together these three principles form the stand security model called the CIA Triad (confidentiality, integrity, and availability)
MTU (maximum transmission unit)
largest size, in bytes, that routers in a message's path will allow at the Network layer. Therefore, this defines the maximum payload size that a Layer 2 frame can encapsulate. For Ethernet, the default MTU is 1500 bytes, a value that is generally considered the Internet standard. However, other Layer 2 technologies might allow higher MTUs, or require lower MTUs. Because of the overhead present in each frame and the time it takes for the NIC to manage a frame, the use of larger frame sizes on a network generally results in faster throughput.
cladding
layer of glass or plastic that surrounds fibers. it is less dense than the glass or plastic in the strands and so reflects light back to the core in patterns that vary depending on the transmission mode. This reflection allows the fiber to bend around corners without diminishing the integrity of the light-based signal. Outside the cladding, a plastic buffer protects the cladding and core. Because the buffer is opaque, it also absorbs any light that might escape. To prevent the cable from stretching, and to protect the inner core further, strands of Kevlar (a polymeric fiber) surround the plastic buffer. Finally, a plastic sheath covers the strands of Kevlar.
1000Base-SX
less expensive to install than 1000Base-LX, and uses shorter wavelengths of 850 nanometers. The maximum segment length depends on two things: the diameter of the fiber and the modal bandwidth used to transmit signals
DAC (discretionary access control)
less secure than RBAC and MAC. This is where users decide for themselves who has access to that user's resources.
CSU/DSU
like line drivers, these devices can be owned by either party, depending upon who is responsible for providing this device according to the terms of service. However, the CSU/DSU is typically placed on the customer's side of the demarc, between the demarc and the first router. Consists of a CSU (channel service unit) and DSU (data service unit) and serves as the DTE (data terminal equipment), or endpoint device, for a leased line. The device can be a stand-alone device. ❍❍ The CSU provides termination for the digital signal and ensures connection integrity through error correction and line monitoring. ❍❍ The DSU converts the T-carrier frames into frames the LAN can interpret and vice versa. It also connects T-carrier lines with terminating equipment. Finally, a DSU usually incorporates a multiplexer. (In some T-carrier installations, the multiplexer can be a separate device connected to the DSU.)
back up the current system, software, or hardware configuration before
making any modifications . You can typically copy the configuration of a router, switch, or server to a USB flash drive, backup media, or network share
fault
malfunction of one component of a system. A fault can result in a failure. For example, the fault that caused your car to break down might be a leaking water pump. The goal of fault-tolerant systems is to prevent faults from progressing to failures.
DHCP (dynamic host configuration protocol) server
manages the dynamic distribution of IP addresses to devices on a network
video surveillance
many IT departments use CCTV (closed-circuit TV) to monitor activity in secured data rooms. IP cameras can be placed in data centers, computer rooms, data rooms, and data storage areas, as well as facility entrances.
tamper detection
many devices that need protection can't be kept within a secure area. Tamper detection sensors on these devices can detect physical penetration, temperature extremes, input voltage variations, input frequency variations, or certain kinds of radiation. This might trigger defensive measures such as an alarm or shutdown, or it might activate a video camera or other security system. Another tamper detection option is a sticker or latch. Any damage to the sticker or latch tells you the device was tampered with.
Cat 3
max supported throughput - 10 Mbps bandwidth/signal rate - Up to 16 MHz Used for 10-Mbps Ethernet or 4Mbps Token Ring networks. Rarely found on any modern network
Fast Ethernet networks
maximum speed of 100 Mbps, one pair of twisted wires sends data, another pair receives data, and the other two pairs are not used for data transmission.
100 Base-T fast ethernet
maximum transmission speed - 100 Mbps maximum distance per segment (M) - 100 Physical media - Cat 5 or better Pairs of wires used for transmission - 2 pair
1000 Base-T Gigabit Ethernet
maximum transmission speed - 1000 Mbps maximum distance per segment - 100 m physical media - Cat 5 or better (Cat 5e is preferred) pairs of wires used for transmission - 4 pair
SSL (Secure Sockets Layer) and TLS (Transport Layer Security)
methods of encrypting TCP/IP transmissions - including web pages and data entered into web forms - en route between the client and server using public key encryption technology. The two protocols can work side by side and are widely known as SSL/TLS or TLS/SSL. All browsers today support SSL/TLS to create secure transmissions of HTTP sessions. SSL operates in the application layer and TLS operates in the transport layer and is essentially the updated version of SSL. Each time a client and server establish an SSL/TLS connection, they establish a unique session, or an association between the client and server that is defined by an agreement on a specific set of encryption techniques. The session allows the client and server to continue to exchange data securely as long as the client is still connected to the server. A session is created by a handshake protocol, one of several protocols within SSL/TLS, and perhaps the most significant. It allows the client and server to introduce themselves to each other and establish terms for how they will securely exchange data. After the browser and server have agreed on the terms of encryption, the secure channel is in place and they begin exchanging data.
surge
momentary increase in voltage due to lightning strikes, or solar flares, or electrical problems. Surgest might last only a few thouandths of a second, but can degrade a computer's power supply. Surgest are common. You can guard against surges by making sure every computer device is plugged into a surge protector, which redirects excess voltage away from the device to a ground, thereby protecting the device from harm. Without surge protectors, systems would be subjected to multiple surges each year
1000Base-LX
more common fiber version of Gigabit Ethernet and uses long wavelengths of 1300 nanometers. Because of its long segments, it's used for long backbones connecting buildings in a MAN or for connecting an ISP with its telecommunications carrier.
LC (local connector)
most common 1.25 mm ferrule connector. Polish - UPC, APC Full-duplex - yes
firewall misconfiguration
most common cause of firewall failure
straight-through cable (patch cable)
most common type of networking cable. To create one, terminate the RJ-45 plugs at both ends of the cable identically, following one of the TIA/EIA 568 standards. It's called a straight-through cable because it allows signals to pass "straight through" from one end to the other.
SHA (secure hash algorithm)
most commonly used hashing algorithm. The primary advantage of SHA over older hashing algorithms is its resistance to collisions. A collision is when two different data sources result in the same hash. A prevalence of collisions from a hashing algorithm essentially defeats the purpose of hashing. however, the added security to avoid collisions means the hashing process takes longer than with less secure options. There are several versions of SHA
access badge
most companies require employees to have some kind of ID badge that identifies the person by name and perhaps includes a photo, title, and other information. Additionally, many organizations provide electronic access badges or smart cards. When the smart card is swiped through a reader, the door unlocks and the person's access to the secured area is time stamped and logged in a database. These badges can be programmed to allow their own access to some, but not all, rooms in a building
EMV (Europay, Mastercard, and VISA) chip
most newer credit cards contain this chip. They perform a small amount of processing with each transaction where a unique transaction number is generated any time the chip is activated. This means that, even if a thief captures your payment information at the point of sale, the transaction number can't be used again. EMV chips also require physical contact in order to be activated, which eliminates the risk of information being transmitted wirelessly from the card. However, some still include RFID technology which can transmit your credit card information to a snooping thief.
document findings, actions, and outcomes
most organizations use a call tracking system (also called help desk software) to document problems and their resolutions. Your organization is likely to expect you to document the name, department, and contact information of the person who originated the call for help; when the call first came in; information about the problem; the symptoms of the problem; the resolution of the problem; the name of the technician who handled the problem; and perhaps teh amount of time spent resolving the problem. Your company may also require you to document unique or insightful solutions to problems in your company's knowledge base for you and others to draw from in the future.
priviliged user account
most privileged admin account. Security precautions for this type of account include: * limited use - should only be used when those higher privileges are necessary to accomplish a task * limited location - many companies require the privileged user account be accessed only on location so that no one, not even a legitimate network administrator, can access the device remotely and make high-level changes. One advantage to this restriction is that access credentials for this account will never be cached on a workstation or other end user device * limited duration - privileged user accounts should be carefully accounted for and disabled as soon as they're not needed, such as when an employee is terminated * limited access - the passwords for these accounts should be especially secure and difficult to crack. Passwords should also be stored securely, and when possible, multi-factor authentication should be required * limited privacy - a privileged user account can be used for destructive activity whether malicious or not. For that reason, every user action in these accounts should be recorded and monitored by someone other than the owner of that account. Privileged user monitoring software is available from companies such as Imperva, ManageEngine, and Splunk.
the secret to keeping track of devices is
naming them systematically, and then labeling them with those names. tips for naming: Use names that are as descriptive as possible (without giving away too much information to potential hackers). Only include fields that are absolutely essential in identifying the device. Don't overcomplicate the name with useless or redundant information. Pay attention to any established naming convention already in use by your employer. For example, existing acronyms for the various departments in your corporation are more recognizable for employees. Think big-picture-down-to-details when designing device name fields, such as starting with the building name, then floor, then data room number, then rack number. If your company has national locations or international locations, certain names may need to include codes for continent, country, state, city, and so on. Think in terms of "top-down" or "outside-in" and be consistent. Consider any security risks from the details you might include in your naming convention. Make sure naming and labeling information is stored behind locked doors and inside secure databases. Don't use names that identify the location (physical or digital) of sensitive information that might alert an attacker toa . highly desirable target, such as customer credit card information or protected patient data.
The way a vNIC is configured determines whether the VM is joined to a virtual network or attempts to join the physical LAN that the host machine is connected to. These various configurations are called
networking modes
DDoS (distributed DoS) attack
orchestrated through many sources. Most of these machines are zombies which means the owners are unaware that their computers are being used in the coordinated attack. Malware, called a bot, is installed on each machine and gives the bot herder, or central controller, remote control of the computer. Computers can be requisitioned as part of a botnet, also called a zombie army, in coordinated DDoS attacks without the owner's knowledge or consent, and these botnets are sometimes made available for hire on the black market.
discarded packets
packets that arrive at their destination, but are then deliberately discarded, or dropped, because issues such as buffer overflow, latency, bottlenecks, or other forms of network congestion delayed them beyond their usable time frame. A discarded packet is often referred to as a discard
three basic types of cable installations
patch, horizontal, and backbone
four types of software changes
patch, upgrade, rollback, installation
OTDRs (optical time domain reflectometers)
performance tester for fiber-optic connections. Rather than issue an electrical signal, OTDR transmits light-based signals of different wavelengths over the fiber. Based on the type of return light signal, the OTDR can do the following: accurately measure the length of the fiber; determine the location of faulty splices, breaks, bad or mismatched connectors, or bends; measure attenuation over the cable. Because of their sophistication, performance testers for both copper and fiber-optic cables cost significantly more than continuity testers.
Nessus
performs more sophisticated vulnerability scans than Nmap. Can identify unencrypted, sensitive data, such as credit card numbers, saved on your network's hosts. The program can run on your network or from off-site servers continuously maintained and updated by the developer.
static IP address
permanent address that is assigned to a device
persistent agent
permanently installed on a device. This more robust program might provide additional security measures, such as remote wipe, virus scans, and mass messaging.
pinouts
pin numbers and assignments. Tx refers to transmit, and Rx refers to receive. They are designed with the avoidance of crosstalk in mind. With fast ethernet, only the orange and green pairs are used: one pair transmits and one pair receives. The difference between pinouts in T568A and T568B is that these two pairs are reversed. For Gigabit Ethernet, all four pairs are used for transmitting and receiving. This more efficient use of wires helps account for the higher bandwidth of Gigabit.
LLC sublayer (logical link control)
primarily concerned with multiplexing, flow and error control and reliability.
how to reverse operating system upgrade
prior to the upgrade, make a complete backup of the system; to roll back, restore the entire system from the backup; uninstall an operating system upgrade only as a last resort
password policy
probably the most important policy used to secure a system.
the same change management principles apply to any type of change:
process all changes through the proper channels minimize negative impacts on business processes plan thoroughly to maximize the chances of a successful change on the first attempt document each change throughout the process
system life cycle
process of designing, implementing, and maintaining an entire network. a major part of this process is the removal and disposal of outdated assets, and the addition of compatible, updated devices.
local authentication
processes are formed on the local device. Usernames and passwords are stored locally, which has both advantages and disadvantages: • low security—Most end user devices are less secure than network servers. A hacker can attempt a brute force attack or other workarounds to access a single device. If those same credentials are used on other devices, then all these devices are compromised. Also, local authentication does not allow for remotely locking down a user account. • convenience varies—For only a handful of devices, managing local accounts can be done a lot more easily than setting up a Windows domain, directory services, and all the supporting configurations. However, once you surpass about a dozen devices, the convenience of local authentication declines considerably. • reliable backup access—In the case of a network failure or server failure, the only workable option is local authentication. For this reason, networking devices and servers should be configured with a local privileged account that is only used when authentication services on the network are unavailable, and of course this account should have very secure credentials. Every computer on the network is responsible for securing its own resources. If several users need access to a file server, each user must have a local user account on the file server. The local account and password must match the user account and password that the account holder used to sign in to Windows at his or her workstation.
T3
provides 28 times more throughput than a T1. T3s are more expensive than T1s and are used by more data-intensive businesses—for example, computer consulting firms that provide online data backups and warehousing for a number of other businesses or long-distance carriers (although T3s are losing ground in the marketplace to more modern options). The monthly service fee of a T3 varies based on usage. If a customer uses the full T3 bandwidth of 45 Mbps, for example, the monthly charges might be as high as $10,000 for a longer-distance connection. Of course, T-carrier costs will vary depending on the service provider, your location, and the distance covered by the T3. Some organizations find that multiple T1s—rather than a single T3— can accommodate their throughput needs. For example, suppose a university research laboratory needs to transmit molecular images over the Internet to another university, and its peak throughput need (at any given time) is 10 Mbps. The laboratory would require seven T1s (10 Mbps divided by 1.544 Mbps equals 6.48 T1s). Leasing seven T1s would prove much less expensive for the university than leasing a single T3.
IPAM (IP address management) system
provides a way to plan, deploy, and monitor a network's IP address space. IPAM tools can automatically detect IP address ranges, assignments, reservations, and exclusions, integrate this information with data from DNS records, and provide constant montiroing for growth, security, and troubleshooting purposes
console server or console router
provides centralized management of all linked devices
anti-malware policy
provides rules for using anti-malware software, as well as policies ofr installing programs, sharing files, and using external storage such as flash drives. To be most effective, an anti-malware policy should be authorized and supported by the organization's management. Suggestions for anti-malware policy guidelines include the following: Every computer in an organization should be equipped with malware detection and cleaning software that regularly scans for malware. This software should be centrally distributed and updated to stay current with newly released malware. Users should not be allowed to alter or disable the anti-malware software. Users should know what to do in case their anti-malware program detects malware. For example, you might recommend that the user stop working on his computer, and instead call the help desk to receive assistance in disinfecting the system. An anti-malware team should be appointed to focus on maintaining the anti- malware measures. This team would be responsible for choosing anti-malware software, keeping the software updated, educating users, and responding in case of a significant malware outbreak. Users should be prohibited from installing any unauthorized software on their systems. This edict might seem extreme, but in fact users downloading programs (especially games) from the Internet are a common source of malware. If your organization permits game playing, you might institute a policy in which every game must first be checked for malware and then installed on a user's system by a technician. System-wide alerts should be issued to network users notifying them of a serious malware threat and advising them how to prevent infection, even if the malware hasn't been detected on your network yet.
SFP (small form-factor pluggable)
provides the same function as GBICs and is more compact, allowing more ports per linear inch. Also known as mini GBIC's or SFP GBIC's. Typically used for 1 Gbps connections, but theoretically capable of 5 Gbps.
PAN (personal area network)
rarely exceed about 10 meters in any direction and usually only contain a few personal devices, such as a PC, smartphone, USB printer, and perhaps a Bluetooth headset or an infrared, wireless mouse
CoS (Class of Service)
refers only to techniques performed at Layer 2 on Ethernet frames, and is one method of implementing QoS. CoS is most often used to more efficiently route Ethernet traffic between VLANs. Frames that have been tagged contain a 3-bit field in the frame header called the PCP (Priority Code Point). CoS works by setting these bits to one of eight levels ranging from 0 to 7, which indicates to the switch the level of priority the message should be given if the port is receiving more traffic than it can forward at any one time. Waiting messages are cached until the port can get to them, or discarded, depending on the class assignment for that frame.
HA (high availability)
refers to a system that functions reliably nearly all the time. For example, a server that allows staff to log on and use its programs and data 99.999 percent of the time is considered highly available, whereas one that is functional only 99.9 percent of the time is significantly less available. In fact, the number of 9s in a system's availability rating is sometimes referred to colloquially as "four 9s" (99.99 percent) or "three 9s" (99.9 percent) availability.
signal level
refers to the T-carrier's Physical layer electrical signaling characteristics as defined by ANSI standards in the earl 1980s. DSo (digital signal level 0) is the equivalent of one data or voice channel. All other signal levels are multiples of DSo. The speed of a T-carrier depends on this.
cloud computing
refers to the flexible provision of data storage, applications, or services to clients over the Internet. Cloud computing covers a broad range of services from hosting websites and database servers to providing virtual servers for collaboration or software development. All these services have the following features in common: on-demand - services, applications, and storage in a cloud are avaiable to users at any time, upon the user's request cross-platform - clients of all types, including smartphones, laptops, desktops, thin clients, and tablet computers, can access services, applications, and storage in a cloud, no matter what operating system they run or where they are located, as long as they have a network connection consolidated - host computers in the cloud provide multiple virtual machines, resources such as disk space, applications, and services that are pooled, or consolidated metered - everything offered by a cloud computing provider, including applications, desktops, storage, and other services, is measured. A provider might limit or charge by the amount of bandwidth, processing power, storage space, or client connections available to customers. elastic - services and storage capacity can be quickly and dynamically scaled up or down.
BYOD (bring your own device)
refers to the practice of allowing people to bring their smartphones, laptops, or other technology into a facility for the purpose of performing work or school responsibilities. Variations on this theme include the following: BYOA (bring your own application) - employees or students supply their choice of software on a computer or mobile device BYOC (bring your own cloud) - employees or students supply their choice of cloud application or storage BYOT (bring your own technology) - a generic reference that includes the other BYO options CYOD (choose your own device) - employees or students are allowed to choose a device from a limited number of options, usually supplied by the company or school
clustering
refers to the technique of grouping multiple devices so they appear as a single device to the rest of the network. Can be configured with groups of servers, routers, or applications. Although it usually accompanies load balancing, it doesn't have to
MU-MIMO (multiuser MIMO)
related to MIMO, MU-MIMO is an even newer technology implemented by 802.11ac wave 2 products that allows multiple antennas to service multiple clients simultaneously. This feature reduces congestion and thereby contributes to even faster data transmission. As with MIMO, however, a MU-MIMO access point can only be used at full capacity when the client devices also support MU-MIMo technology.
Out-of-band management
relies on a dedicated connection (either wired or wireless) between the network's administrator's computer and each critical network device, such as routers, firewalls, servers, power supplies, applications, and security cameras. These dedicated connections allow network administrators to remotely: power up a device, change firmware settings, reinstall operating systems, monitor hardware sensors, troubleshoot boot problems, limit network users' access to management functions, manage devices even when other parts of the network are down. Out-of-band management solutions come in an array of options, from basic reboot abilities to full-scale device management. A remote management card is attached to the network device's console port, or sometimes the remote management card is built into the device. A dial-in modem might be attached to the device to provide backup CLI access in the event of a catastrophic network shutdown.
MitM (man-in-the-middle) attack
relies on intercepted transmissions and can take serveral forms. In all these forms, a person redirects and captures secure transmissions as they occur.
nonpersistent agent
remains on the device long enough to verify compliance and complete authentication, and then uninstalls. Devices might be required to periodically reinstall the agent to complete the authentication process again.
interface resets
repeated resets of the connection, resulting in lower-quality utilization; caused by an interface misconfiguration
Dial-up
required the user to enter a phone number. The computer then called, waited for a response and negotiated a connection. To do this, the user plugged in an RJ-11 phone line into the computer's modem which could be an internal expansion card attached to the computer's motherboard or an external device that connected to the computer via USB or an older serial cable with a DB-9, DB-25, or RJ-45 connector. The modem then connected to a modem on a distant network and stayed connected for a finite period of time. When the call was terminated, the connection ended
rollover cable
reverses all the wires without regard to how they are paired. With a rollover cable, it is as if the cable terminations are a mirror image of each other. They are also called console cable, and are used to connect a computer to the console port of a router. Routers have two different kinds of ports: Ethernet ports and the console port.
EGPs (exterior gateway protocols)
routing protocols used by edge routers and exterior routers to distribute data outside of autonomous systems. The only EGP currently in use, is BGP.
wireless monitoring
run monitoring software on a computer connected wirelessly to the network. For the computer to "see" all traffic, its network adapter must support promiscuous mode. In promiscuous mode, a device driver directs the NIC to pass all wireless frames to the operating system and on to the monitoring software, not just those broadcasted or intended for the host. Usually promiscuous mode is enabled in the monitoring application.
Link aggregation
seamless combination of multiple network interfaces or ports to act as one logical interface, and can help solve problems like network bottlenecks. This implementation is also known by a variety of other terms, such as port aggregation on Cisco devices, NIC teaming on Windows devices, and a variety of others such as bonding, bundling, or Cisco's EtherChannel. It causes two or more NICs to work in tandem handling traffic between two or more devices (usually switches and servers). All the physical links involved in creating the one logical link are called a LAG (link aggregation group), bundle, or team. This configuration allows for three major advantages: • Increased total throughput • Automatic failover between the aggregated NICs • Load balancing, which is a distribution of traffic over multiple components or links to optimize performance and fault tolerance The benefits of link aggreggation are primarly noticed on busy networks. For multiple NICs or ports to use link aggregation, they must be properly configured in each device's operating system.
network-based anti-malware software
securing the network's gateways, w here the Internet connects with the interior network, can provide a formidable layer of defense against the primary source of intrusion - the Internet. However, this does nothing to prevent users from putting the network at risk with infected files on flash drives, laptops, or smartphones
back doors
security flaws that allow unauthorized users to gain access to the system. Unless the network administrator performs regular updates, a hacker might exploit these flaws. Legacy systems are particularly notorious for leaving these kinds of gaps in a network's overall security net.
generator
serves as a backup power source, providing power redundancy in the event of a total blackout. Can be powered by diesel, liquid propane gas, natural gas, or steam. Standard generators provide power that is relatively free from noise and are used in environments that demand consistently reliable service, such as an ISP's or telecommunications carrier's data center. In fact, in those environments, they are typically combined with large UPSes to ensure that clean power is always available. In the event of a power failure, the UPS supplies electricity until the generator starts and reaches its full capacity, typically no more than three minutes. If your organization relies on a generator for backup power, be certain to check fuel levels and quality regularly. Because a generator produces DC power, it must contain a component to convert the power to AC before the power can be released to the existing AC infrastructure that distributes power in a data center. Before choosing a generator, first calculate your organization's crucial electrical demands to determine the generator's optimal size. Also estimate how long the generator might be required to power your building. Depending on the amount of power draw, a high-capacity generator can supply power for several days. Gas or diesel generators can cost between $10,000 and $3,000,000 (for the largest industrial types). For a company such as an ISP that stands to lose up to $1,000,000 per minute if its data facilities fail completely, a multimillion-dollar investment to ensure available power is a wise choice. Smaller businesses, however, might choose the more economical solution of renting an electrical generator.
public cloud
service provided over public transmission lines, such as the Internet.
toner and probe kit or just toner probe
set of tools used to determine where a wire terminates. place the tone generator at one end of a wire using the appropriate connector. swipe the tone locator over each of the terminations you suspect to be the other end of the wire. you can verify the location of the wire's termination when you hear the tone. tone generators and tone locators cannot be used to determine any characteristics about a wire, such as whether it's defective or whether its length exceeds IEEE standards for a certain type of network.
full-duplex also called duplex
signals are free to travel in both directions over a medium simultaneously. Modern NICs use full-duplex by default
Path of wireless signals
signals originate from electrical current traveling along a conductor. The electrical signal travels from the transmitter to an antenna, which then emits the signal as a series of electromagnetic waves into the atmosphere. The signal moves through the air until it reaches it destination. At the destination, another antenna accepts the signals, and a receiver converts it back to current.
packet-filtering firewall
simplest form of a firewall. a network device or application that examines the header of every packet of data it receives on any of its interfaces. The firewall refers to its ACl to determine whether that type of packet is authorized to continue to its destination, regardless of whether that destination is on the internal LAN or on an external network. If a packet does not meet the filtering criteria, the firewall blocks the packet from continuing. If a packet does meet filtering criteria, the firewall allows that packet to pass through to the network the firewall protects.
establish a plan for resolving the problem
step 4 of troubleshooting. before you implement a fix, consider the scope of your change, especially how it will affect users, their applications, and their data. unless the problem poses an emergency, make your changes when the least number of users are on the network
cold site
site—Computers, devices, and connectivity necessary to rebuild a network exist, but they are not appropriately configured, updated, or connected. Therefore, restoring functionality from a cold site could take a long time. For example, suppose your small business network consists of a file and print server, mail server, backup server, Internet gateway/ DNS/DHCP server, 25 clients, four printers, a router, a switch, two access points, and a connection to your local ISP. At your cold site, you might store two server computers on which your company's NOS is not installed, and that do not possess the appropriate configurations and data necessary to operate in your environment. The 25 client machines stored there might be in a similar state. In addition, you might have a router, a switch, and two access points at the cold site, but these might also require configuration to operate in your environment. Finally, the cold site would not necessarily have Internet connectivity, or at least not the same type your network uses. Supposing you followed good backup practices and stored your backup media at the cold site, you would then need to restore operating systems, applications, and data to your servers and clients; reconfigure your connectivity devices; and arrange with your ISP to have your connectivity restored to the cold site. Even for a small network, this process of rebuilding your network could take weeks.
Z-Wave
smart home protocol that provides two basic types of functions: signaling, to manage wireless connections, and control, to transmit data and commands between devices. A Z-Wave network controller, called a hub, receives commands from a smartphone or computer and relays the commands to various smart devices on its network. Devices on t he network are identified by a 1-byte Node ID, and the entire network has a 4-byte Network ID. Multiple Z-Wave networks can coexist in the same space because the Network ID prevents communication outside of a device's Z-Wave network. This protocol also uses Aes-128 encryption for high-security devices, such as door locks. Transmissions have a range of up to 100 m per hop, and can tolerate up to four hops through repeaters. Z-wave controlled devices can serve as repeaters on a Z-wave mesh network, mapping, and selecting routes between nodes based on the latency of so-called healing messages. The healing process allows a node to reach another node indirectly over a long distance, and is resistant to changes or failures in network connections. However, due to the nature of how Z-Wave collects data on node locations, the protocol assumes that node locations are static. Smaller, mobile devices, such as remote controls, don't participate in the routing process or serve as repeaters. Likewise, battery-powered devices, which rely on sleep mode to conserve battery power, don't function as repeaters, either, because their sleep mode interferes with the device's ability to receive and respond to unsolicited routing messages.
transceivers
sockets where one of many types of modular interfaces can be plugged in. they are easily inserted into the sockets to connect with its motherboard and upgraded later as technology improves. Include two ports. Full-duplex communication is achieved by sending data on one port, and receiving data through the other. Installing a transceiver is simply a matter of sliding it into a compatible socket on the connectivity device. Most transceivers come with a tab or latch system to lock them into place. They are also keyed so that they will slide into the socket only when aligned properly. The switch or router need not be powered down when you add or remove transceivers. However, do not attach cables before inserting a transceiver, and always remove the cables before removing a transceiver. Some transceivers contain management interfaces separate from the switch's configuration utility.
inherent risks in network hardware and design
spoofing attack - MAC addresses can be impersonated in an attack called spoofing. Other types of spoofing attacks involve impersonating IP addresses. IP address spoofing can result in DoS (denial of service) attacks or modified DNS messages. DoS (Denial of service attack) - occurs when a legitimate user is unable to access normal network resources, such as web server, because of an attacker's intervention. Most often, this type of attack is achieved by flooding a system with so many requests for services that it can't respond to any of them
IDS (intrusion detection system)
stand-alone device, an application, or a built-in feature running on a workstation, server, switch, router or firewall. It monitors network traffic, generating alerts about suspicious activity. These are generally installed to provide security monitoring inside the network, similar to security personnel sitting in a private room monitoring closed-circuit cameras in the club and alerting other security personnel when they see suspicious activity. These use two primary methods for detecting threats on the network: • statistical anomaly detection—Compares network traffic samples to a predetermined baseline in order to detect anomalies beyond certain parameters. • signature-based detection—Looks for identifiable patterns, or signatures, of code that are known to indicate specific vulnerabilities, exploits, or other undesirable traffic on the organization's network (such as games). To maintain effectiveness, these signatures must be regularly updated in a process called signature management. This also includes retiring irrelevant signatures and selecting the signatures most relevant to a specific network's needs in order to most efficiently use memory and processing resources when scanning network traffic. One drawback is the number of false positives it can generate.
GBIC (Gigabit interface converter)
standard type of tranceiver. Might contain RJ-45 ports for copper cables or SC ports for fiber-optic connections.
IPS (intrusion prevention system)
stands in-line between the attacker and the targeted network or host, and it can prevent traffic from reaching that network or host. Originally designed as a more comprehensive traffic analysis and protection tool than firewalls but as firewalls evolved the differences have diminished. Because an IPS stands in-line with network traffic, it can stop that traffic. Both an IDS and IPS can be placed inside a network or on the network perimeter.
implement the solution or escalate the problem
step 5 of troubleshooting. before you make the change, be sure to alert all affected users in advance, create backups of software and data as needed, and save or write down current settings before you change them. keep good notes as you work, so you can backtrack as necessary. for major changes roll out changes in stages so as to make sure all is working for a few users before you affect many users. for complex problems you might need to escalate the problem to someone with access to more technical resources or more authority to test or implement a solution.
The fourth hexadecimal block in the site prefix can be altered to create
subnets within a site
magic number
subtract the unusual/interesting octet value from 256. This number can be used to calculate the network IDs in all the subnets of the larger network
SHA-2
supports a variety of hash sizes, the most popular of which are SHA-256 (with a 256 bit hash) and SHA-512 (with a 512 bit hash).
to identify the transmissions that belong to each VLAN, the switch adds a
tag to Ethernet frames that identifies the port through which they arrive at the switch. This VLAN identifier is specified in the 802.1Q standard, which is the IEEE standard that defines how VLAN information appears in frames and how switches interpret that information
passive scanning
the AP takes the initiative: a wireless enabled computer listens on all channels within its frequency range for a special signal, known as a beacon frame, issued periodically from an AP. The beacon frame contains information that a wireless node requires to associate itself with the AP, including the network's transmission rate and the SSID (service set identifier), a unique character string used to identify an access point. the computer - usually with the consent of the user - can choose to associate with the AP, the two nodes agree on a frequency channel and begin communicating.
You can find a network adapter's MAC addresses stamped directly onto
the NIC's circuit board or on a sticker attached to some part of the NIC
wall jacks
the TIA/EIA standard calls for each wall jack to contain at least one voice and one data outlet.
RS-232 (recommended standard 232)
the TIA/EIA standards for serial ports and serial cables. Different connector types comply with this standard, including RJ-45 connectors, DB-9 connectors, and DB-25 connectors. DB-9 connectors contain 9 contact points and DB-25 connectors contain 25 contact points. Serial cables are also used for monitors, printers, and other peripheral devices. When selecting a serial cable for a specific use, check the devices for male or female connections, and also check both ends of the cable to ensure it meets the requirements of the devices you're connecting.
VLAN hopping
the attacker generates transmissions that appear, to the switch, to belong to a protected VLAN, then crosses VLANs to access sensitive data or inject harmful software. There are two approaches to VLAN hopping: double tagging - the hacker stacks VLAN tags in Ethernet frames. When the first, legitimate tag is removed by a switch, the second, illegitimate tag is revealed, tricking a switch into forwarding the transmission on to a restricted VLAN switch spoofing - an attack connects to a switch and then makes the connection look to the switch as if it's a trunk line. The switch might auto-configure its port into trunk mode when it detects trunk mode on the other end of the connection. A hacker can then feed his own VLAN traffic into that port and access VLANs throughout the network
Kerberos
the authentication protocol configured by default on Active Directory. A cross-platform authentication protocol that uses key encryption to verify the identity of clients and to securely exchange information after a client logs on to a system. It is an example of a private key encryption service and is considered especially secure. It does not automatically trust clients. Instead, it requires clients to prove their identities through a third party. In addition to checking the validity of a client, Kerberos communications are encrypted and unlikely to be deciphered by any device on the network other than the client. Terms used when discussing this protocol: * principal - A kerberos client or user *KDC (key distribution center) - the server that issues keys to clients during initial client authentication ticket - a temporary set of credentials that a client uses to prove to other servers that its identity has been validated A kerberos server runs two services: * AS (authentication service) - initially validates a client *TGS (ticket-granting service) - issues ticket to an authenticated client for access to services on the network The purpose of Kerberos is to connect a valid user with a network service the user wants to access, such as email, printing, file storage, databases, or web applications. To accomplish this both the user and the service must register their own keys with the AS ahead of time.
primary DNS server
the authoritative name server for the organization, which holds the authoritative DNS database for the organization's zones. This server is contacted by clients, both local and over the Internet, to resolve DNS queries for the organization's domains
MTBF (mean time between failures)
the average amount of time that will pass for devices exactly like this one before the next failure is expected to occur. While any single device might experience a failure much sooner or later, vendors and technicians budget for repairs or replacement of devices based on the advertised MTBF. Once a device fails, there is an average amount of time required to repair the device. This is called MTTR (mean time to repair), and this cost must also be taken into account
secondary DNS server
the backup authoritative name server for the organization. When a secondary DNS server needs to update its database, it makes the request to the primary server for the update; this process is called a zone transfer
wildcard mask
the bits work opposite of how bits in a subnet mask work. In ACL statements, "any" is equivalent to using a wildcard mask of 255.255.255.255 which allows all IP addresses to pass through
inform system adminstrators, help desk personnel, and affected users when
the change is complete
record your change in
the change management system
DNS zone
the collective name of domains that organizations are responsible for managing. a large organization can keep all its domains in a single zone or it can subdivide its domains into multiple zones to make each zone easier to manage
PSK (Pre-shared key)
the common configuration on home wireless networks in which you need to enter a passphrase for your device to authenticate to the network. The passphare and the SSID characters are then used to calculate a unique encryption key for each device.
skimming
the culprit installs a card reader, or skimmer, on a payment terminal, such as a gas pump or ATM. The skimmer collects data stored on the magnetic strips or on RFID chips in cards used at that terminal. Physical contact is required to collect data from a magnetic strip, but the RFID chip can transmit data to a skimmer several inches away. The criminal returns later to collect the device along with the stolen data it has accumulated. A thief can also swipe an RFID reader near the victim's pocket or bag and collect information from enclosed RFID credit cards, which is called electronic pickpocketing.
ethernet II
the current Ethernet standard and was developed by DEC, Intel, and Xerox before IEEE began to standardize Ethernet. Unlike higher-level protocols, Ethernet adds both a header and a trailer to the payload it inherits from the layer above it. This creates a frame around the payload.
ARP table or ARP cache
the database of IP-to-MAC address mappings. it is kept on a computer's hard drive. Each OS can use its own format for the ARP table. May contain two types of entries: dynamic and static. To view a Window workstations ARP table open cmd and type the command arp -a. The first line contains the interface IP address, which is the local computer's address. The columns and rows below it contain the addresses of other nodes on the network, along with their physical addresses (MAC addresses) and record types
control plane
the decision making process where each physical and virtual device, whether it's a router, switch, firewall, or load balancer, makes its own decisions about where transmission should be based upon the protocols and other configurations on that device. The outcome of those decisions - actual transmissions on the network - is called the data plane. Traditionally each device handles its own control plane and data plane.
demarc (demarcation point)
the device that marks where a telecommunications service provider's network ends and the organization's network begins. The service provider is responsible for its network beyond the demarc and the organization is responsible for devices and services on the campus side of the demarc.
Cisco systems set the standard for
the diagram symbols used to represent routers, switches, firewalls, and other devices. These symbols are widely accepted and understood in the networking field.
captive portal
the first page a new client sees in the browser when connecting to the guest network, and usually requires the user to agree to a set of terms and conditions before gaining further access to the guest network. The captive portal should remind users of the following: They are connecting to a network that does not provide user authentication or data encryption. This means data is not secure when transmitted over this connection. They should be careful about what data they transmit, even over e-mail, while using the guest network. They should take extra care to avoid engaging in any illegal activity through the network connection, as that activity could be traced back to your public IP address.
SNAT (Static Network Address Translation or Source Network Address Translation)
the gateway assigns the same public IP address to a host each time it makes a request to access the Internet. Small home networks with only a single public IP address provided by its ISP use SNAT. SNAT changes the source IP addresses of outgoing messages and is used to reduce the number of public IP addresses needed by a network
entrance facility
the location where an incoming network, such as the Internet, connects with the school or corporate network. For large networks it might be an equipment room or data closet. For small networks it might simply be equipment and cabling mounted to the side of a building. It is where a telecommunications service provider accepts responsibility for the external connection. It contains a service provider's equipment, such as cabling and protective boxes. The most important device that belongs to the service provider in the entrance facility is the demarc
RADIUS (remote authentication dial-in user service)
the most popular AAA service. It is an open-source standard developed by Livingston Enterprises and later standardized by the IETF. It runs in the Application layer and can use either UDP or TCP. Treats authentication and authorization as a single process, meaning that the same type of packet is used for both functions, while accounting is a separate process. RADIUS can operate as a software application on a remote access server or on a computer dedicated to this type of authentication, called a RADIUS server. Because RADIUS servers are highly scalable, many ISPs use a RADIUS server as a central authentication point for wireless, mobile, and remote users. RADIUS services are often combined with other network services on a single machine. RADIUS can run on almost all modern OSes. While RADIUS includes some very sophisticated accounting features, it also only encrypts the password in transmissions and is not as secure as TACAS+.
key encryption
the most popular kind of encryption encodes the original data's bits using a key, or a random string of characters to scramble the data and from it, generate a unique and consistently sized data block called ciphertext. The key is created according to a specific set of rules, or algorithms. It can be separated into two categories, private key and public key encryption
SHA-3
the most recent iteration of SHA. Developed by private designers for a public competition in 2012. Sha-3 is very different in design from SHA-2 even though it uses the same 256 and 512 bit hash lengths. SHA-2 and SHA-3 are often implemented together for increased security. It's also common for data to be hashed in multiple passes, along with encryption passes layered in the process.
BGP (Border Gateway Protocol)
the only current EGP, which has been dubbed the protocol of the Internet. Whereas OPSF and IS-IS scouting parties only scout out their home territory, a BGP scouting party can go cross-country. BGP spans multiple autonomous systems and is used by edge and exterior routers on the Internet. Here are some special characteristics of BGP: Path-vector routing protocol - communicates via BGP-specific messages that travel between routers over TCP sessions Efficient - determines the best paths based on many different factors Customizable - Can be configured to follow policies that might avoid a certain router, or instruct a group of routers to prefer one particular route over other available routes
Sha-0
the original version of SHA was developed by the NSA and was later dubbed SHA-0. It used a 160 bit hash function
Authentication
the process of comparing and matching a client's credentials with the credentials in a client database to enable the client to log on to the network. The authentication process can be somewhat strengthened by using MAC filtering, or MAC address filtering, which prevents the AP from authenticating any device whose MAC address is not listed by the network administrator. It can be time consuming to maintain a current list of all approved MAC addresses and MAC addresses are easily impersonated
disaster recovery
the process of restoring your critical functionality and data after an outage that affects more than a single system or a limited group of users. A disaster recovery plan accounts for the worst-case scenarios, from a far-reaching hurricane to a military or terrorist attack. It should provide contingency plans for restoring or replacing computer systems, power, telephone systems, and paper-based files. The goal of a disaster recovery plan is to ensure business continuity, which is the ability of the company to continue doing business with the least amount of interruption possible. Sections of the plan related to computer systems should include the following: • Contact names and phone numbers for emergency coordinators who will execute the disaster recovery response in case of disaster, as well as roles and responsibilities of other staff. • Details on which data and servers are being backed up, how frequently backups occur, where backups are kept (off-site), and, most important, how backed-up data can be recovered in full. • Details on network topology, redundancy, and agreements with national service carriers, in case local or regional vendors fall prey to the same disaster. • Regular strategies for testing the disaster recovery plan. • A plan for managing the crisis, including regular communications with employees and customers. Consider the possibility that regular communication modes (such as phone lines) might be unavailable.
red team- blue team exercise
the red team conducts the attack, and the blue team attempts to defend the network. The company's detection and response to the attack is the primary focus, rather than the technical vulnerabilities of the network itself
Open source
the term for software whose code is publicly available for use and modification.
FDP (fiber distributon panel)
the transition between SMF and MMF cabling might occur at this device which is usually a case on a rack where fiber cables converge, connect with each other, and connect with fiber optic terminal equipment from the ISP. Splices at the FDP might be accomplished by joining two fiber cables in a permanent bond, or various connectors might be used to create temporary splices
110 block
the type of punchdown block used on data networks. It is more suitable for data connections than the older 66 block which was primarily used for telephone connections.
Encryption
the use of an algorithm to scramble data into a format that can be read only by reversing the algorithm. The purpose of encryption is to keep information private.
VoIP telephone equipment also known as IP telephony
the use of any network (either public or private) to carry voice signals using TCP/IP protocols.
agentless authentication
the user is authenticated to a domain. Active directory then scans the device to determine compliance with NAC requirements.
reflection
the wave encounters an obstacle and reflects, or bounces back, toward its source. A wireless signal will bounce off objects whose dimensions are large compared with the signal's average wavelength. Signals reflect more readily off conductive materials, such as metal, than off insulators, such as concrete. Also off of large flat surfaces.
active scanning
the wireless client takes the initiative: the computer transmits a special frame, known as a probe, on all available channels with its frequency range. An AP detects the probe frame and issues a probe response containing all the information a computer needs to associate with the AP, including a status code and node ID, or station ID for that computer. The computer can agree to associate with that AP. The final decision to associate with an AP, at least fo rthe first time, usually requires the consent of the user. The two nodes begin communicating over the frequency channel specified by the AP.
WPA attack
these attacks, also called WPA cracking, involve an interception of the network keys communicated between clients and access points
SNMPv1 (Simple Network Management Protocol version 1)
this is the original version, released in 1988. Because of its limited features, it is rarely used on modern networks
static arp table entries
those that someone has entered manually using the ARP utility. This ARP utility, accessed via the arp command in both Windows and Linux, provides a way of obtaining information from and manipulating a device's ARP table.
STP and UTP similarities and differences
throughput: STP and UTP can both transmit data at 10 Mbps, 100 Mbps, 1 Gbps, and 10 Gbps, depending on the grade of cabling and the transmission method in use. cost: step and UTP vary in cost, depending on the grade of copper used, the category rating, and any enhancements. Typically, STP is more expensive than UTP because it contains more materials and it has a lower demand. It also requires grounding, which can lead to more expensive installation. connector - STP and UTP use RJ-45 (registered jack 45) modular connectors and data jacks, which look similar to analog telephone connectors and jacks. However telephone connections follow the RJ-11 (registered jack 11) standard. Most types of Ethernet that rely on twisted-pair cabling use RJ-45 connectors. noise immunity - because of its shielding, STP is more noise resistant than UTP. On the other hand, noise on UTP cable can be reduced with filtering and balancing techniques Size and scalability - the maximum segment length for both STP and UTP is 100 m, or 328 feet, on Ethernet networks that support data rates from 1 Mbps to 10 Gbps
motion detection
triggers an alarm when it detects movement within its field of view. the latest motion detectors can discern between different types of motion, such as small animals, blowing plants, or walking humans, to reduce false alarms.
PEAP (Protected EAP)
tunnel based rather than certificate-based. Creates an encrypted TLS tunnel between the supplicant and the server before proceeding with the usual EAP process. It is called the outer method. Another form of EAP is used for the inner method, which is the process that occurs inside the protected tunnel. The most common inner method is EAP-MSCHAPv2, which runs an MS-CHAPv2 session inside the tunnel, perhaps to a RADIUS server and beyond to Active Directory.
site-to-site VPN
tunnels connect multiple sites on a WAN. At each site, a VPN gateway on the edge of the LAN establishes the secure connection. Each gateway is a router or remote access server with VPN software installed and encrypts and encapsulates data to exchange over the tunnel. Meanwhile, clients, servers, and other hosts on the protected LANs communicate through the VPN gateways as if they were all on the same, private network and do not themselves need to run special VPN software. Site-to-site VPNs require that each location have a static public IP address
host-to-host VPN
two computers create a VPN tunnel directly between them. Both computers must have the appropriate software installed, and they don't serve as a gateway to other hosts on their respective networks. In a host-to-host VPN, usually the site that receives the VPN connection (such as a home network) needs a static public IP address. Another option is to subscribe to a service such as Dynamic DNS by Oracle which automatically tracks dynamic IP address information for subscriber locations.
default VLAN
typically preconfigured on a switch and initially includes all the switch's ports. Other VLANs might be preconfigured as well, depending on the device and manufacturer. The default VLAN cannot be renamed or deleted; however, ports in the default VLAN can be reassigned to other VLANs
data breach
unauthorized access or use of sensitive data
friendly DoS attack
unintentional DoS attack, or friendly attack, is not done with malicious intent.
On a computer running Linux or Unix you can view the length of time your system has been running with the command ______ and on a Windows 10 system you can find uptime information in ______
uptime/Task manager
verify continuity
use a cable tester to verify that each segment of cabling you install transmits data reliably.
cable trays
use cable management devices such as cable trays and brackets, braided sleeving, and furniture grommets, but don't overfill them
don't rely on the cable colors alone
use labels on ports or tags on cables to identify each cable's specific purpose
how to reverse shared application upgrade
use the application's automatic uninstall utility, or maintain a complete copy of the previous installation of the application and reinstall it over the upgrade
how to reverse client software upgrade
use the upgrade's automatic uninstall utility, or reinstall the previous version of the client on top of the upgrade
access-list command
used to assign a statement to an already-installed ACL. The command must identify the ACL and include a permit or deny argument.
ANDing
used to calculate a host's network ID given its IPv4 address and subnet mask. In this process a bit with a value of 1 combined, or anded, with another bit with a value of 1 results in a 1. A bit with a value of 0 anded with any other bit results in a 0. If you think of 1 as "true" and 0 as "false," the logic of ANDing makes sense.
routing protocols
used to determine the best path. Routing protocol messages go forth to collect data about current network status and contribute to the selection of best paths. Routers use this data to create their routing tables. Keep in mind that routing protocols are not the same as routable protocols such as IP, although routing protocols might piggyback on IP to reach their destinations. The various routing protocols operate at different layers of the OSI model - either Layer 3, 4 or 7.
show vlan command
used to list the current VLANs recognized by a switch
cable performance tester, line tester, certifier, or network tester
used to measure the overall performance of a cabling structurer. It allows you to perform the same continuity and fault tests as a continuity tester, but can also be used to: measure the distance to a connectivity device, termination point, or damage in a cable; measure attenuation along a cable; measure NEXT between wires as well as alien cross talk; measure termination resistance and impedance; issue pass/fail ratings for Cat 3, Cat 5, Cat 5e, Cat 6, Cat 6a, or Cat7 standards; store and print cable testing results or directly save data to a computer database; graphically depict a cable's attenuation and crosstalk characteristics over the length of the cable
ping (Packet Internet Groper)
used to verify that TCP/IP is installed, bound to the NIC, configured correctly, and communicating with the network. The utility starts by sending out a signal called an echo request to another computer, which is simply a request for a response. The other computer then responds to the request in form of an echo reply. The protocol used by the echo request and echo reply is ICMP (Internet Control Message Protocol), a lightweight protocol used to carry error messages and information about a network. This is the first tool you should use to test basic connectivity to the network, Internet, and specific hosts.The command has several options or parameters.
tracert
uses ICMP echo request to trace the path from one networked node to another, identifying all intermediate hops between the two nodes. traceroute is the utility used by Linux, Unix, and macOS systems. Both traceroute and tracert utilities employ a trial-and-error approach to discover the nodes at each hop from the source to the destination. A trace cannot detect router configuration problems or predict variations of routes over a period of time. Therefore, a trace is best used on a network with which you are already familiar.
RFID (radio frequency identification)
uses electromagnetic fields to store data on a small chip in an RFID tag, which includes an antenna that can both transmit and receive, and possibly a battery. The tag holds 1 to 8 KB of data, such as a serial number, credit card information, or medical data, which it can transmit to a nearby reader. Tag and reader combinations come in three general types: ARPT (active reader passive tag) - when prompted by an active reader, a passive tag pulls power from the reader's radio waves to power its transmission. These tags only work within a few centimeters of the reader. PRAT (passive reader active tag) - a battery-powered tag actively transmits its credentials at regular times intervals. Battery-powered tags don't require such close proximity to function - the most sophisticated devices work up to 200 m away. ARAT (active reader active tag) - an active reader interacts with a battery-powered tag RFID is commonly used for inventory management. Because the tag does not need to be precisely positioned close to the reader, an employee can quickly scan a shelf of several items to determine what's in stock and what needs to be re-ordered without having to scan each individual item. The same technology can be used to speed up a customer's checkout time. RFID allows the reader to identify every purchase in the customer's bag al at one time. An RFID tag might also be embedded in the customer's credit card, allowing for so-called "contactless" payment.
VNC (Virtual Network Computing)
uses the cross-platform protocol RFB (remote frame buffer) to remotely control a workstation or server. VNC is slower than Remote Desktop and requires more network bandwidth. however, because VNC is open source, many companies have developed their own software that can: Run OSes on client computers, Remotely access computers, tablets, and smartphones, and remotely control media equipment and surveillance systems.
a significant disadvantage to WEP is that it
uses the same network key for all clients and the key is staticm which means it won't change without intervention
802.11 standards
vary at the physical layer. In addition, 802.11n and later standards modify the way frames are used at the MAC sublayer. Layer 2's other sublayer is called the LLC sublayer
in data centers containing multiple rows of racks, a hot aisle/cold aisle layout pulls cool air from
vents in the floor or from nearby, low-lying wall vents into the rows of racks. the hot air aisles are used to direct the heated air away from the racks into exhaust vents for cooling
virtualization
virtual, or logical, version of something rather than the actual, or physical version
MS-CHAP (microsoft challenge handshake authentication protocol)
was developed by Microsoft and used with Windows-based computers. One potential flaw in both CHAP and MS-CHAP authentication is that someone eavesdropping on the network could capture the string of characters that is encrypted with the password, decrypt that string, and obtain the client's password
LOS (line of sight) propagation
wireless signal travels directly in a straight line from its transmitter to its intended receiver. It maximizes distance for the amount of energy used and results in reception of the clearest possible signals
Gigabit Ethernet and higher standards
with a speed of at least 100 Mbps, use all four pairs of twisted wires for both sending and receiving.
MPLS (Multiprotocol Label Switching)
was introduced by the IETF (Internet Engineering Task Force) in 1999. It has some of the strengths of ATM while avoiding its weaknesses, and also combines elements of both circuit-switching and packet- switching. As its name implies, MPLS enables multiple types of Layer 3 protocols to travel over any one of several connection-oriented Layer 2 protocols. MPLS supports IP and all the other Layer 3 and higher protocols used on TCP/IP networks. MPLS can operate over Ethernet frames, but is more often used with other Layer 2 protocols, like those designed for WANs. For these reasons, it's often used by ISPs on their own networks for moving traffic from one customer site to another, and it's becoming the solution of choice for many enterprises to connect their branch offices. One of the benefits of MPLS is the ability to use packet-switched technologies over traditionally circuit-switched networks. MPLS can create end-to-end paths that act like circuit-switched connections, such as VPNs, or it can connect meshed endpoints in an any-to-any scenario. With MPLS, the first router that receives a message in a data stream adds one or more labels to the Layer 3 packet. Collectively, the MPLS labels are sometimes called a shim because of their placement between Layer 3 and Layer 2 information. For this reason, MPLS is sometimes said to belong to "Layer 2.5." Then, the network's Layer 2 protocol header is added, MPLS labels include information about where the router should forward the message next and, sometimes, prioritization information. Each router in the data stream's path revises the label to indicate the packet's next hop. In this manner, routers on a network can take into consideration network congestion, QoS indicators assigned to the messages, plus other criteria. Network engineers have significant control in setting these paths. Consequently, MPLS offers potentially faster transmission than traditionally packet-switched or circuit-switched networks. Because it can add prioritization information, MPLS can also offer better QoS. These advantages make MPLS especially well-suited to WANs.
DSL (digital subscriber line)
was secured. If at any point in the process you have custody of evidence, be sure to sign off on a chain of custody document, and obtain a signature from the next person in line when you hand over custody of the evidence. 5. Monitor transport of data and equipment—Generally, the incident response team is responsible for transporting all evidence to the forensics lab or other authority. Every item should be carefully documented so the exact same configuration can be replicated in the lab. The response team might even have the capability to do a hot seizure and removal, which means they can use specialized devices that transfer a computer from one power source to another without shutting down the computer. This can be especially critical if it's possible that the computer or its data will become inaccessible after power is turned off—perhaps because a password is unknown or data is currently in memory. 6. Create a report—Be prepared to report on all activities that you observed or participated in during the course of the incident response. It's best to take notes along the way, and to write your report in full as soon as possible after the event while it's still fresh on your mind. All of this information will likely be included in the final forensics report, so it's important to be thorough and accurate.
PRI (Primary Rate Interface)
was secured. If at any point in the process you have custody of evidence, be sure to sign off on a chain of custody document, and obtain a signature from the next person in line when you hand over custody of the evidence. 5. Monitor transport of data and equipment—Generally, the incident response team is responsible for transporting all evidence to the forensics lab or other authority. Every item should be carefully documented so the exact same configuration can be replicated in the lab. The response team might even have the capability to do a hot seizure and removal, which means they can use specialized devices that transfer a computer from one power source to another without shutting down the computer. This can be especially critical if it's possible that the computer or its data will become inaccessible after power is turned off—perhaps because a password is unknown or data is currently in memory. 6. Create a report—Be prepared to report on all activities that you observed or participated in during the course of the incident response. It's best to take notes along the way, and to write your report in full as soon as possible after the event while it's still fresh on your mind. All of this information will likely be included in the final forensics report, so it's important to be thorough and accurate.
broadband
well-suited for residential customers, the cables (whether telephone, copper, or fiber) and available bandwidth are shared between multiple customers. The ISP makes a "best effort" attempt to provide up to the advertised bandwidth, and actual performance varies considerably during busy usage. Bandwidth is also asymmetrical or asynchronous, meaning download speeds (data traveling from the carrier's switching facility to the customer) are faster than upload speeds (data traveling from the customer to the carrier's switching facility). For a higher premium, businesses can get faster broadband speeds and possibly a static IP address included in the package. However, uptime, service, and bandwidth are still not guaranteed.
exhausted DHCP scope
when a lease is set too long, the network tends to suffer from this, meaning the available IP addresses get used up and no new clients can connect to the network. If the lease is set too short, clients' IP addresses expire quickly and new leases must be negotiated, which increases network traffic and disrupts network availability to clients
termination
when terminating twisted-pair cabling, don't leave more than 1 inch of exposed (stripped) cable before a twisted-pair termination. Doing so increases the possibility of transmission interference between wires, a phenomenon called crosstalk
/etc/syslog.conf file
where various logs are kept on your UNIX or LINUX system. Also where you can configure the types of events to log and what priority to assign each event
MDM (mobile device management)
works with all common mobile platforms and their service providers, and can add or remove devices remotely. ex: VMWare's airwatch and Cisco's Meraki Systems Manager. MDM software can automate enrollment, enforce password policies and other security restrictions, encrypt data on the device, sync data across corporate devices, wipe the device, and monitor the device's location and communications. A less intrusive option is MAM (mobile application management), which targets specific apps on a device rather than controlling the entire device
WDM (wavelength division multiplexing)
works with any fiber-optic cable to carry multiple light signals simultaneously by dividing a light beam into different wavelengths, or colors, on a single fiber. The technology works similar to how a prism divides white light into various colors. Original WDM provided only two wavelengths or channels per strand of fiber
wrong SSID
your wireless client must select the correct SSID. You may instruct clients to search for any available access point. However, if the access point does not broadcast its SSID, or if your workstation is not configured to look for access points, you will have to enter the SSID during client configuration. Also, bear in mind that SSIDs are case sensitive. That is, CLASS_1 does not equal Class_1.
T1s are often used to support voice services to an organization. The two ways are
• ISDN PRI is essentially a T1 line with the channels slightly reorganized. A regular T1 is formally called a T1 CAS (Channel Associated Signaling) and colloquially referred to as Robbed Bit Signaling because part of each traffic channel is used for signaling. In an ISDN PRI, or T1 PRI, one channel (the Data channel) is dedicated to signaling so the other 23 channels (the Bearer channels) are used purely for voice or data transmission. Similarly, an E1 PRI dedicates two D channels to signaling, leaving 30 B channels for voice transmission. While a T1 CAS, T1 PRI, and E1 PRI can all support both data and voice traffic, the T1 PRI and E1 PRI offer some advantages to voice traffic due to the allocation of channels for different purposes. A huge disadvantage with T1 PRI, however, is that the number of B channels defines how many calls can be supported at any one time. An organization with more than 30 employees, each with his or her own phone number, might need multiple T1s—plus the additional equipment—to keep from running out of phone lines, especially if the business relies heavily on phone traffic. And that doesn't even count the data traffic. • An alternative to T1 PRIs is a SIP trunk. Recall that SIP (Session Initial Protocol) is a signaling protocol used to initiate connections, such as for VoIP calls. SIP trunking employs VoIP to create virtual connections over an existing data service, whether that's a shared, broadband connection like Metro Ethernet or a dedicated, leased line, such as a T1. With a SIP trunk, the only limitation on the number of calls that can run at any one time is the amount of available bandwidth. All the calls run over the single data line, so it's not necessary to purchase additional equipment to support more channels for more calls. Overall SIP configuration is easier and cheaper than a T1 PRI, and provides greater flexibility.
LANs vs WANs
• LANs connect nodes, such as workstations, servers, printers, and other devices, in a small geographical area on a single organization's network, whereas WANs use networking devices, such as routers and modems, to connect networks spread over a wide geographical area. • Both LANs and WANs use the same protocols from Layers 3 and higher of the OSI model. • LANs and WANs may differ at Layers 1 and 2 of the OSI model in access methods, topologies, and, sometimes, media. For example, the way DSL transmits bits over a WAN differs from the way Ethernet transmits bits over a LAN. • LANs are mostly owned and operated by the companies that use them. On the other hand, WANs are usually owned and operated by telcos (telecommunications carriers), also known as NSPs (network service providers), such as AT&T, Verizon, Spectrum, and Comcast. Corporations lease WAN connections from these carriers, often with payments based on the amount of bandwidth actually used. Alternatively, as you read about in the On the Job story at the beginning of this chapter, corporations might connect directly to an IX (Internet Exchange), sometimes called an IXP (Internet Exchange point). This is similar to the difference between buying merchandise at retail prices versus buying products wholesale through a purchasing cooperative. IXes are where the networks of ISPs and other telecommunications providers intersect. By connecting directly into an IX, companies are able to cut out some of the "middle man" expense of WAN connections.
software running on a router, multilayer switch, gateway, server or even a client workstation can act as a traffic shaper by prioritizing traffic according to any of the following characteristics:
• Protocol • IP address • User group • DiffServ (Differentiated Services) flag in an IP packet • VLAN tag in a Data Link layer frame • Service or application
few key SNMP messages used to communicate between the NMS and managed devices
• SNMP Get Request—The NMS sends a request for data to the agent on a managed device. See the left side of Figure 11-7. • SNMP Get Response—The agent sends a response with the requested information. • SNMP Get Next—The NMS might then request the next row of data in the MIB database. • SNMP Walk—With this one command, the NMS can issue the equivalent of a sequence of SNMP Get Next messages to walk through sequential rows in the MIB database. • SNMP Trap—An agent can be programmed to detect certain abnormal conditions that prompt the generation of SNMP Trap messages, where the agent sends the NMS unsolicited data once the specified conditions on the managed device are met (see the right side of Figure 11-7). For example, on a Cisco server, you could use the command snmp trap link-status to instruct the SNMP agent to send an alert if or when an interface fails. The trap can later be disabled with the command no snmp trap link-status. SNMP Trap messages can alert network administrators of unresponsive services or devices, power supply issues, high temperatures, and tripped circuit breakers, which allows technicians to identify and address the problems quickly—hopefully before users start to notice the problem. An unresponsive service like DHCP, for example, could be restarted remotely. A report of a tripped circuit breaker prevents further investigation into why a specific device isn't responsive.
all network monitoring tools can perform at least the following functions:
• Set the NIC to run in promiscuous mode so it will pass all traffic it receives to the monitoring software. • Continuously monitor network traffic on a segment. • Capture network data transmitted on a segment. • Capture frames sent to or from a specific node. • Reproduce network conditions by transmitting a selected amount and type of data. • Generate statistics about network activity (for example, what percentage of the total frames transmitted on a segment are broadcast frames). Some network monitoring tools can also perform the following functions: • Discover all network nodes on a segment. • Establish a baseline, including performance, utilization rate, and so on. • Track utilization of network resources (such as bandwidth and storage) and device resources (such as CPU or memory usage) and present this information in the form of graphs, tables, or charts. • Store traffic data and generate reports. • Trigger alarms when traffic conditions meet specific thresholds (for example, if usage exceeds 60 percent of capacity). • Identify usage anomalies, such as top talkers (hosts that send an inordinate amount of data) or top listeners (hosts that receive an inordinate amount of data).
AD DS (Active Directory Domain Services)
The Active Directory service that manages the process that allows a user to sign on to a network from any computer on the network and get access to the resources that Active Directory allows.
backbone
a central conduit that connects the segments (pieces) of a network and is sometimes referred to as "a network of networks." it might use higher transmission speeds and different cabling than network cables connected to computers because of the heavier traffic and the longer distances it might span
router
a device that manages traffic between two or more networks and can help find the best path for traffic to get from one network to another
open systems interconnection reference model (OSI)
a seven-layer model to categorize the layers of communication.
packet
after IP adds its own Network layer header to the segment or datagram the entire Network layer becomes this
NIC (network interface card)
also called a network adapter, is installed in an expansion slot on the motherboard.
data link layer
also commonly called the Link layer. The type of networking hardware or technology used on a network determines the protocol used. Examples of this protocol are Ethernet and Wi-Fi. The least intelligent (nonprogrammable) switches operate at this layer
host
any computer on a network that hosts a resource such as an application or data. two end-system computers that initiate sending and receiving data
server
any computer or program that provides a service, such as data or other resources, to other devices.
client-server applications
applications typically found on most networks, involve two computers and are known as this. The first computer, a client computer, requests data or a service from the second computer, which is the server.
a client computer or server is
both a node and a host
enterprise and industrial-grade routers
can have several network ports, one for each of the networks it connects to
fire suppression system
contains emergency alert system, portable fire extinguishers, emergency power-off switch, and suppression agent
operating system
controls how users and programs get access to resources on a network. the two types are peer-to-peer or client-server model
session layer
describes how data between applications is synced and recovered if messages don't arrive intact at the receiving application
Application layer
describes the interface between two applications, each on separate computers. These protocols are used by programs that fall into two categories: Application programs that provide services to a user, such as a browser and web server using the HTTP Application layer protocol and Utility programs that provide services to the system, such as SNMP (Simple Network Management Protocol) programs that monitor and gather information about network traffic and can alert network administrators about adverse conditions that need attention.
WANs and MANs often use
different methods and media than LANs do
personal area network (PAN)
smallest network. a network of personal devices
header
the area at the beginning of the payload where protocols add their own control information to create a message ready to be transmitted to the Network layer
To handle the request for a web page
the client computer must first find the web server, then the client and server must agree on the protocols they will use to communication, finally, the client makes the request and the server sends its response in the form of a web page. Hardware, the operating systems, and the applications on both computers are all involved in this process
the only layers that must deal with the details of wired versus wireless transmissions are
the data link layer and physical layer on the firmware of the NIC
7 layers of OSI model
1. Physical 2. Data Link 3. Network 4. Transport 5. Session 6. Presentation 7. Application
Telnet service
The telnet protocol is used by the Telnet client-server command-line application to allow an administrator or other user to "remote in" or control a computer remotely. Telnet is included in many operating systems, but transmissions in Telnet are not encrypted, which has caused Telnet to be largely replaced by other, more secure programs, such as the ssh command in the Linux operating system.
user datagram protocol (UDP)
does not guarantee delivery by first connecting and checking whether data is received and is called a connectionless protocol or best-effort protocol. It is used for broadcasting, such as streaming video or audio over the web, where guaranteed delivery is not as important as fast transmission. It is also used to monitor network traffic.
mesh topology
each device connects to multiple other devices
email services
email is a client-server application that involves two servers. The client uses SMTP (Simple Mail Transfer protocol) to send an email message to the first server, which is sometimes called the SMTP server. The first server sends the message on to the receiver's mail server, where it's stored until the recipient requests delivery. The recipient's mail server delivers the message to the receiving client using one of two protocols: POP3 (Post Office Protocol, version 3) or IMAP4 (Internet Message Access Protocol, version 4). Using POP3, email is downloaded to the client computer. Using IMAP4, the client application manages the email while it's stored on the server.
protocol data unit PDU
group of bits that that are often called a message or a transmission
logical topology
has to do with, how access to the network is controlled, including how users and programs initially gain access to the network, and how specific resources, such as application and databases, are shared on the network
datagram
in UDP the message is called this
hub
inefficient and outdated networking device that has been replaced by switches. accepts signals from a transmitting node and repeats those signals to all other connected nodes in a broadcast fashion.
transmission control protocol (TCP)
makes a connection with the end host, checks whether the data is received, and resends it if it is not. Therefore it is also called a connection-oriented protocol. It is used by applications such as web browsers and email. This mode takes longer and is utilized when it is important to know that data reached its destination
a router or switch does not normally host resources and is therefore
merely a node on the network
ring topology
nodes are connected in a ring, with one node connecting only to its two neighboring nodes. a node can put data on the ring only when it holds a token, which is a small group of bits passed around the ring. it is rarely used now because of its slow speed
layer 7, application layer. layer 6, presentation layer layer 5, session layer
payload or data. L7PDU
If a network supports fewer than 15 computers
peer to peer network is the recommended option
HTTP (hypertext transfer protocol)
primary protocol used by web servers and browsers (clients)
client-server model
requires one or more NOSes (network operating systems)
media access control (MAC) address, physical address, hardware address, or Data link layer address
the frame header contains the hardware addresses of the source and destination NICs and is called this. It is embedded on every network adapter on the globe. Physical addresses are short-range addresses that can only find nodes on the local network
the internet is
the largest and most varied WAN in the world
Internet Information Services
the second most popular web server application which is embedded in the Windows Server operating system
port
the transport layer header addresses the receiving application by this number
TCP and IP suite of protocols
the two primary protocols
star-bus topology
three switches daisy-chained together in a single line with each switch connected to its computers via a star topology
advantages of client-server networks
user accounts and passwords to the network are assigned in one place, access to multiple shared resources (such as data files or printers) can be centrally granted to a single user or groups of users, problems on the network can be monitored, diagnosed, and often fixed from one location, client server networks are also more scalable than peer-to-peer networks, in other words it's easier to add computers and other devices to a client-server network
client
where computers make a request from. Can run applications installed on the desktop and store their own data on local storage devices. Don't share their resources directly with each other. Instead, access is controlled by entries in the centralized domain database. Access resources on another computer by way of the servers controlling this database.